[Openvas-commits] r3456 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Fri May 22 10:20:19 CEST 2009 

Author: chandra
Date: 2009-05-22 10:20:17 +0200 (Fri, 22 May 2009)
New Revision: 3456

Added:
   trunk/openvas-plugins/scripts/gb_mcafee_groupshield_detect.nasl
   trunk/openvas-plugins/scripts/gb_mcafee_groupshield_exchange_sec_bypass_vuln.nasl
   trunk/openvas-plugins/scripts/secpod_mini_stream_castripper_bof_vuln.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/gb_electrasoft_32bit_ftp_bof_vuln.nasl
   trunk/openvas-plugins/scripts/secpod_mini_stream_prdts_detect.nasl
Log:
checkedin 3 New scripts, Added CVE to 32bit ftp and Cast Ripper check added.

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2009-05-22 06:49:17 UTC (rev 3455)
+++ trunk/openvas-plugins/ChangeLog	2009-05-22 08:20:17 UTC (rev 3456)
@@ -1,4 +1,14 @@
 2009-05-22 Chandan S <schandan at secpod.com>
+	* scripts/gb_mcafee_groupshield_exchange_sec_bypass_vuln.nasl,
+	scripts/secpod_mini_stream_castripper_bof_vuln.nasl,
+	scripts/gb_mcafee_groupshield_detect.nasl:
+	Committed 3 New scripts.
+
+	* scripts/gb_electrasoft_32bit_ftp_bof_vuln.nasl,
+	scripts/secpod_mini_stream_prdts_detect.nasl:
+	Added New CVE to 32bit ftp and Cast Ripper check.
+
+2009-05-22 Chandan S <schandan at secpod.com>
 	* scripts/gb_koschtit_image_gallery_dir_trav_vuln.nasl,
 	scripts/secpod_java_jre_actvx_ctrl_mult_bof_vuln.nasl,
 	scripts/secpod_mini_stream_rm_downloader_bof_vuln.nasl,

Modified: trunk/openvas-plugins/scripts/gb_electrasoft_32bit_ftp_bof_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_electrasoft_32bit_ftp_bof_vuln.nasl	2009-05-22 06:49:17 UTC (rev 3455)
+++ trunk/openvas-plugins/scripts/gb_electrasoft_32bit_ftp_bof_vuln.nasl	2009-05-22 08:20:17 UTC (rev 3456)
@@ -27,8 +27,8 @@
 if(description)
 {
   script_id(800569);
-  script_version("$Revision: 1.0 $");
-  script_cve_id("CVE-2009-1592", "CVE-2009-1611");
+  script_version("$Revision: 1.1 $");
+  script_cve_id("CVE-2009-1592", "CVE-2009-1611", "CVE-2009-1675");
   script_bugtraq_id(34822, 34838);
   script_name(english:"ElectraSoft 32bit FTP Buffer Overflow Vulnerability");
   desc["english"] = "
@@ -40,28 +40,30 @@
   A boundary error occurs while processing,
   - response received from an FTP server with overly long banners.
   - a overly long 257 reply to a CWD command.
+  - a overly long 227 reply to a PASV command.
 
   Impact: Successful exploitation will let the attacker execute arbitrary
   codes within the context of the application by connecting to malicious
-  FTP servers.
+  FTP servers or can cause the application to crash.
 
   Affected Software/OS:
-  ElectraSoft 32bit FTP 09.04.24 and prior on all Windows platforms.
+  ElectraSoft 32bit FTP 09.04.24 and prior on Windows
 
-  Fix: No solution or patch is available as on 13th May, 2009.Information
-  regarding this issue will be updated once the solution details are available.
-  For updates refer, http://www.electrasoft.com/32ftp.htm
+  Fix: Upgrade to 32bit FTP version 09.05.01
+  http://www.electrasoft.com/32ftp.htm
 
