From scm-commit at wald.intevation.org Sun Nov 1 17:45:50 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Sun, 1 Nov 2009 17:45:50 +0100 (CET) Subject: [Openvas-commits] r5773 - in trunk/openvas-plugins: . scripts Message-ID: <20091101164550.0104E861EACE@pyrosoma.intevation.org> Author: mime Date: 2009-11-01 17:45:48 +0100 (Sun, 01 Nov 2009) New Revision: 5773 Added: trunk/openvas-plugins/scripts/ePO_console_detect.nasl Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/ePo_detect.nasl Log: Added new plugin Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-10-31 21:44:16 UTC (rev 5772) +++ trunk/openvas-plugins/ChangeLog 2009-11-01 16:45:48 UTC (rev 5773) @@ -1,3 +1,11 @@ +2009-11-01 Michael Meyer + + * scripts/ePO_console_detect.nasl: + Added new plugin. + + * scripts/ePo_detect.nasl: + Optimized. + 2009-10-31 Chandrashekhar B * scripts/secpod_efront_rfi_vuln.nasl, Added: trunk/openvas-plugins/scripts/ePO_console_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/ePO_console_detect.nasl 2009-10-31 21:44:16 UTC (rev 5772) +++ trunk/openvas-plugins/scripts/ePO_console_detect.nasl 2009-11-01 16:45:48 UTC (rev 5773) @@ -0,0 +1,86 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# ePO console Detection +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +# need desc here to modify it later in script. +desc = "Overview: +This host is running an ePolicy Orchestrator (ePo) console. + +Risk factor : None"; + +if (description) +{ + script_id(100331); + script_version ("1.0-$Revision$"); + + script_name("ePO console Detection"); + script_description(desc); + script_summary("Checks for the presence of ePO console"); + script_category(ACT_GATHER_INFO); + script_family("Service detection"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("find_service.nes", "http_version.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + + +include("http_func.inc"); +include("global_settings.inc"); + +port = get_http_port(default:80); + +if(!get_port_state(port))exit(0); + + data = "xxxxx"; + + req = string("POST /spipe/pkg?Source=Agent_3.0.0 HTTP/1.0\r\n", + "Content-Length: ", strlen(data), + "\r\n", + "\r\n", + data); + + buf = http_send_recv(port:port, data:req, bodyonly:FALSE); + if( buf == NULL )exit(0); + + if("202 OK" >< buf) + { + + blen = strlen(buf); + str = substr(buf,blen-3); + + if(hexstr(str) == "0d0a20") { + + if(report_verbosity > 0) { + security_note(port:port); + } + + } + exit(0); + + } +exit(0); + Property changes on: trunk/openvas-plugins/scripts/ePO_console_detect.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Modified: trunk/openvas-plugins/scripts/ePo_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/ePo_detect.nasl 2009-10-31 21:44:16 UTC (rev 5772) +++ trunk/openvas-plugins/scripts/ePo_detect.nasl 2009-11-01 16:45:48 UTC (rev 5773) @@ -2,7 +2,7 @@ # OpenVAS Vulnerability Test # $Id$ # -# ePo Detection +# ePo Agent Detection # # Authors: # Michael Meyer @@ -26,8 +26,7 @@ # need desc here to modify it later in script. desc = "Overview: -This host is running ePo, an platform to centrally manage security for -systems, networks, data, and compliance solutions. +This host is running an ePolicy Orchestrator (ePo) Agent. Risk factor : None"; @@ -35,14 +34,14 @@ { script_id(100329); script_version ("1.0-$Revision$"); - script_name("ePo Detection"); + script_name("ePo Agent Detection"); script_description(desc); - script_summary("Checks for the presence of ePo"); + script_summary("Checks for the presence of ePo Agent"); script_category(ACT_GATHER_INFO); script_family("Service detection"); script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); - script_dependencies("find_service.nes"); - script_require_ports(8081); + script_dependencies("find_service.nes","http_version.nasl"); + script_require_ports("Services/www", 8081); exit(0); } @@ -51,56 +50,97 @@ include("global_settings.inc"); include("misc_func.inc"); -port = 8081; +port = get_http_port(default:8081); if(!get_port_state(port))exit(0); url = string("/"); req = http_get(item:url, port:port); - buf = http_keepalive_send_recv(port:port, data:req, bodyonly:TRUE); + buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); if( buf == NULL )exit(0); - if(egrep(pattern:"ePO", string: buf, icase: TRUE) || - egrep(pattern:"Log component", string: buf, icase: TRUE)) { + if(egrep(pattern:"Agent-ListenServer", string: buf, icase: TRUE) || + (egrep(pattern:"naLog", string: buf, icase: TRUE) && + egrep(pattern:"ComputerName", string: buf, icase: TRUE))) { - lines = split(buf, sep:'\n', keep:0); + info = string("None\n\ninformation that was gathered:\n\n"); - cn = make_list(); - vers = make_list(); - con = make_list(); - rs = make_list(); + if("403 Forbidden" >< buf) { + + info += string("Could not read remote log. Error: 403 Forbidden\n"); + + } else { + + lines = split(buf, sep:'><', keep: TRUE); - info = string("None\n\ninformation that was gathered:\n\n"); + foreach line (lines) { + + if(computer_name = eregmatch(string: line, pattern:'ComputerName>([^<]+)',icase:TRUE)) { + if(!isnull(computer_name[1]))cn=computer_name[1]; + } + + if(version = eregmatch(string: line, pattern: "version>([^<]+)",icase:TRUE)) { + if(!isnull(version[1]))vers=version[1]; + } - foreach line (lines) { - computer_name = eregmatch(string: line, pattern: "([a-zA-Z0-9_-]+)",icase:TRUE); - if(!isnull(computer_name[1]))cn = make_list(cn,computer_name[1]); - version = eregmatch(string: line, pattern: "([0-9.]+)",icase:TRUE); - if(!isnull(version[1]))vers = make_list(vers,version[1]); - connected = eregmatch(string: line, pattern: 'Agent is connecting to ePO server',icase:TRUE); - if(!isnull(connected[1]))con = make_list(con,connected[1]); - repServer = eregmatch(string: line, pattern: 'Checking update packages from repository ([a-zA-Z-_0-9]+).',icase:TRUE); - if(!isnull(repServer[1]))rs = make_list(rs,repServer[1]); + if(connected = eregmatch(string: line, pattern: 'Log component="[0-9]+" time="([^"]+)" type="3">(Agent is connecting to ePO server|Agent stellt Verbindung zu ePO-Server her)',icase:TRUE)) { + if(!isnull(connected[1]))co=connected[1]; + } + + if(repServer = eregmatch(string: line, pattern: 'Log component="[0-9]+" time="[0-9]+-[0-9]+-[0-9]+T[0-9]+:[0-9]+:[0-9]+" type="3">(update packages from repository|von Aktualisierungspaketen aus Repository) ([a-zA-Z-_0-9]+).',icase:TRUE)) { + if(!isnull(repServer[1])) { + rserver = repServer[1]; + } + } + + if(isnull(rserver)) { + if(repServer = eregmatch(string:line, pattern: "ePOServerName>(.*)")) { + if(!isnull(repServer[1])) { + rserver = repServer[1]; + } + } + } + + } + } + + set_kb_item(name: string("www/", port, "/ePoAgent"), value: TRUE); + + if(!isnull(vers)) { + set_kb_item(name: string("www/", port, "/ePoAgent/Version"), value: vers); + } + + register_service(port:port, ipproto:"tcp", proto:"ePoAgent"); + + if(!isnull(cn)) { + info += string("ComputerName: ", cn, "\n"); + } + + if(!isnull(vers)) { + info += string("ClientVersion: ", vers, "\n"); + } - for(a = 0; a < max_index(cn); a++) { - info += string("ComputerName: ", cn[a],"\nVersion: ",vers[a],"\nConnected: ", con[a],"\nRepository-Server: ",rs[a],"\n\n"); + if(!isnull(rserver)) { + info += string("ePo-Server: ", rserver, "\n"); } - set_kb_item(name: string("www/", port, "/ePo"), value: TRUE); - register_service(port:port, ipproto:"tcp", proto:"ePo"); + if(!isnull(co)) { + info += string("Last connect to ePo-Server: ", co,"\n"); + } - desc = ereg_replace( - string:desc, - pattern:"None$", - replace:info - ); + if(strlen(info)>40) { + desc = ereg_replace( + string:desc, + pattern:"None$", + replace:info + ); + } - if(report_verbosity > 0) { - security_note(port:port,data:desc); - } - exit(0); - + if(report_verbosity > 0) { + security_note(port:port,data:desc); + } + exit(0); } exit(0); From scm-commit at wald.intevation.org Sun Nov 1 19:16:08 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Sun, 1 Nov 2009 19:16:08 +0100 (CET) Subject: [Openvas-commits] r5774 - in trunk/openvas-plugins: . scripts Message-ID: <20091101181608.4B787861EAAC@pyrosoma.intevation.org> Author: mime Date: 2009-11-01 19:16:05 +0100 (Sun, 01 Nov 2009) New Revision: 5774 Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/ePo_detect.nasl Log: Optimized Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-11-01 16:45:48 UTC (rev 5773) +++ trunk/openvas-plugins/ChangeLog 2009-11-01 18:16:05 UTC (rev 5774) @@ -1,5 +1,10 @@ 2009-11-01 Michael Meyer + * scripts/ePo_detect.nasl: + Optimized. + +2009-11-01 Michael Meyer + * scripts/ePO_console_detect.nasl: Added new plugin. Modified: trunk/openvas-plugins/scripts/ePo_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/ePo_detect.nasl 2009-11-01 16:45:48 UTC (rev 5773) +++ trunk/openvas-plugins/scripts/ePo_detect.nasl 2009-11-01 18:16:05 UTC (rev 5774) @@ -60,10 +60,11 @@ if( buf == NULL )exit(0); if(egrep(pattern:"Agent-ListenServer", string: buf, icase: TRUE) || - (egrep(pattern:"naLog", string: buf, icase: TRUE) && - egrep(pattern:"ComputerName", string: buf, icase: TRUE))) { + (egrep(pattern:"naLog>", string: buf, icase: FALSE) && + egrep(pattern:"ComputerName>", string: buf, icase: FALSE) && + egrep(pattern:"FrameworkLog", string: buf, icase: FALSE))) { - info = string("None\n\ninformation that was gathered:\n\n"); + info = string("None\n\nInformation that was gathered:\n\n"); if("403 Forbidden" >< buf) { @@ -71,46 +72,38 @@ } else { - lines = split(buf, sep:'><', keep: TRUE); + if(lines = split(buf, sep:'><', keep: TRUE)) { - foreach line (lines) { - - if(computer_name = eregmatch(string: line, pattern:'ComputerName>([^<]+)',icase:TRUE)) { - if(!isnull(computer_name[1]))cn=computer_name[1]; - } + foreach line (lines) { + + if(computer_name = eregmatch(string: line, pattern:'ComputerName>([^<]+)',icase:TRUE)) { + if(!isnull(computer_name[1]))cn=computer_name[1]; + } - if(version = eregmatch(string: line, pattern: "version>([^<]+)",icase:TRUE)) { - if(!isnull(version[1]))vers=version[1]; - } + if(version = eregmatch(string: line, pattern: "version>([^<]+)",icase:TRUE)) { + if(!isnull(version[1]))vers=version[1]; + } - if(connected = eregmatch(string: line, pattern: 'Log component="[0-9]+" time="([^"]+)" type="3">(Agent is connecting to ePO server|Agent stellt Verbindung zu ePO-Server her)',icase:TRUE)) { - if(!isnull(connected[1]))co=connected[1]; - } + if(connected = eregmatch(string: line, pattern: 'Log component="[0-9]+" time="([^"]+)" type="3">(Agent is connecting to ePO server|Agent stellt Verbindung zu ePO-Server her)',icase:TRUE)) { + if(!isnull(connected[1]))co=connected[1]; + } - if(repServer = eregmatch(string: line, pattern: 'Log component="[0-9]+" time="[0-9]+-[0-9]+-[0-9]+T[0-9]+:[0-9]+:[0-9]+" type="3">(update packages from repository|von Aktualisierungspaketen aus Repository) ([a-zA-Z-_0-9]+).',icase:TRUE)) { - if(!isnull(repServer[1])) { - rserver = repServer[1]; - } - } + if(repServer = eregmatch(string: line, pattern: 'Log component=[^>]+>Checking update packages from repository ([a-zA-Z-_0-9]+).(.*)")) { - if(!isnull(repServer[1])) { - rserver = repServer[1]; - } - } - } - - } + if(isnull(rserver)) { + if(repServer = eregmatch(string:line, pattern: "ePOServerName>([^<]+)")) { + if(!isnull(repServer[1]))rserver = repServer[1]; + } + } + + } + } - } + } set_kb_item(name: string("www/", port, "/ePoAgent"), value: TRUE); - - if(!isnull(vers)) { - set_kb_item(name: string("www/", port, "/ePoAgent/Version"), value: vers); - } - register_service(port:port, ipproto:"tcp", proto:"ePoAgent"); if(!isnull(cn)) { @@ -119,10 +112,11 @@ if(!isnull(vers)) { info += string("ClientVersion: ", vers, "\n"); + set_kb_item(name: string("www/", port, "/ePoAgent/Version"), value: vers); } if(!isnull(rserver)) { - info += string("ePo-Server: ", rserver, "\n"); + info += string("Repository-Server: ", rserver, "\n"); } if(!isnull(co)) { From scm-commit at wald.intevation.org Mon Nov 2 06:31:56 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 2 Nov 2009 06:31:56 +0100 (CET) Subject: [Openvas-commits] r5775 - trunk/openvas-plugins Message-ID: <20091102053156.A842A865F467@pyrosoma.intevation.org> Author: chandra Date: 2009-11-02 06:31:56 +0100 (Mon, 02 Nov 2009) New Revision: 5775 Modified: trunk/openvas-plugins/cve_current.txt Log: Updated cve current Modified: trunk/openvas-plugins/cve_current.txt =================================================================== --- trunk/openvas-plugins/cve_current.txt 2009-11-01 18:16:05 UTC (rev 5774) +++ trunk/openvas-plugins/cve_current.txt 2009-11-02 05:31:56 UTC (rev 5775) @@ -210,3 +210,27 @@ 36833 Greenbone svn R 36874 Greenbone svn R CVE-2009-3790 SecPod svn L +CVE-2009-3830 SecPod +CVE-2009-3549 +CVE-2009-3550 +CVE-2009-3551 +CVE-2009-3829 +CVE-2009-3371 +CVE-2009-3370 +CVE-2009-1563 +CVE-2009-3374 +CVE-2009-3373 +CVE-2009-3372 +CVE-2009-3377 +CVE-2009-3376 +CVE-2009-3375 +CVE-2009-3380 +CVE-2009-3379 +CVE-2009-3378 +CVE-2009-3383 +CVE-2009-3382 +CVE-2009-3381 +CVE-2009-3626 +CVE-2009-3832 +CVE-2009-3831 +CVE-2009-3627 From scm-commit at wald.intevation.org Mon Nov 2 13:02:49 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 2 Nov 2009 13:02:49 +0100 (CET) Subject: [Openvas-commits] r5776 - in trunk/openvas-plugins: . scripts Message-ID: <20091102120249.0C1ED865F4A0@pyrosoma.intevation.org> Author: mime Date: 2009-11-02 13:02:45 +0100 (Mon, 02 Nov 2009) New Revision: 5776 Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/joomla_detect.nasl trunk/openvas-plugins/scripts/ping_host.nasl Log: Moved ping_host.nasl back to ACT_SCANNER Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-11-02 05:31:56 UTC (rev 5775) +++ trunk/openvas-plugins/ChangeLog 2009-11-02 12:02:45 UTC (rev 5776) @@ -1,3 +1,13 @@ +2009-11-02 Michael Meyer + + * scripts/ping_host.nasl: + Moved back to ACT_SCANNER. It is possible to set + 'timeout.1.3.6.1.4.1.25623.1.0. = ' in + SERVER_PREFS. This timeout will not ignored. + + * scripts/joomla_detect.nasl: + Optimized by Angelo Compagnucci. + 2009-11-01 Michael Meyer * scripts/ePo_detect.nasl: Modified: trunk/openvas-plugins/scripts/joomla_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/joomla_detect.nasl 2009-11-02 05:31:56 UTC (rev 5775) +++ trunk/openvas-plugins/scripts/joomla_detect.nasl 2009-11-02 12:02:45 UTC (rev 5776) @@ -27,30 +27,30 @@ # need desc here to modify it later in script. desc = " - Overview: - This host is running Joomla! a widely installed Open Source cms solution. +Overview: +This host is running Joomla! a widely installed Open Source cms solution. - See also: - http://www.joomla.org +See also: +http://www.joomla.org - Risk factor : None"; +Risk factor : None"; if (description) { - script_id(100330); - script_version ("1.0"); + script_id(100330); + script_version ("1.0"); - script_name("Joomla! Detection"); + script_name("Joomla! Detection"); - script_description(desc); - script_summary("Checks for the presence of Joomla!"); - script_category(ACT_GATHER_INFO); - script_family("Web application abuses"); - script_copyright("This script is Copyright (C) 2009 Angelo Compagnucci"); - script_dependencie("find_service.nes", "http_version.nasl"); - script_require_ports("Services/www", 80); - script_exclude_keys("Settings/disable_cgi_scanning"); - exit(0); + script_description(desc); + script_summary("Checks for the presence of Joomla!"); + script_category(ACT_GATHER_INFO); + script_family("Service detection"); + script_copyright("This script is Copyright (C) 2009 Angelo Compagnucci"); + script_dependencie("find_service.nes", "http_version.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); } include("http_func.inc"); @@ -62,145 +62,159 @@ if(!get_port_state(port))exit(0); if(!can_host_php(port:port)) exit(0); -dirs = make_list("/", "/cms", "/joomla", cgi_dirs()); +dirs = make_list("", "/cms", "/joomla", cgi_dirs()); foreach dir (dirs) { - url = string(dir, "/index.php"); - req = http_get(item:url, port:port); - buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); - if( buf == NULL )continue; + url = string(dir, "/index.php"); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); + if( buf == NULL )continue; - if( - egrep(pattern: '.*meta.*joomla.*', string: buf) || - egrep(pattern: '.*meta.*Joomla.*', string: buf) || - egrep(pattern: '.*link.*href="/administrator/templates.*', string: buf) || - egrep(pattern: '.*src="/media/system/js.*', string: buf) || - egrep(pattern: '.*src="/templates/system.*', string: buf) - ) - { - if(strlen(dir)>0) { - install=dir; - } else { - install=string("/"); - } + if( + egrep(pattern: '.*content="joomla.*', string: buf) || + egrep(pattern: '.*content="Joomla.*', string: buf) || + egrep(pattern: '.*href="/administrator/templates.*', string: buf) || + egrep(pattern: '.*src="/media/system/js.*', string: buf) || + egrep(pattern: '.*src="/templates/system.*', string: buf) + ) + { + if(strlen(dir)>0) { + install=dir; + } else { + install=string("/"); + } - } else { + } else { - url = string(dir, "/.htaccess"); + url = string(dir, "/.htaccess"); req = http_get(item:url, port:port); buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); - if( buf == NULL )continue; + if( buf == NULL )continue; - if( - egrep(pattern: ".*# @package Joomla.*", string: buf) - ) - { - if(strlen(dir)>0) { - install=dir; - } else { - install=string("/"); - } + if( + egrep(pattern: ".*# @package Joomla.*", string: buf) + ) + { + if(strlen(dir)>0) { + install=dir; + } else { + install=string("/"); + } - } else { + } else { - url = string(dir, "/templates/system/css/editor.css"); - req = http_get(item:url, port:port); - buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); - if( buf == NULL )continue; + url = string(dir, "/templates/system/css/editor.css"); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); + if( buf == NULL )continue; - if( - egrep(pattern: ".*JOOMLA.*", string: buf) - ) - { - if(strlen(dir)>0) { - install=dir; - } else { - install=string("/"); - } - - } else { + if( + egrep(pattern: ".*JOOMLA.*", string: buf) + ) + { + if(strlen(dir)>0) { + install=dir; + } else { + install=string("/"); + } + + } else { - url = string(dir, "/includes/js/mambojavascript.js"); - req = http_get(item:url, port:port); - buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); - if( buf == NULL )continue; + url = string(dir, "/includes/js/mambojavascript.js"); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); + if( buf == NULL )continue; - if( - egrep(pattern: ".*@package Joomla.*", string: buf) - ) - { - if(strlen(dir)>0) { - install=dir; - } else { - install=string("/"); - } - } - } - } + if( + egrep(pattern: ".*@package Joomla.*", string: buf) + ) + { + if(strlen(dir)>0) { + install=dir; + } else { + install=string("/"); + } + } + } + } + } - } - - if(install) { - - vers = string("unknown"); - lang = string("en-GB"); - - url = string(dir, "/"); - req = http_get(item:url, port:port); - buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); - language = eregmatch(string: buf, pattern: 'lang="(..-..)"'); - if ( !isnull(language[1]) ) { - lang = substr(language[1],0,1) + "-" + toupper(substr(language[1],3)); - } - - url = string(dir, "/administrator/language/"+lang+"/"+lang+".xml"); - req = http_get(item:url, port:port); - buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); - version = eregmatch(string: buf, pattern: ".*(.*).*"); - if ( !isnull(version[1]) ) { - vers=version[1]; - } else { - - url = string(dir, "/components/com_user/user.xml"); - req = http_get(item:url, port:port); - buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); - version = eregmatch(string: buf, pattern: ".*(.*).*"); - - if ( !isnull(version[1]) ) { - vers=version[1]; - } else { - - url = string(dir, "/modules/mod_login/mod_login.xml"); - req = http_get(item:url, port:port); - buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); + if(install) { + vers = string("unknown"); + lang = string("en-GB"); + + url = string(dir, "/administrator/"); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); + language = eregmatch(string: buf, pattern: 'lang="(..-..)"'); + if ( !isnull(language[1]) ) { + lang = substr(language[1],0,1) + "-" + toupper(substr(language[1],3)); + } + + url = string(dir, "/administrator/language/"+lang+"/"+lang+".xml"); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); version = eregmatch(string: buf, pattern: ".*(.*).*"); - if ( !isnull(version[1]) ) { - vers=version[1]; - } - } + vers=version[1]; + } else { + + url = string(dir, "/"); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); + language = eregmatch(string: buf, pattern: 'lang="(..-..)"'); + if ( !isnull(language[1]) ) { + lang = substr(language[1],0,1) + "-" + toupper(substr(language[1],3)); + } + + url = string(dir, "/language/"+lang+"/"+lang+".xml"); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); + version = eregmatch(string: buf, pattern: ".*(.*).*"); + if ( !isnull(version[1]) ) { + vers=version[1]; + } else { - } + url = string(dir, "/components/com_user/user.xml"); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); + version = eregmatch(string: buf, pattern: ".*(.*).*"); - set_kb_item(name: string("www/", port, "/joomla"), value: string(vers," under ",install)); - info = string("None\n\nJoomla Version ("); - info += string(vers); - info += string(") with lang("); - info += string(lang); - info += string(") was detected on the remote host in the following directory(s):\n\n"); - info += string(install, "\n"); + if ( !isnull(version[1]) ) { + vers=version[1]; + } else { - desc = ereg_replace( - string:desc, - pattern:"None$", - replace:info - ); + url = string(dir, "/modules/mod_login/mod_login.xml"); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); + version = eregmatch(string: buf, pattern: ".*(.*).*"); + + if ( !isnull(version[1]) ) { + vers=version[1]; + } + } + } + } - if(report_verbosity > 0) { - security_note(port:port,data:desc); - } + set_kb_item(name: string("www/", port, "/joomla"), value: string(vers," under ",install)); + info = string("None\n\nJoomla Version ("); + info += string(vers); + info += string(") with lang("); + info += string(lang); + info += string(") was detected on the remote host in the following directory(s):\n\n"); + info += string(install, "\n"); + + desc = ereg_replace( + string:desc, + pattern:"None$", + replace:info + ); + + if(report_verbosity > 0) { + security_note(port:port,data:desc); + } exit(0); - } + } } exit(0); Modified: trunk/openvas-plugins/scripts/ping_host.nasl =================================================================== --- trunk/openvas-plugins/scripts/ping_host.nasl 2009-11-02 05:31:56 UTC (rev 5775) +++ trunk/openvas-plugins/scripts/ping_host.nasl 2009-11-02 12:02:45 UTC (rev 5776) @@ -37,7 +37,7 @@ script_description(desc); script_summary("Ping the remote host"); - script_category(ACT_GATHER_INFO); + script_category(ACT_SCANNER); script_family("Port scanners"); script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); From scm-commit at wald.intevation.org Mon Nov 2 14:39:34 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 2 Nov 2009 14:39:34 +0100 (CET) Subject: [Openvas-commits] r5777 - in trunk/openvas-plugins: . scripts Message-ID: <20091102133934.5158D861EAA5@pyrosoma.intevation.org> Author: chandra Date: 2009-11-02 14:39:30 +0100 (Mon, 02 Nov 2009) New Revision: 5777 Added: trunk/openvas-plugins/scripts/gb_firefox_dos_vuln_nov09_lin.nasl trunk/openvas-plugins/scripts/gb_firefox_dos_vuln_nov09_win.nasl trunk/openvas-plugins/scripts/gb_firefox_mult_mem_crptn_vuln_nov09_lin.nasl trunk/openvas-plugins/scripts/gb_firefox_mult_mem_crptn_vuln_nov09_win.nasl trunk/openvas-plugins/scripts/gb_firefox_mult_vuln_nov09_lin.nasl trunk/openvas-plugins/scripts/gb_firefox_mult_vuln_nov09_win.nasl trunk/openvas-plugins/scripts/gb_gpg4win_detect.nasl trunk/openvas-plugins/scripts/gb_gpg4win_dos_vuln.nasl trunk/openvas-plugins/scripts/gb_snort_detect_lin.nasl trunk/openvas-plugins/scripts/gb_snort_ipv6_dos_vuln_lin.nasl Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/cve_current.txt Log: Added new plugins Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-11-02 12:02:45 UTC (rev 5776) +++ trunk/openvas-plugins/ChangeLog 2009-11-02 13:39:30 UTC (rev 5777) @@ -1,3 +1,17 @@ +2009-11-02 Chandrashekhar B + + * scripts/gb_firefox_mult_vuln_nov09_lin.nasl, + scripts/gb_gpg4win_detect.nasl, + scripts/gb_snort_ipv6_dos_vuln_lin.nasl, + scripts/gb_firefox_mult_mem_crptn_vuln_nov09_lin.nasl, + scripts/gb_snort_detect_lin.nasl, + scripts/gb_firefox_dos_vuln_nov09_win.nasl, + scripts/gb_firefox_mult_vuln_nov09_win.nasl, + scripts/gb_gpg4win_dos_vuln.nasl, + scripts/gb_firefox_mult_mem_crptn_vuln_nov09_win.nasl, + scripts/gb_firefox_dos_vuln_nov09_lin.nasl: + Added new plugins. + 2009-11-02 Michael Meyer * scripts/ping_host.nasl: Modified: trunk/openvas-plugins/cve_current.txt =================================================================== --- trunk/openvas-plugins/cve_current.txt 2009-11-02 12:02:45 UTC (rev 5776) +++ trunk/openvas-plugins/cve_current.txt 2009-11-02 13:39:30 UTC (rev 5777) @@ -183,16 +183,10 @@ CVE-2009-2999 SecPod CVE-2009-3639 Greenbone svn R CVE-2009-2281 Greenbone svn R -CVE-2009-2942 SecPod -CVE-2009-2943 SecPod CVE-2009-2940 SecPod CVE-2009-2281 SecPod -CVE-2009-3767 SecPod CVE-2009-3622 SecPod svn R CVE-2009-3616 SecPod svn L -CVE-2009-3753 SecPod -CVE-2009-3752 SecPod -CVE-2009-3751 SecPod CVE-2009-3789 SecPod svn R CVE-2009-3788 SecPod svn R CVE-2009-3801 SecPod svn R @@ -234,3 +228,9 @@ CVE-2009-3832 CVE-2009-3831 CVE-2009-3627 +CVE-2009-3664 SecPod svn R +CVE-2009-3665 SecPod svn R +CVE-2009-3666 SecPod svn R +CVE-2009-3805 SecPod svn L +CVE-2009-3641 SecPod svn L + Added: trunk/openvas-plugins/scripts/gb_firefox_dos_vuln_nov09_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_firefox_dos_vuln_nov09_lin.nasl 2009-11-02 12:02:45 UTC (rev 5776) +++ trunk/openvas-plugins/scripts/gb_firefox_dos_vuln_nov09_lin.nasl 2009-11-02 13:39:30 UTC (rev 5777) @@ -0,0 +1,84 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_firefox_dos_vuln_nov09_lin.nasl 5567 2009-11-02 14:15:33Z nov $ +# +# Mozilla Firefox Denial Of Service Vulnerability Nov-09 (Linux) +# +# Authors: +# Sharath S +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801135); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-3382"); + script_bugtraq_id(36866); + script_name("Mozilla Firefox Denial Of Service Vulnerability Nov-09 (Linux)"); + desc = " + Overview: This host is installed with Mozilla Firefox and is prone to Denial + of Service vulnerability. + + Vulnerability Insight: + A memory corruption error in layout/base/nsCSSFrameConstructor.cpp in the + browser engine can be exploited to potentially execute arbitrary code or + crash the browser. + + Impact: + Denial of Service or arbitrary code execution. + + Impact Level: Application/System + + Affected Software/OS: + Firefox version 3.0 before 3.0.15 on Linux. + + Fix: Upgrade to Firefox version 3.0.15 + http://www.mozilla.com/en-US/firefox/all.html + + References: + https://bugzilla.mozilla.org/show_bug.cgi?id=514960 + http://www.mozilla.org/security/announce/2009/mfsa2009-64.html + + CVSS Score: + CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 7.8 + Risk factor: High"; + + script_description(desc); + script_summary("Check for the version of Firefox"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("Denial of Service"); + script_dependencies("gb_firefox_detect_lin.nasl"); + script_require_keys("Firefox/Linux/Ver"); + exit(0); +} + + +include("version_func.inc"); + +ffVer = get_kb_item("Firefox/Linux/Ver"); +if(!ffVer){ + exit(0); +} + +# Check for Firefox version 3.0 < 3.0.15 +if(version_in_range(version:ffVer, test_version:"3.0", test_version2:"3.0.14")) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/gb_firefox_dos_vuln_nov09_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_firefox_dos_vuln_nov09_win.nasl 2009-11-02 12:02:45 UTC (rev 5776) +++ trunk/openvas-plugins/scripts/gb_firefox_dos_vuln_nov09_win.nasl 2009-11-02 13:39:30 UTC (rev 5777) @@ -0,0 +1,84 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_firefox_dos_vuln_nov09_win.nasl 5567 2009-11-02 13:45:33Z nov $ +# +# Mozilla Firefox Denial Of Service Vulnerability Nov-09 (Win) +# +# Authors: +# Sharath S +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801134); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-3382"); + script_bugtraq_id(36866); + script_name("Mozilla Firefox Denial Of Service Vulnerability Nov-09 (Win)"); + desc = " + Overview: This host is installed with Mozilla Firefox and is pront to Denial + of Service vulnerability. + + Vulnerability Insight: + A memory corruption error in layout/base/nsCSSFrameConstructor.cpp in the + browser engine can be exploited to potentially execute arbitrary code or + crash the browser. + + Impact: + Denial of Service or arbitrary code execution. + + Impact Level: Application/System + + Affected Software/OS: + Firefox version 3.0 before 3.0.15 on Windows. + + Fix: Upgrade to Firefox version 3.0.15 + http://www.mozilla.com/en-US/firefox/all.html + + References: + https://bugzilla.mozilla.org/show_bug.cgi?id=514960 + http://www.mozilla.org/security/announce/2009/mfsa2009-64.html + + CVSS Score: + CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 7.8 + Risk factor: High"; + + script_description(desc); + script_summary("Check for the version of Firefox"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("Denial of Service"); + script_dependencies("gb_firefox_detect_win.nasl"); + script_require_keys("Firefox/Win/Ver"); + exit(0); +} + + +include("version_func.inc"); + +ffVer = get_kb_item("Firefox/Win/Ver"); +if(!ffVer){ + exit(0); +} + +# Check for Firefox version 3.0 < 3.0.15 +if(version_in_range(version:ffVer, test_version:"3.0", test_version2:"3.0.14")) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/gb_firefox_mult_mem_crptn_vuln_nov09_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_firefox_mult_mem_crptn_vuln_nov09_lin.nasl 2009-11-02 12:02:45 UTC (rev 5776) +++ trunk/openvas-plugins/scripts/gb_firefox_mult_mem_crptn_vuln_nov09_lin.nasl 2009-11-02 13:39:30 UTC (rev 5777) @@ -0,0 +1,91 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_firefox_mult_mem_crptn_vuln_nov09_lin.nasl 5567 2009-11-02 13:30:33Z nov $ +# +# Mozilla Firefox Multiple Memory Corruption Vulnerabilities Nov-09 (Linux) +# +# Authors: +# Sharath S +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801133); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-3371", "CVE-2009-3377", "CVE-2009-3378", + "CVE-2009-3379", "CVE-2009-3381", "CVE-2009-3383"); + script_bugtraq_id(36854, 36872, 36873, 36875, 36870, 36869); + script_name("Mozilla Firefox Multiple Memory Corruption Vulnerabilities Nov-09 (Linux)"); + desc = " + Overview: This host is installed with Mozilla Firefox and is prone to multiple + memory vorruption vulnerabilities. + + Vulnerability Insight: + - An error exists when creating JavaScript web-workers recursively that can + be exploited to trigger the use of freed memory. + - An error in the embedded 'liboggz' or 'libvorbis' library that can be + exploited to cause a crash. + - An error exists in the 'oggplay_data_handle_theora_frame' function in + media/liboggplay/src/liboggplay/oggplay_data.c in 'liboggplay' library that + can be exploited to cause a crash. + + Impact: + Successful exploitation will let attacker to cause Denial of Service or + memory corrption on the user's system. + + Impact Level: Application/System + + Affected Software/OS: + Firefox version 3.5 before 3.5.4 on Linux. + + Fix: Upgrade to Firefox version 3.5.4 + http://www.mozilla.com/en-US/firefox/all.html + + References: + http://www.mozilla.org/security/announce/2009/mfsa2009-54.html + http://www.mozilla.org/security/announce/2009/mfsa2009-63.html + http://www.mozilla.org/security/announce/2009/mfsa2009-64.html + + CVSS Score: + CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 7.8 + Risk factor: High"; + + script_description(desc); + script_summary("Check for the version of Firefox"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("Denial of Service"); + script_dependencies("gb_firefox_detect_lin.nasl"); + script_require_keys("Firefox/Linux/Ver"); + exit(0); +} + + +include("version_func.inc"); + +ffVer = get_kb_item("Firefox/Linux/Ver"); +if(!ffVer){ + exit(0); +} + +# Check for Firefox version 3.5 < 3.5.4 +if(version_in_range(version:ffVer, test_version:"3.5", test_version2:"3.5.3")) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/gb_firefox_mult_mem_crptn_vuln_nov09_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_firefox_mult_mem_crptn_vuln_nov09_win.nasl 2009-11-02 12:02:45 UTC (rev 5776) +++ trunk/openvas-plugins/scripts/gb_firefox_mult_mem_crptn_vuln_nov09_win.nasl 2009-11-02 13:39:30 UTC (rev 5777) @@ -0,0 +1,91 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_firefox_mult_mem_crptn_vuln_nov09_win.nasl 5567 2009-11-02 13:00:33Z nov $ +# +# Mozilla Firefox Multiple Memory Corruption Vulnerabilities Nov-09 (Win) +# +# Authors: +# Sharath S +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801132); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-3371", "CVE-2009-3377", "CVE-2009-3378", + "CVE-2009-3379", "CVE-2009-3381", "CVE-2009-3383"); + script_bugtraq_id(36854, 36872, 36873, 36875, 36870, 36869); + script_name("Mozilla Firefox Multiple Memory Corruption Vulnerabilities Nov-09 (Win)"); + desc = " + Overview: This host is installed with Mozilla Firefox and is prone to multiple + Memory Corruption vulnerabilities. + + Vulnerability Insight: + - An error exists when creating JavaScript web-workers recursively that can + be exploited to trigger the use of freed memory. + - An error in the embedded 'liboggz' or 'libvorbis' library that can be + exploited to cause a crash. + - An error exists in the 'oggplay_data_handle_theora_frame' function in + media/liboggplay/src/liboggplay/oggplay_data.c in 'liboggplay' library that + can be exploited to cause a crash. + + Impact: + Successful exploitation will let attacker to cause Denial of Service or + memory corrption on the user's system. + + Impact Level: Application/System + + Affected Software/OS: + Firefox version 3.5 before 3.5.4 on Windows. + + Fix: Upgrade to Firefox version 3.5.4 + http://www.mozilla.com/en-US/firefox/all.html + + References: + http://www.mozilla.org/security/announce/2009/mfsa2009-54.html + http://www.mozilla.org/security/announce/2009/mfsa2009-63.html + http://www.mozilla.org/security/announce/2009/mfsa2009-64.html + + CVSS Score: + CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 7.8 + Risk factor: High"; + + script_description(desc); + script_summary("Check for the version of Firefox"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("Denial of Service"); + script_dependencies("gb_firefox_detect_win.nasl"); + script_require_keys("Firefox/Win/Ver"); + exit(0); +} + + +include("version_func.inc"); + +ffVer = get_kb_item("Firefox/Win/Ver"); +if(!ffVer){ + exit(0); +} + +# Check for Firefox version 3.5 < 3.5.4 +if(version_in_range(version:ffVer, test_version:"3.5", test_version2:"3.5.3")) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/gb_firefox_mult_vuln_nov09_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_firefox_mult_vuln_nov09_lin.nasl 2009-11-02 12:02:45 UTC (rev 5776) +++ trunk/openvas-plugins/scripts/gb_firefox_mult_vuln_nov09_lin.nasl 2009-11-02 13:39:30 UTC (rev 5777) @@ -0,0 +1,112 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_firefox_mult_vuln_nov09_lin.nasl 5567 2009-11-02 11:46:33Z nov $ +# +# Mozilla Firefox Multiple Vulnerabilities Nov-09 (Linux) +# +# Authors: +# Sharath S +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801131); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-1563", "CVE-2009-3370", "CVE-2009-3372", "CVE-2009-3373", + "CVE-2009-3374", "CVE-2009-3375", "CVE-2009-3376", "CVE-2009-3380"); + script_bugtraq_id(36851, 36853, 36856, 36855, 36857, 36858, 36867, 36871); + script_name("Mozilla Firefox Multiple Vulnerabilities Nov-09 (Linux)"); + desc = " + Overview: This host is installed with Mozilla Firefox browser and is prone to + multiple vulnerabilities. + + Vulnerability Insight: + Muliple flaw are due to following errors, + - An array indexing error exists when allocating space for floating point + numbers. This can be exploited to trigger a memory corruption when a + specially crafted floating point number is processed. + - An error in the form history functionality can be exploited to disclose + history entries via a specially crafted web page that triggers the automatic + filling of form fields. + - When parsing regular expressions used in Proxy Auto-configuration. This can + be exploited to cause a crash or potentially execute arbitrary code via + specially crafted configured PAC files. + - When processing GIF, color maps can be exploited to cause a heap based + buffer overflow and potentially execute arbitrary code via a specially + crafted GIF file. + - An error in the 'XPCVariant::VariantDataToJS()' XPCOM utility, which can be + exploited to execute arbitrary JavaScript code with chrome privileges. + - An error in the implementation of the JavaScript 'document.getSelection()' + can be exploited to read text selected on a web page in a different domain. + - An error when downloading files can be exploited to display different file + names in the download dialog title bar and download dialog body. This can + be exploited to obfuscate file names via a right-to-left override character + and potentially trick a user into running an executable file. + + Impact: + Successful exploitation will let attacker to disclose sensitive information, + bypass certain security restrictions, manipulate certain data, or compromise + a user's system. + + Impact Level: Application/System + + Affected Software/OS: + Firefox version 3.0 before 3.0.15 and 3.5 before 3.5.4 on Linux. + + Fix: Upgrade to Firefox version 3.0.15 or 3.5.4 + http://www.mozilla.com/en-US/firefox/all.html + + References: + http://secunia.com/secunia_research/2009-35/ + http://www.mozilla.org/security/announce/2009/mfsa2009-52.html + http://www.mozilla.org/security/announce/2009/mfsa2009-55.html + http://www.mozilla.org/security/announce/2009/mfsa2009-56.html + http://www.mozilla.org/security/announce/2009/mfsa2009-57.html + http://www.mozilla.org/security/announce/2009/mfsa2009-59.html + http://www.mozilla.org/security/announce/2009/mfsa2009-61.html + http://www.mozilla.org/security/announce/2009/mfsa2009-62.html + + CVSS Score: + CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 7.8 + Risk factor: High"; + + script_description(desc); + script_summary("Check for the version of Firefox"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("Buffer overflow"); + script_dependencies("gb_firefox_detect_lin.nasl"); + script_require_keys("Firefox/Linux/Ver"); + exit(0); +} + + +include("version_func.inc"); + +ffVer = get_kb_item("Firefox/Linux/Ver"); +if(!ffVer){ + exit(0); +} + +# Check for Firefox version 3.0 < 3.0.15 or 3.5 < 3.5.4 +if(version_in_range(version:ffVer, test_version:"3.0", test_version2:"3.0.14")|| + version_in_range(version:ffVer, test_version:"3.5", test_version2:"3.5.3")) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/gb_firefox_mult_vuln_nov09_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_firefox_mult_vuln_nov09_win.nasl 2009-11-02 12:02:45 UTC (rev 5776) +++ trunk/openvas-plugins/scripts/gb_firefox_mult_vuln_nov09_win.nasl 2009-11-02 13:39:30 UTC (rev 5777) @@ -0,0 +1,114 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_firefox_mult_vuln_nov09_win.nasl 5567 2009-11-02 11:16:33Z nov $ +# +# Mozilla Firefox Multiple Vulnerabilities Nov-09 (Win) +# +# Authors: +# Sharath S +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801130); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-1563", "CVE-2009-3370", "CVE-2009-3372", "CVE-2009-3373", + "CVE-2009-3374", "CVE-2009-3375", "CVE-2009-3376", "CVE-2009-3380"); + script_bugtraq_id(36851, 36853, 36856, 36855, 36857, 36858, 36867, 36871); + script_name("Mozilla Firefox Multiple Vulnerabilities Nov-09 (Win)"); + desc = " + Overview: This host is installed with Mozilla Firefox browser and is prone to + multiple vulnerabilities. + + Vulnerability Insight: + Muliple flaw are due to following errors, + - An array indexing error exists when allocating space for floating point + numbers. This can be exploited to trigger a memory corruption when a + specially crafted floating point number is processed. + - An error in the form history functionality can be exploited to disclose + history entries via a specially crafted web page that triggers the automatic + filling of form fields. + - When parsing regular expressions used in Proxy Auto-configuration. This can + be exploited to cause a crash or potentially execute arbitrary code via + specially crafted configured PAC files. + - When processing GIF, color maps can be exploited to cause a heap based + buffer overflow and potentially execute arbitrary code via a specially + crafted GIF file. + - An error in the 'XPCVariant::VariantDataToJS()' XPCOM utility, which can be + exploited to execute arbitrary JavaScript code with chrome privileges. + - An error in the implementation of the JavaScript 'document.getSelection()' + can be exploited to read text selected on a web page in a different domain. + - An error when downloading files can be exploited to display different file + names in the download dialog title bar and download dialog body. This can + be exploited to obfuscate file names via a right-to-left override character + and potentially trick a user into running an executable file. + - Multiple unspecified errors in the browser engines can be exploited to cause + crash or potentially execute arbitrary code. + + Impact: + Successful exploitation will let attacker to disclose sensitive information, + bypass certain security restrictions, manipulate certain data, or compromise + a user's system. + + Impact Level: Application/System + + Affected Software/OS: + Firefox version 3.0 before 3.0.15 and 3.5 before 3.5.4 on Windows. + + Fix: Upgrade to Firefox version 3.0.15 or 3.5.4 + http://www.mozilla.com/en-US/firefox/all.html + + References: + http://secunia.com/secunia_research/2009-35/ + http://www.mozilla.org/security/announce/2009/mfsa2009-52.html + http://www.mozilla.org/security/announce/2009/mfsa2009-55.html + http://www.mozilla.org/security/announce/2009/mfsa2009-56.html + http://www.mozilla.org/security/announce/2009/mfsa2009-57.html + http://www.mozilla.org/security/announce/2009/mfsa2009-59.html + http://www.mozilla.org/security/announce/2009/mfsa2009-61.html + http://www.mozilla.org/security/announce/2009/mfsa2009-62.html + + CVSS Score: + CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 7.8 + Risk factor: High"; + + script_description(desc); + script_summary("Check for the version of Firefox"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("Buffer overflow"); + script_dependencies("gb_firefox_detect_win.nasl"); + script_require_keys("Firefox/Win/Ver"); + exit(0); +} + + +include("version_func.inc"); + +ffVer = get_kb_item("Firefox/Win/Ver"); +if(!ffVer){ + exit(0); +} + +# Check for Firefox version 3.0 < 3.0.15 or 3.5 < 3.5.4 +if(version_in_range(version:ffVer, test_version:"3.0", test_version2:"3.0.14")|| + version_in_range(version:ffVer, test_version:"3.5", test_version2:"3.5.3")) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/gb_gpg4win_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_gpg4win_detect.nasl 2009-11-02 12:02:45 UTC (rev 5776) +++ trunk/openvas-plugins/scripts/gb_gpg4win_detect.nasl 2009-11-02 13:39:30 UTC (rev 5777) @@ -0,0 +1,91 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_gpg4win_detect.nasl 5517 2009-11-02 19:36:44Z nov $ +# +# Gpg4win And Components Version Detection (Win) +# +# Authors: +# Sharath S +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801128); + script_version("$Revision: 1.0 $"); + script_name("Gpg4win And Components Version Detection (Win)"); + desc =" + Overview: This script detects the installed product version of Gpg4win and + its components and sets the results in KB. + + Risk factor : Informational"; + + script_description(desc); + script_summary("Set KB for the version of Gpg4win"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("Service detection"); + script_dependencies("secpod_reg_enum.nasl"); + script_require_keys("SMB/WindowsVersion"); + script_require_ports(139, 445); + exit(0); +} + + +include("smb_nt.inc"); +include("secpod_smb_func.inc"); + +if(!get_kb_item("SMB/WindowsVersion")){ + exit(0); +} + +key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GPG4Win"; +gpgName = registry_get_sz(key:key, item:"DisplayName"); + +if("Gpg4win" >< gpgName || ("GnuPG" >< gpgName)) +{ + gpgVer = registry_get_sz(key:key, item:"DisplayVersion"); + gpgVer = ereg_replace(pattern:"-", replace:".", string:gpgVer); + + # Set KB for Gpg4Win + if(gpgVer != NULL) + { + set_kb_item(name:"Gpg4win/Win/Ver", value:gpgVer); + + gpgPath = registry_get_sz(key:key, item:"InstallLocation"); + if(gpgPath) + { + gpgPath += "\share\gpg4win\README.en.txt"; + share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:gpgPath); + file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:gpgPath); + txtRead = read_file(share:share, file:file, offset:2000, count:10000); + + # Set KB for Kleopatra + kleoVer = eregmatch(pattern:"Kleopatra: +([0-9.]+)", string:txtRead); + if(kleoVer[1]){ + set_kb_item(name:"Kleopatra/Win/Ver", value:kleoVer[1]); + } + + # Set KB for GNU Privacy Assistant + gpaVer = eregmatch(pattern:"GPA: +([0-9.]+)", string:txtRead); + if(gpaVer[1]){ + set_kb_item(name:"GPA/Win/Ver", value:gpaVer[1]); + } + } + } +} Added: trunk/openvas-plugins/scripts/gb_gpg4win_dos_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_gpg4win_dos_vuln.nasl 2009-11-02 12:02:45 UTC (rev 5776) +++ trunk/openvas-plugins/scripts/gb_gpg4win_dos_vuln.nasl 2009-11-02 13:39:30 UTC (rev 5777) @@ -0,0 +1,90 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_gpg4win_dos_vuln.nasl 5517 2009-11-02 20:17:34Z nov $ +# +# Gpg4Win Denial Of Service Vulnerability +# +# Authors: +# Sharath S +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801129); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-3805"); + script_bugtraq_id(36781); + script_name("Gpg4Win Denial Of Service Vulnerability"); + desc = " + Overview: This host is installed with Gpg4Win, as used in KDE Kleopatra and + is prone to Denial of Service vulnerability. + + Vulnerability Insight: + The flaw is caused due to error in 'gpg2.exe' which can be exploited by + persuading a victim to import a specially-crafted certificate containing + an overly long signature. + + Impact: + A remote attacker could exploit this vulnerability to cause the application + to crash. + + Impact Level: Application + + Affected Software/OS: + Gpg4win version 2.0.1 + KDE, Kleopatra version 2.0.11 + + Fix + No solution or patch is available as on 02nd November, 2009. Information + regarding this issue will be updated once the solution details are available. + For updates refer, http://www.gpg4win.org/download.html + + References: + http://xforce.iss.net/xforce/xfdb/53908 + http://www.packetstormsecurity.com/0910-exploits/gpg2kleo-dos.txt + + CVSS Score: + CVSS Base Score : 4.3 (AV:N/AC:M/Au:NR/C:N/I:N/A:P) + CVSS Temporal Score : 3.9 + Risk factor: Medium"; + + script_description(desc); + script_summary("Check for the version of Gpg4Win and Kleopatra"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("Denial of Service"); + script_dependencies("gb_gpg4win_detect.nasl"); + script_require_keys("Gpg4win/Win/Ver", "Kleopatra/Win/Ver"); + exit(0); +} + + +include("version_func.inc"); + +# Get KB for Gpg4win +gpgVer = get_kb_item("Gpg4win/Win/Ver"); + +# Get KB for Kleopatra +kleoVer = get_kb_item("Kleopatra/Win/Ver"); + +# Check for Gpg4win version 2.0.1 and Kleopatar version 2.0.11 +if(version_is_equal(version:gpgVer, test_version:"2.0.1") && + version_is_equal(version:kleoVer,test_version:"2.0.11")){ + security_warning(0); +} Added: trunk/openvas-plugins/scripts/gb_snort_detect_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_snort_detect_lin.nasl 2009-11-02 12:02:45 UTC (rev 5776) +++ trunk/openvas-plugins/scripts/gb_snort_detect_lin.nasl 2009-11-02 13:39:30 UTC (rev 5777) @@ -0,0 +1,72 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_snort_detect_lin.nasl 5534 2009-11-02 20:00:29Z nov $ +# +# Snort Version Detection (Linux) +# +# Authors: +# Sharath S +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801138); + script_version("$Revision: 1.0 $"); + script_name("Snort Version Detection (Linux)"); + desc = " + Overview: This script detects the installed version of Snort and + sets the reuslt in KB. + + Risk Factor: Informational"; + + script_description(desc); + script_summary("Set KB for the version of Snort"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2009 Intevation GmbH"); + script_family("Service detection"); + exit(0); +} + + +include("ssh_func.inc"); +include("version_func.inc"); + +snortSock = ssh_login_or_reuse_connection(); +if(!snortSock){ + exit(0); +} + +paths = find_bin(prog_name:"snort",sock:snortSock); +foreach binName (paths) +{ + snortVer = get_bin_version(full_prog_name:chomp(binName), version_argv:"-V", + ver_pattern:"> Snort! <", sock:snortSock); + snortVer = eregmatch(pattern:"Version ([0-9.]+)( \(Build.?([0-9]+)\))?", + string:snortVer[1], icase:1); + if(snortVer[1]) + { + set_kb_item(name:"Snort/Linux/Ver", value:snortVer[1]); + if(snortVer[3]) + { + snortVer = snortVer[1] + "." + snortVer[3]; + set_kb_item(name:"Snort/Linux/Build", value:snortVer); + } + } +} +ssh_close_connection(); Added: trunk/openvas-plugins/scripts/gb_snort_ipv6_dos_vuln_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_snort_ipv6_dos_vuln_lin.nasl 2009-11-02 12:02:45 UTC (rev 5776) +++ trunk/openvas-plugins/scripts/gb_snort_ipv6_dos_vuln_lin.nasl 2009-11-02 13:39:30 UTC (rev 5777) @@ -0,0 +1,87 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_snort_ipv6_dos_vuln_lin.nasl 5534 2009-11-02 20:08:24Z nov $ +# +# Snort 'IPv6' Packet Denial Of Service Vulnerability (Linux) +# +# Authors: +# Sharath S +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801139); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-3641"); + script_bugtraq_id(36795); + script_name("Snort 'IPv6' Packet Denial Of Service Vulnerability (Linux)"); + desc = " + Overview: This host has Snort installed and is prone to Denial of Service + vulnerability. + + Vulnerability Insight: + This flaw is caused by an error when processing malformed IPv6 packets when + the application is compiled with the '--enable-ipv6' option and is running + in verbose mode (-v). + + Impact: + Successful exploitation could allow attacker to crash an affected application, + creating a denial of service condition. + + Impact Level: Application + + Affected Software/OS: + Snort version prior to 2.8.5.1 on Linux. + + Fix: Upgrade to Snort version 2.8.5.1 or later + For updates, Refer http://www.snort.org/downloads + + References: + http://secunia.com/advisories/37135 + http://xforce.iss.net/xforce/xfdb/53912 + http://www.vupen.com/english/advisories/2009/3014 + https://bugzilla.redhat.com/show_bug.cgi?id=530863 + + CVSS Score: + CVSS Base Score : 4.3 (AV:N/AC:M/Au:NR/C:N/I:N/A:P) + CVSS Temporal Score : 3.4 + Risk factor: Medium"; + + script_description(desc); + script_summary("Check for the version of Snort"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("Denial of Service"); + script_dependencies("gb_snort_detect_lin.nasl"); + script_require_keys("Snort/Linux/Ver"); + exit(0); +} + + +include("version_func.inc"); + +snortVer = get_kb_item("Snort/Linux/Ver"); +if(!snortVer ){ + exit(0); +} + +# Check for Snort version < 2.8.5.1 +if(version_is_less(version:snortVer , test_version:"2.8.5.1")){ + security_warning(0); +} From scm-commit at wald.intevation.org Mon Nov 2 14:55:51 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 2 Nov 2009 14:55:51 +0100 (CET) Subject: [Openvas-commits] r5778 - in trunk/openvas-plugins: . scripts Message-ID: <20091102135551.79DE1865F4A0@pyrosoma.intevation.org> Author: chandra Date: 2009-11-02 14:55:48 +0100 (Mon, 02 Nov 2009) New Revision: 5778 Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/proftpd_36804.nasl trunk/openvas-plugins/scripts/secpod_proftpd_server_remote_detect.nasl Log: Updated to check other vulnerable versions Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-11-02 13:39:30 UTC (rev 5777) +++ trunk/openvas-plugins/ChangeLog 2009-11-02 13:55:48 UTC (rev 5778) @@ -1,5 +1,11 @@ 2009-11-02 Chandrashekhar B + * scripts/secpod_proftpd_server_remote_detect.nasl, + scripts/proftpd_36804.nasl: + Updated to check few other vulnerable versions. + +2009-11-02 Chandrashekhar B + * scripts/gb_firefox_mult_vuln_nov09_lin.nasl, scripts/gb_gpg4win_detect.nasl, scripts/gb_snort_ipv6_dos_vuln_lin.nasl, Modified: trunk/openvas-plugins/scripts/proftpd_36804.nasl =================================================================== --- trunk/openvas-plugins/scripts/proftpd_36804.nasl 2009-11-02 13:39:30 UTC (rev 5777) +++ trunk/openvas-plugins/scripts/proftpd_36804.nasl 2009-11-02 13:55:48 UTC (rev 5778) @@ -7,6 +7,9 @@ # Authors: # Michael Meyer # +# Updated to check ProFTPD version 1.3.3 before 1.3.3.rc2 +# - By Antu Sanadi On 2009/11/02 +# # Copyright: # Copyright (c) 2009 Greenbone Networks GmbH # @@ -43,7 +46,7 @@ middle attacks or impersonate trusted servers, which will aid in further attacks. -Versions prior to ProFTPD 1.3.2b are vulnerable. +Versions prior to ProFTPD 1.3.2b and 1.3.3 to 1.3.3.rc1 are vulnerable. Solution: Updates are available. Please see the references for details. @@ -78,16 +81,11 @@ exit(0); } -if(!version = get_kb_item(string("ProFTPD/Ver")))exit(0); - -if(!isnull(version)) { - - if(version_is_less(version:version, test_version:"1.3.2b")) { - security_warning(port: port); - exit(0); - +version = get_kb_item("ProFTPD/Ver"); +if(!isnull(version)) +{ + if(version_is_less(version:version, test_version:"1.3.2.b")|| + version_in_range(version:version, test_version:"1.3.3",test_version2:"1.3.3.rc1")){ + security_warning(port); } } - -exit(0); - Modified: trunk/openvas-plugins/scripts/secpod_proftpd_server_remote_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_proftpd_server_remote_detect.nasl 2009-11-02 13:39:30 UTC (rev 5777) +++ trunk/openvas-plugins/scripts/secpod_proftpd_server_remote_detect.nasl 2009-11-02 13:55:48 UTC (rev 5778) @@ -7,6 +7,10 @@ # Authors: # Sharath S # +# Updated to include detect mechanism for single charecter after version +# - By Antu Sanadi On 2009/11/1 +# +# # Copyright: # Copyright (c) 2009 SecPod, http://www.secpod.com # @@ -67,7 +71,7 @@ { set_kb_item(name:"ProFTPD/Intalled", value:TRUE); - ftpVer = eregmatch(pattern:"ProFTPD ([0-9.]+)(rc[0-9])?", string:banner); + ftpVer = eregmatch(pattern:"ProFTPD ([0-9.]+)([A-Za-z0-9]+)?", string:banner); if(ftpVer[1] != NULL) { if(ftpVer[2] != NULL) From scm-commit at wald.intevation.org Mon Nov 2 15:05:31 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 2 Nov 2009 15:05:31 +0100 (CET) Subject: [Openvas-commits] r5779 - in trunk/openvas-manager: . src Message-ID: <20091102140531.10292861EABC@pyrosoma.intevation.org> Author: mattm Date: 2009-11-02 15:05:27 +0100 (Mon, 02 Nov 2009) New Revision: 5779 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/manage.c trunk/openvas-manager/src/manage.h trunk/openvas-manager/src/omp.c trunk/openvas-manager/src/tasks_sql.h Log: Add sorting parameters to most OMP data retrieval commands, for very basic sorting. * src/tasks_sql.h (init_iterator): Make sql a printf style format string. (select_config_nvts, init_task_iterator, init_target_iterator) (init_config_iterator, init_nvt_iterator, init_family_iterator) (select_config_nvts, init_lsc_credential_iterator): Add args that control sorting. Update all callers. * src/manage.h: Update headers. * src/manage.c: Update calls to init_task_iterator and init_nvt_iterator. * src/omp.c: Update iterator calls with sorting args. (omp_xml_handle_start_element, omp_xml_handle_end_element): Add sort_field and sort_order attributes to GET_CONFIGS, GET_LSC_CREDENTIALS, GET_NVT_DETAILS, GET_TARGETS and GET_STATUS. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2009-11-02 13:55:48 UTC (rev 5778) +++ trunk/openvas-manager/ChangeLog 2009-11-02 14:05:27 UTC (rev 5779) @@ -1,3 +1,23 @@ +2009-11-02 Matthew Mundell + + Add sorting parameters to most OMP data retrieval commands, for very basic + sorting. + + * src/tasks_sql.h (init_iterator): Make sql a printf style format string. + (select_config_nvts, init_task_iterator, init_target_iterator) + (init_config_iterator, init_nvt_iterator, init_family_iterator) + (select_config_nvts, init_lsc_credential_iterator): Add args that control + sorting. Update all callers. + + * src/manage.h: Update headers. + + * src/manage.c: Update calls to init_task_iterator and init_nvt_iterator. + + * src/omp.c: Update iterator calls with sorting args. + (omp_xml_handle_start_element, omp_xml_handle_end_element): Add sort_field + and sort_order attributes to GET_CONFIGS, GET_LSC_CREDENTIALS, + GET_NVT_DETAILS, GET_TARGETS and GET_STATUS. + 2009-10-31 Matthew Mundell Add config and family attributes to OMP GET_NVT_DETAILS, for getting Modified: trunk/openvas-manager/src/manage.c =================================================================== --- trunk/openvas-manager/src/manage.c 2009-11-02 13:55:48 UTC (rev 5778) +++ trunk/openvas-manager/src/manage.c 2009-11-02 14:05:27 UTC (rev 5779) @@ -328,7 +328,7 @@ task_iterator_t iterator; task_t index; - init_task_iterator (&iterator); + init_task_iterator (&iterator, 1, NULL); if (next_task (&iterator, &index)) { do @@ -477,7 +477,7 @@ gboolean first = TRUE; plugins = g_string_new (""); - init_nvt_iterator (&nvts, (nvt_t) 0, NULL, NULL); + init_nvt_iterator (&nvts, (nvt_t) 0, NULL, NULL, 1, NULL); while (next (&nvts)) { if (first) Modified: trunk/openvas-manager/src/manage.h =================================================================== --- trunk/openvas-manager/src/manage.h 2009-11-02 13:55:48 UTC (rev 5778) +++ trunk/openvas-manager/src/manage.h 2009-11-02 14:05:27 UTC (rev 5779) @@ -206,7 +206,7 @@ task_count (); void -init_task_iterator (task_iterator_t*); +init_task_iterator (task_iterator_t*, int, const char*); void cleanup_task_iterator (task_iterator_t*); @@ -537,7 +537,7 @@ delete_target (const char*); void -init_target_iterator (iterator_t*); +init_target_iterator (iterator_t*, int, const char*); const char* target_iterator_name (iterator_t*); @@ -564,7 +564,7 @@ delete_config (const char*); void -init_config_iterator (iterator_t*, const char*); +init_config_iterator (iterator_t*, const char*, int, const char*); const char* config_iterator_name (iterator_t*); @@ -606,7 +606,8 @@ find_nvt (const char*, nvt_t*); void -init_nvt_iterator (iterator_t*, nvt_t, const char*, const char*); +init_nvt_iterator (iterator_t*, nvt_t, const char*, const char*, int, + const char*); const char* nvt_iterator_oid (iterator_t*); @@ -666,7 +667,7 @@ nvt_selector_nvt_count (const char*, const char*); void -init_family_iterator (iterator_t*, int, const char*); +init_family_iterator (iterator_t*, int, const char*, int); const char* family_iterator_name (iterator_t*); @@ -705,7 +706,7 @@ delete_lsc_credential (const char*); void -init_lsc_credential_iterator (iterator_t*, const char*); +init_lsc_credential_iterator (iterator_t*, const char*, int, const char*); const char* lsc_credential_iterator_name (iterator_t*); Modified: trunk/openvas-manager/src/omp.c =================================================================== --- trunk/openvas-manager/src/omp.c 2009-11-02 13:55:48 UTC (rev 5778) +++ trunk/openvas-manager/src/omp.c 2009-11-02 14:05:27 UTC (rev 5779) @@ -897,6 +897,14 @@ current_int_1 = atoi (attribute); else current_int_1 = 0; + if (find_attribute (attribute_names, attribute_values, + "sort_field", &attribute)) + openvas_append_string (¤t_format, attribute); + if (find_attribute (attribute_names, attribute_values, + "sort_order", &attribute)) + current_int_2 = strcmp (attribute, "descending"); + else + current_int_2 = 1; set_client_state (CLIENT_GET_CONFIGS); } else if (strcasecmp ("GET_DEPENDENCIES", element_name) == 0) @@ -910,6 +918,14 @@ if (find_attribute (attribute_names, attribute_values, "format", &attribute)) openvas_append_string (¤t_format, attribute); + if (find_attribute (attribute_names, attribute_values, + "sort_field", &attribute)) + openvas_append_string (¤t_name, attribute); + if (find_attribute (attribute_names, attribute_values, + "sort_order", &attribute)) + current_int_2 = strcmp (attribute, "descending"); + else + current_int_2 = 1; set_client_state (CLIENT_GET_LSC_CREDENTIALS); } else if (strcasecmp ("GET_NVT_ALL", element_name) == 0) @@ -934,6 +950,14 @@ if (find_attribute (attribute_names, attribute_values, "family", &attribute)) openvas_append_string (¤t_format, attribute); + if (find_attribute (attribute_names, attribute_values, + "sort_field", &attribute)) + openvas_append_string (&modify_task_value, attribute); + if (find_attribute (attribute_names, attribute_values, + "sort_order", &attribute)) + current_int_2 = strcmp (attribute, "descending"); + else + current_int_2 = 1; set_client_state (CLIENT_GET_NVT_DETAILS); } else if (strcasecmp ("GET_PREFERENCES", element_name) == 0) @@ -963,7 +987,18 @@ else if (strcasecmp ("GET_RULES", element_name) == 0) set_client_state (CLIENT_GET_RULES); else if (strcasecmp ("GET_TARGETS", element_name) == 0) - set_client_state (CLIENT_GET_TARGETS); + { + const gchar* attribute; + if (find_attribute (attribute_names, attribute_values, + "sort_field", &attribute)) + openvas_append_string (¤t_format, attribute); + if (find_attribute (attribute_names, attribute_values, + "sort_order", &attribute)) + current_int_2 = strcmp (attribute, "descending"); + else + current_int_2 = 1; + set_client_state (CLIENT_GET_TARGETS); + } else if (strcasecmp ("HELP", element_name) == 0) set_client_state (CLIENT_HELP); else if (strcasecmp ("MODIFY_REPORT", element_name) == 0) @@ -1038,6 +1073,14 @@ current_int_1 = atoi (attribute); else current_int_1 = 0; + if (find_attribute (attribute_names, attribute_values, + "sort_field", &attribute)) + openvas_append_string (¤t_format, attribute); + if (find_attribute (attribute_names, attribute_values, + "sort_order", &attribute)) + current_int_2 = strcmp (attribute, "descending"); + else + current_int_2 = 1; set_client_state (CLIENT_GET_STATUS); } else @@ -2735,7 +2778,7 @@ free (md5sum); SEND_TO_CLIENT_OR_FAIL (""); - init_nvt_iterator (&nvts, (nvt_t) 0, NULL, NULL); + init_nvt_iterator (&nvts, (nvt_t) 0, NULL, NULL, 1, NULL); while (next (&nvts)) if (send_nvt (&nvts, 0)) { @@ -2809,7 +2852,7 @@ " status=\"" STATUS_OK "\"" " status_text=\"" STATUS_OK_TEXT "\">"); - init_nvt_iterator (&nvts, nvt, NULL, NULL); + init_nvt_iterator (&nvts, nvt, NULL, NULL, 1, NULL); while (next (&nvts)) if (send_nvt (&nvts, 1)) { @@ -2839,8 +2882,12 @@ init_nvt_iterator (&nvts, (nvt_t) 0, - current_name, /* Attribute config. */ - current_format); /* Attribute family. */ + current_name, /* Attribute config. */ + current_format, /* Attribute family. */ + /* Attribute sort_order. */ + current_int_2, + /* Attribute sort_field. */ + modify_task_value); while (next (&nvts)) if (send_nvt (&nvts, 1)) { @@ -4882,7 +4929,9 @@ } g_free (response); - init_task_iterator (&iterator); + init_task_iterator (&iterator, + current_int_2, /* Attribute sort_order. */ + current_format); /* Attribute sort_field. */ while (next_task (&iterator, &index)) { gchar *line, *progress_xml; @@ -5168,7 +5217,10 @@ SEND_TO_CLIENT_OR_FAIL (""); - init_config_iterator (&configs, current_name); + init_config_iterator (&configs, + current_name, + current_int_2, /* Attribute sort_order. */ + current_format); /* Attribute sort_field. */ while (next (&configs)) { int config_nvts_growing; @@ -5210,7 +5262,9 @@ SENDF_TO_CLIENT_OR_FAIL (""); init_family_iterator (&families, config_nvts_growing, - selector); + selector, + /* Attribute sort_order. */ + current_int_2); while (next (&families)) { int family_growing, family_max, family_selected_count; @@ -5325,7 +5379,12 @@ SEND_TO_CLIENT_OR_FAIL (""); - init_lsc_credential_iterator (&targets, current_uuid); + init_lsc_credential_iterator (&targets, + current_uuid, + /* Attribute sort_order. */ + current_int_2, + /* Attribute sort_field. */ + current_name); while (next (&targets)) { switch (format) @@ -5400,7 +5459,9 @@ SEND_TO_CLIENT_OR_FAIL (""); - init_target_iterator (&targets); + init_target_iterator (&targets, + current_int_2, /* Attribute sort_order. */ + current_format); /* Attribute sort_field. */ while (next (&targets)) SENDF_TO_CLIENT_OR_FAIL ("" "%s" Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2009-11-02 13:55:48 UTC (rev 5778) +++ trunk/openvas-manager/src/tasks_sql.h 2009-11-02 14:05:27 UTC (rev 5779) @@ -92,7 +92,7 @@ set_target_hosts (const char *, const char *); static gchar* -select_config_nvts (const char*, const char*); +select_config_nvts (const char*, const char*, int, const char*); /* Variables. */ @@ -428,21 +428,29 @@ * @brief Initialise an iterator. * * @param[in] iterator Iterator. + * @param[in] sql Format string for SQL. */ static void -init_iterator (iterator_t* iterator, const char* sql) +init_iterator (iterator_t* iterator, const char* sql, ...) { int ret; const char* tail; sqlite3_stmt* stmt; + va_list args; + gchar* formatted; - tracef (" sql: %s\n", sql); + va_start (args, sql); + formatted = g_strdup_vprintf (sql, args); + va_end (args); + tracef (" sql: %s\n", formatted); + iterator->done = FALSE; while (1) { - ret = sqlite3_prepare (task_db, sql, -1, &stmt, &tail); + ret = sqlite3_prepare (task_db, formatted, -1, &stmt, &tail); if (ret == SQLITE_BUSY) continue; + g_free (formatted); iterator->stmt = stmt; if (ret == SQLITE_OK) { @@ -682,7 +690,7 @@ * may be a redundant conversion, as SQLite may have converted these * values automatically in each query anyway. */ - init_nvt_iterator (&nvts, (nvt_t) 0, NULL, NULL); + init_nvt_iterator (&nvts, (nvt_t) 0, NULL, NULL, 1, NULL); while (next (&nvts)) { int category; @@ -1549,10 +1557,14 @@ /** * @brief Initialise a task iterator. * - * @param[in] iterator Task iterator. + * @param[in] iterator Task iterator. + * @param[in] ascending Whether to sort ascending or descending. + * @param[in] sort_field Field to sort on, or NULL for "ROWID". */ void -init_task_iterator (task_iterator_t* iterator) +init_task_iterator (task_iterator_t* iterator, + int ascending, + const char *sort_field) { int ret; const char* tail; @@ -1562,10 +1574,16 @@ iterator->done = FALSE; if (current_credentials.username) formatted = g_strdup_printf ("SELECT ROWID FROM tasks WHERE owner =" - " (SELECT ROWID FROM users WHERE name = '%s');", - current_credentials.username); + " (SELECT ROWID FROM users WHERE name = '%s')" + " ORDER BY %s %s;", + current_credentials.username, + sort_field ? sort_field : "ROWID", + ascending ? "ASC" : "DESC"); else - formatted = g_strdup_printf ("SELECT ROWID FROM tasks;"); + formatted = g_strdup_printf ("SELECT ROWID FROM tasks" + " ORDER BY %s %s;", + sort_field ? sort_field : "ROWID", + ascending ? "ASC" : "DESC"); tracef (" sql (iterator): %s\n", formatted); while (1) { @@ -2085,7 +2103,7 @@ /* Set requested and running tasks to stopped. */ assert (current_credentials.username == NULL); - init_task_iterator (&iterator); + init_task_iterator (&iterator, 1, NULL); while (next_task (&iterator, &index)) { switch (task_run_status (index)) @@ -2110,7 +2128,7 @@ nvti_cache = nvtis_new (); - init_nvt_iterator (&nvts, (nvt_t) 0, NULL, NULL); + init_nvt_iterator (&nvts, (nvt_t) 0, NULL, NULL, 1, NULL); while (next (&nvts)) { nvti_t *nvti = nvti_new (); @@ -2633,7 +2651,7 @@ { iterator_t nvts; - init_nvt_iterator (&nvts, (nvt_t) 0, NULL, NULL); + init_nvt_iterator (&nvts, (nvt_t) 0, NULL, NULL, 1, NULL); while (next (&nvts)) g_string_append_printf (buffer, " %s = yes\n", @@ -4228,11 +4246,20 @@ * @brief Initialise a target iterator. * * @param[in] iterator Iterator. + * @param[in] ascending Whether to sort ascending or descending. + * @param[in] sort_field Field to sort on, or NULL for "ROWID". */ void -init_target_iterator (iterator_t* iterator) +init_target_iterator (iterator_t* iterator, int ascending, + const char* sort_field) { - init_iterator (iterator, "SELECT name, hosts, comment from targets;"); + gchar* sql; + sql = g_strdup_printf ("SELECT name, hosts, comment from targets" + " ORDER BY %s %s;", + sort_field ? sort_field : "ROWID", + ascending ? "ASC" : "DESC"); + init_iterator (iterator, sql); + g_free (sql); } DEF_ACCESS (target_iterator_name, 0); @@ -4798,28 +4825,38 @@ /** * @brief Initialise a config iterator. * - * @param[in] iterator Iterator. - * @param[in] name Name of config. NULL for all. + * @param[in] iterator Iterator. + * @param[in] name Name of config. NULL for all. + * @param[in] ascending Whether to sort ascending or descending. + * @param[in] sort_field Field to sort on, or NULL for "ROWID". */ void -init_config_iterator (iterator_t* iterator, const char *name) +init_config_iterator (iterator_t* iterator, const char *name, + int ascending, const char* sort_field) + { + gchar* sql; if (name) { - gchar* sql; gchar *quoted_name = sql_quote (name); sql = g_strdup_printf ("SELECT name, nvt_selector, comment," " families_growing, nvts_growing" - " FROM configs WHERE name = '%s';", - quoted_name); + " FROM configs WHERE name = '%s'" + " ORDER BY %s %s;", + quoted_name, + sort_field ? sort_field : "ROWID", + ascending ? "ASC" : "DESC"); g_free (quoted_name); - init_iterator (iterator, sql); - g_free (sql); } else - init_iterator (iterator, "SELECT name, nvt_selector, comment," - " families_growing, nvts_growing" - " FROM configs;"); + sql = g_strdup_printf ("SELECT name, nvt_selector, comment," + " families_growing, nvts_growing" + " FROM configs" + " ORDER BY %s %s;", + sort_field ? sort_field : "ROWID", + ascending ? "ASC" : "DESC"); + init_iterator (iterator, sql); + g_free (sql); } DEF_ACCESS (config_iterator_name, 0); @@ -5134,15 +5171,17 @@ /** * @brief Initialise an NVT iterator. * - * @param[in] iterator Iterator. - * @param[in] nvt NVT to iterate over, all if 0. - * @param[in] config Config to limit selection to. NULL for all NVTs. - * Overridden by \arg nvt. - * @param[in] family Family to limit selection to, if config given. + * @param[in] iterator Iterator. + * @param[in] nvt NVT to iterate over, all if 0. + * @param[in] config Config to limit selection to. NULL for all NVTs. + * Overridden by \arg nvt. + * @param[in] family Family to limit selection to, if config given. + * @param[in] ascending Whether to sort ascending or descending. + * @param[in] sort_field Field to sort on, or NULL for "ROWID". */ void init_nvt_iterator (iterator_t* iterator, nvt_t nvt, const char* config, - const char* family) + const char* family, int ascending, const char* sort_field) { if (nvt) { @@ -5159,7 +5198,7 @@ { gchar* sql; if (family == NULL) abort (); - sql = select_config_nvts (config, family); + sql = select_config_nvts (config, family, ascending, sort_field); if (sql) { init_iterator (iterator, sql); @@ -5173,10 +5212,13 @@ " FROM nvts LIMIT 0;"); } else - init_iterator (iterator, "SELECT oid, version, name, summary, description," - " copyright, cve, bid, xref, tag, sign_key_ids," - " category, family" - " FROM nvts;"); + init_iterator (iterator, + "SELECT oid, version, name, summary, description," + " copyright, cve, bid, xref, tag, sign_key_ids," + " category, family" + " FROM nvts;", + sort_field ? sort_field : "ROWID", + ascending ? "ASC" : "DESC"); } DEF_ACCESS (nvt_iterator_oid, 0); @@ -5538,19 +5580,25 @@ * @param[in] iterator Iterator. * @param[in] all True for an "all" selector, else 0. * @param[in] selector Name of NVT selector. + * @param[in] ascending Whether to sort ascending or descending. */ void -init_family_iterator (iterator_t* iterator, int all, const char* selector) +init_family_iterator (iterator_t* iterator, int all, const char* selector, + int ascending) { if (all) - init_iterator (iterator, "SELECT distinct family FROM nvts;"); + init_iterator (iterator, + "SELECT distinct family FROM nvts ORDER BY family %s;", + ascending ? "ASC" : "DESC"); else { gchar *sql; gchar *quoted_selector = sql_quote (selector); sql = g_strdup_printf ("SELECT distinct family FROM nvt_selectors" - " WHERE (type = 1 OR type = 2) AND name = '%s';", - quoted_selector); + " WHERE (type = 1 OR type = 2) AND name = '%s'" + " ORDER BY family %s;", + quoted_selector, + ascending ? "ASC" : "DESC"); g_free (quoted_selector); init_iterator (iterator, sql); g_free (sql); @@ -5647,13 +5695,16 @@ /** * @brief Return a statement for selecting the NVT's of a config. * - * @param[in] config Config. - * @param[in] family Family to limit selection to. + * @param[in] config Config. + * @param[in] family Family to limit selection to. + * @param[in] ascending Whether to sort ascending or descending. + * @param[in] sort_field Field to sort on, or NULL for "ROWID". * * @return Freshly allocated SELECT statement if possibly, else NULL. */ static gchar* -select_config_nvts (const char* config, const char* family) +select_config_nvts (const char* config, const char* family, int ascending, + const char* sort_field) { /** @todo sql_quote. */ char *selector = config_nvt_selector (config); @@ -5682,8 +5733,11 @@ ("SELECT oid, version, name, summary, description," " copyright, cve, bid, xref, tag, sign_key_ids," " category, family" - " FROM nvts WHERE family = '%s';", - family); + " FROM nvts WHERE family = '%s'" + " ORDER BY %s %s;", + family, + sort_field ? sort_field : "ROWID", + ascending ? "ASC" : "DESC"); /* An error somewhere. */ return NULL; } @@ -6072,27 +6126,35 @@ * @brief Initialise an LSC Credential iterator. * * @param[in] iterator Iterator. + * @param[in] ascending Whether to sort ascending or descending. + * @param[in] sort_field Field to sort on, or NULL for "ROWID". */ void -init_lsc_credential_iterator (iterator_t* iterator, const char *name) +init_lsc_credential_iterator (iterator_t* iterator, const char *name, + int ascending, const char* sort_field) { if (name && strlen (name)) { - gchar *sql; gchar *quoted_name = sql_quote (name); - sql = g_strdup_printf ("SELECT name, password, comment, public_key," - " private_key, rpm, deb, exe" - " FROM lsc_credentials" - " WHERE name = '%s';", - quoted_name); + init_iterator (iterator, + "SELECT name, password, comment, public_key," + " private_key, rpm, deb, exe" + " FROM lsc_credentials" + " WHERE name = '%s'" + " ORDER BY %s %s;", + quoted_name, + sort_field ? sort_field : "ROWID", + ascending ? "ASC" : "DESC"); g_free (quoted_name); - init_iterator (iterator, sql); - g_free (sql); } else - init_iterator (iterator, "SELECT name, password, comment, public_key," - " private_key, rpm, deb, exe" - " FROM lsc_credentials;"); + init_iterator (iterator, + "SELECT name, password, comment, public_key," + " private_key, rpm, deb, exe" + " FROM lsc_credentials" + " ORDER BY %s %s;", + sort_field ? sort_field : "ROWID", + ascending ? "ASC" : "DESC"); } DEF_ACCESS (lsc_credential_iterator_name, 0); From scm-commit at wald.intevation.org Mon Nov 2 22:49:29 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 2 Nov 2009 22:49:29 +0100 (CET) Subject: [Openvas-commits] r5780 - in trunk/openvas-manager: . src Message-ID: <20091102214929.5D0EB861EAAD@pyrosoma.intevation.org> Author: mattm Date: 2009-11-02 22:49:27 +0100 (Mon, 02 Nov 2009) New Revision: 5780 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/manage.h trunk/openvas-manager/src/omp.c trunk/openvas-manager/src/tasks_sql.h Log: Send NVT preferences with OMP GET_NVT_DETAILS. * src/tasks_sql.h (init_config_pref_iterator, config_pref_iterator_name) (config_pref_iterator_value, nvt_preference_iterator_real_name) (nvt_preference_iterator_type, nvt_preference_iterator_config_value): New functions. (init_nvt_preference_iterator): Add name arg for getting prefs for given * src/manage.h: Update headers. * src/omp.c (omp_xml_handle_end_element): Update CLIENT_GET_PREFERENCES init_nvt_preference_iterator call. In CLIENT_GET_NVT_DETAILS send each NVT's prefs with the NVT when the config attribute is present. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2009-11-02 14:05:27 UTC (rev 5779) +++ trunk/openvas-manager/ChangeLog 2009-11-02 21:49:27 UTC (rev 5780) @@ -1,5 +1,21 @@ 2009-11-02 Matthew Mundell + Send NVT preferences with OMP GET_NVT_DETAILS. + + * src/tasks_sql.h (init_config_pref_iterator, config_pref_iterator_name) + (config_pref_iterator_value, nvt_preference_iterator_real_name) + (nvt_preference_iterator_type, nvt_preference_iterator_config_value): New + functions. + (init_nvt_preference_iterator): Add name arg for getting prefs for given + + * src/manage.h: Update headers. + + * src/omp.c (omp_xml_handle_end_element): Update CLIENT_GET_PREFERENCES + init_nvt_preference_iterator call. In CLIENT_GET_NVT_DETAILS send each + NVT's prefs with the NVT when the config attribute is present. + +2009-11-02 Matthew Mundell + Add sorting parameters to most OMP data retrieval commands, for very basic sorting. Modified: trunk/openvas-manager/src/manage.h =================================================================== --- trunk/openvas-manager/src/manage.h 2009-11-02 14:05:27 UTC (rev 5779) +++ trunk/openvas-manager/src/manage.h 2009-11-02 21:49:27 UTC (rev 5780) @@ -688,7 +688,7 @@ manage_nvt_preferences_enable (); void -init_nvt_preference_iterator (iterator_t*); +init_nvt_preference_iterator (iterator_t*, const char*); const char* nvt_preference_iterator_name (iterator_t*); @@ -696,6 +696,24 @@ const char* nvt_preference_iterator_value (iterator_t*); +char* +nvt_preference_iterator_config_value (iterator_t*, const char*); + +char* +nvt_preference_iterator_real_name (iterator_t*); + +char* +nvt_preference_iterator_type (iterator_t*); + +void +init_config_pref_iterator (iterator_t*, const char*, const char*); + +const char* +config_pref_iterator_name (iterator_t*); + +const char* +config_pref_iterator_value (iterator_t*); + /* LSC credentials. */ Modified: trunk/openvas-manager/src/omp.c =================================================================== --- trunk/openvas-manager/src/omp.c 2009-11-02 14:05:27 UTC (rev 5779) +++ trunk/openvas-manager/src/omp.c 2009-11-02 21:49:27 UTC (rev 5780) @@ -2705,7 +2705,7 @@ SEND_TO_CLIENT_OR_FAIL (""); - init_nvt_preference_iterator (&prefs); + init_nvt_preference_iterator (&prefs, NULL); while (next (&prefs)) { SENDF_TO_CLIENT_OR_FAIL ("" @@ -2854,10 +2854,54 @@ init_nvt_iterator (&nvts, nvt, NULL, NULL, 1, NULL); while (next (&nvts)) - if (send_nvt (&nvts, 1)) - { - error_send_to_client (error); - return; + { + if (send_nvt (&nvts, 1)) + { + error_send_to_client (error); + return; + } + if (current_name) /* Attribute config. */ + { + iterator_t prefs; + const char *nvt_name = nvt_iterator_name (&nvts); + + /* Send the preferences for the NVT. */ + + SEND_TO_CLIENT_OR_FAIL (""); + + init_nvt_preference_iterator (&prefs, nvt_name); + while (next (&prefs)) + { + char *real_name, *type, *value; + real_name + = nvt_preference_iterator_real_name (&prefs); + type = nvt_preference_iterator_type (&prefs); + value = nvt_preference_iterator_config_value + (&prefs, current_name); + if (strcmp (type, "radio") == 0) + { + /* Clip off the alternative values. */ + char *pos = strchr (value, ';'); + if (pos) *pos = '\0'; + } + SENDF_TO_CLIENT_OR_FAIL + ("" + "%s" + "%s" + "%s" + "", + real_name, + type, + value); + free (real_name); + free (type); + free (value); + } + cleanup_iterator (&prefs); + + SEND_TO_CLIENT_OR_FAIL (""); + + } } cleanup_iterator (&nvts); Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2009-11-02 14:05:27 UTC (rev 5779) +++ trunk/openvas-manager/src/tasks_sql.h 2009-11-02 21:49:27 UTC (rev 5780) @@ -4956,6 +4956,41 @@ static DEF_ACCESS (preference_iterator_value, 1); /** + * @brief Initialise a config preference iterator. + * + * @param[in] iterator Iterator. + * @param[in] config Config. + * @param[in] nvt Name of NVT whose preferences to iterator over. + */ +void +init_config_pref_iterator (iterator_t* iterator, + const char* config, + const char* nvt) +{ + gchar *quoted_config = sql_nquote (config, strlen (config)); + init_iterator (iterator, + "SELECT name, value FROM config_preferences" + " WHERE config =" + " (SELECT ROWID FROM configs WHERE name = '%s')" + " AND type = 'PLUGINS_PREFS'" + " AND name LIKE '%s[%%';", + quoted_config, + nvt ? nvt : ""); + g_free (quoted_config); +} + +DEF_ACCESS (config_pref_iterator_name, 0); + +const char* +config_pref_iterator_value (iterator_t* iterator) +{ + const char *ret; + if (iterator->done) return NULL; + ret = (const char*) sqlite3_column_text (iterator->stmt, 1); + return ret ? ret : (const char*) sqlite3_column_text (iterator->stmt, 2); +} + +/** * @brief Return the NVT selector associated with a config. * * @param[in] name Config name. @@ -5804,16 +5839,93 @@ * @brief Initialise an NVT preference iterator. * * @param[in] iterator Iterator. + * @param[in] name Name of NVT, NULL for all preferences. */ void -init_nvt_preference_iterator (iterator_t* iterator) +init_nvt_preference_iterator (iterator_t* iterator, const char *name) { - init_iterator (iterator, "SELECT name, value FROM nvt_preferences;"); + if (name) + { + gchar *quoted_name = sql_quote (name); + init_iterator (iterator, + "SELECT name, value FROM nvt_preferences" + " WHERE name LIKE '%s[%%';", + quoted_name); + g_free (quoted_name); + } + else + init_iterator (iterator, "SELECT name, value FROM nvt_preferences;"); } DEF_ACCESS (nvt_preference_iterator_name, 0); DEF_ACCESS (nvt_preference_iterator_value, 1); +char* +nvt_preference_iterator_real_name (iterator_t* iterator) +{ + const char *ret; + if (iterator->done) return NULL; + ret = (const char*) sqlite3_column_text (iterator->stmt, 0); + if (ret) + { + int value_start = -1, value_end = -1, count; + count = sscanf (ret, "%*[^[][%*[^]]]:%n%*[^:]%n", &value_start, &value_end); + if (count == 0 && value_start > 0 && value_end > 0) + { + ret += value_start; + return g_strndup (ret, value_end - value_start); + } + return NULL; + } + return NULL; +} + +char* +nvt_preference_iterator_type (iterator_t* iterator) +{ + const char *ret; + if (iterator->done) return NULL; + ret = (const char*) sqlite3_column_text (iterator->stmt, 0); + if (ret) + { + int type_start = -1, type_end = -1, count; + count = sscanf (ret, "%*[^[][%n%*[^]]%n]:", &type_start, &type_end); + if (count == 0 && type_start > 0 && type_end > 0) + { + ret += type_start; + return g_strndup (ret, type_end - type_start); + } + return NULL; + } + return NULL; +} + +char* +nvt_preference_iterator_config_value (iterator_t* iterator, const char* config) +{ + gchar *quoted_config, *quoted_name, *value; + const char *ret; + if (iterator->done) return NULL; + + quoted_config = sql_quote (config); + quoted_name = sql_quote ((const char *) sqlite3_column_text (iterator->stmt, 0)); + value = sql_string (0, 0, + "SELECT value FROM config_preferences" + " WHERE config =" + " (SELECT ROWID FROM configs WHERE name = '%s')" + " AND type = 'PLUGINS_PREFS'" + " AND name = '%s';", + quoted_config, + quoted_name); + g_free (quoted_config); + g_free (quoted_name); + if (value) return value; + + ret = (const char*) sqlite3_column_text (iterator->stmt, 1); + if (ret) return g_strdup (ret); + return NULL; +} + /* LSC Credentials. */ From scm-commit at wald.intevation.org Tue Nov 3 12:50:30 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 3 Nov 2009 12:50:30 +0100 (CET) Subject: [Openvas-commits] r5781 - in trunk/openvas-plugins: . scripts Message-ID: <20091103115030.3E819861EAB1@pyrosoma.intevation.org> Author: mime Date: 2009-11-03 12:50:27 +0100 (Tue, 03 Nov 2009) New Revision: 5781 Added: trunk/openvas-plugins/scripts/joomla_35780.nasl trunk/openvas-plugins/scripts/serv_u_web_client_36895.nasl Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/cve_current.txt Log: Added new plugins Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-11-02 21:49:27 UTC (rev 5780) +++ trunk/openvas-plugins/ChangeLog 2009-11-03 11:50:27 UTC (rev 5781) @@ -1,3 +1,9 @@ +2009-11-03 Michael Meyer + + * scripts/serv_u_web_client_36895.nasl. + scripts/joomla_35780.nasl: + Added new plugins. + 2009-11-02 Chandrashekhar B * scripts/secpod_proftpd_server_remote_detect.nasl, Modified: trunk/openvas-plugins/cve_current.txt =================================================================== --- trunk/openvas-plugins/cve_current.txt 2009-11-02 21:49:27 UTC (rev 5780) +++ trunk/openvas-plugins/cve_current.txt 2009-11-03 11:50:27 UTC (rev 5781) @@ -233,4 +233,5 @@ CVE-2009-3666 SecPod svn R CVE-2009-3805 SecPod svn L CVE-2009-3641 SecPod svn L - +36895 Greenbone svn R +35780 Greenbone svn R Added: trunk/openvas-plugins/scripts/joomla_35780.nasl =================================================================== --- trunk/openvas-plugins/scripts/joomla_35780.nasl 2009-11-02 21:49:27 UTC (rev 5780) +++ trunk/openvas-plugins/scripts/joomla_35780.nasl 2009-11-03 11:50:27 UTC (rev 5781) @@ -0,0 +1,93 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# Joomla! Remote File Upload Vulnerability And Information Disclosure Weakness +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100333); + script_bugtraq_id(35780); + script_version ("1.0-$Revision$"); + + script_name("Joomla! Remote File Upload Vulnerability And Information Disclosure Weakness"); + +desc = "Overview: +Joomla! is prone to a remote file-upload vulnerability and an information- +disclosure weakness. + +Attackers can exploit these issues to disclosure sensitive +information, or upload arbitrary code and execute it in the context of +the webserver process. This may facilitate unauthorized access or +privilege escalation; other attacks are also possible. + +Joomla! 