[Openvas-commits] r3395 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Sat May 16 14:32:17 CEST 2009


Author: mime
Date: 2009-05-16 14:32:16 +0200 (Sat, 16 May 2009)
New Revision: 3395

Added:
   trunk/openvas-plugins/scripts/cacti_34991.nasl
   trunk/openvas-plugins/scripts/cacti_detect.nasl
   trunk/openvas-plugins/scripts/eggdrop_34985.nasl
   trunk/openvas-plugins/scripts/eggdrop_detect.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/cve_current.txt
Log:
Added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2009-05-16 09:21:12 UTC (rev 3394)
+++ trunk/openvas-plugins/ChangeLog	2009-05-16 12:32:16 UTC (rev 3395)
@@ -1,3 +1,14 @@
+2009-05-16 Michael Meyer <mime at gmx.de>
+	* scripts/eggdrop_34985.nasl,
+	scripts/eggdrop_detect.nasl,
+	scripts/cacti_34991.nasl,
+	scripts/cacti_detect.nasl:
+	Added new plugins
+
+	* cve_current.txt:
+	Added column "status" to make it easier to remove entrys after
+	a while.
+
 2009-05-15 Michael Meyer <mime at gmx.de>
 	* scripts/Turnkey_eBook_store_xss_34324.nasl,
 	scripts/cross_site_scripting.nasl:

Modified: trunk/openvas-plugins/cve_current.txt
===================================================================
--- trunk/openvas-plugins/cve_current.txt	2009-05-16 09:21:12 UTC (rev 3394)
+++ trunk/openvas-plugins/cve_current.txt	2009-05-16 12:32:16 UTC (rev 3395)
@@ -4,10 +4,10 @@
 Procedure:
 1. Before taking up for implementation, update this file to indicate that
    it is being worked
-2. Before committing the plugin to SVN, remove the entry from here.
+2. Before committing the plugin to SVN, change status to "svn".
 
 
-CVE/BID/			Owner
+CVE/BID/			Owner		Status
 
 CVE-2009-1597			SecPod
 CVE-2009-1600			SecPod
@@ -17,15 +17,15 @@
 CVE-2009-1583			SecPod
 CVE-2009-1585			SecPod
 CVE-2009-1584 			SecPod
-CVE-2009-1464			mime
+CVE-2009-1464			mime		svn
 CVE-2009-1631			SecPod
 CVE-2009-1629			SecPod
-CVE-2009-1581			mime
-CVE-2009-1580			mime
-CVE-2009-1579			mime
-CVE-2009-1578			mime
-CVE-2009-1466			mime
-CVE-2009-1465			mime
+CVE-2009-1581			mime		svn
+CVE-2009-1580			mime		svn
+CVE-2009-1579			mime		svn
+CVE-2009-1578			mime		svn
+CVE-2009-1466			mime		svn
+CVE-2009-1465			mime		svn
 CVE-2009-1632			SecPod
-34985				mime
-34991				mime
+34985				mime		svn
+34991				mime		svn

Added: trunk/openvas-plugins/scripts/cacti_34991.nasl
===================================================================
--- trunk/openvas-plugins/scripts/cacti_34991.nasl	2009-05-16 09:21:12 UTC (rev 3394)
+++ trunk/openvas-plugins/scripts/cacti_34991.nasl	2009-05-16 12:32:16 UTC (rev 3395)
@@ -0,0 +1,89 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Cacti 'data_input.php' Cross Site Scripting Vulnerability
+#
+# Authors
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100205);
+ script_bugtraq_id(34991);
+ script_version ("1.0");
+
+ script_name(english:"Cacti 'data_input.php' Cross Site Scripting Vulnerability");
+ desc["english"] = "
+
+ Overview:
+  Cacti is prone to a cross-site scripting vulnerability because the
+  application fails to sufficiently sanitize user-supplied input.
+
+  An attacker may leverage this issue to execute arbitrary script code
+  in the browser of an unsuspecting user in the context of the
+  affected site. This may let the attacker steal cookie-based
+  authentication credentials and launch other attacks.
+
+  Versions prior to Cacti 0.8.7b are vulnerable. 
+
+ See also:
+  http://www.securityfocus.com/bid/34991
+
+ Solution:
+  Updates are available. Please see http://cacti.net/ for more
+  information.  
+
+ Risk factor : Medium";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Determine if Cacti Version < 0.8.7b");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"Web application abuses");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("cacti_detect.nasl");
+ script_require_ports("Services/www", 80);
+ exit(0);
+}
+
+include("http_func.inc");
+include("http_keepalive.inc");
+include("version_func.inc");
+
+port = get_http_port(default:80);
+if(!get_port_state(port))exit(0);
+
+if(!can_host_php(port:port)) exit(0);
+
+if(!version = get_kb_item(string("www/", port, "/cacti")))exit(0);
+if(!matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$"))exit(0);
+
+vers = matches[1];
+
+if(!isnull(vers) && vers >!< "unknown") {
+
+  if(version_is_less(version: vers, test_version: "0.8.7b")) {
+      security_warning(port:port);
+      exit(0);
+  }  
+
+} 
+
+exit(0);