   References:
+  http://secunia.com/advisories/34993
   http://www.milw0rm.com/exploits/8614
   http://www.milw0rm.com/exploits/8613
-  http://secunia.com/advisories/34993/
-  http://en.securitylab.ru/nvd/379298.php
+  http://www.milw0rm.com/exploits/8623
+  http://www.electrasoft.com/readmef.txt
+  http://xforce.iss.net/xforce/xfdb/50337
 
   CVSS Score:
-    CVSS Base Score     : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P)
-    CVSS Temporal Score : 6.7
-  Risk factor: High ";
+    CVSS Base Score     : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 7.3
+  Risk factor: High";
 
   script_description(english:desc["english"]);
   script_summary(english:"Check for the version of ElectraSoft 32bit FTP");
@@ -76,11 +78,11 @@
 
 include("version_func.inc");
 
-ftpVer = get_kb_item("ElectraSoft/FTP/Ver");
-if(!ftpVer){
+bitftpVer = get_kb_item("ElectraSoft/FTP/Ver");
+if(!bitftpVer){
   exit(0);
 }
 
-if(version_is_less_equal(version:ftpVer, test_version:"09.04.24")){
+if(version_is_less_equal(version:bitftpVer, test_version:"09.04.24")){
   security_hole(0);
 }

Added: trunk/openvas-plugins/scripts/gb_mcafee_groupshield_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_mcafee_groupshield_detect.nasl	2009-05-22 06:49:17 UTC (rev 3455)
+++ trunk/openvas-plugins/scripts/gb_mcafee_groupshield_detect.nasl	2009-05-22 08:20:17 UTC (rev 3456)
@@ -0,0 +1,70 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_mcafee_groupshield_detect.nasl 2158 2009-05-13 10:07:05Z may $
+#
+# McAfee GroupShield Version Detection
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800618);
+  script_version("$Revision: 1.0 $");
+  script_name(english:"McAfee GroupShield Version Detection");
+  desc["english"] = "
+
+  Overview: This script detects the installed version of McAfee GroupShield
+  for Exchange and sets the result in KB.
+
+  Risk factor: Informational";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Sets KB for the version of McAfee GroupShield");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+  script_family(english:"Service detection");
+  script_dependencies("secpod_reg_enum.nasl");
+  script_require_keys("SMB/WindowsVersion");
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+  exit(0);
+}
+
+groupshieldKey = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
+foreach item(registry_enum_keys(key:groupshieldKey))
+{
+  groupName = registry_get_sz(key:groupshieldKey + item, item:"DisplayName");
+  if("McAfee GroupShield" >< groupName && "Exchange" >< groupName)
+  {
+    groupshieldVer = registry_get_sz(key:groupshieldKey + item,
+                                    item:"DisplayVersion");
+    if(groupshieldVer != NULL){
+      set_kb_item(name:"McAfee/GroupShield/Exchange/Ver", value:groupshieldVer);
+    }
+    exit(0);
+  }
+}

Added: trunk/openvas-plugins/scripts/gb_mcafee_groupshield_exchange_sec_bypass_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_mcafee_groupshield_exchange_sec_bypass_vuln.nasl	2009-05-22 06:49:17 UTC (rev 3455)
+++ trunk/openvas-plugins/scripts/gb_mcafee_groupshield_exchange_sec_bypass_vuln.nasl	2009-05-22 08:20:17 UTC (rev 3456)
@@ -0,0 +1,87 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_mcafee_groupshield_exchange_sec_bypass_vuln.nasl 2158 2009-05-14 20:07:05Z may $
+#
+# McAfee GroupShield for Exchange X-Header Security Bypass Vulnerability
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+##############################################################################
+
+if(description)
+{
+  script_id(800619);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-1491");
+  script_bugtraq_id(34949);
+  script_name(english:"McAfee GroupShield for Exchange X-Header Security Bypass Vulnerability");
+  desc["english"] = "
+
+  Overview: This host is installed McAfee GroupShield for Microsoft Exchange and
+  is prone to X-Header Security Bypass Vulnerability.
+
+  Vulnerability Insight:
+  This flaw is caused due to failure in scanning X-Headers while sending mail
+  messages.
+
+  Impact:
+  Successful exploits will let the attacker craft malicious contents inside the
+  X-Header and can bypass antivirus detection and launch further attacks into
+  the affected system.
+
+  Impact Level: System
+
+  Affected Software/OS:
+  McAfee GroupShield for Exchange version 6.0.616.102 and prior.
+
+  Fix: No solution or patch is available as on 22nd May, 2009. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer,
+  http://www.mcafee.com/us/enterprise/products/anti_virus/email_servers/groupshield_microsoft_exchange.html
+
+  References:
+  http://xforce.iss.net/xforce/xfdb/50354
+  http://www.nmrc.org/~thegnome/blog/apr09
+
+  CVSS Score:
+   CVSS Base Score     : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+   CVSS Temporal Score : 8.4
+  Risk factor: Critical";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the version of McAfee GroupShield Exchange");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+  script_family(english:"SMTP problems");
+  script_dependencies("gb_mcafee_groupshield_detect.nasl");
+  script_require_keys("McAfee/GroupShield/Exchange/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+groupVer = get_kb_item("McAfee/GroupShield/Exchange/Ver");
+if(groupVer != NULL)
+{
+  # Grep for McAfee Groupshield for Exchange version 6.0.616.102
+  if(version_is_less_equal(version:groupVer, test_version:"6.0.616.102")){
+    security_hole(0);
+  }
+}