1.5.x versions prior to 1.5.13 are vulnerable. + +Solution: +The vendor has released updates to address the issues. Please see the +references for more information. + +References: +http://www.securityfocus.com/bid/35780 +http://developer.joomla.org/security/news/301-20090722-core-file-upload.html +http://developer.joomla.org/security/news/302-20090722-core-missing-jexec-check.html +http://www.joomla.org/ +http://www.securityfocus.com/archive/1/505231 + +Risk factor : Medium"; + + script_description(desc); + script_summary("Determine if Joomla! version is 1.5 and < 1.5.13"); + script_category(ACT_GATHER_INFO); + script_family("Web application abuses"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("joomla_detect.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + +include("http_func.inc"); +include("http_keepalive.inc"); +include("version_func.inc"); + +port = get_http_port(default:80); +if(!get_port_state(port))exit(0); + +if (!can_host_php(port:port)) exit(0); + +if(!version = get_kb_item(string("www/", port, "/joomla")))exit(0); +if(!matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$"))exit(0); + +vers = matches[1]; + +if(!isnull(vers) && vers >!< "unknown") { + + if(version_in_range(version: vers, test_version:"1.5", test_version2: "1.5.12")) { + security_warning(port:port); + exit(0); + } + +} + +exit(0); Property changes on: trunk/openvas-plugins/scripts/joomla_35780.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Added: trunk/openvas-plugins/scripts/serv_u_web_client_36895.nasl =================================================================== --- trunk/openvas-plugins/scripts/serv_u_web_client_36895.nasl 2009-11-02 21:49:27 UTC (rev 5780) +++ trunk/openvas-plugins/scripts/serv_u_web_client_36895.nasl 2009-11-03 11:50:27 UTC (rev 5781) @@ -0,0 +1,88 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# Serv-U Web Client HTTP Request Remote Buffer Overflow Vulnerability +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100332); + script_bugtraq_id(36895); + script_version ("1.0-$Revision$"); + + script_name("Serv-U Web Client HTTP Request Remote Buffer Overflow Vulnerability"); + +desc = "Overview: +Serv-U Web Client is prone to a buffer-overflow vulnerability because +the application fails to perform adequate boundary checks on user- +supplied data. + +Attackers can exploit this issue to execute arbitrary code within the +context of the affected application. Failed exploit attempts will +result in a denial-of-service condition. + +Serv-U Web Client 9.0.0.5 is vulnerable; other versions may also +be affected. + +References: +http://www.securityfocus.com/bid/36895 +http://www.rangos.de/ServU-ADV.txt +http://www.serv-u.com/Browser-Transfer-Client.asp + +Risk factor : High"; + + script_description(desc); + script_summary("Determine if Serv-U Web Client version is 9.0.0.5"); + script_category(ACT_GATHER_INFO); + script_family("FTP"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("find_service.nes"); + script_require_ports("Services/www", 80); + exit(0); +} + + +include("http_func.inc"); +include("version_func.inc"); + +port = get_http_port(default:80); +if(!get_port_state(port))exit(0); + +banner = get_http_banner(port: port); +if(!banner)exit(0); + +if(egrep(pattern:"Server: Serv-U/", string:banner)) + { + + version = eregmatch(pattern:"Server: Serv-U/([0-9.]+)", string:banner); + + if(isnull(version[1]))exit(0); + + if(version_is_equal(version:version[1], test_version:"9.0.0.5")) { + security_hole(port:port); + exit(0); + } + } + +exit(0); + Property changes on: trunk/openvas-plugins/scripts/serv_u_web_client_36895.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision From scm-commit at wald.intevation.org Tue Nov 3 14:54:19 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 3 Nov 2009 14:54:19 +0100 (CET) Subject: [Openvas-commits] r5782 - in trunk/openvas-manager: . src Message-ID: <20091103135419.6E4BB8667D1D@pyrosoma.intevation.org> Author: mattm Date: 2009-11-03 14:54:18 +0100 (Tue, 03 Nov 2009) New Revision: 5782 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/manage.h trunk/openvas-manager/src/omp.c trunk/openvas-manager/src/tasks_sql.h Log: Send preference counts with OMP GET_NVT_DETAILS and preferences with OMP GET_CONFIGS. * src/tasks_sql.h (nvt_preference_iterator_real_name): Return name anyway if sscanf fails to match. (nvt_preference_iterator_nvt, nvt_preference_count): New functions. * src/manage.h: Update headers. * src/omp.c (current_int_3): New variable. (omp_xml_handle_start_element): Add "preferences" attribute to GET_CONFIGS. (send_nvt): Send preference count from new arg pref_count. (omp_xml_handle_end_element): In CLIENT_GET_NVT_DETAILS check type exists before strcmp and send preference count with each NVT. In CLIENT_GET_CONFIGS send preferences according to "preferences" attribute. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2009-11-03 11:50:27 UTC (rev 5781) +++ trunk/openvas-manager/ChangeLog 2009-11-03 13:54:18 UTC (rev 5782) @@ -1,3 +1,22 @@ +2009-11-03 Matthew Mundell + + Send preference counts with OMP GET_NVT_DETAILS and preferences with + OMP GET_CONFIGS. + + * src/tasks_sql.h (nvt_preference_iterator_real_name): Return name anyway + if sscanf fails to match. + (nvt_preference_iterator_nvt, nvt_preference_count): New functions. + + * src/manage.h: Update headers. + + * src/omp.c (current_int_3): New variable. + (omp_xml_handle_start_element): Add "preferences" attribute to + GET_CONFIGS. + (send_nvt): Send preference count from new arg pref_count. + (omp_xml_handle_end_element): In CLIENT_GET_NVT_DETAILS check type exists + before strcmp and send preference count with each NVT. In + CLIENT_GET_CONFIGS send preferences according to "preferences" attribute. + 2009-11-02 Matthew Mundell Send NVT preferences with OMP GET_NVT_DETAILS. Modified: trunk/openvas-manager/src/manage.h =================================================================== --- trunk/openvas-manager/src/manage.h 2009-11-03 11:50:27 UTC (rev 5781) +++ trunk/openvas-manager/src/manage.h 2009-11-03 13:54:18 UTC (rev 5782) @@ -705,6 +705,9 @@ char* nvt_preference_iterator_type (iterator_t*); +char* +nvt_preference_iterator_nvt (iterator_t*); + void init_config_pref_iterator (iterator_t*, const char*, const char*); @@ -714,6 +717,9 @@ const char* config_pref_iterator_value (iterator_t*); +int +nvt_preference_count (const char *); + /* LSC credentials. */ Modified: trunk/openvas-manager/src/omp.c =================================================================== --- trunk/openvas-manager/src/omp.c 2009-11-03 11:50:27 UTC (rev 5781) +++ trunk/openvas-manager/src/omp.c 2009-11-03 13:54:18 UTC (rev 5782) @@ -253,6 +253,11 @@ int current_int_2; /** + * @brief Generic integer variable for communicating between the callbacks. + */ +int current_int_3; + +/** * @brief Buffer of output to the client. */ char to_client[TO_CLIENT_BUFFER_SIZE]; @@ -905,6 +910,11 @@ current_int_2 = strcmp (attribute, "descending"); else current_int_2 = 1; + if (find_attribute (attribute_names, attribute_values, + "preferences", &attribute)) + current_int_3 = atoi (attribute); + else + current_int_3 = 0; set_client_state (CLIENT_GET_CONFIGS); } else if (strcasecmp ("GET_DEPENDENCIES", element_name) == 0) @@ -1754,13 +1764,14 @@ /** * @brief Send XML for an NVT. * - * @param[in] key The plugin OID. - * @param[in] details If true, detailed XML, else simple XML. + * @param[in] key The plugin OID. + * @param[in] details If true, detailed XML, else simple XML. + * @param[in] pref_count Preference count. Used if details is true. * * @return TRUE if out of space in to_client buffer, else FALSE. */ static gboolean -send_nvt (iterator_t *nvts, int details) +send_nvt (iterator_t *nvts, int details, int pref_count) { const char* oid = nvt_iterator_oid (nvts); const char* name = nvt_iterator_name (nvts); @@ -1797,6 +1808,7 @@ "%s" "%s" "%s" + "%i" "" "md5" // FIX implement @@ -1815,7 +1827,8 @@ nvt_iterator_bid (nvts), nvt_iterator_xref (nvts), nvt_iterator_sign_key_ids (nvts), - tag_text); + tag_text, + pref_count); g_free (copyright_text); g_free (description_text); g_free (summary_text); @@ -2780,7 +2793,7 @@ init_nvt_iterator (&nvts, (nvt_t) 0, NULL, NULL, 1, NULL); while (next (&nvts)) - if (send_nvt (&nvts, 0)) + if (send_nvt (&nvts, 0, -1)) { error_send_to_client (error); return; @@ -2855,7 +2868,7 @@ init_nvt_iterator (&nvts, nvt, NULL, NULL, 1, NULL); while (next (&nvts)) { - if (send_nvt (&nvts, 1)) + if (send_nvt (&nvts, 1, -1)) { error_send_to_client (error); return; @@ -2878,7 +2891,7 @@ type = nvt_preference_iterator_type (&prefs); value = nvt_preference_iterator_config_value (&prefs, current_name); - if (strcmp (type, "radio") == 0) + if (type && strcmp (type, "radio") == 0) { /* Clip off the alternative values. */ char *pos = strchr (value, ';'); @@ -2933,11 +2946,19 @@ /* Attribute sort_field. */ modify_task_value); while (next (&nvts)) - if (send_nvt (&nvts, 1)) - { - error_send_to_client (error); - return; - } + { + int pref_count = -1; + if (current_name) /* Attribute config. */ + { + const char *nvt_name = nvt_iterator_name (&nvts); + pref_count = nvt_preference_count (nvt_name); + } + if (send_nvt (&nvts, 1, pref_count)) + { + error_send_to_client (error); + return; + } + } cleanup_iterator (&nvts); SEND_TO_CLIENT_OR_FAIL (""); @@ -5371,13 +5392,59 @@ * NVT's. */ "" "%i" - "" - "", + "", max_nvt_count, known_nvt_count); } - else - SENDF_TO_CLIENT_OR_FAIL (""); + + if (current_int_3) + { + iterator_t prefs; + + /** @todo Similar to block in CLIENT_GET_NVT_DETAILS. */ + + /* The "preferences" attribute was true. */ + + SEND_TO_CLIENT_OR_FAIL (""); + + init_nvt_preference_iterator (&prefs, NULL); + while (next (&prefs)) + { + char *real_name, *type, *value, *nvt; + real_name + = nvt_preference_iterator_real_name (&prefs); + type = nvt_preference_iterator_type (&prefs); + value = nvt_preference_iterator_config_value + (&prefs, config_name); + nvt = nvt_preference_iterator_nvt (&prefs); + if (type && strcmp (type, "radio") == 0) + { + /* Clip off the alternative values. */ + char *pos = strchr (value, ';'); + if (pos) *pos = '\0'; + } + SENDF_TO_CLIENT_OR_FAIL + ("" + "%s" + "%s" + "%s" + "%s" + "", + nvt ? nvt : "", + real_name, + type, + value); + free (real_name); + free (type); + free (value); + free (nvt); + } + cleanup_iterator (&prefs); + + SEND_TO_CLIENT_OR_FAIL (""); + } + + SENDF_TO_CLIENT_OR_FAIL (""); } openvas_free_string_var (¤t_name); cleanup_iterator (&configs); Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2009-11-03 11:50:27 UTC (rev 5781) +++ trunk/openvas-manager/src/tasks_sql.h 2009-11-03 13:54:18 UTC (rev 5782) @@ -5875,7 +5875,7 @@ ret += value_start; return g_strndup (ret, value_end - value_start); } - return NULL; + return g_strdup (ret); } return NULL; } @@ -5901,6 +5901,25 @@ } char* +nvt_preference_iterator_nvt (iterator_t* iterator) +{ + const char *ret; + if (iterator->done) return NULL; + ret = (const char*) sqlite3_column_text (iterator->stmt, 0); + if (ret) + { + int type_start = -1, count; + count = sscanf (ret, "%*[^[]%n[%*[^]]]:", &type_start); + if (count == 0 && type_start > 0) + { + return g_strndup (ret, type_start); + } + return NULL; + } + return NULL; +} + +char* nvt_preference_iterator_config_value (iterator_t* iterator, const char* config) { gchar *quoted_config, *quoted_name, *value; @@ -5926,6 +5945,25 @@ return NULL; } +/** + * @brief Get the number preferences available for an NVT. + * + * @param[in] name Name of NVT. + * + * @return Number of possible preferences on NVT. + */ +int +nvt_preference_count (const char *name) +{ + gchar *quoted_name = sql_quote (name); + int ret = sql_int (0, 0, + "SELECT COUNT(*) FROM nvt_preferences" + " WHERE name LIKE '%s[%%';", + quoted_name); + g_free (quoted_name); + return ret; +} + /* LSC Credentials. */ From scm-commit at wald.intevation.org Wed Nov 4 07:03:40 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 4 Nov 2009 07:03:40 +0100 (CET) Subject: [Openvas-commits] r5783 - in trunk/openvas-plugins: . scripts Message-ID: <20091104060340.1DBA6852FE86@pyrosoma.intevation.org> Author: chandra Date: 2009-11-04 07:03:36 +0100 (Wed, 04 Nov 2009) New Revision: 5783 Added: trunk/openvas-plugins/scripts/gb_opera_dos_vuln_nov09_lin.nasl trunk/openvas-plugins/scripts/gb_opera_mult_vuln_nov09_win.nasl trunk/openvas-plugins/scripts/gb_seamonkey_mult_vuln_nov09_lin.nasl trunk/openvas-plugins/scripts/gb_seamonkey_mult_vuln_nov09_win.nasl trunk/openvas-plugins/scripts/gb_squidguard_detect.nasl trunk/openvas-plugins/scripts/gb_squidguard_mult_bof_vuln.nasl trunk/openvas-plugins/scripts/gb_wireshark_dcerpcnt_dos_vuln_nov09_lin.nasl trunk/openvas-plugins/scripts/gb_wireshark_dcerpcnt_dos_vuln_nov09_win.nasl trunk/openvas-plugins/scripts/gb_wireshark_mult_dos_vuln_nov09_lin.nasl trunk/openvas-plugins/scripts/gb_wireshark_mult_dos_vuln_nov09_win.nasl trunk/openvas-plugins/scripts/gb_wireshark_wiretap_dos_vuln_nov09_lin.nasl trunk/openvas-plugins/scripts/gb_wireshark_wiretap_dos_vuln_nov09_win.nasl Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/cve_current.txt trunk/openvas-plugins/scripts/gb_seamonkey_detect_win.nasl Log: Added new plugins Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-11-03 13:54:18 UTC (rev 5782) +++ trunk/openvas-plugins/ChangeLog 2009-11-04 06:03:36 UTC (rev 5783) @@ -1,3 +1,22 @@ +2009-11-04 Chandrashekhar B + + * scripts/gb_squidguard_mult_bof_vuln.nasl, + scripts/gb_wireshark_mult_dos_vuln_nov09_win.nasl, + scripts/gb_squidguard_detect.nasl, + scripts/gb_wireshark_wiretap_dos_vuln_nov09_lin.nasl, + scripts/gb_wireshark_dcerpcnt_dos_vuln_nov09_win.nasl, + scripts/gb_seamonkey_mult_vuln_nov09_win.nasl, + scripts/gb_opera_mult_vuln_nov09_win.nasl, + scripts/gb_wireshark_mult_dos_vuln_nov09_lin.nasl, + scripts/gb_wireshark_dcerpcnt_dos_vuln_nov09_lin.nasl, + scripts/gb_seamonkey_mult_vuln_nov09_lin.nasl, + scripts/gb_wireshark_wiretap_dos_vuln_nov09_win.nasl, + scripts/gb_opera_dos_vuln_nov09_lin.nasl: + Added new plugins. + + * scripts/gb_seamonkey_detect_win.nasl: + Updated to detect the latest version. + 2009-11-03 Michael Meyer * scripts/serv_u_web_client_36895.nasl. Modified: trunk/openvas-plugins/cve_current.txt =================================================================== --- trunk/openvas-plugins/cve_current.txt 2009-11-03 13:54:18 UTC (rev 5782) +++ trunk/openvas-plugins/cve_current.txt 2009-11-04 06:03:36 UTC (rev 5783) @@ -205,28 +205,28 @@ 36874 Greenbone svn R CVE-2009-3790 SecPod svn L CVE-2009-3830 SecPod -CVE-2009-3549 -CVE-2009-3550 -CVE-2009-3551 -CVE-2009-3829 -CVE-2009-3371 -CVE-2009-3370 -CVE-2009-1563 -CVE-2009-3374 -CVE-2009-3373 -CVE-2009-3372 -CVE-2009-3377 -CVE-2009-3376 -CVE-2009-3375 -CVE-2009-3380 -CVE-2009-3379 -CVE-2009-3378 -CVE-2009-3383 -CVE-2009-3382 -CVE-2009-3381 +CVE-2009-3549 SecPod svn L +CVE-2009-3550 SecPod svn L +CVE-2009-3551 SecPod svn L +CVE-2009-3829 SecPod svn L +CVE-2009-3371 SecPod svn L +CVE-2009-3370 SecPod svn L +CVE-2009-1563 SecPod svn L +CVE-2009-3374 SecPod svn L +CVE-2009-3373 SecPod svn L +CVE-2009-3372 SecPod svn L +CVE-2009-3377 SecPod svn L +CVE-2009-3376 SecPod svn L +CVE-2009-3375 SecPod svn L +CVE-2009-3380 SecPod svn L +CVE-2009-3379 SecPod svn L +CVE-2009-3378 SecPod svn L +CVE-2009-3383 SecPod svn L +CVE-2009-3382 SecPod svn L +CVE-2009-3381 SecPod svn L CVE-2009-3626 -CVE-2009-3832 -CVE-2009-3831 +CVE-2009-3832 SecPod svn L +CVE-2009-3831 SecPod svn L CVE-2009-3627 CVE-2009-3664 SecPod svn R CVE-2009-3665 SecPod svn R @@ -235,3 +235,5 @@ CVE-2009-3641 SecPod svn L 36895 Greenbone svn R 35780 Greenbone svn R +CVE-2009-3826 SecPod svn L +CVE-2009-3700 SecPod svn L Added: trunk/openvas-plugins/scripts/gb_opera_dos_vuln_nov09_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_opera_dos_vuln_nov09_lin.nasl 2009-11-03 13:54:18 UTC (rev 5782) +++ trunk/openvas-plugins/scripts/gb_opera_dos_vuln_nov09_lin.nasl 2009-11-04 06:03:36 UTC (rev 5783) @@ -0,0 +1,84 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_opera_dos_vuln_nov09_lin.nasl 5566 2009-11-02 17:01:26Z nov $ +# +# Opera Denial Of Service Vulnerability - Nov09 (Linux) +# +# Authors: +# Sharath S +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801141); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-3831"); + script_bugtraq_id(36850); + script_name("Opera Denial Of Service Vulnerability - Nov09 (Linux)"); + desc = " + Overview: This host is installed with Opera Web Browser and is prone to + Denial of Service vulnerability. + + Vulnerability Insight: + An error when processing domain names can be exploited to cause a memory + corruption. + + Impact: + Successful attackes may leads to Denial of Service on the affected application. + + Impact Level: Application + + Affected Software/OS: + Opera version prior to 10.01 on Linux. + + Fix: Upgrade to Opera version 10.01 or later + http://www.opera.com/browser/download/ + + References: + http://secunia.com/advisories/37182 + http://www.opera.com/support/kb/view/938/ + http://www.opera.com/docs/changelogs/unix/1001/ + http://www.vupen.com/english/advisories/2009/3073 + + CVSS Score: + CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 6.9 + Risk factor: High"; + + script_description(desc); + script_summary("Check for the version of Opera Web Browser"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("Denial of Service"); + script_dependencies("secpod_opera_detection_linux_900037.nasl"); + script_require_keys("Opera/Linux/Version"); + exit(0); +} + + +include("version_func.inc"); + +operaVer = get_kb_item("Opera/Linux/Version"); +if(operaVer) +{ + # Check for Opera Version < 10.01 + if(version_is_less(version:operaVer, test_version:"10.01")){ + security_hole(0); + } +} Property changes on: trunk/openvas-plugins/scripts/gb_opera_dos_vuln_nov09_lin.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/gb_opera_mult_vuln_nov09_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_opera_mult_vuln_nov09_win.nasl 2009-11-03 13:54:18 UTC (rev 5782) +++ trunk/openvas-plugins/scripts/gb_opera_mult_vuln_nov09_win.nasl 2009-11-04 06:03:36 UTC (rev 5783) @@ -0,0 +1,87 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_opera_mult_vuln_nov09_win.nasl 5566 2009-11-02 16:30:26Z nov $ +# +# Opera Multiple Vulnerabilities - Nov09 (Win) +# +# Authors: +# Sharath S +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801140); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-3831", "CVE-2009-3832"); + script_bugtraq_id(36850); + script_name("Opera Multiple Vulnerabilities - Nov09 (Win)"); + desc = " + Overview: This host is installed with Opera Web Browser and is prone to + multiple vulnerabilities. + + Vulnerability Insight: + - An error when processing domain names can be exploited to cause a memory + corruption. + - An error when processing web fonts can be exploited to change the font of + the address field and display an arbitrary domain name as an address. + + Impact: + Attacker can exploit this issue to disclose sensitive information, conduct + spoofing attacks, Denial of Service or compromise a user's system. + + Impact Level: Application + + Affected Software/OS: + Opera version prior to 10.01 on Windows. + + Fix: Upgrade to Opera version 10.01 or later + http://www.opera.com/browser/download/ + + References: + http://secunia.com/advisories/37182 + http://www.opera.com/support/kb/view/938/ + http://www.vupen.com/english/advisories/2009/3073 + http://www.opera.com/docs/changelogs/windows/1001 + + CVSS Score: + CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 6.9 + Risk factor: High"; + + script_description(desc); + script_summary("Check for the version of Opera Web Browser"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("Denial of Service"); + script_dependencies("secpod_opera_detection_win_900036.nasl"); + script_require_keys("Opera/Win/Version"); + exit(0); +} + + +include("version_func.inc"); + +operaVer = get_kb_item("Opera/Win/Version"); +if(operaVer) +{ + # Check for Opera Version < 10.1 (10.01) + if(version_is_less(version:operaVer, test_version:"10.1")){ + security_hole(0); + } +} Property changes on: trunk/openvas-plugins/scripts/gb_opera_mult_vuln_nov09_win.nasl ___________________________________________________________________ Name: svn:executable + * Modified: trunk/openvas-plugins/scripts/gb_seamonkey_detect_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_seamonkey_detect_win.nasl 2009-11-03 13:54:18 UTC (rev 5782) +++ trunk/openvas-plugins/scripts/gb_seamonkey_detect_win.nasl 2009-11-04 06:03:36 UTC (rev 5783) @@ -7,6 +7,9 @@ # Authors: # Chandan S # +# Upgrade to detect the latest version +# - By Sharath S On 2009-11-02 #5567 +# # Copyright: # Copyright (c) 2008 Intevation GmbH, http://www.intevation.net # @@ -16,7 +19,7 @@ # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License @@ -28,11 +31,11 @@ if(description) { script_id(800016); - script_version("Revision: 1.0 "); + script_version("$Revision: 1.1 $"); script_name("Mozilla SeaMonkey Version Detection (Windows)"); desc = " - Overview : This script finds the Mozilla SeaMonkey installed version on - Windows and save the version in KB. + Overview : This script finds the Mozilla SeaMonkey installed version on + Windows and saves in KB. Risk factor : Informational"; @@ -40,7 +43,7 @@ script_summary("Set Version of Mozilla SeaMonkey in KB"); script_category(ACT_GATHER_INFO); script_copyright("Copyright (C) 2008 SecPod"); - script_family("General"); + script_family("Service detection"); script_dependencies("secpod_reg_enum.nasl"); script_require_keys("SMB/WindowsVersion"); script_require_ports(139, 445); @@ -57,6 +60,12 @@ # Check for SeaMonkey version through Registry entry seaVer = registry_get_sz(key:"SOFTWARE\mozilla.org\SeaMonkey", item:"CurrentVersion"); +if(!seaVer) +{ + seaVer = registry_get_sz(key:"SOFTWARE\Mozilla\SeaMonkey", + item:"CurrentVersion"); +} + if(seaVer) { seaVer = eregmatch(pattern:"[0-9.]+", string:seaVer); Added: trunk/openvas-plugins/scripts/gb_seamonkey_mult_vuln_nov09_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_seamonkey_mult_vuln_nov09_lin.nasl 2009-11-03 13:54:18 UTC (rev 5782) +++ trunk/openvas-plugins/scripts/gb_seamonkey_mult_vuln_nov09_lin.nasl 2009-11-04 06:03:36 UTC (rev 5783) @@ -0,0 +1,96 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_seamonkey_mult_vuln_nov09_lin.nasl 5567 2009-11-02 15:49:33Z nov $ +# +# Mozilla Seamonkey Multiple Vulnerabilities Nov-09 (Linux) +# +# Authors: +# Sharath S +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801137); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-3372", "CVE-2009-3373", "CVE-2009-3376"); + script_bugtraq_id(36856, 36855, 36867); + script_name("Mozilla Seamonkey Multiple Vulnerabilities Nov-09 (Linux)"); + desc = " + Overview: This host is installed with Mozilla Seamonkey browser and is prone to + multiple vulnerabilities. + + Vulnerability Insight: + Muliple flaws exist, + - When parsing regular expressions used in Proxy Auto-configuration. This can + be exploited to cause a crash or potentially execute arbitrary code via + specially crafted configured PAC files. + - When processing GIF color maps whcich can be exploited to cause a heap based + buffer overflow and potentially execute arbitrary code via a specially + crafted GIF file. + - An error when downloading files can be exploited to display different file + names in the download dialog title bar and download dialog body. This can + be exploited to obfuscate file names via a right-to-left override character + and potentially trick a user into running an executable file. + + Impact: + Successful exploitation will let attacker to disclose sensitive information, + bypass certain security restrictions, manipulate certain data, or compromise + a user's system. + + Impact Level: Application/System + + Affected Software/OS: + Mozilla Seamonkey version prior to 2.0 on Linux. + + Fix: Upgrade to Seamonkey version 2.0, + http://www.seamonkey-project.org/releases + + References: + http://secunia.com/secunia_research/2009-35/ + http://www.mozilla.org/security/announce/2009/mfsa2009-55.html + http://www.mozilla.org/security/announce/2009/mfsa2009-56.html + http://www.mozilla.org/security/announce/2009/mfsa2009-62.html + + CVSS Score: + CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 7.8 + Risk factor: High"; + + script_description(desc); + script_summary("Check for the version of Mozilla Seamonkey"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("Buffer overflow"); + script_dependencies("gb_seamonkey_detect_lin.nasl"); + script_require_keys("Seamonkey/Linux/Ver"); + exit(0); +} + + +include("version_func.inc"); + +smVer = get_kb_item("Seamonkey/Linux/Ver"); +if(!smVer){ + exit(0); +} + +# Check for Seamonkey version < 2.0 +if(version_is_less(version:smVer, test_version:"2.0")){ + security_hole(0); +} Property changes on: trunk/openvas-plugins/scripts/gb_seamonkey_mult_vuln_nov09_lin.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/gb_seamonkey_mult_vuln_nov09_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_seamonkey_mult_vuln_nov09_win.nasl 2009-11-03 13:54:18 UTC (rev 5782) +++ trunk/openvas-plugins/scripts/gb_seamonkey_mult_vuln_nov09_win.nasl 2009-11-04 06:03:36 UTC (rev 5783) @@ -0,0 +1,96 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_seamonkey_mult_vuln_nov09_win.nasl 5567 2009-11-02 15:28:33Z nov $ +# +# Mozilla Seamonkey Multiple Vulnerabilities Nov-09 (Win) +# +# Authors: +# Sharath S +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801136); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-3372", "CVE-2009-3373", "CVE-2009-3376"); + script_bugtraq_id(36856, 36855, 36867); + script_name("Mozilla Seamonkey Multiple Vulnerabilities Nov-09 (Win)"); + desc = " + Overview: This host is installed with Mozilla Seamonkey browser and is prone to + multiple vulnerabilities. + + Vulnerability Insight: + Muliple flaw are due to following errors, + - When parsing regular expressions used in Proxy Auto-configuration. This can + be exploited to cause a crash or potentially execute arbitrary code via + specially crafted configured PAC files. + - When processing GIF color maps can be exploited to cause a heap based buffer + overflow and potentially execute arbitrary code via a specially crafted GIF + file. + - An error when downloading files can be exploited to display different file + names in the download dialog title bar and download dialog body. This can + be exploited to obfuscate file names via a right-to-left override character + and potentially trick a user into running an executable file. + + Impact: + Successful exploitation will let attacker to disclose sensitive information, + bypass certain security restrictions, manipulate certain data, or compromise + a user's system. + + Impact Level: Application/System + + Affected Software/OS: + Mozilla Seamonkey version prior to 2.0 on Windows. + + Fix: Upgrade to Seamonkey version 2.0 + http://www.seamonkey-project.org/releases + + References: + http://secunia.com/secunia_research/2009-35/ + http://www.mozilla.org/security/announce/2009/mfsa2009-55.html + http://www.mozilla.org/security/announce/2009/mfsa2009-56.html + http://www.mozilla.org/security/announce/2009/mfsa2009-62.html + + CVSS Score: + CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 7.8 + Risk factor: High"; + + script_description(desc); + script_summary("Check for the version of Mozilla Seamonkey"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("Buffer overflow"); + script_dependencies("gb_seamonkey_detect_win.nasl"); + script_require_keys("Seamonkey/Win/Ver"); + exit(0); +} + + +include("version_func.inc"); + +smVer = get_kb_item("Seamonkey/Win/Ver"); +if(!smVer){ + exit(0); +} + +# Check for Seamonkey version < 2.0 +if(version_is_less(version:smVer, test_version:"2.0")){ + security_hole(0); +} Property changes on: trunk/openvas-plugins/scripts/gb_seamonkey_mult_vuln_nov09_win.