[Openvas-commits] r3395 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Sat May 16 14:32:17 CEST 2009
Author: mime
Date: 2009-05-16 14:32:16 +0200 (Sat, 16 May 2009)
New Revision: 3395
Added:
trunk/openvas-plugins/scripts/cacti_34991.nasl
trunk/openvas-plugins/scripts/cacti_detect.nasl
trunk/openvas-plugins/scripts/eggdrop_34985.nasl
trunk/openvas-plugins/scripts/eggdrop_detect.nasl
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/cve_current.txt
Log:
Added new plugins
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2009-05-16 09:21:12 UTC (rev 3394)
+++ trunk/openvas-plugins/ChangeLog 2009-05-16 12:32:16 UTC (rev 3395)
@@ -1,3 +1,14 @@
+2009-05-16 Michael Meyer <mime at gmx.de>
+ * scripts/eggdrop_34985.nasl,
+ scripts/eggdrop_detect.nasl,
+ scripts/cacti_34991.nasl,
+ scripts/cacti_detect.nasl:
+ Added new plugins
+
+ * cve_current.txt:
+ Added column "status" to make it easier to remove entrys after
+ a while.
+
2009-05-15 Michael Meyer <mime at gmx.de>
* scripts/Turnkey_eBook_store_xss_34324.nasl,
scripts/cross_site_scripting.nasl:
Modified: trunk/openvas-plugins/cve_current.txt
===================================================================
--- trunk/openvas-plugins/cve_current.txt 2009-05-16 09:21:12 UTC (rev 3394)
+++ trunk/openvas-plugins/cve_current.txt 2009-05-16 12:32:16 UTC (rev 3395)
@@ -4,10 +4,10 @@
Procedure:
1. Before taking up for implementation, update this file to indicate that
it is being worked
-2. Before committing the plugin to SVN, remove the entry from here.
+2. Before committing the plugin to SVN, change status to "svn".
-CVE/BID/ Owner
+CVE/BID/ Owner Status
CVE-2009-1597 SecPod
CVE-2009-1600 SecPod
@@ -17,15 +17,15 @@
CVE-2009-1583 SecPod
CVE-2009-1585 SecPod
CVE-2009-1584 SecPod
-CVE-2009-1464 mime
+CVE-2009-1464 mime svn
CVE-2009-1631 SecPod
CVE-2009-1629 SecPod
-CVE-2009-1581 mime
-CVE-2009-1580 mime
-CVE-2009-1579 mime
-CVE-2009-1578 mime
-CVE-2009-1466 mime
-CVE-2009-1465 mime
+CVE-2009-1581 mime svn
+CVE-2009-1580 mime svn
+CVE-2009-1579 mime svn
+CVE-2009-1578 mime svn
+CVE-2009-1466 mime svn
+CVE-2009-1465 mime svn
CVE-2009-1632 SecPod
-34985 mime
-34991 mime
+34985 mime svn
+34991 mime svn
Added: trunk/openvas-plugins/scripts/cacti_34991.nasl
===================================================================
--- trunk/openvas-plugins/scripts/cacti_34991.nasl 2009-05-16 09:21:12 UTC (rev 3394)
+++ trunk/openvas-plugins/scripts/cacti_34991.nasl 2009-05-16 12:32:16 UTC (rev 3395)
@@ -0,0 +1,89 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Cacti 'data_input.php' Cross Site Scripting Vulnerability
+#
+# Authors
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100205);
+ script_bugtraq_id(34991);
+ script_version ("1.0");
+
+ script_name(english:"Cacti 'data_input.php' Cross Site Scripting Vulnerability");
+ desc["english"] = "
+
+ Overview:
+ Cacti is prone to a cross-site scripting vulnerability because the
+ application fails to sufficiently sanitize user-supplied input.
+
+ An attacker may leverage this issue to execute arbitrary script code
+ in the browser of an unsuspecting user in the context of the
+ affected site. This may let the attacker steal cookie-based
+ authentication credentials and launch other attacks.
+
+ Versions prior to Cacti 0.8.7b are vulnerable.
+
+ See also:
+ http://www.securityfocus.com/bid/34991
+
+ Solution:
+ Updates are available. Please see http://cacti.net/ for more
+ information.