Added: trunk/openvas-plugins/scripts/secpod_mini_stream_castripper_bof_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_mini_stream_castripper_bof_vuln.nasl	2009-05-22 06:49:17 UTC (rev 3455)
+++ trunk/openvas-plugins/scripts/secpod_mini_stream_castripper_bof_vuln.nasl	2009-05-22 08:20:17 UTC (rev 3456)
@@ -0,0 +1,88 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_mini_stream_castripper_bof_vuln.nasl 2383 2009-05-18 15:15:24Z may $
+#
+# Mini-stream CastRipper Stack Overflow Vulnerability
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900651);
+  script_version("Revision: 1.0");
+  script_cve_id("CVE-2009-1667");
+  script_name(english:"Mini-stream CastRipper Stack Overflow Vulnerability");
+  desc["english"] = "
+
+  Overview:
+  This host is installed with Mini-Stream CastRipper and is prone to Stack
+  Overflow Vulnerability.
+
+  Vulnerability Insight:
+  This flaw is due to a boundary error check when processing user supplied
+  input data through '.M3U' files with overly long URI.
+
+  Impact:
+  Successful exploitation will let the attacker execute arbitrary codes into
+  the contenxt of the application and can crash the application.
+
+  Impact Level: Application.
+
+  Affected Software/OS:
+  CastRipper version 2.50.70 (2.9.6.0) and prior.
+  CastRipper version 2.10.00
+
+  Fix: No solution or patch is available as on 22nd May, 2009. Information
+  regarding this issue will be updated once the solution details are available
+  For updates refer, http://mini-stream.net/castripper
+
+  References:
+  http://secunia.com/advisories/35069
+  http://www.milw0rm.com/exploits/8660
+  http://www.milw0rm.com/exploits/8661
+  http://www.milw0rm.com/exploits/8662
+
+  CVSS Score:
+    CVSS Base Score      : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score  : 8.4
+  Risk factor: Critical";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Checks for the version of Mini Stream CastRipper");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 SecPod");
+  script_family(english:"Buffer overflow");
+  script_dependencies("secpod_mini_stream_prdts_detect.nasl");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+castripperVer = get_kb_item("MiniStream/CastRipper/Ver");
+if(castripperVer)
+{
+   # Ministream CastRipper 2.50.70 points to version 2.9.6.0 & version 2.10.00
+   if(version_is_less_equal(version:castripperVer, test_version:"2.9.6.0") ||
+      version_is_equal(version:castripperVer, test_version:"2.10.00")){
+    security_hole(0);
+  }
+}