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/gb_squidguard_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_squidguard_detect.nasl 2009-11-03 13:54:18 UTC (rev 5782) +++ trunk/openvas-plugins/scripts/gb_squidguard_detect.nasl 2009-11-04 06:03:36 UTC (rev 5783) @@ -0,0 +1,72 @@ +############################################################################## +# OpenVAS Vulnerability Test +# $Id: gb_squidguard_detect.nasl 5533 2009-11-02 13:58:21Z nov $ +# +# squidGuard Version Detection +# +# Authors: +# Nikita MR +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800964); + script_version("$Revision: 1.0 $"); + script_name("SquidGuard Version Detection"); + desc = " + Overview: This script detects the installed version of SquidGuard and + sets the result in KB. + + Risk factor: Informational"; + + script_description(desc); + script_family("Service detection"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_summary("Sets the version of SquidGuard in KB"); + exit(0); +} + + +include("ssh_func.inc"); +include("version_func.inc"); + +sgSock = ssh_login_or_reuse_connection(); +if(!sgSock){ + exit(0); +} + +getPath = find_bin(prog_name:"squidGuard", sock:sgSock); +foreach binFile (getPath) +{ + sgVer = get_bin_version(full_prog_name:chomp(binFile), sock:sgSock, + version_argv:"-v", + ver_pattern:"SquidGuard.? ([0-9.]+)([a-z][0-9])?"); + if(sgVer[1] != NULL) + { + if(sgVer[2] =~ "^[a-z][0-9]"){ + sgVer = sgVer[1] + "." + sgVer[2]; + } + else + sgVer = sgVer[1]; + set_kb_item(name:"SquidGuard/Ver", value:sgVer); + } +} +ssh_close_connection(); Property changes on: trunk/openvas-plugins/scripts/gb_squidguard_detect.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/gb_squidguard_mult_bof_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_squidguard_mult_bof_vuln.nasl 2009-11-03 13:54:18 UTC (rev 5782) +++ trunk/openvas-plugins/scripts/gb_squidguard_mult_bof_vuln.nasl 2009-11-04 06:03:36 UTC (rev 5783) @@ -0,0 +1,93 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_squidguard_mult_bof_vuln.nasl 5533 2009-11-02 15:33:20Z nov $ +# +# SquidGuard Multiple Buffer Overflow Vulnerabilities +# +# Authors: +# Nikita MR +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800965); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-3826", "CVE-2009-3700"); + script_bugtraq_id(36800); + script_name("SquidGuard Multiple Buffer Overflow Vulnerabilities"); + desc = " + Overview: The host is installed with SquidGuard and is prone to multiple + Buffer Overflow vulnerabilities. + + Vulnerability Insight: + - A boundary error occurs in 'sgLog.c' while handling overly long URLs with + multiple '/' characters while operating in the emergency mode. + - Multiple buffer overflow errors occur in 'sg.h.in' and 'sgDiv.c.in' while + processing overly long URLs and can be exploited to bypass the URL filter. + + Impact: + Remote attackers can exploit this issue to bypass the filter security and to + cause Denail of Service due to application hang. + + Impact Level: System/Application + + Affected Software/OS: + SquidGuard version 1.3 and 1.4 + + Fix: Apply the following patches. + http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20091019 + http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20091015 + + ***** + NOTE: Please ignore this waring if the above mentioned patches are already applied. + ***** + + References: + http://secunia.com/advisories/37107 + http://xforce.iss.net/xforce/xfdb/53922 + http://www.vupen.com/english/advisories/2009/3013 + http://securitytracker.com/alerts/2009/Oct/1023079.html + + CVSS Score: + CVSS Base Score : 5.0 (AV:N/AC:L/Au:NR/C:N/I:N/A:P) + CVSS Temporal Score : 3.7 + Risk factor: Medium"; + + script_description(desc); + script_summary("Check for the version of SquidGuard"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("Buffer overflow"); + script_dependencies("gb_squidguard_detect.nasl"); + script_require_keys("SquidGuard/Ver"); + exit(0); +} + + +include("version_func.inc"); + +sgVer = get_kb_item("SquidGuard/Ver"); +if(!sgVer){ + exit(0); +} + +if(version_is_equal(version:sgVer, test_version:"1.4")|| + version_is_equal(version:sgVer, test_version:"1.3")){ + security_warning(0); +} Property changes on: trunk/openvas-plugins/scripts/gb_squidguard_mult_bof_vuln.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/gb_wireshark_dcerpcnt_dos_vuln_nov09_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_wireshark_dcerpcnt_dos_vuln_nov09_lin.nasl 2009-11-03 13:54:18 UTC (rev 5782) +++ trunk/openvas-plugins/scripts/gb_wireshark_dcerpcnt_dos_vuln_nov09_lin.nasl 2009-11-04 06:03:36 UTC (rev 5783) @@ -0,0 +1,91 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_wireshark_dcerpcnt_dos_vuln_nov09_lin.nasl 5564 2009-11-03 17:15:12Z nov $ +# +# Wireshark 'DCERPC/NT' Dissector DOS Vulnerability - Nov09 (Linux) +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801035); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-3550"); + script_bugtraq_id(36846); + script_name("Wireshark 'DCERPC/NT' Dissector DOS Vulnerability - Nov09 (Linux)"); + desc = " + Overview: This host is installed with Wireshark and is prone to Denial of + Service Vulnerability. + + Vulnerability Insight: + The flaw is due to a NULL pointer dereference error within the 'DCERPC/NT' + dissector that can be exploited to cause a crash. + + Impact: + Successful exploitation could result in Denial of Serivce condition. + + Impact Level: Application. + + Affected Software/OS: + Wireshark version 0.10.13 to 1.0.9 and 1.2.0 to 1.2.2 on Linux. + + Fix: Upgrade to Wireshark 1.0.10 or 1.2.3 + http://www.wireshark.org/download.html + + Workaround: Disable the affected dissectors, + http://www.wireshark.org/security/wnpa-sec-2009-07.html + http://www.wireshark.org/security/wnpa-sec-2009-08.html + + References: + http://secunia.com/advisories/37175 + http://xforce.iss.net/xforce/xfdb/54016 + https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3689 + http://www.wireshark.org/docs/relnotes/wireshark-1.2.3.html + http://www.wireshark.org/docs/relnotes/wireshark-1.0.10.html + + CVSS Score: + CVSS Base Score : 4.3 (AV:N/AC:M/Au:NR/C:N/I:N/A:P) + CVSS Temporal Score : 3.2 + Risk factor: Medium"; + + script_description(desc); + script_summary("Check for the version of Wireshark"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("Denial of Service"); + script_dependencies("gb_wireshark_detect_lin.nasl"); + script_require_keys("Wireshark/Linux/Ver"); + exit(0); +} + + +include("version_func.inc"); + +sharkVer = get_kb_item("Wireshark/Linux/Ver"); +if(!sharkVer){ + exit(0); +} + +# Grep for Wireshark version 0.10.13 to 1.0.9 and 1.2.0 to 1.2.2 +if(version_in_range(version:sharkVer, test_version:"1.2.0", test_version2:"1.2.2") || + version_in_range(version:sharkVer, test_version:"0.10.13", test_version2:"1.0.9")){ + security_warning(0); +} Property changes on: trunk/openvas-plugins/scripts/gb_wireshark_dcerpcnt_dos_vuln_nov09_lin.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/gb_wireshark_dcerpcnt_dos_vuln_nov09_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_wireshark_dcerpcnt_dos_vuln_nov09_win.nasl 2009-11-03 13:54:18 UTC (rev 5782) +++ trunk/openvas-plugins/scripts/gb_wireshark_dcerpcnt_dos_vuln_nov09_win.nasl 2009-11-04 06:03:36 UTC (rev 5783) @@ -0,0 +1,91 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_wireshark_dcerpcnt_dos_vuln_nov09_win.nasl 5564 2009-11-03 16:13:24Z nov $ +# +# Wireshark 'DCERPC/NT' Dissector DOS Vulnerability - Nov09 (Win) +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801034); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-3550"); + script_bugtraq_id(36846); + script_name("Wireshark 'DCERPC/NT' Dissector DOS Vulnerability - Nov09 (Win)"); + desc = " + Overview: This host is installed with Wireshark and is prone to Denial of + Service Vulnerability. + + Vulnerability Insight: + The flaw is due to a NULL pointer dereference error within the 'DCERPC/NT' + dissector that can be exploited to cause a crash. + + Impact: + Successful exploitation could result in Denial of Serivce condition. + + Impact Level: Application. + + Affected Software/OS: + Wireshark version 0.10.13 to 1.0.9 and 1.2.0 to 1.2.2 on Windows. + + Fix: Upgrade to Wireshark 1.0.10 or 1.2.3 + http://www.wireshark.org/download.html + + Workaround: Disable the affected dissectors, + http://www.wireshark.org/security/wnpa-sec-2009-07.html + http://www.wireshark.org/security/wnpa-sec-2009-08.html + + References: + http://secunia.com/advisories/37175 + http://xforce.iss.net/xforce/xfdb/54016 + https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3689 + http://www.wireshark.org/docs/relnotes/wireshark-1.2.3.html + http://www.wireshark.org/docs/relnotes/wireshark-1.0.10.html + + CVSS Score: + CVSS Base Score : 4.3 (AV:N/AC:M/Au:NR/C:N/I:N/A:P) + CVSS Temporal Score : 3.2 + Risk factor: Medium"; + + script_description(desc); + script_summary("Check for the version of Wireshark"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("Denial of Service"); + script_dependencies("gb_wireshark_detect_win.nasl"); + script_require_keys("Wireshark/Win/Ver"); + exit(0); +} + + +include("version_func.inc"); + +sharkVer = get_kb_item("Wireshark/Win/Ver"); +if(!sharkVer){ + exit(0); +} + +# Grep for Wireshark version 0.10.13 to 1.0.9 and 1.2.0 to 1.2.2 +if(version_in_range(version:sharkVer, test_version:"1.2.0", test_version2:"1.2.2") || + version_in_range(version:sharkVer, test_version:"0.10.13", test_version2:"1.0.9")){ + security_warning(0); +} Property changes on: trunk/openvas-plugins/scripts/gb_wireshark_dcerpcnt_dos_vuln_nov09_win.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/gb_wireshark_mult_dos_vuln_nov09_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_wireshark_mult_dos_vuln_nov09_lin.nasl 2009-11-03 13:54:18 UTC (rev 5782) +++ trunk/openvas-plugins/scripts/gb_wireshark_mult_dos_vuln_nov09_lin.nasl 2009-11-04 06:03:36 UTC (rev 5783) @@ -0,0 +1,92 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_wireshark_mult_dos_vuln_nov09_lin.nasl 5564 2009-11-03 15:19:14Z nov $ +# +# Wireshark Multiple Denial Of Service Vulnerabilities - Nov09 (Linux) +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801033); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-3549", "CVE-2009-3551"); + script_bugtraq_id(36846); + script_name("Wireshark Multiple Denial Of Service Vulnerability - Nov09 (Linux)"); + desc = " + Overview: This host is installed with Wireshark and is prone to multiple + Denial of Service vulnerabilities. + + Vulnerability Insight: + - An alignment error within the 'dissect_paltalk()' function in + epan/dissectors/packet-paltalk.c of the Paltalk dissector can be + exploited to cause a crash. + - An off-by-one error within the 'dissect_negprot_response()' function in + epan/dissectors/packet-smb.c of the SMB dissector can be exploited to + cause a crash. + + Impact: + Successful exploitation could result in Denial of Serivce condition. + + Impact Level: Application. + + Affected Software/OS: + Wireshark version 1.2.0 to 1.2.2 on Linux. + + Fix: Upgrade to Wireshark 1.2.3 + http://www.wireshark.org/download.html + + Workaround: Disable the affected dissectors, + http://www.wireshark.org/security/wnpa-sec-2009-07.html + + References: + http://secunia.com/advisories/37175 + http://www.vupen.com/english/advisories/2009/3061 + https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3689 + http://www.wireshark.org/docs/relnotes/wireshark-1.2.3.html + + CVSS Score: + CVSS Base Score : 5.0 (AV:N/AC:L/Au:NR/C:N/I:N/A:P) + CVSS Temporal Score : 3.7 + Risk factor: Medium"; + + script_description(desc); + script_summary("Check for the version of Wireshark"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("Denial of Service"); + script_dependencies("gb_wireshark_detect_lin.nasl"); + script_require_keys("Wireshark/Linux/Ver"); + exit(0); +} + + +include("version_func.inc"); + +sharkVer = get_kb_item("Wireshark/Win/Ver"); +if(!sharkVer){ + exit(0); +} + +# Grep for Wireshark version 1.2.0 to 1.2.2 +if(version_in_range(version:sharkVer, test_version:"1.2.0", test_version2:"1.2.2")){ + security_warning(0); +} Property changes on: trunk/openvas-plugins/scripts/gb_wireshark_mult_dos_vuln_nov09_lin.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/gb_wireshark_mult_dos_vuln_nov09_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_wireshark_mult_dos_vuln_nov09_win.nasl 2009-11-03 13:54:18 UTC (rev 5782) +++ trunk/openvas-plugins/scripts/gb_wireshark_mult_dos_vuln_nov09_win.nasl 2009-11-04 06:03:36 UTC (rev 5783) @@ -0,0 +1,92 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_wireshark_mult_dos_vuln_nov09_win.nasl 5564 2009-11-03 13:09:24Z nov $ +# +# Wireshark Multiple Denial Of Service Vulnerabilities - Nov09 (Win) +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801032); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-3549", "CVE-2009-3551"); + script_bugtraq_id(36846); + script_name("Wireshark Multiple Denial Of Service Vulnerabilities - Nov09 (Win)"); + desc = " + Overview: This host is installed with Wireshark and is prone to multiple + Denial of Service vulnerabilities. + + Vulnerability Insight: + - An alignment error within the 'dissect_paltalk()' function in + epan/dissectors/packet-paltalk.c of the Paltalk dissector that can be + exploited to cause a crash. + - An off-by-one error within the 'dissect_negprot_response()' function in + epan/dissectors/packet-smb.c of the SMB dissector that can be exploited to + cause a crash. + + Impact: + Successful exploitation could result in Denial of Serivce condition. + + Impact Level: Application. + + Affected Software/OS: + Wireshark version 1.2.0 to 1.2.2 on Windows. + + Fix: Upgrade to Wireshark 1.2.3 + http://www.wireshark.org/download.html + + Workaround: Disable the affected dissectors, + http://www.wireshark.org/security/wnpa-sec-2009-07.html + + References: + http://secunia.com/advisories/37175 + http://www.vupen.com/english/advisories/2009/3061 + https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3689 + http://www.wireshark.org/docs/relnotes/wireshark-1.2.3.html + + CVSS Score: + CVSS Base Score : 5.0 (AV:N/AC:L/Au:NR/C:N/I:N/A:P) + CVSS Temporal Score : 3.7 + Risk factor: Medium"; + + script_description(desc); + script_summary("Check for the version of Wireshark"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("Denial of Service"); + script_dependencies("gb_wireshark_detect_win.nasl"); + script_require_keys("Wireshark/Win/Ver"); + exit(0); +} + + +include("version_func.inc"); + +sharkVer = get_kb_item("Wireshark/Win/Ver"); +if(!sharkVer){ + exit(0); +} + +# Grep for Wireshark version 1.2.0 to 1.2.2 +if(version_in_range(version:sharkVer, test_version:"1.2.0", test_version2:"1.2.2")){ + security_warning(0); +} Property changes on: trunk/openvas-plugins/scripts/gb_wireshark_mult_dos_vuln_nov09_win.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/gb_wireshark_wiretap_dos_vuln_nov09_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_wireshark_wiretap_dos_vuln_nov09_lin.nasl 2009-11-03 13:54:18 UTC (rev 5782) +++ trunk/openvas-plugins/scripts/gb_wireshark_wiretap_dos_vuln_nov09_lin.nasl 2009-11-04 06:03:36 UTC (rev 5783) @@ -0,0 +1,84 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_wireshark_wiretap_dos_vuln_nov09_lin.nasl 5564 2009-11-03 20:23:24Z nov $ +# +# Wireshark 'wiretap/erf.c' Unsigned Integer Wrap Vulnerability - Nov09 (Linux) +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801037); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-3829"); + script_bugtraq_id(36846); + script_name("Wireshark 'wiretap/erf.c' Unsigned Integer Wrap Vulnerability - Nov09 (Linux)"); + desc = " + Overview: This host is installed with Wireshark and is prone unsigned integer + wrap vulnerability. + + Vulnerability Insight: + The flaw exists due to an integer overflow error in 'wiretap/erf.c' when + processing an 'erf' file causes Wireshark to allocate a very large buffer. + + Impact: + Successful remote exploitation will let the attacker to execute arbitrary code + or cause a Denial of Service. + + Impact Level: Application. + + Affected Software/OS: + Wireshark version prior to 1.2.2 on Linux. + + Fix: Upgrade to Wireshark 1.2.2 + http://www.wireshark.org/download.html + + References: + http://www.kb.cert.org/vuls/id/676492 + https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3849 + + CVSS Score: + CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 6.9 + Risk factor: High"; + + script_description(desc); + script_summary("Check for the version of Wireshark"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("Denial of Service"); + script_dependencies("gb_wireshark_detect_lin.nasl"); + script_require_keys("Wireshark/Linux/Ver"); + exit(0); +} + + +include("version_func.inc"); + +sharkVer = get_kb_item("Wireshark/Linux/Ver"); +if(!sharkVer){ + exit(0); +} + +# Grep for Wireshark version < 1.2.2 +if(version_is_less(version:sharkVer, test_version:"1.2.2")){ + security_hole(0); +} Property changes on: trunk/openvas-plugins/scripts/gb_wireshark_wiretap_dos_vuln_nov09_lin.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/gb_wireshark_wiretap_dos_vuln_nov09_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_wireshark_wiretap_dos_vuln_nov09_win.nasl 2009-11-03 13:54:18 UTC (rev 5782) +++ trunk/openvas-plugins/scripts/gb_wireshark_wiretap_dos_vuln_nov09_win.nasl 2009-11-04 06:03:36 UTC (rev 5783) @@ -0,0 +1,84 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_wireshark_wiretap_dos_vuln_nov09_win.nasl 5564 2009-11-03 18:23:24Z nov $ +# +# Wireshark 'wiretap/erf.c' Unsigned Integer Wrap Vulnerability - Nov09 (Win) +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801036); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-3829"); + script_bugtraq_id(36846); + script_name("Wireshark 'wiretap/erf.c' Unsigned Integer Wrap Vulnerability - Nov09 (Win)"); + desc = " + Overview: This host is installed with Wireshark and is prone to unsigned integer + wrap vulnerability. + + Vulnerability Insight: + The flaw exists due to an integer overflow error in 'wiretap/erf.c' when + processing an 'erf' file causes Wireshark to allocate a very large buffer. + + Impact: + Successful remote exploitation will let the attacker execute arbitrary code + or cause a Denial of Service. + + Impact Level: Application. + + Affected Software/OS: + Wireshark version prior to 1.2.2 on Windows. + + Fix: Upgrade to Wireshark 1.2.2 + http://www.wireshark.org/download.html + + References: + http://www.kb.cert.org/vuls/id/676492 + https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3849 + + CVSS Score: + CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 6.9 + Risk factor: High"; + + script_description(desc); + script_summary("Check for the version of Wireshark"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("Denial of Service"); + script_dependencies("gb_wireshark_detect_win.nasl"); + script_require_keys("Wireshark/Win/Ver"); + exit(0); +} + + +include("version_func.inc"); + +sharkVer = get_kb_item("Wireshark/Win/Ver"); +if(!sharkVer){ + exit(0); +} + +# Grep for Wireshark version < 1.2.2 +if(version_is_less(version:sharkVer, test_version:"1.2.2")){ + security_hole(0); +} Property changes on: trunk/openvas-plugins/scripts/gb_wireshark_wiretap_dos_vuln_nov09_win.nasl ___________________________________________________________________ Name: svn:executable + * From scm-commit at wald.intevation.org Wed Nov 4 10:09:31 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 4 Nov 2009 10:09:31 +0100 (CET) Subject: [Openvas-commits] r5784 - in trunk/openvas-client: . openvas/prefs_dialog Message-ID: <20091104090931.CD762852A8A5@pyrosoma.intevation.org> Author: felix Date: 2009-11-04 10:09:24 +0100 (Wed, 04 Nov 2009) New Revision: 5784 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/openvas/prefs_dialog/prefs_dialog.c Log: Extracted method to create and initialize message log area. * packaging/prefs_dialog.c (create_add_messagelog): New. Extracted from prefs_dialog_setup. (prefs_dialog_setup): Moved code, call new function. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-11-04 06:03:36 UTC (rev 5783) +++ trunk/openvas-client/ChangeLog 2009-11-04 09:09:24 UTC (rev 5784) @@ -1,3 +1,11 @@ +2009-10-29 Felix Wolfsteller + + Extracted method to create and initialize message log area. + + * packaging/prefs_dialog.c (create_add_messagelog): New. Extracted + from prefs_dialog_setup. + (prefs_dialog_setup): Moved code, call new function. + 2009-10-29 Matthew Mundell * src/util/file_utils.c (file_utils_rmdir_rf): Free temporary pathname. Modified: trunk/openvas-client/openvas/prefs_dialog/prefs_dialog.c =================================================================== --- trunk/openvas-client/openvas/prefs_dialog/prefs_dialog.c 2009-11-04 06:03:36 UTC (rev 5783) +++ trunk/openvas-client/openvas/prefs_dialog/prefs_dialog.c 2009-11-04 09:09:24 UTC (rev 5784) @@ -366,6 +366,62 @@ } /** + * @brief Creates and initializes the message area of the gtk client. + * + * @param box Box to add message area to. + * @param ctrls Arglist to hook widgets into. + */ +static void +create_add_messagelog (GtkWidget* box, struct arglist * ctrls) +{ + /* The frame */ + GtkWidget* label; + GtkWidget* scrolledwindow; + GtkWidget* textview; + GtkWidget* msglogframe = gtk_frame_new (NULL); + + gtk_widget_show (msglogframe); + gtk_box_pack_start (GTK_BOX(box), msglogframe, TRUE, TRUE, 0); + gtk_container_set_border_width (GTK_CONTAINER(msglogframe), 4); + arg_add_value (ctrls, "MSGLOGFRAME", ARG_PTR, -1, msglogframe); + + /* The label for the frame */ + label = gtk_label_new (_("Message log")); + gtk_widget_show (label); + gtk_frame_set_label_widget (GTK_FRAME(msglogframe), label); + + /* The scrolled window */ + scrolledwindow = gtk_scrolled_window_new (NULL, NULL); + gtk_widget_show (scrolledwindow); + gtk_container_add (GTK_CONTAINER(msglogframe), scrolledwindow); + gtk_container_set_border_width (GTK_CONTAINER(scrolledwindow), 4); + gtk_scrolled_window_set_policy (GTK_SCROLLED_WINDOW(scrolledwindow), + GTK_POLICY_AUTOMATIC, GTK_POLICY_ALWAYS); + gtk_scrolled_window_set_placement (GTK_SCROLLED_WINDOW(scrolledwindow), + GTK_CORNER_TOP_RIGHT); + arg_add_value (ctrls, "MSGLOGSCROLL", ARG_PTR, -1, scrolledwindow); + + /* The text view */ + textview = gtk_text_view_new (); + gtk_widget_show (textview); + gtk_container_add (GTK_CONTAINER(scrolledwindow), textview); + gtk_text_view_set_editable (GTK_TEXT_VIEW(textview), FALSE); + gtk_text_buffer_set_text (gtk_text_view_get_buffer (GTK_TEXT_VIEW(textview)), + _("Welcome to OpenVAS-Client, http://www.openvas.org/" + "\nNessusClient origin: Copyright 1998-2007 by Renaud Deraison" + "\nNew code since OpenVAS-Client: Copyright 2007, 2008, 2009 Greenbone Networks GmbH" + "\nAuthors: Renaud Deraison, Thomas Arendsen Hein, Jan-Oliver Wagner" + ", Bernhard Herzog, Michel Arboi (SSL-Support), Bruce Verderaime (Pie/Charts)" + ", Michael Wiegand, Felix Wolfsteller" + "\n"), + -1); + arg_add_value (ctrls, "MSGLOGTEXT", ARG_PTR, -1, textview); + + /* The whole Message Log frame is invisible by default */ + gtk_widget_hide (msglogframe); +} + +/** * @brief Draws the preferences dialog of the OpenVAS client (and other things). * * Also init and draw the OpenVAS client. @@ -387,13 +443,11 @@ GtkWidget *box; GtkWidget *hbox; GtkWidget *vbox; - GtkWidget *msglogframe; GtkWidget *icon; GtkTooltips * toolbar_tips = gtk_tooltips_new(); GtkToolItem * tool_button; GtkWidget *toolbar; - GtkWidget *scrolledwindow; - GtkWidget *textview; + GtkWidget *hpaned; GtkWidget *statusbar; GtkAccelGroup *accel_group; @@ -578,8 +632,8 @@ menuitem = gtk_image_menu_item_new_from_stock("gtk-save-as", NULL); menuitem_add(menuitem, submenu, "SAVESCOPE_MENUITEM", NULL, - GTK_SIGNAL_FUNC(scope_menu_save)); -#endif /* not DISABLE_OTP */ + GTK_SIGNAL_FUNC(scope_menu_save_as)); +#endif /* DISABLE_OTP */ /* Report menu */ @@ -811,50 +865,8 @@ /* Message Log */ + create_add_messagelog (box, ctrls); - /* The frame */ - msglogframe = gtk_frame_new(NULL); - gtk_widget_show(msglogframe); - gtk_box_pack_start(GTK_BOX(box), msglogframe, TRUE, TRUE, 0); - gtk_container_set_border_width(GTK_CONTAINER(msglogframe), 4); - arg_add_value(ctrls, "MSGLOGFRAME", ARG_PTR, -1, msglogframe); - - /* The label for the frame */ - label = gtk_label_new(_("Message log")); - gtk_widget_show(label); - gtk_frame_set_label_widget(GTK_FRAME(msglogframe), label); - - /* The scrolled window */ - scrolledwindow = gtk_scrolled_window_new(NULL, NULL); - gtk_widget_show(scrolledwindow); - gtk_container_add(GTK_CONTAINER(msglogframe), scrolledwindow); - gtk_container_set_border_width(GTK_CONTAINER(scrolledwindow), 4); - gtk_scrolled_window_set_policy(GTK_SCROLLED_WINDOW(scrolledwindow), - GTK_POLICY_AUTOMATIC, GTK_POLICY_ALWAYS); - gtk_scrolled_window_set_placement(GTK_SCROLLED_WINDOW(scrolledwindow), - GTK_CORNER_TOP_RIGHT); - arg_add_value(ctrls, "MSGLOGSCROLL", ARG_PTR, -1, scrolledwindow); - - /* The text view */ - textview = gtk_text_view_new(); - gtk_widget_show(textview); - gtk_container_add(GTK_CONTAINER(scrolledwindow), textview); - gtk_text_view_set_editable(GTK_TEXT_VIEW(textview), FALSE); - gtk_text_buffer_set_text(gtk_text_view_get_buffer(GTK_TEXT_VIEW(textview)), - _("Welcome to OpenVAS-Client, http://www.openvas.org/" - "\nNessusClient origin: Copyright 1998-2007 by Renaud Deraison" - "\nNew code since OpenVAS-Client: Copyright 2007, 2008, 2009 Greenbone Networks GmbH" - "\nAuthors: Renaud Deraison, Thomas Arendsen Hein, Jan-Oliver Wagner" - ", Bernhard Herzog, Michel Arboi (SSL-Support), Bruce Verderaime (Pie/Charts)" - ", Michael Wiegand, Felix Wolfsteller" - "\n"), - -1); - arg_add_value(ctrls, "MSGLOGTEXT", ARG_PTR, -1, textview); - - /* The whole Message Log frame is invisible by default */ - gtk_widget_hide(msglogframe); - - /* Status bar */ hbox = gtk_hbox_new(FALSE, 0); gtk_widget_show(hbox); From scm-commit at wald.intevation.org Wed Nov 4 11:08:45 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 4 Nov 2009 11:08:45 +0100 (CET) Subject: [Openvas-commits] r5785 - in trunk/openvas-client: . openvas/prefs_dialog Message-ID: <20091104100845.6A9C9852A8A3@pyrosoma.intevation.org> Author: felix Date: 2009-11-04 11:08:42 +0100 (Wed, 04 Nov 2009) New Revision: 5785 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/openvas/prefs_dialog/prefs_context.c trunk/openvas-client/openvas/prefs_dialog/prefs_dialog.c trunk/openvas-client/openvas/prefs_dialog/prefs_scope_tree.c trunk/openvas-client/openvas/prefs_dialog/prefs_scope_tree.h Log: If configured with --enable-omp --disable-otp, show a menu item "Save openvasrc" to save the openvasrc if a scope context is selected. * openvas/prefs_dialog/prefs_scope_tree.c (scope_menu_save_ok): Doc. (scope_menu_save_as): Renamed from scope_menu_save. (scope_menu_save): New, updates the context and saves it openvasrc. * openvas/prefs_dialog/prefs_scope_tree.h: Updated protos. * openvas/prefs_dialog/prefs_dialog.c (prefs_dialog_setup): Add "Save openvasrc" menuitem. * openvas/prefs_dialog/prefs_contex.c (prefs_context_update_widgets): Grey out "Save openvasrc" button if currently selected context is not a scope. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-11-04 09:09:24 UTC (rev 5784) +++ trunk/openvas-client/ChangeLog 2009-11-04 10:08:42 UTC (rev 5785) @@ -1,5 +1,23 @@ -2009-10-29 Felix Wolfsteller +2009-11-04 Felix Wolfsteller + If configured with --enable-omp --disable-otp, show a menu item + "Save openvasrc" to save the openvasrc if a scope context is selected. + + * openvas/prefs_dialog/prefs_scope_tree.c (scope_menu_save_ok): Doc. + (scope_menu_save_as): Renamed from scope_menu_save. + (scope_menu_save): New, updates the context and saves it openvasrc. + + * openvas/prefs_dialog/prefs_scope_tree.h: Updated protos. + + * openvas/prefs_dialog/prefs_dialog.c (prefs_dialog_setup): Add + "Save openvasrc" menuitem. + + * openvas/prefs_dialog/prefs_contex.c (prefs_context_update_widgets): + Grey out "Save openvasrc" button if currently selected context is not + a scope. + +2009-11-04 Felix Wolfsteller + Extracted method to create and initialize message log area. * packaging/prefs_dialog.c (create_add_messagelog): New. Extracted Modified: trunk/openvas-client/openvas/prefs_dialog/prefs_context.c =================================================================== --- trunk/openvas-client/openvas/prefs_dialog/prefs_context.c 2009-11-04 09:09:24 UTC (rev 5784) +++ trunk/openvas-client/openvas/prefs_dialog/prefs_context.c 2009-11-04 10:08:42 UTC (rev 5785) @@ -111,6 +111,8 @@ prefs_context_enable_widget("OPENSCOPE_MENUITEM", type >= CONTEXT_TASK); prefs_context_enable_widget("SAVESCOPE_MENUITEM", type >= CONTEXT_SCOPE); #endif /* not USE_OMP */ +#else /* not DISABLE_OTP */ + prefs_context_enable_widget ("SAVEORC_MENUITEM", type >= CONTEXT_SCOPE); #endif /* not DISABLE_OTP */ prefs_context_enable_widget("RENAMEREPORT_MENUITEM", type >= CONTEXT_REPORT); Modified: trunk/openvas-client/openvas/prefs_dialog/prefs_dialog.c =================================================================== --- trunk/openvas-client/openvas/prefs_dialog/prefs_dialog.c 2009-11-04 09:09:24 UTC (rev 5784) +++ trunk/openvas-client/openvas/prefs_dialog/prefs_dialog.c 2009-11-04 10:08:42 UTC (rev 5785) @@ -633,6 +633,12 @@ menuitem = gtk_image_menu_item_new_from_stock("gtk-save-as", NULL); menuitem_add(menuitem, submenu, "SAVESCOPE_MENUITEM", NULL, GTK_SIGNAL_FUNC(scope_menu_save_as)); +#else /* DISABLE_OTP */ +#ifdef USE_OMP + menuitem = gtk_menu_item_new_with_mnemonic (_("_Save openvasrc")); + menuitem_add (menuitem, submenu, "SAVEORC_MENUITEM", NULL, + GTK_SIGNAL_FUNC (scope_menu_save)); +#endif /* USE_OMP */ #endif /* DISABLE_OTP */ Modified: trunk/openvas-client/openvas/prefs_dialog/prefs_scope_tree.c =================================================================== --- trunk/openvas-client/openvas/prefs_dialog/prefs_scope_tree.c 2009-11-04 09:09:24 UTC (rev 5784) +++ trunk/openvas-client/openvas/prefs_dialog/prefs_scope_tree.c 2009-11-04 10:08:42 UTC (rev 5785) @@ -822,6 +822,13 @@ } +/** + * @brief Callback for click on OK in the file selection dialog that appears + * @brief after a "save as" action. + * + * @param widget (callback). + * @param user_data (callback). + */ static void scope_menu_save_ok (GtkWidget *widget, gpointer user_data) { @@ -843,7 +850,7 @@ } void -scope_menu_save (GtkMenuItem* menuitem, gpointer user_data) +scope_menu_save_as (GtkMenuItem* menuitem, gpointer user_data) { GtkWindow *parent = arg_get_value(MainDialog, "CONTEXT"); GtkWidget *dialog = gtk_file_selection_new(_("Save scope configuration")); @@ -859,7 +866,20 @@ gtk_widget_show(dialog); } +/** + * @brief Updates the current Context, saving its openvasrc. + * + * @param menuitem Menu- item (callback). + * @param user_data Ignored (callback). + */ +void +scope_menu_save (GtkMenuItem* menuitem, gpointer user_data) +{ + prefs_context_update (context_by_type(Context, CONTEXT_SCOPE)); + preferences_save (Context); +} + #ifdef USE_OMP // FIX copied from openvas-manager/src/manage.c /** Modified: trunk/openvas-client/openvas/prefs_dialog/prefs_scope_tree.h =================================================================== --- trunk/openvas-client/openvas/prefs_dialog/prefs_scope_tree.h 2009-11-04 09:09:24 UTC (rev 5784) +++ trunk/openvas-client/openvas/prefs_dialog/prefs_scope_tree.h 2009-11-04 10:08:42 UTC (rev 5785) @@ -53,7 +53,8 @@ void report_menu_delete(GtkMenuItem *, gpointer); void scope_menu_open(GtkMenuItem *, gpointer); -void scope_menu_save(GtkMenuItem *, gpointer); +void scope_menu_save (GtkMenuItem*, gpointer); +void scope_menu_save_as (GtkMenuItem *, gpointer); #ifdef USE_OMP void scopetree_refresh_reports (struct context *); From scm-commit at wald.intevation.org Wed Nov 4 11:19:13 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 4 Nov 2009 11:19:13 +0100 (CET) Subject: [Openvas-commits] r5786 - in trunk/openvas-client: . openvas/prefs_dialog Message-ID: <20091104101913.E81A7852A8AA@pyrosoma.intevation.org> Author: felix Date: 2009-11-04 11:19:13 +0100 (Wed, 04 Nov 2009) New Revision: 5786 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/openvas/prefs_dialog/prefs_report.c Log: * openvas/prefs_dialog/prefs_report.c: Removed unnessecary include. (row_activated): Slightly improve error message if NVT is not found in cache. In case of issues found by NVTs that are not in the cache, do not segfault. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-11-04 10:08:42 UTC (rev 5785) +++ trunk/openvas-client/ChangeLog 2009-11-04 10:19:13 UTC (rev 5786) @@ -1,5 +1,11 @@ 2009-11-04 Felix Wolfsteller + * openvas/prefs_dialog/prefs_report.c: Removed unnessecary include. + (row_activated): Slightly improve error message if NVT is not found in + cache. In case of issues found by NVTs not in cache, do not segfault. + +2009-11-04 Felix Wolfsteller + If configured with --enable-omp --disable-otp, show a menu item "Save openvasrc" to save the openvasrc if a scope context is selected. Modified: trunk/openvas-client/openvas/prefs_dialog/prefs_report.c =================================================================== --- trunk/openvas-client/openvas/prefs_dialog/prefs_report.c 2009-11-04 10:08:42 UTC (rev 5785) +++ trunk/openvas-client/openvas/prefs_dialog/prefs_report.c 2009-11-04 10:19:13 UTC (rev 5786) @@ -37,7 +37,6 @@ #include "listnotebook.h" #include "preferences.h" #include "openvas_i18n.h" -#include "report_save.h" #include "data_mining.h" #include "treeview_support.h" #include "openvas_plugin.h" @@ -499,7 +498,7 @@ plugin = openvas_plugin_get_by_oid (context->scanners, plugin_oid); if (plugin == NULL) // FIX return instd of continuing and segfaulting - fprintf (stderr, "prefs_report.row_activated: no plugin with id %s in cache!\n", + fprintf (stderr, "prefs_report.row_activated: no NVT with oid %s in cache!\n", plugin_oid); // Add NVT name to report view text if preference is set so. @@ -543,7 +542,13 @@ } issue->severity_to = g_strdup (""); issue->reason = g_strdup (""); - issue->name = g_strdup (nvti_name(plugin->ni)); + + /** @todo Maybe have a static "Null-"nvt */ + if (plugin && plugin->ni) + issue->name = g_strdup (nvti_name(plugin->ni)); + else + issue->name = g_strdup ("Error (NVT not in cache)"); + issue->OID = g_strdup (plugin_oid); issues = g_slist_prepend (issues, issue); From scm-commit at wald.intevation.org Wed Nov 4 12:01:20 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 4 Nov 2009 12:01:20 +0100 (CET) Subject: [Openvas-commits] r5787 - in trunk/openvas-manager: . src Message-ID: <20091104110120.4DF00861EAC1@pyrosoma.intevation.org> Author: mattm Date: 2009-11-04 12:01:19 +0100 (Wed, 04 Nov 2009) New Revision: 5787 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/tasks_sql.h Log: * src/tasks_sql.h (init_nvt_preference_iterator): Filter out client-specific and server_info preferences. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2009-11-04 10:19:13 UTC (rev 5786) +++ trunk/openvas-manager/ChangeLog 2009-11-04 11:01:19 UTC (rev 5787) @@ -1,3 +1,8 @@ +2009-11-04 Matthew Mundell + + * src/tasks_sql.h (init_nvt_preference_iterator): Filter out + client-specific and server_info preferences. + 2009-11-03 Matthew Mundell Send preference counts with OMP GET_NVT_DETAILS and preferences with Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2009-11-04 10:19:13 UTC (rev 5786) +++ trunk/openvas-manager/src/tasks_sql.h 2009-11-04 11:01:19 UTC (rev 5787) @@ -5849,12 +5849,23 @@ gchar *quoted_name = sql_quote (name); init_iterator (iterator, "SELECT name, value FROM nvt_preferences" - " WHERE name LIKE '%s[%%';", + " WHERE name LIKE '%s[%%';" + " AND name != 'cache_folder'" + " AND name != 'include_folders'" + " AND name != 'nasl_no_signature_check'" + " AND name != 'ntp_save_sessions'" + " AND name NOT LIKE 'server_info_%';", quoted_name); g_free (quoted_name); } else - init_iterator (iterator, "SELECT name, value FROM nvt_preferences;"); + init_iterator (iterator, + "SELECT name, value FROM nvt_preferences" + " WHERE name != 'cache_folder'" + " AND name != 'include_folders'" + " AND name != 'nasl_no_signature_check'" + " AND name != 'ntp_save_sessions'" + " AND name NOT LIKE 'server_info_%';"); } DEF_ACCESS (nvt_preference_iterator_name, 0); From scm-commit at wald.intevation.org Wed Nov 4 12:25:23 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 4 Nov 2009 12:25:23 +0100 (CET) Subject: [Openvas-commits] r5788 - in trunk/openvas-client: . openvas openvas/prefs_dialog Message-ID: <20091104112523.88EE1852A8AA@pyrosoma.intevation.org> Author: felix Date: 2009-11-04 12:25:16 +0100 (Wed, 04 Nov 2009) New Revision: 5788 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/openvas/openvas_plugin.c trunk/openvas-client/openvas/plugin_cache.c trunk/openvas-client/openvas/prefs_dialog/prefs_plugins_tree.c trunk/openvas-client/openvas/prefs_dialog/prefs_report.c trunk/openvas-client/openvas/read_target_file.c Log: * openvas/openvas_plugin.c: Cosmetics. (openvas_plugin_get_by_oid): Corrected doc. * openvas/plugin_cache.c, openvas/read_target_file.c, openvas/prefs_dialog/prefs_plugin_tree.c, openvas/prefs_dialog/prefs_report.c: Cosmetics, doc) * openvas/prefs_dialog/prefs_report.c (row_activated): Renamed local var context to cache_holder. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-11-04 11:01:19 UTC (rev 5787) +++ trunk/openvas-client/ChangeLog 2009-11-04 11:25:16 UTC (rev 5788) @@ -1,8 +1,21 @@ 2009-11-04 Felix Wolfsteller + * openvas/openvas_plugin.c: Cosmetics. + (openvas_plugin_get_by_oid): Corrected doc. + + * openvas/plugin_cache.c, openvas/read_target_file.c, + openvas/prefs_dialog/prefs_plugin_tree.c, + openvas/prefs_dialog/prefs_report.c: Cosmetics, doc) + + * openvas/prefs_dialog/prefs_report.c (row_activated): Renamed local var + context to cache_holder. + +2009-11-04 Felix Wolfsteller + * openvas/prefs_dialog/prefs_report.c: Removed unnessecary include. (row_activated): Slightly improve error message if NVT is not found in - cache. In case of issues found by NVTs not in cache, do not segfault. + cache. In case of issues found by NVTs that are not in the cache, do + not segfault. 2009-11-04 Felix Wolfsteller Modified: trunk/openvas-client/openvas/openvas_plugin.c =================================================================== --- trunk/openvas-client/openvas/openvas_plugin.c 2009-11-04 11:01:19 UTC (rev 5787) +++ trunk/openvas-client/openvas/openvas_plugin.c 2009-11-04 11:25:16 UTC (rev 5788) @@ -118,7 +118,7 @@ /** * @brief Set the md5 sum of the plugin (parameter is copied). - * + * * @param plugin The NVT to get a new md5sum. * @param md5sum New md5sum of a plugin (will be copied). */ @@ -134,10 +134,10 @@ /** * @brief Returns the first plugin in the plugin set \ with the name * @brief \. - * + * * @param plugins List of plugins. * @param name Name of plugin to find. - * + * * @return First plugin in plugin set with given name. */ struct openvas_plugin * @@ -157,20 +157,20 @@ } /** - * @brief Returns the first plugin in the plugin set \ with the OID - * @brief \. + * @brief Returns the first plugin in the plugin set \ref plugins with the OID + * @brief \ref oid. * * @param plugins List of plugins. * @param name OID of plugin to find. * - * @return First plugin in plugin set with given name. + * @return First plugin in plugin set with given OID. */ struct openvas_plugin * openvas_plugin_get_by_oid (struct openvas_plugin * plugins, const char * oid) { while (plugins != NULL) { - if (!strcmp(plugins->oid, oid)) + if (!strcmp (plugins->oid, oid)) return plugins; plugins = plugins->next; Modified: trunk/openvas-client/openvas/plugin_cache.c =================================================================== --- trunk/openvas-client/openvas/plugin_cache.c 2009-11-04 11:01:19 UTC (rev 5787) +++ trunk/openvas-client/openvas/plugin_cache.c 2009-11-04 11:25:16 UTC (rev 5788) @@ -77,9 +77,9 @@ * same directory as the openvasrc file for the context. The cache for * the global context is ~/.openvas_nvt_cache. If an alternate * openvas file was given on the command line, no caching is done. - * + * * @section plugincache-example Examplary first two lines of a cache file - * + * * OpenVASNVTDescCache|2|fc8902a32651d93ab136e75977f664ec * nvt|1.3.6.1.4.1.25623.1.0.11219|8e58495bf0130d4da02340a505b14041|SYN Scan|scanner|Copyright (C) Renaud Deraison \|%0aThis plugins performs a supposedly fast SYN port scan%0aIt does so by computing the RTT (round trip time) of the packets%0acoming back and forth between the openvasd host and the target,%0athen it uses that to quicky send SYN packets to the remote host%0a|Performs a TCP SYN scan|Port scanners|$Revision: 1266 $|NOCVE|NOBID|NOXREF|NOSIGNKEYS|NOTAG * @@ -109,7 +109,9 @@ * @brief Determine the cache file to use for the context. * * The cache file will be in the same directory as the openvasrc file of - * the context. The return value has to be free'd with efree. + * the context. + * + * @return Path to cache file. Has to be free'd with g_free. */ gchar * plugin_cache_get_filename (struct context *context) @@ -140,7 +142,7 @@ * @return Returns 0 on success and != 0 otherwise. */ static int -write_string(FILE *file, const char *s) +write_string (FILE *file, const char *s) { const char *p; @@ -175,9 +177,9 @@ * * @return Returns 0 on success and != 0 otherwise. */ -/* TODO: check for write errors */ +/** @todo check for write errors */ static int -write_record(FILE *file, const char *format, ...) +write_record (FILE *file, const char *format, ...) { va_list ap; const char *p; @@ -189,31 +191,33 @@ for (p = format; *p && !failure; p++) { if (write_delimiter) - { - failure = putc('|', file) == EOF; - if (failure) - break; - } + { + failure = putc ('|', file) == EOF; + if (failure) + break; + } - switch (*p) { - case 's': - failure = write_string(file, va_arg(ap, const char *)); - break; - case 'k': - /* Ideally we should check whether the contents of the string - * match the definition of "keyword" in the fileformat */ - failure = fputs(va_arg(ap, const char *), file) == EOF; - break; - case 'i': - failure = fprintf(file, "%d", va_arg(ap, int)) < 0; - break; + switch (*p) + { + case 's': + failure = write_string(file, va_arg(ap, const char *)); + break; + case 'k': + /* Ideally we should check whether the contents of the string + * match the definition of "keyword" in the fileformat */ + failure = fputs(va_arg(ap, const char *), file) == EOF; + break; + case 'i': + failure = fprintf(file, "%d", va_arg(ap, int)) < 0; + break; - default: - /* Error because format character is unsupported */ - failure = -1; - } + default: + /* Error because format character is unsupported */ + failure = -1; + } write_delimiter = 1; } + if (!failure) failure = putc('\n', file) == EOF; va_end(ap); @@ -231,7 +235,7 @@ * @return Returns 0 on success and != 0 otherwise. */ static int -write_plugin(struct openvas_plugin *plugin, FILE *file) +write_plugin (struct openvas_plugin *plugin, FILE *file) { char * md5sum = plugin->md5sum; if (md5sum == NULL) @@ -254,7 +258,7 @@ * @return Returns 0 on success and != 0 otherwise. */ static int -write_dep(struct arglist *dep, FILE *file) +write_dep (struct arglist *dep, FILE *file) { struct arglist * lst = dep->value; while (lst && lst->next) { @@ -276,7 +280,7 @@ * @return Returns 0 on success and != 0 otherwise. */ static int -write_plugin_list(struct openvas_plugin *plugins, FILE *file) +write_plugin_list (struct openvas_plugin *plugins, FILE *file) { while (plugins != NULL) { @@ -323,11 +327,11 @@ * * If an error occurs when writing the file, the file is removed to * avoid incorrect caches lying around. - * + * * @return Returns 0 on success and != 0 otherwise. */ int -plugin_cache_write(struct context * context, const char * server_md5sum) +plugin_cache_write (struct context * context, const char * server_md5sum) { gchar *filename; FILE *file; @@ -368,10 +372,13 @@ * newline of the line if any. The return value is allocated with * emalloc and has to be freed by the caller with efree. * When the end of the file is reached the function returns an empty string. - * + * * @return NULL if an error occured, empty string when end of file is reached * or the (nul-terminated) line of a file, including trailing newline if * any. + * @todo Consider using a glib function, if there is any. Otherwise + * consolidate. There might be the need for such a function or an + * implementation in many places. */ static char * read_line (FILE *file) @@ -397,7 +404,7 @@ if (c == EOF) { if (ferror(file)) - goto fail; + goto fail; break; } /* line doesn't fit into the buffer. Realloc and continue */ @@ -434,7 +441,7 @@ * The return value is the number of fields found in the line. This * number may be larger than NITEMS in which case the fields beyond the * first NITEMS fields won't be accesssible to the caller. - * + * * @return Number of fields found in the line. */ static int @@ -480,7 +487,7 @@ /** * @brief Percent-unquote a NUL-terminated string in place. - * + * * @return Returns 0 on success and != 0 otherwise. */ static int @@ -536,7 +543,7 @@ * When an error occurs, the return value is -1. The ITEMS array may * have been modified already in that case, but the memory the items now * point to is invalid. - * + * * @return Actual number of fields in a line, 0 on end of file, -1 on error. */ static int @@ -590,7 +597,7 @@ * @return Returns 0 on success, < 0 on error. */ static int -check_header(FILE * file, char ** server_md5sum) +check_header (FILE * file, char ** server_md5sum) { char *items[MAX_HEADER_ITEMS]; int nitems = read_cache_line(file, items, MAX_HEADER_ITEMS); @@ -653,7 +660,7 @@ * If an error occurs the function returns a value < 0. Otherwise if * the cache was current it returns 0 and a value > 0 if the cache was * outdated. - * + * * @return If the cache is current, returns 0. On outdated caches >0, on errors * <0. */ @@ -766,9 +773,11 @@ context_set_plugins_md5sum (context, server_md5sum); + fail: g_free (filename); - efree(&server_md5sum); + efree (&server_md5sum); + if (file != NULL) fclose(file); Modified: trunk/openvas-client/openvas/prefs_dialog/prefs_plugins_tree.c =================================================================== --- trunk/openvas-client/openvas/prefs_dialog/prefs_plugins_tree.c 2009-11-04 11:01:19 UTC (rev 5787) +++ trunk/openvas-client/openvas/prefs_dialog/prefs_plugins_tree.c 2009-11-04 11:25:16 UTC (rev 5788) @@ -123,7 +123,7 @@ * The iter argument must be the iter pointing to the family row. * A family is enabled when at least one of it's plugins is enabled as * determined by plug_get_launch. - * + * * @return TRUE if the family that model and iter define is enabled, FALSE * otherwise. * @@ -146,6 +146,7 @@ } while (gtk_tree_model_iter_next (model, &child_iter)); } + return FALSE; } Modified: trunk/openvas-client/openvas/prefs_dialog/prefs_report.c =================================================================== --- trunk/openvas-client/openvas/prefs_dialog/prefs_report.c 2009-11-04 11:01:19 UTC (rev 5787) +++ trunk/openvas-client/openvas/prefs_dialog/prefs_report.c 2009-11-04 11:25:16 UTC (rev 5788) @@ -12,18 +12,17 @@ * @file * Displays details of a report (right hand side of the gui if a report is * selected). - * + * * Therefore, holds all reported issues in a tree. The order and semantics * of the tree are changeable (Host/Port/Severity | Port/Host/Severity). * In each case the tree has a depth of 3, where the leafs are issues that * got a integer-mapped severity assigned (function severity_level). - * + * * A row selection triggers a textview on the right to display the messages and * list details (). - * + * * To fill the tree multiple queries have to be sent to the backend, one for * each layer in the tree (fill_tree_store). - * */ @@ -86,9 +85,9 @@ * "Log Message" -> 2 * "Debug Message" -> 1 * anything else -> 0 - * + * * @param severity String describing the severity (e.g. "Security Hole"). - * + * * @return 'Integer level' that matches the severity string (0 if no match). */ static int @@ -111,7 +110,7 @@ * @brief Our comparison function, compare hosts. */ static int -cmp_hosts(char * a, char * b) +cmp_hosts (char * a, char * b) { struct in_addr ia, ib; @@ -137,7 +136,7 @@ /** * @brief Our sort functions. Compare severity levels from severity_level * @brief (const char*). - * + * * ("Security Hole" > "Security Warning" > "Security Note" > anything else ) */ static int @@ -216,7 +215,7 @@ /** * @brief Returns overridden severity for a certain reported issue. - * + * * @return If a filter applies, the severity that the displayed one was mapped * from, NULL otherwise (has to be freed with g_free if non-NULL). */ @@ -245,7 +244,7 @@ /** * @brief Fill the tree_store with the data from a report. - * + * * @param tree_store The tree_store to fill. * @param be Backend-index for backend to query. */ @@ -355,11 +354,11 @@ /** * @brief Update the report view. - * + * * Call this function when the user selects a new report. This function * is relatively expensive because it rebuilds the entire * host/port/severity tree. - * + * * @param override_global If TRUE, the order that is selected in the order-combox * is used. If FALSE the is taken from the preferences. */ @@ -413,6 +412,8 @@ * If the activated row is one at level 3 where host, port and severity * are known, display the corresponding rgtk_tree_view_column_set_attributeseport in the report text * widget. + * + * @param user_data Pointer to arglist that holds report. */ static void row_activated (GtkTreeView *treeview, GtkTreePath *path, @@ -424,7 +425,8 @@ const char *values[3]; int depth = 0; int has_parent; - struct context *context = arg_get_value((struct arglist*)user_data, "REPORT_CONTEXT"); + struct context *cache_holder = arg_get_value ((struct arglist*) user_data, + "REPORT_CONTEXT"); char * plugin_oid = NULL; struct openvas_plugin *plugin; GSList* issues = NULL; @@ -493,10 +495,11 @@ { plugin_oid = subset_nth_value (walk, 2); // Get reference to plugin - plugin = openvas_plugin_get_by_oid (context->plugins, plugin_oid); + plugin = openvas_plugin_get_by_oid (cache_holder->plugins, plugin_oid); if (plugin == NULL) - plugin = openvas_plugin_get_by_oid (context->scanners, plugin_oid); - if (plugin == NULL) + plugin = openvas_plugin_get_by_oid (cache_holder->scanners, plugin_oid); + + if (plugin == NULL); // FIX return instd of continuing and segfaulting fprintf (stderr, "prefs_report.row_activated: no NVT with oid %s in cache!\n", plugin_oid); @@ -545,11 +548,11 @@ /** @todo Maybe have a static "Null-"nvt */ if (plugin && plugin->ni) - issue->name = g_strdup (nvti_name(plugin->ni)); + issue->name = g_strdup (nvti_name(plugin->ni)); else - issue->name = g_strdup ("Error (NVT not in cache)"); + issue->name = g_strdup ("Error (NVT not in cache)"); - issue->OID = g_strdup (plugin_oid); + issue->OID = g_strdup (plugin_oid); issues = g_slist_prepend (issues, issue); @@ -586,15 +589,16 @@ /** * @brief Called whenever the selection changes. - * + * * If the row is to be selected call row_activated so that the corresponding * report is shown. - * + * * @return TRUE, as all rows are OK to be selected. */ static gboolean selection_func (GtkTreeSelection *selection, GtkTreeModel *model, - GtkTreePath *path, gboolean path_currently_selected, gpointer user_data) + GtkTreePath *path, gboolean path_currently_selected, + gpointer user_data) { GtkTreeIter iter; @@ -613,7 +617,7 @@ /** * @brief Sets ap ixmap of the cell renderer if severity for any issue in this * @brief row has been overriden. - * + * * @param cell The cellrenderer whose pixbuf to set. */ static void @@ -643,7 +647,7 @@ /** * @brief Set the pixmap of the cell renderer from the severity of the current * @brief cell (e.g. warning icon). - * + * * @param cell The cellrenderer whose pixbuf to set. */ static void @@ -675,7 +679,7 @@ /** * @brief Signal handler for the "changed" signal of the tree order combobox. - * + * * Simply calls prefs_report_update to update the tree. */ static void @@ -688,9 +692,9 @@ /** * @brief Creates a form showing and allowing modification of details of * @brief a severity_override. - * + * * @param override Override to show. - * + * * @return The override form (use its vbox to display). */ static severity_override_form_t* @@ -765,13 +769,13 @@ /** * @brief Asks the user to select a file and exports the textviews current * @brief context. - * + * * @param widget Ignored (callback). * @param user_data Ignored (callback). - * + * * Does hard checking for certain strings, usable just in a very specific * setting. - * + * * @TODO Consider implementation as TextBufferSerializeFunc */ static void @@ -1007,8 +1011,8 @@ GtkCellRenderer *renderer; struct arglist * ctrls = emalloc(sizeof(struct arglist)); - arg_add_value(ctrls, "BE", ARG_INT, sizeof(int), (void *)-1); - arg_add_value(ctrls, "REPORT_CONTEXT", ARG_PTR, -1, (void *)NULL); + arg_add_value (ctrls, "BE", ARG_INT, sizeof(int), (void *)-1); + arg_add_value (ctrls, "REPORT_CONTEXT", ARG_PTR, -1, (void *)NULL); vbox = gtk_vbox_new(FALSE, FALSE); arg_add_value(ctrls, "VBOX", ARG_PTR, -1, vbox); @@ -1080,11 +1084,11 @@ selection = gtk_tree_view_get_selection(GTK_TREE_VIEW(tree)); gtk_tree_selection_set_mode(selection, GTK_SELECTION_SINGLE); - gtk_tree_selection_set_select_function(selection, - selection_func, ctrls, NULL); + gtk_tree_selection_set_select_function (selection, selection_func, ctrls, + NULL); - g_signal_connect(G_OBJECT(tree), "row-activated", G_CALLBACK(row_activated), - ctrls); + g_signal_connect (G_OBJECT(tree), "row-activated", G_CALLBACK (row_activated), + ctrls); g_signal_connect(G_OBJECT(tree), "key-press-event", G_CALLBACK(onKeypressed), NULL); Modified: trunk/openvas-client/openvas/read_target_file.c =================================================================== --- trunk/openvas-client/openvas/read_target_file.c 2009-11-04 11:01:19 UTC (rev 5787) +++ trunk/openvas-client/openvas/read_target_file.c 2009-11-04 11:25:16 UTC (rev 5788) @@ -63,13 +63,14 @@ /** * @brief Shows a file selection dialog and attempts to read the selected file - * if OK is clicked. - * + * @brief if OK is clicked. + * * Callback for click on "Read file" in the target frame. * Shows up a file selection dialog and attempts to read that target file if * OK is clicked. */ -void target_file_select() +void +target_file_select () { GtkWidget * file; file = gtk_file_selection_new (_("Load file")); @@ -84,9 +85,9 @@ } /** - * Sets the string parameter target as text to the TARGET text entry of the - * TARGET dialog. - * + * @brief Sets the string parameter target as text to the TARGET text entry of + * @brief the TARGET dialog. + * * @param target String to be displayed in the TARGET text entry. */ static void @@ -104,12 +105,12 @@ /** * @brief Returns a string assembled out of the lines in file filename. - * + * * The string will contain all the content of the file where newlines have been * replaced with commata and carriage returns replaced with spaces. - * + * * @param filename File to read. - * + * * @return Content of file with newlines being replaced by commata or NULL if an * error occured. */ @@ -169,16 +170,16 @@ } -#ifdef USE_GTK +#ifdef USE_GTK /** * @brief Returns target specification string (conditionally read from a file). - * + * * If the string starts with "file:", returns the file as string with newlines * replaced by commata. If it does not, return a copy of it. * In both cases, spaces and tabstops will be removed. - * + * * @param target Either path to file (prepended with "file:") or target string. - * + * * @return Copy of the string target if it does not start with "file:", file * content as string otherwise, in both cases whitespaces-free. */ @@ -208,7 +209,7 @@ /** * @brief Prepends "file:" to a string. - * + * * @return String argument file with "file:" prepended. */ gchar* @@ -218,20 +219,22 @@ } /** - * Callback for click on okay on target-file selection dialog. + * @brief Callback for click on okay on target-file selection dialog. + * * Sets the string in GUI via call to target_file_apply. - * + * * @param bidon Ignored (callback). - * @param gtkw File Selection dialog. + * @param gtkw File Selection dialog, will be destroyed. */ void read_target_file(GtkWidget* bidon, GtkWidget* gtkw) { - const char * filename = gtk_file_selection_get_filename(GTK_FILE_SELECTION(gtkw)); - gchar * ret = target_file_name(filename); - target_file_apply(ret); - g_free (ret); - gtk_widget_hide(gtkw); - gtk_widget_destroy(gtkw); + const char * filename = gtk_file_selection_get_filename (GTK_FILE_SELECTION (gtkw)); + gchar * ret = target_file_name (filename); + target_file_apply (ret); + g_free (ret); + gtk_widget_hide (gtkw); + gtk_widget_destroy (gtkw); } + #endif /* USE_GTK */ From scm-commit at wald.intevation.org Wed Nov 4 12:36:13 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 4 Nov 2009 12:36:13 +0100 (CET) Subject: [Openvas-commits] r5789 - in trunk/openvas-plugins: . scripts Message-ID: <20091104113613.79860865F470@pyrosoma.intevation.org> Author: mime Date: 2009-11-04 12:36:10 +0100 (Wed, 04 Nov 2009) New Revision: 5789 Added: trunk/openvas-plugins/scripts/mahara_multiple_vuln.nasl trunk/openvas-plugins/scripts/sahana_36826.nasl trunk/openvas-plugins/scripts/sahana_detect.nasl Modified: trunk/openvas-plugins/ChangeLog Log: Added new plugins Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-11-04 11:25:16 UTC (rev 5788) +++ trunk/openvas-plugins/ChangeLog 2009-11-04 11:36:10 UTC (rev 5789) @@ -1,3 +1,10 @@ +2009-11-04 Michael Meyer + + * scripts/sahana_detect.nasl, + scripts/sahana_36826.nasl, + scripts/mahara_multiple_vuln.nasl: + Added new plugins. + 2009-11-04 Chandrashekhar B * scripts/gb_squidguard_mult_bof_vuln.nasl, Added: trunk/openvas-plugins/scripts/mahara_multiple_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/mahara_multiple_vuln.nasl 2009-11-04 11:25:16 UTC (rev 5788) +++ trunk/openvas-plugins/scripts/mahara_multiple_vuln.nasl 2009-11-04 11:36:10 UTC (rev 5789) @@ -0,0 +1,95 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# Mahara Multiple vulnerabilities +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100334); + script_bugtraq_id(36893,36892); + script_cve_id("CVE-2009-3298,CVE-2009-3299"); + script_version ("1.0-$Revision$"); + + script_name("Mahara Multiple vulnerabilities"); + +desc = "Overview: +Mahara is prone to a security-bypass vulnerability and to a to a +cross-site scripting vulnerability. + +An attacker can exploit this issue to reset the application's +administrator password or to execute arbitrary script code in the +browser of an unsuspecting user in the context of the affected site. + +Versions prior to Mahara 1.0.13 and 1.1.7 are affected. + +Solution: +The vendor has released updates. Please see the references for +details. + +References: +http://www.securityfocus.com/bid/36893 +http://www.securityfocus.com/bid/36892 +http://wiki.mahara.org/Release_Notes/1.1.7 +http://mahara.org/ +http://mahara.org/interaction/forum/topic.php?id=1169 +http://mahara.org/interaction/forum/topic.php?id=1170 + +Risk factor : Medium"; + + script_description(desc); + script_summary("Determine if Mahara is prone to Multiple Vulnerabilities"); + script_category(ACT_GATHER_INFO); + script_family("Web application abuses"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("secpod_mahara_detect.