+
+ Risk factor : Medium";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Determine if Cacti Version < 0.8.7b");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"Web application abuses");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("cacti_detect.nasl");
+ script_require_ports("Services/www", 80);
+ exit(0);
+}
+
+include("http_func.inc");
+include("http_keepalive.inc");
+include("version_func.inc");
+
+port = get_http_port(default:80);
+if(!get_port_state(port))exit(0);
+
+if(!can_host_php(port:port)) exit(0);
+
+if(!version = get_kb_item(string("www/", port, "/cacti")))exit(0);
+if(!matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$"))exit(0);
+
+vers = matches[1];
+
+if(!isnull(vers) && vers >!< "unknown") {
+
+ if(version_is_less(version: vers, test_version: "0.8.7b")) {
+ security_warning(port:port);
+ exit(0);
+ }
+
+}
+
+exit(0);
Property changes on: trunk/openvas-plugins/scripts/cacti_34991.nasl
___________________________________________________________________
Name: svn:keywords
+ ID
Added: trunk/openvas-plugins/scripts/cacti_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/cacti_detect.nasl 2009-05-16 09:21:12 UTC (rev 3394)
+++ trunk/openvas-plugins/scripts/cacti_detect.nasl 2009-05-16 12:32:16 UTC (rev 3395)
@@ -0,0 +1,124 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Cacti Detection
+#
+# Authors:
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+# need desc here to modify it later in script.
+desc["english"] = "
+
+ Overview:
+ This Host is running Cacti, an open source, web-based graphing tool
+ designed as a frontend to RRDtool's data storage and graphing
+ functionality. Cacti allows a user to poll services at predetermined
+ intervals and graph the resulting data. It is generally used to
+ graph time-series data like CPU load and bandwidth use. A common
+ usage is to query network switch or router interfaces via SNMP to
+ monitor network traffic.
+
+ See also:
+ http://cacti.net/
+
+ Risk factor : None";
+
+if (description)
+{
+ script_id(100204);
+ script_version ("1.0");
+
+ script_name(english:"Cacti Detection");
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Checks for the presence of Cacti");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"Service detection");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("find_service.nes", "http_version.nasl");
+ script_require_ports("Services/www", 80);
+ script_exclude_keys("Settings/disable_cgi_scanning");
+ exit(0);
+}
+
+include("http_func.inc");
+include("http_keepalive.inc");
+include("global_settings.inc");
+
+port = get_http_port(default:80);
+
+if(!get_port_state(port))exit(0);
+if(!can_host_php(port:port)) exit(0);
+
+dirs = make_list("/cacti","/monitoring", cgi_dirs());
+
+foreach dir (dirs) {
+
+ url = string(dir, "/index.php");
+ req = http_get(item:url, port:port);
+ buf = http_send_recv(port:port, data:req, bodyonly:FALSE);
+
+ if( buf == NULL )continue;
+
+ if( egrep(pattern: 'Login to Cacti', string: buf, icase: TRUE) &&
+ egrep(pattern: "Set-Cookie: Cacti", string:buf) )
+ {
+
+ if(strlen(dir)>0) {
+ install=dir;
+ } else {
+ install=string("/");
+ }
+
+ vers = string("unknown");
+
+ ### try to get version.
+
+ url = string(dir, "/docs/CHANGELOG");
+ req = http_get(item:url, port:port);
+ buf = http_keepalive_send_recv(port:port, data:req, bodyonly:TRUE);
+
+ version = eregmatch(string: buf, pattern: "([0-9.]+[a-z]{0,1})",icase:TRUE);
+
+ if ( !isnull(version[1]) ) {
+ vers=version[1];
+ }
+
+ set_kb_item(name: string("www/", port, "/cacti"), value: string(vers, " under ", install));
+
+ info = string("None\n\nCacti Version '");
+ info += string(vers);
+ info += string("' was detected on the remote host\n");
+
+ desc = ereg_replace(
+ string:desc["english"],
+ pattern:"None$",
+ replace:info
+ );
+
+ if(report_verbosity > 0) {
+ security_note(port:port,data:string(desc));
+ exit(0);
+ }
+ }
+}
+
+exit(0);
Property changes on: trunk/openvas-plugins/scripts/cacti_detect.nasl
___________________________________________________________________
Name: svn:keywords
+ ID
Added: trunk/openvas-plugins/scripts/eggdrop_34985.nasl
===================================================================
--- trunk/openvas-plugins/scripts/eggdrop_34985.nasl 2009-05-16 09:21:12 UTC (rev 3394)
+++ trunk/openvas-plugins/scripts/eggdrop_34985.nasl 2009-05-16 12:32:16 UTC (rev 3395)
@@ -0,0 +1,88 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Cacti 'data_input.php' Cross Site Scripting Vulnerability
+#
+# Authors
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100207);
+ script_bugtraq_id(34985);
+ script_version ("1.0");
+
+ script_name(english:"Eggdrop 'ctcpbuf' Remote Denial Of Service Vulnerability");
+ desc["english"] = "
+
+ Overview:
+ Eggdrop is prone to a remote denial-of-service vulnerability because
+ it fails to adequately validate user-supplied input.