Property changes on: trunk/openvas-plugins/scripts/cacti_34991.nasl
___________________________________________________________________
Name: svn:keywords
   + ID

Added: trunk/openvas-plugins/scripts/cacti_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/cacti_detect.nasl	2009-05-16 09:21:12 UTC (rev 3394)
+++ trunk/openvas-plugins/scripts/cacti_detect.nasl	2009-05-16 12:32:16 UTC (rev 3395)
@@ -0,0 +1,124 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Cacti Detection
+#
+# Authors:
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+# need desc here to modify it later in script.
+desc["english"] = "
+
+ Overview:
+  This Host is running Cacti, an open source, web-based graphing tool
+  designed as a frontend to RRDtool's data storage and graphing
+  functionality. Cacti allows a user to poll services at predetermined
+  intervals and graph the resulting data. It is generally used to
+  graph time-series data like CPU load and bandwidth use. A common
+  usage is to query network switch or router interfaces via SNMP to
+  monitor network traffic.
+
+ See also:
+  http://cacti.net/
+
+ Risk factor : None";
+
+if (description)
+{
+ script_id(100204);
+ script_version ("1.0");
+
+ script_name(english:"Cacti Detection");  
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Checks for the presence of Cacti");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"Service detection");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("find_service.nes", "http_version.nasl");
+ script_require_ports("Services/www", 80);
+ script_exclude_keys("Settings/disable_cgi_scanning");
+ exit(0);
+}
+
+include("http_func.inc");
+include("http_keepalive.inc");
+include("global_settings.inc");
+
+port = get_http_port(default:80);
+
+if(!get_port_state(port))exit(0);
+if(!can_host_php(port:port)) exit(0);
+
+dirs = make_list("/cacti","/monitoring", cgi_dirs());
+
+foreach dir (dirs) {
+
+   url = string(dir, "/index.php"); 
+   req = http_get(item:url, port:port);
+   buf = http_send_recv(port:port, data:req, bodyonly:FALSE);  
+
+   if( buf == NULL )continue;
+
+   if( egrep(pattern: 'Login to Cacti', string: buf, icase: TRUE) &&
+       egrep(pattern: "Set-Cookie: Cacti", string:buf) )
+   { 
+   
+     if(strlen(dir)>0) {
+        install=dir;
+     } else {
+        install=string("/");
+     }
+
+      vers = string("unknown");
+
+      ### try to get version.
+      
+      url = string(dir, "/docs/CHANGELOG");
+      req = http_get(item:url, port:port);
+      buf = http_keepalive_send_recv(port:port, data:req, bodyonly:TRUE);
+
+      version = eregmatch(string: buf, pattern: "([0-9.]+[a-z]{0,1})",icase:TRUE);
+
+      if ( !isnull(version[1]) ) {
+         vers=version[1];
+      } 
+
+      set_kb_item(name: string("www/", port, "/cacti"), value: string(vers, " under ", install));	
+
+      info = string("None\n\nCacti Version '");
+      info += string(vers);
+      info += string("' was detected on the remote host\n");
+
+      desc = ereg_replace(
+          string:desc["english"],
+          pattern:"None$",
+          replace:info
+      );    
+       
+         if(report_verbosity > 0) {
+           security_note(port:port,data:string(desc));
+           exit(0);
+         }	 
+   }
+}
+
+exit(0);


Property changes on: trunk/openvas-plugins/scripts/cacti_detect.nasl
___________________________________________________________________
Name: svn:keywords
   + ID