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + +include("http_func.inc"); +include("http_keepalive.inc"); +include("version_func.inc"); + +port = get_http_port(default:80); +if(!get_port_state(port))exit(0); + +if (!can_host_php(port:port)) exit(0); + +if(!version = get_kb_item(string("www/", port, "/Mahara")))exit(0); +if(!matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$"))exit(0); + +vers = matches[1]; + +if(!isnull(vers) && vers >!< "unknown") { + + if(version_in_range(version: vers, test_version: "1.0", test_version2: "1.0.12") || + version_in_range(version: vers, test_version: "1.1", test_version2: "1.1.6")) { + security_warning(port:port); + exit(0); + } + +} + +exit(0); Property changes on: trunk/openvas-plugins/scripts/mahara_multiple_vuln.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Added: trunk/openvas-plugins/scripts/sahana_36826.nasl =================================================================== --- trunk/openvas-plugins/scripts/sahana_36826.nasl 2009-11-04 11:25:16 UTC (rev 5788) +++ trunk/openvas-plugins/scripts/sahana_36826.nasl 2009-11-04 11:36:10 UTC (rev 5789) @@ -0,0 +1,102 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# Sahana 'mod' Parameter Local File Disclosure Vulnerability +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100336); + script_bugtraq_id(36826); + script_cve_id("CVE-2009-3625"); + script_version ("1.0-$Revision$"); + + script_name("Sahana 'mod' Parameter Local File Disclosure Vulnerability"); + +desc = "Overview: +Sahana is prone to a local file-disclosure vulnerability because it +fails to adequately validate user-supplied input. + +An attacker can exploit this vulnerability to obtain potentially +sensitive information from local files on computers running the +vulnerable application. This may aid in further attacks. + +Sahana 0.6.2.2 is vulnerable; other versions may also be affected. + +Solution: +Updates are available. Please see the references for details. + +References: +http://www.securityfocus.com/bid/36826 +https://bugzilla.redhat.com/show_bug.cgi?id=530255 +http://www.sahana.lk/ +http://sourceforge.net/mailarchive/forum.php?thread_name=5d9043b70910191044l4bb0178fs563a5128a0f5db01%40mail.gmail.com&forum_name=sahana-maindev + +Risk factor : Medium"; + + script_description(desc); + script_summary("Determine if Sahana is prone to a local file-disclosure vulnerability"); + script_category(ACT_GATHER_INFO); + script_family("Web application abuses"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("sahana_detect.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + +include("http_func.inc"); +include("http_keepalive.inc"); +include("global_settings.inc"); + +port = get_http_port(default:80); + +if(!get_port_state(port))exit(0); +if(!can_host_php(port:port))exit(0); + +if(!version = get_kb_item(string("www/", port, "/sahana")))exit(0); +if(!matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$"))exit(0); + +vers = matches[1]; +dir = matches[2]; + +files = make_list("/etc/passwd","boot.ini"); + +if(!isnull(dir)) { + foreach file (files) { + url = string(dir, "/index.php?stream=text&mod=/../../../../../../../../../../../",file,"%00"); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); + if( buf == NULL )continue; + + if(egrep(pattern: "(root:.*:0:[01]:|\[boot loader\])", string: buf, icase: TRUE)) { + + security_warning(port:port); + exit(0); + + } + } +} + +exit(0); + Property changes on: trunk/openvas-plugins/scripts/sahana_36826.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Added: trunk/openvas-plugins/scripts/sahana_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/sahana_detect.nasl 2009-11-04 11:25:16 UTC (rev 5788) +++ trunk/openvas-plugins/scripts/sahana_detect.nasl 2009-11-04 11:36:10 UTC (rev 5789) @@ -0,0 +1,112 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# Sahana Detection +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +# need desc here to modify it later in script. +desc = "Overview: +This host is running Sahana, a Free and Open Source Disaster +Management system. + +See also: +http://sahana.lk/ + +Risk factor : None"; + +if (description) +{ + script_id(100335); + script_version ("1.0-$Revision$"); + + script_name("Sahana Detection"); + script_description(desc); + script_summary("Checks for the presence of Sahana"); + script_category(ACT_GATHER_INFO); + script_family("Service detection"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("find_service.nes", "http_version.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + + +include("http_func.inc"); +include("http_keepalive.inc"); +include("global_settings.inc"); + +port = get_http_port(default:80); + +if(!get_port_state(port))exit(0); +if(!can_host_php(port:port))exit(0); + +dirs = make_list("/sahana",cgi_dirs()); + +foreach dir (dirs) { + + url = string(dir, "/index.php?mod=home&act=about"); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); + if( buf == NULL )continue; + + if(egrep(pattern:"Sahana FOSS Disaster Management System", string: buf, icase: TRUE)) + { + if(strlen(dir)>0) { + install=dir; + } else { + install=string("/"); + } + + vers = string("unknown"); + string = ereg_replace(string:buf,pattern:'\n',replace:""); + + ### try to get version + version = eregmatch(string: string, pattern: 'Sahana Version[^<]+([0-9.]+)',icase:TRUE); + + if ( !isnull(version[1]) ) { + vers=chomp(version[1]); + } + + set_kb_item(name: string("www/", port, "/sahana"), value: string(vers," under ",install)); + + info = string("None\n\nSahana Version '"); + info += string(vers); + info += string("' was detected on the remote host in the following directory(s):\n\n"); + info += string(install, "\n"); + + desc = ereg_replace( + string:desc, + pattern:"None$", + replace:info + ); + + if(report_verbosity > 0) { + security_note(port:port,data:desc); + } + exit(0); + + } +} +exit(0); + Property changes on: trunk/openvas-plugins/scripts/sahana_detect.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision From scm-commit at wald.intevation.org Wed Nov 4 12:40:47 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 4 Nov 2009 12:40:47 +0100 (CET) Subject: [Openvas-commits] r5790 - in trunk/openvas-manager: . src Message-ID: <20091104114047.6B3C2865F470@pyrosoma.intevation.org> Author: mattm Date: 2009-11-04 12:40:39 +0100 (Wed, 04 Nov 2009) New Revision: 5790 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/manage.h trunk/openvas-manager/src/omp.c trunk/openvas-manager/src/tasks_sql.h Log: * src/tasks_sql.h (nvt_oid): New function. * src/manage.h: Add header. * src/omp.c (omp_xml_handle_end_element): In CLIENT_GET_CONFIGS send OID with NVT in PREFERENCE. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2009-11-04 11:36:10 UTC (rev 5789) +++ trunk/openvas-manager/ChangeLog 2009-11-04 11:40:39 UTC (rev 5790) @@ -1,5 +1,14 @@ 2009-11-04 Matthew Mundell + * src/tasks_sql.h (nvt_oid): New function. + + * src/manage.h: Add header. + + * src/omp.c (omp_xml_handle_end_element): In CLIENT_GET_CONFIGS send OID + with NVT in PREFERENCE. + +2009-11-04 Matthew Mundell + * src/tasks_sql.h (init_nvt_preference_iterator): Filter out client-specific and server_info preferences. Modified: trunk/openvas-manager/src/manage.h =================================================================== --- trunk/openvas-manager/src/manage.h 2009-11-04 11:36:10 UTC (rev 5789) +++ trunk/openvas-manager/src/manage.h 2009-11-04 11:40:39 UTC (rev 5790) @@ -590,6 +590,9 @@ /* NVT's. */ +char * +nvt_oid (const char *); + int nvts_size (); Modified: trunk/openvas-manager/src/omp.c =================================================================== --- trunk/openvas-manager/src/omp.c 2009-11-04 11:36:10 UTC (rev 5789) +++ trunk/openvas-manager/src/omp.c 2009-11-04 11:40:39 UTC (rev 5790) @@ -5410,13 +5410,14 @@ init_nvt_preference_iterator (&prefs, NULL); while (next (&prefs)) { - char *real_name, *type, *value, *nvt; + char *real_name, *type, *value, *nvt, *oid = NULL; real_name = nvt_preference_iterator_real_name (&prefs); type = nvt_preference_iterator_type (&prefs); value = nvt_preference_iterator_config_value (&prefs, config_name); nvt = nvt_preference_iterator_nvt (&prefs); + if (nvt) oid = nvt_oid (nvt); if (type && strcmp (type, "radio") == 0) { /* Clip off the alternative values. */ @@ -5425,11 +5426,12 @@ } SENDF_TO_CLIENT_OR_FAIL ("" - "%s" + "%s" "%s" "%s" "%s" "", + oid ? oid : "", nvt ? nvt : "", real_name, type, @@ -5438,6 +5440,7 @@ free (type); free (value); free (nvt); + free (oid); } cleanup_iterator (&prefs); Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2009-11-04 11:36:10 UTC (rev 5789) +++ trunk/openvas-manager/src/tasks_sql.h 2009-11-04 11:40:39 UTC (rev 5790) @@ -5044,6 +5044,24 @@ /* NVT's. */ /** + * @brief Guess the OID of an NVT given a name. + * + * @param[in] name Name of NVT. + * + * @return OID of NVT if possible, else NULL. + */ +char * +nvt_oid (const char *name) +{ + gchar *quoted_name = sql_quote (name); + char *ret = sql_string (0, 0, + "SELECT oid FROM nvts WHERE name = '%s' LIMIT 1;", + quoted_name); + g_free (quoted_name); + return ret; +} + +/** * @brief Return whether the NVT cache is present. * * @return 1 if a cache of NVTs is present, else 0. From scm-commit at wald.intevation.org Wed Nov 4 12:42:34 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 4 Nov 2009 12:42:34 +0100 (CET) Subject: [Openvas-commits] r5791 - in trunk/openvas-client: . openvas/prefs_dialog Message-ID: <20091104114234.AAFA1861EAC1@pyrosoma.intevation.org> Author: felix Date: 2009-11-04 12:42:33 +0100 (Wed, 04 Nov 2009) New Revision: 5791 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/openvas/prefs_dialog/prefs_report.c Log: * openvas/prefs_dialog/prefs_report.c [USE_OMP] (row_activated): Fixed NVT cache issues for OMP reports (e.g. name and OID of NVT that reported a selected issue are shown again). Use cache of parent context, read cache in first if that did not yet happened. Added todos. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-11-04 11:40:39 UTC (rev 5790) +++ trunk/openvas-client/ChangeLog 2009-11-04 11:42:33 UTC (rev 5791) @@ -1,5 +1,13 @@ 2009-11-04 Felix Wolfsteller + * openvas/prefs_dialog/prefs_report.c [USE_OMP] (row_activated): Fixed + NVT cache issues for OMP reports (e.g. name and OID of NVT that + reported a selected issue are shown again). Use cache of parent + context, read cache in first if that did not yet happened. + Added todos. + +2009-11-04 Felix Wolfsteller + * openvas/openvas_plugin.c: Cosmetics. (openvas_plugin_get_by_oid): Corrected doc. Modified: trunk/openvas-client/openvas/prefs_dialog/prefs_report.c =================================================================== --- trunk/openvas-client/openvas/prefs_dialog/prefs_report.c 2009-11-04 11:40:39 UTC (rev 5790) +++ trunk/openvas-client/openvas/prefs_dialog/prefs_report.c 2009-11-04 11:42:33 UTC (rev 5791) @@ -432,6 +432,20 @@ GSList* issues = NULL; GSList* issue_ids; +#ifdef USE_OMP + /** @todo NVT caching and generally how and when which contexts are + * initialized needs some thoughts. */ + /** @todo Write or find function that finds out whether a given context is an + * "OMP" or "OTP" context. e.g. + * gboolean is_omp_context (context) */ + if (cache_holder && cache_holder->parent->parent->parent == Servers) + { + cache_holder = cache_holder->parent; + // Read in cache of parent if not yet happened. + context_load_plugin_cache (cache_holder); + } +#endif /* USE_OMP */ + // Pick up list with "ids" of reported security messages if (TRUE) { @@ -499,7 +513,7 @@ if (plugin == NULL) plugin = openvas_plugin_get_by_oid (cache_holder->scanners, plugin_oid); - if (plugin == NULL); + if (plugin == NULL) // FIX return instd of continuing and segfaulting fprintf (stderr, "prefs_report.row_activated: no NVT with oid %s in cache!\n", plugin_oid); From scm-commit at wald.intevation.org Wed Nov 4 13:17:23 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 4 Nov 2009 13:17:23 +0100 (CET) Subject: [Openvas-commits] r5792 - in trunk/openvas-manager: . src Message-ID: <20091104121723.C1646852A8A1@pyrosoma.intevation.org> Author: felix Date: 2009-11-04 13:17:23 +0100 (Wed, 04 Nov 2009) New Revision: 5792 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/omp.c Log: Made the nbe output of manager and openvas-client more similar. * src/omp.c (omp_xml_handle_end_element): Do not put pipe symbol at the end of "result" lines. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2009-11-04 11:42:33 UTC (rev 5791) +++ trunk/openvas-manager/ChangeLog 2009-11-04 12:17:23 UTC (rev 5792) @@ -1,3 +1,10 @@ +2009-11-04 Felix Wolfsteller + + Made the nbe output of manager and openvas-client more similar. + + * src/omp.c (omp_xml_handle_end_element): Do not put pipe symbol at + the end of "result" lines. + 2009-11-04 Matthew Mundell * src/tasks_sql.h (nvt_oid): New function. Modified: trunk/openvas-manager/src/omp.c =================================================================== --- trunk/openvas-manager/src/omp.c 2009-11-04 11:42:33 UTC (rev 5791) +++ trunk/openvas-manager/src/omp.c 2009-11-04 12:17:23 UTC (rev 5792) @@ -3190,7 +3190,7 @@ current_int_2); /* Max results. */ while (next (&results)) g_string_append_printf (nbe, - "results|%s|%s|%s|%s|%s|%s|\n", + "results|%s|%s|%s|%s|%s|%s\n", result_iterator_subnet (&results), result_iterator_host (&results), result_iterator_port (&results), From scm-commit at wald.intevation.org Wed Nov 4 13:20:50 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 4 Nov 2009 13:20:50 +0100 (CET) Subject: [Openvas-commits] r5793 - in trunk/openvas-client: . openvas Message-ID: <20091104122050.C399D861EAC1@pyrosoma.intevation.org> Author: felix Date: 2009-11-04 13:20:50 +0100 (Wed, 04 Nov 2009) New Revision: 5793 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/openvas/plugin_infos.c Log: Made the nbe output of manager and openvas-client more similar. * src/omp.c (omp_xml_handle_end_element): Do not put pipe symbol at the end of "result" lines. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-11-04 12:17:23 UTC (rev 5792) +++ trunk/openvas-client/ChangeLog 2009-11-04 12:20:50 UTC (rev 5793) @@ -1,5 +1,9 @@ 2009-11-04 Felix Wolfsteller + * openvas/plugin_infos.c (spin_to_timeout): Fixed todo/memleak. + +2009-11-04 Felix Wolfsteller + * openvas/prefs_dialog/prefs_report.c [USE_OMP] (row_activated): Fixed NVT cache issues for OMP reports (e.g. name and OID of NVT that reported a selected issue are shown again). Use cache of parent Modified: trunk/openvas-client/openvas/plugin_infos.c =================================================================== --- trunk/openvas-client/openvas/plugin_infos.c 2009-11-04 12:17:23 UTC (rev 5792) +++ trunk/openvas-client/openvas/plugin_infos.c 2009-11-04 12:20:50 UTC (rev 5793) @@ -168,7 +168,8 @@ timeout = arg_get_value (serv_prefs, name); gtk_spin_button_set_value (spinner, atoi(timeout)); } - /** @todo free name */ + + g_free (name); } From scm-commit at wald.intevation.org Wed Nov 4 15:48:35 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 4 Nov 2009 15:48:35 +0100 (CET) Subject: [Openvas-commits] r5794 - in trunk/gsa: . src/html/src/img Message-ID: <20091104144835.5D6A6861EAC1@pyrosoma.intevation.org> Author: jan Date: 2009-11-04 15:48:34 +0100 (Wed, 04 Nov 2009) New Revision: 5794 Added: trunk/gsa/src/html/src/img/ascending.png trunk/gsa/src/html/src/img/descending.png Modified: trunk/gsa/ChangeLog Log: * src/html/src/img/descending.png, src/html/src/img/ascending.png: New. Modified: trunk/gsa/ChangeLog =================================================================== --- trunk/gsa/ChangeLog 2009-11-04 12:20:50 UTC (rev 5793) +++ trunk/gsa/ChangeLog 2009-11-04 14:48:34 UTC (rev 5794) @@ -1,3 +1,7 @@ +2009-11-04 Jan-Oliver Wagner + + * src/html/src/img/descending.png, src/html/src/img/ascending.png: New. + 2009-10-31 Jan-Oliver Wagner * src/validator.c: New. Added: trunk/gsa/src/html/src/img/ascending.png =================================================================== (Binary files differ) Property changes on: trunk/gsa/src/html/src/img/ascending.png ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/gsa/src/html/src/img/descending.png =================================================================== (Binary files differ) Property changes on: trunk/gsa/src/html/src/img/descending.png ___________________________________________________________________ Name: svn:mime-type + application/octet-stream From scm-commit at wald.intevation.org Wed Nov 4 20:13:23 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 4 Nov 2009 20:13:23 +0100 (CET) Subject: [Openvas-commits] r5795 - in trunk/openvas-plugins: . scripts Message-ID: <20091104191323.EE31B852B6C0@pyrosoma.intevation.org> Author: mime Date: 2009-11-04 20:13:20 +0100 (Wed, 04 Nov 2009) New Revision: 5795 Added: trunk/openvas-plugins/scripts/samba_32494.nasl trunk/openvas-plugins/scripts/serv_u_36585.nasl Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/cve_current.txt trunk/openvas-plugins/scripts/gb_rhinosoft_serv-u_detect.nasl trunk/openvas-plugins/scripts/gb_samba_root_file_sys_sec_vuln.nasl trunk/openvas-plugins/scripts/secpod_ms08-067_900056.nasl Log: Added new plugins Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-11-04 14:48:34 UTC (rev 5794) +++ trunk/openvas-plugins/ChangeLog 2009-11-04 19:13:20 UTC (rev 5795) @@ -1,5 +1,21 @@ 2009-11-04 Michael Meyer + * scripts/serv_u_36585.nasl, + scripts/samba_32494.nasl: + Added new plugins. + + * scripts/gb_rhinosoft_serv-u_detect.nasl: + Added one more version check. + + * scripts/gb_samba_root_file_sys_sec_vuln.nasl: + Try to get version from 'SMB/NativeLanManager' if + 'Samba/Version' is not set. + + * scripts/secpod_ms08-067_900056.nasl: + Changed security_note() to log_message(). + +2009-11-04 Michael Meyer + * scripts/sahana_detect.nasl, scripts/sahana_36826.nasl, scripts/mahara_multiple_vuln.nasl: Modified: trunk/openvas-plugins/cve_current.txt =================================================================== --- trunk/openvas-plugins/cve_current.txt 2009-11-04 14:48:34 UTC (rev 5794) +++ trunk/openvas-plugins/cve_current.txt 2009-11-04 19:13:20 UTC (rev 5795) @@ -237,3 +237,9 @@ 35780 Greenbone svn R CVE-2009-3826 SecPod svn L CVE-2009-3700 SecPod svn L +CVE-2009-3298 Greenbone svn R +CVE-2009-3299 Greenbone svn R +CVE-2009-3625 Greenbone svn R +36585 Greenbone svn R +32494 Greenbone svn R + Modified: trunk/openvas-plugins/scripts/gb_rhinosoft_serv-u_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_rhinosoft_serv-u_detect.nasl 2009-11-04 14:48:34 UTC (rev 5794) +++ trunk/openvas-plugins/scripts/gb_rhinosoft_serv-u_detect.nasl 2009-11-04 19:13:20 UTC (rev 5795) @@ -84,8 +84,42 @@ servuPort = 21; } - servuVer = ServuGetVer(su_port:servuPort, pat:pattern2); - if(!isnull(servuVer[1])){ - set_kb_item(name:"Serv-U/FTP/Ver", value:servuVer[1]); + if(get_port_state(servuPort)) { + + soc = open_sock_tcp(servuPort); + + if (soc) { + + banner = ftp_recv_line(socket:soc); + + if("220 Serv-U" >< banner) { + + req = string("CSID\r\n"); + send(socket:soc, data:req); + buf = ftp_recv_line(socket:soc); + + if(!isnull(buf)) { + if("200 Name=Serv-U" >< buf) { + version = eregmatch(string: buf, pattern:"Version=([^;]+);"); + } + } + + } + + ftp_close(socket:soc); + } } + + if(!isnull(version[1])) { + + set_kb_item(name:"Serv-U/FTP/Ver", value:version[1]); + set_kb_item(name:string("ftp/", servuPort, "/Serv-U"), value:version[1]); + + } else { + + servuVer = ServuGetVer(su_port:servuPort, pat:pattern2); + if(!isnull(servuVer[1])){ # This check is inaccurate for 9.x versions (Don't know about versions <9) but better then nothing. Version 9 Banner is "220 Serv-U FTP Server v9.0 ready..." while real version is 9.0.0.5. + set_kb_item(name:"Serv-U/FTP/Ver", value:servuVer[1]); + } + } } Modified: trunk/openvas-plugins/scripts/gb_samba_root_file_sys_sec_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_samba_root_file_sys_sec_vuln.nasl 2009-11-04 14:48:34 UTC (rev 5794) +++ trunk/openvas-plugins/scripts/gb_samba_root_file_sys_sec_vuln.nasl 2009-11-04 19:13:20 UTC (rev 5795) @@ -68,7 +68,7 @@ script_category(ACT_GATHER_INFO); script_copyright("Copyright (C) 2009 Intevation GmbH"); script_family("Remote file access"); - script_dependencies("gb_samba_detect.nasl"); + script_dependencies("smb_nativelanman.nasl","gb_samba_detect.nasl"); script_require_keys("Samba/Version"); exit(0); } @@ -77,10 +77,21 @@ include("version_func.inc"); smbVer = get_kb_item("Samba/Version"); + if(!smbVer){ - exit(0); + if(!lanman = get_kb_item("SMB/NativeLanManager"))exit(0); + if("Samba" >!< lanman)exit(0); + if(!version = eregmatch(pattern:"Samba ([0-9.]+)", string: lanman))exit(0); + if(isnull(version[1]))exit(0); + smbVer = version[1]; } +if(!smbVer){ + exit(0); +} + if(version_in_range(version:smbVer, test_version:"3.2", test_version2:"3.2.6")){ security_warning(0); } + + Added: trunk/openvas-plugins/scripts/samba_32494.nasl =================================================================== --- trunk/openvas-plugins/scripts/samba_32494.nasl 2009-11-04 14:48:34 UTC (rev 5794) +++ trunk/openvas-plugins/scripts/samba_32494.nasl 2009-11-04 19:13:20 UTC (rev 5795) @@ -0,0 +1,88 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# Samba Arbitrary Memory Contents Information Disclosure Vulnerability +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100337); + script_bugtraq_id(32494); + script_cve_id("CVE-2008-4314"); + script_version ("1.0-$Revision$"); + + script_name("Samba Arbitrary Memory Contents Information Disclosure Vulnerability"); + +desc = "Overview: +Samba is prone to an information-disclosure vulnerability. + +Successful exploits will allow attackers to obtain arbitrary +memory contents. + +This issue affects Samba 3.0.29 through 3.2.4. + +Solution: +Updates are available. Please see the references for more information. + +References: +http://www.securityfocus.com/bid/32494 +http://www.samba.org +http://support.avaya.com/elmodocs2/security/ASA-2009-014.htm +http://sourceforge.net/project/shownotes.php?group_id=151951&release_id=503763 +http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=838290 +http://us1.samba.org/samba/security/CVE-2008-4314.html +http://sunsolve.sun.com/search/document.do?assetkey=1-66-249087-1 + +Risk factor : Medium"; + + script_description(desc); + script_summary("Determine if Samba is prone to an information-disclosure vulnerability"); + script_category(ACT_GATHER_INFO); + script_family("General"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("smb_nativelanman.nasl"); + script_require_ports(139, 445); + script_require_keys("SMB/NativeLanManager"); + exit(0); +} + +include("version_func.inc"); + +port = get_kb_item("SMB/transport"); +if(!port)port = 139; + +if(!get_port_state(port))exit(0); + +if(!lanman = get_kb_item("SMB/NativeLanManager"))exit(0); +if("Samba" >!< lanman)exit(0); + +if(!version = eregmatch(pattern:"Samba ([0-9.]+)", string: lanman))exit(0); +if(isnull(version[1]))exit(0); + +if(version_in_range(version:version[1], test_version:"3.0.29", test_version2: "3.2.4")) { + security_warning(port:port); + exit(0); +} + +exit(0); + Property changes on: trunk/openvas-plugins/scripts/samba_32494.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Modified: trunk/openvas-plugins/scripts/secpod_ms08-067_900056.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_ms08-067_900056.nasl 2009-11-04 14:48:34 UTC (rev 5794) +++ trunk/openvas-plugins/scripts/secpod_ms08-067_900056.nasl 2009-11-04 19:13:20 UTC (rev 5795) @@ -112,7 +112,7 @@ { close(soc); report = string("MS08-067: Failed to perform Clear Text based authentication."); - security_note(data:report, port:port); + log_message(data:report, port:port); exit(0); } Added: trunk/openvas-plugins/scripts/serv_u_36585.nasl =================================================================== --- trunk/openvas-plugins/scripts/serv_u_36585.nasl 2009-11-04 14:48:34 UTC (rev 5794) +++ trunk/openvas-plugins/scripts/serv_u_36585.nasl 2009-11-04 19:13:20 UTC (rev 5795) @@ -0,0 +1,99 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# Serv-U 'SITE SET TRANSFERPROGRESS ON' Command Remote Denial of Service Vulnerability +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100338); + script_bugtraq_id(36585); + script_version ("1.0-$Revision$"); + + script_name("Serv-U 'SITE SET TRANSFERPROGRESS ON' Command Remote Denial of Service Vulnerability"); + +desc = "Overview: +Serv-U is prone to a remote denial-of-service vulnerability. + +Successfully exploiting this issue will allow attackers to deny +service to legitimate users. + +Serv-U 7.0.0.1 through 8.2.0.3 are vulnerable; other versions may also +be affected. + +Solution: +The vendor has released an update. Please see the references +for details. + +References: +http://www.securityfocus.com/bid/36585 +http://www.serv-u.com/ +http://www.serv-u.com/releasenotes/ + +Risk factor : Medium"; + + script_description(desc); + script_summary("Determine if Serv-U is prone to a remote denial-of-service vulnerability"); + script_category(ACT_GATHER_INFO); + script_family("FTP"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("gb_rhinosoft_serv-u_detect.nasl"); + script_require_ports("Services/ftp", 21); + exit(0); +} + + +include("ftp_func.inc"); +include("version_func.inc"); + +port = get_kb_item("Services/ftp"); +if(!port){ + port = 21; +} + +if(get_kb_item('ftp/'+port+'/broken'))exit(0); + +if(!get_port_state(port)){ + exit(0); +} + +if(!version = get_kb_item(string("ftp/", port, "/Serv-U"))) { + if(!version = get_kb_item(string("Serv-U/FTP/Ver"))) { + exit(0); + } +} + +if(!isnull(version[1])) { + vers = version[1]; +} + +if(!isnull(vers)) { + + if( version_in_range(version:vers, test_version:"7.0.0.1", test_version2:"8.2.0.3") ) { + security_warning(port: port); + exit(0); + } +} + +exit(0); + Property changes on: trunk/openvas-plugins/scripts/serv_u_36585.