Modified: trunk/openvas-plugins/scripts/secpod_mini_stream_prdts_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_mini_stream_prdts_detect.nasl	2009-05-22 06:49:17 UTC (rev 3455)
+++ trunk/openvas-plugins/scripts/secpod_mini_stream_prdts_detect.nasl	2009-05-22 08:20:17 UTC (rev 3456)
@@ -59,8 +59,9 @@
 ssRecName = registry_get_sz(key:key+item1, item:"DisplayName");
 ssRVer = eregmatch(pattern:"([0-9.]+)", string:ssRecName);
 
-if(ssRVer[1]!=NULL){
-# set the version of Mini-stream Shadow Stream Recorder
+if(ssRVer[1]!=NULL)
+{
+  # set the version of Mini-stream Shadow Stream Recorder
   set_kb_item(name:"MiniStream/SSRecorder/Ver", value:ssRVer[1]);
 }
 
@@ -68,8 +69,9 @@
 rmTmp = registry_get_sz(key:key+item2, item:"DisplayName");
 rmTmpVer = eregmatch(pattern:"([0-9]\.[0-9]\.[0-9.]+)", string:rmTmp);
 
-if(rmTmpVer[1]!=NULL){
-#set the version of Mini-stream RM-MP3 Converter
+if(rmTmpVer[1]!=NULL)
+{
+  #set the version of Mini-stream RM-MP3 Converter
   set_kb_item(name:"MiniStream/RmToMp3/Conv/Ver", value:rmTmpVer[1]);
 }
 
@@ -77,8 +79,9 @@
 wmDown = registry_get_sz(key:key+item3, item:"DisplayName");
 wmDownVer = eregmatch(pattern:"([0-9.]+)", string:wmDown);
 
-if(wmDownVer[1]!=NULL){
-#set the version of Mini-stream WM Downloader
+if(wmDownVer[1]!=NULL)
+{
+  #set the version of Mini-stream WM Downloader
   set_kb_item(name:"MiniStream/WMDown/Ver", value:wmDownVer[1]);
 }
 
@@ -86,8 +89,9 @@
 rmDown = registry_get_sz(key:key+item4, item:"DisplayName");
 rmDownVer = eregmatch(pattern:"([0-9.]+)", string:rmDown);
 
-if(rmDownVer[1]!=NULL){
-#set the version of Mini-stream RM Downloader
+if(rmDownVer[1]!=NULL)
+{
+  #set the version of Mini-stream RM Downloader
   set_kb_item(name:"MiniStream/RMDown/Ver", value:rmDownVer[1]);
 }
 
@@ -95,8 +99,9 @@
 asx2mpName= registry_get_sz(key:key+item5, item:"DisplayName");
 asx2mpVer = eregmatch(pattern:"([0-9]\.[0-9]\.[0-9.]+)", string:asx2mpName);
 
-if(asx2mpVer[1]!=NULL){
-#set the version of Mini-stream ASX to MP3 Converter
+if(asx2mpVer[1]!=NULL)
+{
+  #set the version of Mini-stream ASX to MP3 Converter
   set_kb_item(name:"MiniStream/AsxToMp3/Conv/Ver", value:asx2mpVer[1]);
 }
 
@@ -104,7 +109,20 @@
 msRipper = registry_get_sz(key:key+item6, item:"DisplayName");
 msRipperVer = eregmatch(pattern:"([0-9.]+)", string:msRipper);
 
-if(msRipperVer[1]!=NULL){
-#set the version of Mini-stream Ripper
+if(msRipperVer[1]!=NULL)
+{
+  #set the version of Mini-stream Ripper
   set_kb_item(name:"MiniStream/Ripper/Ver", value:msRipperVer[1]);
 }
+
+
+item7 = "CastRipper_is1\";
+nameRipper = registry_get_sz(key:key+item7, item:"Publisher");
+if("Mini-stream" >< nameRipper)
+{
+  castripperVer = registry_get_sz(key:key+item7, item:"DisplayName");
+  castripperVer = eregmatch(pattern:"([0-9.]+)", string:castripperVer);
+  if(castripperVer[1] != NULL){
+       set_kb_item(name:"MiniStream/CastRipper/Ver", value:castripperVer[1]);
+  }
+}

More information about the Openvas-commits mailing list