Added: trunk/openvas-plugins/scripts/eggdrop_34985.nasl
===================================================================
--- trunk/openvas-plugins/scripts/eggdrop_34985.nasl	2009-05-16 09:21:12 UTC (rev 3394)
+++ trunk/openvas-plugins/scripts/eggdrop_34985.nasl	2009-05-16 12:32:16 UTC (rev 3395)
@@ -0,0 +1,88 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Cacti 'data_input.php' Cross Site Scripting Vulnerability
+#
+# Authors
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100207);
+ script_bugtraq_id(34985);
+ script_version ("1.0");
+
+ script_name(english:"Eggdrop 'ctcpbuf' Remote Denial Of Service Vulnerability");
+ desc["english"] = "
+
+ Overview:
+  Eggdrop is prone to a remote denial-of-service vulnerability because
+  it fails to adequately validate user-supplied input.
+
+  An attacker may exploit this issue to crash the application,
+  resulting in a denial-of-service condition.
+
+  This issue is related to the vulnerability described in BID 24070
+  (Eggdrop Server Module Message Handling Remote Buffer Overflow
+  Vulnerability).
+
+  Versions prior to Eggdrop 1.6.19+ctcpfix are vulnerable. 
+
+ See also:
+  http://www.securityfocus.com/bid/34985
+
+ Solution:
+  The vendor has released an update. Please see
+  http://www.eggheads.org/ for more information.
+
+ Risk factor : Medium";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Determine if Eggdrop Version < 1.6.19+ctcpfix");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"Denial of Service");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("eggdrop_detect.nasl");
+ script_require_ports("Services/eggdrop",3333);
+ exit(0);
+}
+
+include("version_func.inc");
+
+port = get_kb_item("Services/eggdrop");
+
+if(!port) {
+   port = 3333;
+}  
+
+if(!get_port_state(port))exit(0);
+if(!version = get_kb_item(string("eggdrop/version/", port)))exit(0);
+
+if(!isnull(version) && version >!< "unknown") {
+
+  if(version_is_less(version: version, test_version: "1.6.19+ctcpfix")) {
+      security_warning(port:port);
+      exit(0);
+  }  
+
+} 
+
+exit(0);


Property changes on: trunk/openvas-plugins/scripts/eggdrop_34985.nasl
___________________________________________________________________
Name: svn:keywords
   + ID

Added: trunk/openvas-plugins/scripts/eggdrop_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/eggdrop_detect.nasl	2009-05-16 09:21:12 UTC (rev 3394)
+++ trunk/openvas-plugins/scripts/eggdrop_detect.nasl	2009-05-16 12:32:16 UTC (rev 3395)
@@ -0,0 +1,98 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Eggdrop Detection
+#
+# Authors:
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+# need desc here to modify it later in script.
+desc["english"] = "
+
+ Overview:
+  This Host is running Eggdrop, an Open Source IRC bot.
+
+ See also:
+  http://www.eggheads.org/
+
+ Risk factor : None";
+
+if (description)
+{
+ script_id(100206);
+ script_version ("1.0");
+
+ script_name(english:"Eggdrop Detection");  
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Checks for the presence of Eggdrop");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"Service detection");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("find_service.nes");
+ script_require_ports("Services/eggdrop",3333 );
+ exit(0);
+}
+
+include("global_settings.inc");
+include("telnet_func.inc");
+
+port = get_kb_item("Services/eggdrop");
+
+if(!port) {
+ port = 3333;
+}  
+
+if(!get_port_state(port))exit(0);
+
+banner = get_telnet_banner(port:port);
+
+if(isnull(banner)) {
+   exit(0);
+}   
+
+ if(egrep(pattern:"Eggdrop", string: banner, icase:TRUE)) {
+
+      version = eregmatch(string: banner, pattern: "\(Eggdrop v([0-9.]+[^ ]*) \(",icase:TRUE);
+
+      if ( !isnull(version[1]) ) {
+         vers=version[1];
+      } 
+
+      set_kb_item(name: string("eggdrop/version/", port), value: vers);
+
+      info = string("None\n\nEggdrop Version '");
+      info += string(vers);
+      info += string("' was detected on the remote host\n");
+
+      desc = ereg_replace(
+          string:desc["english"],
+          pattern:"None$",
+          replace:info
+      );    
+       
+         if(report_verbosity > 0) {
+           security_note(port:port,data:string(desc));
+           exit(0);
+         }	 
+
+}	 
+exit(0);


Property changes on: trunk/openvas-plugins/scripts/eggdrop_detect.nasl
___________________________________________________________________
Name: svn:keywords
   + ID



More information about the Openvas-commits mailing list