+
+ An attacker may exploit this issue to crash the application,
+ resulting in a denial-of-service condition.
+
+ This issue is related to the vulnerability described in BID 24070
+ (Eggdrop Server Module Message Handling Remote Buffer Overflow
+ Vulnerability).
+
+ Versions prior to Eggdrop 1.6.19+ctcpfix are vulnerable.
+
+ See also:
+ http://www.securityfocus.com/bid/34985
+
+ Solution:
+ The vendor has released an update. Please see
+ http://www.eggheads.org/ for more information.
+
+ Risk factor : Medium";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Determine if Eggdrop Version < 1.6.19+ctcpfix");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"Denial of Service");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("eggdrop_detect.nasl");
+ script_require_ports("Services/eggdrop",3333);
+ exit(0);
+}
+
+include("version_func.inc");
+
+port = get_kb_item("Services/eggdrop");
+
+if(!port) {
+ port = 3333;
+}
+
+if(!get_port_state(port))exit(0);
+if(!version = get_kb_item(string("eggdrop/version/", port)))exit(0);
+
+if(!isnull(version) && version >!< "unknown") {
+
+ if(version_is_less(version: version, test_version: "1.6.19+ctcpfix")) {
+ security_warning(port:port);
+ exit(0);
+ }
+
+}
+
+exit(0);
Property changes on: trunk/openvas-plugins/scripts/eggdrop_34985.nasl
___________________________________________________________________
Name: svn:keywords
+ ID
Added: trunk/openvas-plugins/scripts/eggdrop_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/eggdrop_detect.nasl 2009-05-16 09:21:12 UTC (rev 3394)
+++ trunk/openvas-plugins/scripts/eggdrop_detect.nasl 2009-05-16 12:32:16 UTC (rev 3395)
@@ -0,0 +1,98 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Eggdrop Detection
+#
+# Authors:
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+# need desc here to modify it later in script.
+desc["english"] = "
+
+ Overview:
+ This Host is running Eggdrop, an Open Source IRC bot.
+
+ See also:
+ http://www.eggheads.org/
+
+ Risk factor : None";
+
+if (description)
+{
+ script_id(100206);
+ script_version ("1.0");
+
+ script_name(english:"Eggdrop Detection");
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Checks for the presence of Eggdrop");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"Service detection");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("find_service.nes");
+ script_require_ports("Services/eggdrop",3333 );
+ exit(0);
+}
+
+include("global_settings.inc");
+include("telnet_func.inc");
+
+port = get_kb_item("Services/eggdrop");
+
+if(!port) {
+ port = 3333;
+}
+
+if(!get_port_state(port))exit(0);
+
+banner = get_telnet_banner(port:port);
+
+if(isnull(banner)) {
+ exit(0);
+}
+
+ if(egrep(pattern:"Eggdrop", string: banner, icase:TRUE)) {
+
+ version = eregmatch(string: banner, pattern: "\(Eggdrop v([0-9.]+[^ ]*) \(",icase:TRUE);
+
+ if ( !isnull(version[1]) ) {
+ vers=version[1];
+ }
+
+ set_kb_item(name: string("eggdrop/version/", port), value: vers);
+
+ info = string("None\n\nEggdrop Version '");
+ info += string(vers);
+ info += string("' was detected on the remote host\n");
+
+ desc = ereg_replace(
+ string:desc["english"],
+ pattern:"None$",
+ replace:info
+ );
+
+ if(report_verbosity > 0) {
+ security_note(port:port,data:string(desc));
+ exit(0);
+ }
+
+}
+exit(0);
Property changes on: trunk/openvas-plugins/scripts/eggdrop_detect.nasl
___________________________________________________________________
Name: svn:keywords
+ ID
More information about the Openvas-commits
mailing list