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision From scm-commit at wald.intevation.org Wed Nov 4 21:56:44 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 4 Nov 2009 21:56:44 +0100 (CET) Subject: [Openvas-commits] r5796 - in trunk/openvas-manager: . src Message-ID: <20091104205644.851E1861EAC1@pyrosoma.intevation.org> Author: mattm Date: 2009-11-04 21:56:41 +0100 (Wed, 04 Nov 2009) New Revision: 5796 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/manage.h trunk/openvas-manager/src/omp.c trunk/openvas-manager/src/tasks_sql.h Log: * src/tasks_sql.h (init_result_iterator): Add sorting and filtering args. * src/manage.h: Update headers. (collate_message_type): New header. * src/omp.c (compare_ports_desc, compare_ports_asc): New functions. (omp_xml_handle_start_element): Add sorting and filtering attributes to GET_REPORT. (print_report_xml, print_report_latex): Add sorting args. Pass through sorting and filtering attributes to init_result_iterator. Remove LaTeX report hack which was filtering less important messages. (omp_xml_handle_end_element): For the XML report, include the filtering and sorting info in the response, add a port summary section. Pass sorting and filtering attributes to init_result_iterator. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2009-11-04 19:13:20 UTC (rev 5795) +++ trunk/openvas-manager/ChangeLog 2009-11-04 20:56:41 UTC (rev 5796) @@ -1,3 +1,23 @@ +2009-11-04 Matthew Mundell + + * src/tasks_sql.h (init_result_iterator): Add sorting and filtering args. + + * src/manage.h: Update headers. + (collate_message_type): New header. + + * src/omp.c (compare_ports_desc, compare_ports_asc): New functions. + (omp_xml_handle_start_element): Add sorting and filtering attributes to + GET_REPORT. + (print_report_xml, print_report_latex): Add sorting args. Pass through + sorting and filtering attributes to init_result_iterator. Remove LaTeX + report hack which was filtering less important messages. + (omp_xml_handle_end_element): For the XML report, include the filtering + and sorting info in the response, add a port summary section. Pass + sorting and filtering attributes to init_result_iterator. + +omp_xml_handle_end_element): In CLIENT_GET_CONFIGS send OID + with NVT in PREFERENCE. + 2009-11-04 Felix Wolfsteller Made the nbe output of manager and openvas-client more similar. Modified: trunk/openvas-manager/src/manage.h =================================================================== --- trunk/openvas-manager/src/manage.h 2009-11-04 19:13:20 UTC (rev 5795) +++ trunk/openvas-manager/src/manage.h 2009-11-04 20:56:41 UTC (rev 5796) @@ -477,7 +477,8 @@ init_report_iterator (iterator_t*, task_t); void -init_result_iterator (iterator_t*, task_t, const char*, int, int); +init_result_iterator (iterator_t*, task_t, const char*, int, int, int, + const char *, const char *); gboolean next_report (iterator_t*, report_t*); @@ -521,6 +522,9 @@ int host_iterator_max_port (iterator_t*); +int +collate_message_type (void* data, int, const void*, int, const void*); + /* RC's. */ Modified: trunk/openvas-manager/src/omp.c =================================================================== --- trunk/openvas-manager/src/omp.c 2009-11-04 19:13:20 UTC (rev 5795) +++ trunk/openvas-manager/src/omp.c 2009-11-04 20:56:41 UTC (rev 5796) @@ -107,6 +107,26 @@ return "Log"; } +static gint +compare_ports_desc (gconstpointer arg_one, gconstpointer arg_two) +{ + gchar *one = *((gchar**) arg_one); + gchar *two = *((gchar**) arg_two); + return collate_message_type (NULL, + strlen (one), one, + strlen (two), two); +} + +static gint +compare_ports_asc (gconstpointer arg_one, gconstpointer arg_two) +{ + gchar *one = *((gchar**) arg_one); + gchar *two = *((gchar**) arg_two); + return collate_message_type (NULL, + strlen (two), two, + strlen (one), one); +} + /* Help message. */ @@ -978,20 +998,45 @@ if (find_attribute (attribute_names, attribute_values, "report_id", &attribute)) openvas_append_string (¤t_uuid, attribute); + if (find_attribute (attribute_names, attribute_values, "format", &attribute)) openvas_append_string (¤t_format, attribute); + if (find_attribute (attribute_names, attribute_values, "first_result", &attribute)) /* Subtract 1 to switch from 1 to 0 indexing. */ current_int_1 = atoi (attribute) - 1; else current_int_1 = 0; + if (find_attribute (attribute_names, attribute_values, "max_results", &attribute)) current_int_2 = atoi (attribute); else current_int_2 = -1; + + if (find_attribute (attribute_names, attribute_values, + "sort_field", &attribute)) + openvas_append_string (¤t_name, attribute); + + if (find_attribute (attribute_names, attribute_values, + "sort_order", &attribute)) + current_int_3 = strcmp (attribute, "descending"); + else + { + if (current_name == NULL + || (strcmp (current_name, "type") == 0)) + /* Normally it makes more sense to order type descending. */ + current_int_3 = 0; + else + current_int_3 = 1; + } + + if (find_attribute (attribute_names, attribute_values, + "levels", &attribute)) + openvas_append_string (&modify_task_value, attribute); + set_client_state (CLIENT_GET_REPORT); } else if (strcasecmp ("GET_RULES", element_name) == 0) @@ -1962,13 +2007,16 @@ /** * @brief Print the XML for a report to a file. * - * @param[in] report The report. - * @param[in] xml_file File name. + * @param[in] report The report. + * @param[in] xml_file File name. + * @param[in] ascending Whether to sort ascending or descending. + * @param[in] sort_field Field to sort on, or NULL for "type". * * @return 0 on success, else -1 with errno set. */ static int -print_report_xml (report_t report, gchar* xml_file) +print_report_xml (report_t report, gchar* xml_file, int ascending, + const char* sort_field) { FILE *out; iterator_t results, hosts; @@ -2009,7 +2057,11 @@ init_result_iterator (&results, report, NULL, current_int_1, /* First result. */ - current_int_2); /* Max results. */ + current_int_2, /* Max results. */ + ascending, + sort_field, + /* Attribute levels. */ + modify_task_value); while (next (&results)) { @@ -2305,13 +2357,16 @@ /** * @brief Print LaTeX for a report to a file. * - * @param[in] report The report. - * @param[in] latex_file File name. + * @param[in] report The report. + * @param[in] latex_file File name. + * @param[in] ascending Whether to sort ascending or descending. + * @param[in] sort_field Field to sort on, or NULL for "type". * * @return 0 on success, else -1 with errno set. */ static int -print_report_latex (report_t report, gchar* latex_file) +print_report_latex (report_t report, gchar* latex_file, int ascending, + const char* sort_field) { FILE *out; iterator_t results, hosts; @@ -2441,16 +2496,14 @@ init_result_iterator (&results, report, host, current_int_1, /* First result. */ - current_int_2); /* Max results. */ + current_int_2, /* Max results. */ + ascending, + sort_field, + /* Attribute levels. */ + modify_task_value); last_port = NULL; - /* Results are ordered by port, and then by severity (more severity - * before less severe). */ while (next (&results)) { - const char *type = result_iterator_type (&results); - if (strcmp (type, "Log Message") == 0 - || strcmp (type, "Debug Message") == 0) - continue; if (last_port && (strcmp (last_port, result_iterator_port (&results)) == 0)) continue; @@ -2462,7 +2515,7 @@ host_iterator_host (&hosts), last_port, last_port, - result_type_threat(result_iterator_type (&results))); + result_type_threat (result_iterator_type (&results))); } cleanup_iterator (&results); if (last_port) g_free (last_port); @@ -2477,7 +2530,11 @@ init_result_iterator (&results, report, host, current_int_1, /* First result. */ - current_int_2); /* Max results. */ + current_int_2, /* Max results. */ + ascending, + sort_field, + /* Attribute levels. */ + modify_task_value); last_port = NULL; /* Results are ordered by port, and then by severity (more severity * before less severe). */ @@ -2486,12 +2543,7 @@ { gchar *descr; const char *severity; - const char *type = result_iterator_type (&results); - if (strcmp (type, "Log Message") == 0 - || strcmp (type, "Debug Message") == 0) - continue; - descr = latex_escape_text (result_iterator_descr (&results)); if (last_port == NULL @@ -3057,7 +3109,11 @@ task_t task; char *tsk_uuid = NULL, *start_time, *end_time; int result_count, run_status; + const char *levels; + /* Attribute levels. */ + levels = modify_task_value ? modify_task_value : "hm"; + if (report_task (report, &task)) { SEND_TO_CLIENT_OR_FAIL (XML_INTERNAL_ERROR ("get_report")); @@ -3082,9 +3138,28 @@ " status=\"" STATUS_OK "\"" " status_text=\"" STATUS_OK_TEXT "\">" "" + "%s%s" + "%s", + current_uuid, + /* Attribute sort_field. */ + current_name ? current_name : "type", + /* Attribute sort_order. */ + current_int_3 ? "ascending" : "descending", + levels); + + if (strchr (levels, 'h')) + SEND_TO_CLIENT_OR_FAIL ("High"); + if (strchr (levels, 'm')) + SEND_TO_CLIENT_OR_FAIL ("Medium"); + if (strchr (levels, 'l')) + SEND_TO_CLIENT_OR_FAIL ("Low"); + if (strchr (levels, 'g')) + SEND_TO_CLIENT_OR_FAIL ("Log"); + + SENDF_TO_CLIENT_OR_FAIL + ("" "%s" "%i", - current_uuid, run_status_name (run_status ? run_status : TASK_STATUS_INTERNAL_ERROR), @@ -3114,9 +3189,114 @@ host_iterator_start_time (&hosts)); cleanup_iterator (&hosts); + /* Port summary. */ + + { + gchar *last_port; + GArray *ports = g_array_new (TRUE, FALSE, sizeof (gchar*)); + + init_result_iterator (&results, report, NULL, + current_int_1, /* First result. */ + current_int_2, /* Max results. */ + /* Sort by port in order requested. */ + ((current_name /* "sort_field". */ + && (strcmp (current_name, "port") + == 0)) + ? current_int_3 /* "sort_order". */ + : 1), + "port", /* Always desc. by threat. */ + levels); + + /* Buffer the results. */ + + last_port = NULL; + while (next (&results)) + { + const char *port = result_iterator_port (&results); + + if (last_port == NULL || strcmp (port, last_port)) + { + const char *host, *type; + gchar *item; + int type_len, host_len; + + g_free (last_port); + last_port = g_strdup (port); + + host = result_iterator_host (&results); + type = result_iterator_type (&results); + type_len = strlen (type); + host_len = strlen (host); + item = g_malloc (type_len + + host_len + + strlen (port) + + 3); + g_array_append_val (ports, item); + strcpy (item, type); + strcpy (item + type_len + 1, host); + strcpy (item + type_len + host_len + 2, port); + } + + } + g_free (last_port); + + /* Ensure the buffered results are sorted. */ + + if (strcmp (current_name, /* Attribute sort_field. */ + "port")) + { + /* Sort by threat. */ + if (current_int_3) /* Attribute sort_order. */ + g_array_sort (ports, compare_ports_asc); + else + g_array_sort (ports, compare_ports_desc); + } + + /* Send from the buffer. */ + + SENDF_TO_CLIENT_OR_FAIL ("", + /* Add 1 for 1 indexing. */ + current_int_1 + 1, + current_int_2); + { + gchar *item; + int index = 0; + + while ((item = g_array_index (ports, gchar*, index++))) + { + int type_len = strlen (item); + int host_len = strlen (item + type_len + 1); + SENDF_TO_CLIENT_OR_FAIL ("" + "%s" + "%s" + "%s" + "", + item + type_len + 1, + item + type_len + + host_len + + 2, + result_type_threat (item)); + g_free (item); + } + g_array_free (ports, TRUE); + } + SENDF_TO_CLIENT_OR_FAIL (""); + cleanup_iterator (&results); + } + + /* Results. */ + init_result_iterator (&results, report, NULL, current_int_1, /* First result. */ - current_int_2); /* Max results. */ + current_int_2, /* Max results. */ + /* Attribute sort_order. */ + current_int_3, + /* Attribute sort_field. */ + current_name, + levels); + SENDF_TO_CLIENT_OR_FAIL ("", @@ -3187,7 +3367,13 @@ init_result_iterator (&results, report, NULL, current_int_1, /* First result. */ - current_int_2); /* Max results. */ + current_int_2, /* Max results. */ + /* Attribute sort_order. */ + current_int_3, + /* Attribute sort_field. */ + current_name, + /* Attribute levels. */ + modify_task_value); while (next (&results)) g_string_append_printf (nbe, "results|%s|%s|%s|%s|%s|%s\n", @@ -3254,7 +3440,12 @@ g_free (xml_file); SEND_TO_CLIENT_OR_FAIL (XML_INTERNAL_ERROR ("get_report")); } - else if (print_report_xml (report, xml_file)) + else if (print_report_xml (report, + xml_file, + /* Attribute sort_order. */ + current_int_3, + /* Attribute sort_field. */ + current_name)) { g_free (xml_file); close (xml_fd); @@ -3405,7 +3596,12 @@ g_free (xml_file); SEND_TO_CLIENT_OR_FAIL (XML_INTERNAL_ERROR ("get_report")); } - else if (print_report_xml (report, xml_file)) + else if (print_report_xml (report, + xml_file, + /* Attribute sort_order. */ + current_int_3, + /* Attribute sort_field. */ + current_name)) { g_free (xml_file); close (xml_fd); @@ -3557,7 +3753,12 @@ g_free (latex_file); SEND_TO_CLIENT_OR_FAIL (XML_INTERNAL_ERROR ("get_report")); } - else if (print_report_latex (report, latex_file)) + else if (print_report_latex (report, + latex_file, + /* Attribute sort_order. */ + current_int_3, + /* Attribute sort_field. */ + current_name)) { g_free (latex_file); close (latex_fd); Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2009-11-04 19:13:20 UTC (rev 5795) +++ trunk/openvas-manager/src/tasks_sql.h 2009-11-04 20:56:41 UTC (rev 5796) @@ -2982,7 +2982,8 @@ /** * @brief Initialise a result iterator. * - * The results are ordered by host, then port, then type (severity). + * The results are ordered by host, then port and type (severity) according + * to sort_field. * * @param[in] iterator Iterator. * @param[in] report Report whose results the iterator loops over. @@ -2992,33 +2993,136 @@ * @param[in] first_result The result to start from. The results are 0 * indexed. * @param[in] max_results The maximum number of results returned. + * @param[in] ascending Whether to sort ascending or descending. + * @param[in] sort_field Field to sort on, or NULL for "type". + * @param[in] levels String describing threat levels (message types) + * to include in report (for example, "hmlg" for + * High, Medium, Low and loG). */ void init_result_iterator (iterator_t* iterator, report_t report, const char* host, - int first_result, int max_results) + int first_result, int max_results, int ascending, + const char* sort_field, const char* levels) { gchar* sql; + if (sort_field == NULL) sort_field = "type"; + if (levels == NULL) levels = "hm"; if (report) { + GString *levels_sql = NULL; + + /* Generate SQL for constraints on message type, according to levels. */ + + if (strlen (levels)) + { + int first = 1; + + /* High. */ + if (strchr (levels, 'h')) + { + first = 0; + levels_sql = g_string_new (" AND (type = 'Security Hole'"); + } + + /* Medium. */ + if (strchr (levels, 'm')) + { + if (first) + { + levels_sql = g_string_new (" AND (type = 'Security Warning'"); + first = 0; + } + else + levels_sql = g_string_append (levels_sql, + " OR type = 'Security Warning'"); + } + + /* Low. */ + if (strchr (levels, 'l')) + { + if (first) + { + levels_sql = g_string_new (" AND (type = 'Security Note'"); + first = 0; + } + else + levels_sql = g_string_append (levels_sql, + " OR type = 'Security Note'"); + } + + /* loG. */ + if (strchr (levels, 'g')) + { + if (first) + levels_sql = g_string_new (" AND (type = 'Log Message')"); + else + levels_sql = g_string_append (levels_sql, + " OR type = 'Log Message')"); + } + else if (first == 0) + levels_sql = g_string_append (levels_sql, ")"); + } + + /* Allocate the query. */ + if (host) sql = g_strdup_printf ("SELECT subnet, host, port, nvt, type, description" " FROM results, report_results" " WHERE report_results.report = %llu" + "%s" " AND report_results.result = results.ROWID" " AND results.host = '%s'" - " ORDER BY port," - " type COLLATE collate_message_type DESC" + "%s" " LIMIT %i OFFSET %i;", - report, host, max_results, first_result); + report, + levels_sql ? levels_sql->str : "", + host, + ascending + ? ((strcmp (sort_field, "port") == 0) + ? " ORDER BY" + " port," + " type COLLATE collate_message_type DESC" + : " ORDER BY" + " type COLLATE collate_message_type," + " port") + : ((strcmp (sort_field, "port") == 0) + ? " ORDER BY" + " port DESC," + " type COLLATE collate_message_type DESC" + : " ORDER BY" + " type COLLATE collate_message_type DESC," + " port"), + max_results, + first_result); else sql = g_strdup_printf ("SELECT subnet, host, port, nvt, type, description" " FROM results, report_results" " WHERE report_results.report = %llu" + "%s" " AND report_results.result = results.ROWID" - " ORDER BY host, port," - " type COLLATE collate_message_type DESC" + "%s" " LIMIT %i OFFSET %i;", - report, max_results, first_result); + report, + levels_sql ? levels_sql->str : "", + ascending + ? ((strcmp (sort_field, "port") == 0) + ? " ORDER BY host," + " port," + " type COLLATE collate_message_type DESC" + : " ORDER BY host," + " type COLLATE collate_message_type," + " port") + : ((strcmp (sort_field, "port") == 0) + ? " ORDER BY host," + " port DESC," + " type COLLATE collate_message_type DESC" + : " ORDER BY host," + " type COLLATE collate_message_type DESC," + " port"), + max_results, + first_result); + + if (levels_sql) g_string_free (levels_sql, TRUE); } else sql = g_strdup_printf ("SELECT subnet, host, port, nvt, type, description" From scm-commit at wald.intevation.org Thu Nov 5 08:36:13 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 5 Nov 2009 08:36:13 +0100 (CET) Subject: [Openvas-commits] r5797 - in trunk/openvas-client: . openvas Message-ID: <20091105073613.B6E63865F477@pyrosoma.intevation.org> Author: felix Date: 2009-11-05 08:36:11 +0100 (Thu, 05 Nov 2009) New Revision: 5797 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/openvas/comm.c Log: * openvas/comm.c: Cosmetics, reformatting, doc. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-11-04 20:56:41 UTC (rev 5796) +++ trunk/openvas-client/ChangeLog 2009-11-05 07:36:11 UTC (rev 5797) @@ -1,3 +1,7 @@ +2009-11-05 Felix Wolfsteller + + * openvas/comm.c: Cosmetics, reformatting, doc. + 2009-11-04 Felix Wolfsteller * openvas/plugin_infos.c (spin_to_timeout): Fixed todo/memleak. Modified: trunk/openvas-client/openvas/comm.c =================================================================== --- trunk/openvas-client/openvas/comm.c 2009-11-04 20:56:41 UTC (rev 5796) +++ trunk/openvas-client/openvas/comm.c 2009-11-05 07:36:11 UTC (rev 5797) @@ -198,8 +198,8 @@ #ifdef USE_OMP /** - * @brief Parses an OMP plugin description message, and returns an arglist with the - * plugin in it. + * @brief Parses an OMP plugin description message, and returns an arglist with + * @brief the plugin in it. * * @param buf The description- string (usually from an OTP plugin*- element). * @@ -335,7 +335,7 @@ /** * @brief Parses a plugin description message, and returns an arglist with the - * plugin in it. + * @brief plugin in it. * * @param buf The description- string (usually from an OTP plugin*- element). * @@ -626,18 +626,16 @@ } else if (F_quiet_mode) { - /* - * Note that when using the cli, - * the plugin prefs are not stored the same way in memory - */ - if (arg_get_type(plugs_prefs, pref) < 0) - { - char *x = strchr(v, ';'); + /* Note that when using the cli, + * the plugin prefs are not stored the same way in memory */ + if (arg_get_type (plugs_prefs, pref) < 0) + { + char *x = strchr (v, ';'); - if (!ListOnly && x) - x[0] = '\0'; - arg_add_value(plugs_prefs, pref, ARG_STRING, strlen(v), v); - } + if (!ListOnly && x) + x[0] = '\0'; + arg_add_value (plugs_prefs, pref, ARG_STRING, strlen (v), v); + } } else { @@ -684,10 +682,10 @@ } pprefs = plugin->plugin_prefs; if (pprefs == NULL) - { - pprefs = emalloc(sizeof(struct arglist)); - plugin->plugin_prefs = pprefs; - } + { + pprefs = emalloc(sizeof(struct arglist)); + plugin->plugin_prefs = pprefs; + } if (arg_get_value(pprefs, name) == NULL) { @@ -701,20 +699,20 @@ */ if (arg_get_type(plugs_prefs, fullname) == ARG_INT) - { - int d = GPOINTER_TO_SIZE(arg_get_value(plugs_prefs, fullname)); - if (d == 0) value = "no"; - else value = "yes"; - } + { + int d = GPOINTER_TO_SIZE(arg_get_value(plugs_prefs, fullname)); + if (d == 0) value = "no"; + else value = "yes"; + } else if (arg_get_type(plugs_prefs, fullname) == ARG_STRING) value = arg_get_value(plugs_prefs, fullname); else - { - if (!strcmp(type, PREF_FILE)) - value = ""; - else - value = v; - } + { + if (!strcmp(type, PREF_FILE)) + value = ""; + else + value = v; + } /* Check whether it is a radiobutton plugin preference and whether * it's value has no ';'. If so, it comes from an old, broken openvasrc file @@ -797,27 +795,27 @@ context->detached_sessions_saved = 0; #endif - serv_prefs = arg_get_value(prefs, "SERVER_PREFS"); - if(!serv_prefs) - { - serv_prefs = emalloc(sizeof(struct arglist)); - arg_add_value(context->prefs, "SERVER_PREFS", ARG_ARGLIST, -1, serv_prefs); - } + serv_prefs = arg_get_value (prefs, "SERVER_PREFS"); + if (!serv_prefs) + { + serv_prefs = emalloc (sizeof (struct arglist)); + arg_add_value (context->prefs, "SERVER_PREFS", ARG_ARGLIST, -1, serv_prefs); + } - serv_infos = emalloc(sizeof(struct arglist)); - if(arg_get_value(prefs, "SERVER_INFO")) - { - arg_free_all(arg_get_value(prefs, "SERVER_INFO")); - arg_set_value(context->prefs, "SERVER_INFO", -1, serv_infos); - } + serv_infos = emalloc (sizeof (struct arglist)); + if (arg_get_value (prefs, "SERVER_INFO")) + { + arg_free_all (arg_get_value (prefs, "SERVER_INFO")); + arg_set_value (context->prefs, "SERVER_INFO", -1, serv_infos); + } else - arg_add_value(context->prefs, "SERVER_INFO", ARG_ARGLIST, -1, serv_infos); + arg_add_value (context->prefs, "SERVER_INFO", ARG_ARGLIST, -1, serv_infos); - plugs_prefs = arg_get_value(prefs, "PLUGINS_PREFS"); - if(!plugs_prefs) + plugs_prefs = arg_get_value (prefs, "PLUGINS_PREFS"); + if (!plugs_prefs) { - plugs_prefs = emalloc(sizeof(struct arglist)); - arg_add_value(context->prefs, "PLUGINS_PREFS", ARG_ARGLIST, -1, plugs_prefs); + plugs_prefs = emalloc (sizeof (struct arglist)); + arg_add_value (context->prefs, "PLUGINS_PREFS", ARG_ARGLIST, -1, plugs_prefs); } #ifdef USE_OMP @@ -829,7 +827,7 @@ if (omp_get_preferences_503 (&context->session, &response)) { // FIX - show_error(_("Failed to get OMP preferences")); + show_error (_("Failed to get OMP preferences")); } else { @@ -1375,24 +1373,26 @@ /** * @brief Get the md5sums for each plugin from the server. * - * For each pair of - * plugin id and md5sum received from the server, this function calls - * the given callback function with the context, the plugin id, the - * md5sum, the plugin with the id (NULL if the plugin is not already + * For each pair of OID and md5sum received from the server, this function + * calls the given callback function with the context, the OID, the + * md5sum, the plugin with the OID (NULL if the plugin is not already * known) and the data parameter. The callback should return 0 in case * of success, non-zero otherwise. The md5sum parameter given to the * callback is a pointer into a buffer maintained by * comm_get_plugins_md5 so if the callback stores it somewhere it should * make a copy. * + * @param[out] data Pointer to list of missing_plugin structs. + * * @return 0 on success, -1 on error. */ static int -comm_get_plugins_md5(struct context *context, char * buf, int bufsz, - int (callback)(struct context *context, const char * oid, - const char * md5sum, struct openvas_plugin * plugin, - void ** data), - void ** data) +comm_get_plugins_md5 (struct context *context, char * buf, int bufsz, + int (callback)(struct context *context, const char * oid, + const char * md5sum, + struct openvas_plugin * plugin, + void ** data), + void ** data) { #ifdef USE_OMP if (context->protocol == PROTOCOL_OMP) @@ -1514,7 +1514,7 @@ * If plugin is given, i.e. if it's a known plugin, and the md5sums are * equal, the plugin is up to date. In that case the plugin's * is_current flag is set. Otherwise the flag is not modified (the code - * practically assumes it's false) and the id and md5sum are added to + * practically assumes it's false) and the OID and md5sum are added to * the missing plugins list which should be passed to this function as * the data parameter. */ @@ -1587,11 +1587,13 @@ /** * @brief Fetch the information for the plugins listed in missing. * + * @param missing List of OIDs of missing NVTs. + * * @return 0 on success, -1 on errors. */ static int -fetch_new_plugins(struct context *context, GSList * missing, - char * buf, int bufsz) +fetch_new_plugins (struct context *context, GSList * missing, char * buf, + int bufsz) { int i; int n_new_plugins = 0; @@ -1638,7 +1640,7 @@ { openvas_plugin_set_md5sum(plugin, ((struct missing_plugin *)g_slist_nth_data(missing, i))->md5sum); /* Count new plugins to inform user */ - if(context_add_plugin(context, plugin)) + if(context_add_plugin (context, plugin)) { ++n_new_plugins; } @@ -1682,40 +1684,43 @@ * @brief Update the plugins in context by comparing them to the individual * @brief md5sums from the server. * - * Missing and updated plugins are fetched - * from the server, plugins that no longer exist on the server are - * removed. + * Missing and updated plugins are fetched from the server, plugins that no + * longer exist on the server are removed. * * @return If successful, returns 0. A non-zero value otherwise. */ static int -update_individual_plugins(struct context *context, char * buf, int bufsz) +update_individual_plugins (struct context *context, char * buf, int bufsz) { GSList * missing = NULL; int result = 0; - result = comm_get_plugins_md5(context, buf, bufsz, update_existing_plugin, - (void **)&missing); + result = comm_get_plugins_md5 (context, buf, bufsz, update_existing_plugin, + (void **) &missing); if (result) goto fail; - context->plugins = remove_outdated_plugins(context->plugins); - context->scanners = remove_outdated_plugins(context->scanners); + context->plugins = remove_outdated_plugins (context->plugins); + context->scanners = remove_outdated_plugins (context->scanners); - result = fetch_new_plugins(context, missing, buf, bufsz); + result = fetch_new_plugins (context, missing, buf, bufsz); fail: - if (missing) { /* free the whole list */ - guint len = g_slist_length(missing); - int i; - for (i = 0;i < len;i ++) { - struct missing_plugin * p = g_slist_nth_data(missing, i); - g_free(p->oid); - g_free(p->md5sum); - g_free(p); + /* free the whole list */ + if (missing) + { + guint len = g_slist_length (missing); + int i; + for (i = 0; i < len; i++) + { + struct missing_plugin * p = g_slist_nth_data (missing, i); + g_free (p->oid); + g_free (p->md5sum); + g_free (p); + } + g_slist_free(missing); } - g_slist_free(missing); - } + return result; } @@ -1874,6 +1879,9 @@ } #endif /* USE_OMP */ +/** + * @brief Requests plugins for a certain context from scanner. + */ int comm_get_plugins (struct context *context) { @@ -1907,7 +1915,7 @@ checksum = entity_child (response, "checksum"); if (checksum == NULL) - show_error(_("OMP NVT feed checksum response missing checksum")); + show_error (_("OMP NVT feed checksum response missing checksum")); else { server_md5sum = estrdup (entity_text (checksum)); @@ -1953,14 +1961,13 @@ #endif /* USE_OMP */ bufsz = 1024 * 1024; - buf = emalloc(bufsz); - network_gets(context->socket, buf, bufsz); + buf = emalloc (bufsz); + network_gets (context->socket, buf, bufsz); /* Valid data from the server at this can either start with "SERVER * <|> PLUGINS_MD5 <|>" or "SERVER <|> PLUGIN_LIST <|>". In either * case it starts with "SERVER <|> PLUGIN". Anything else is probably - * a login problem (wrong password, etc.) - */ + * a login problem (wrong password, etc.) */ if (strncmp(buf, "SERVER <|> PLUGIN", 17) != 0) { result = -1; @@ -1969,8 +1976,7 @@ // FIX how would we have requested md5sums? // this fun only called in connect_to_scanner, right after connecting - /* If we requested md5sums, we get the md5sum over all the plugins - * now */ + /* If we requested md5sums, we get the md5sum over all the plugins now */ if(strncmp(buf, "SERVER <|> PLUGINS_MD5 <|> ", 27) == 0) { server_md5sum = parse_separator(buf + 22); @@ -1995,8 +2001,8 @@ { /* The cache could not be read for some reason. Most likely an * error or no cache file exists. Fetch the full list of plugins */ - network_printf(context->socket, "CLIENT <|> COMPLETE_LIST <|> CLIENT\n"); - network_gets(context->socket, buf, 27); + network_printf (context->socket, "CLIENT <|> COMPLETE_LIST <|> CLIENT\n"); + network_gets (context->socket, buf, 27); } else if (strcmp(context->plugins_md5sum, server_md5sum) != 0) { @@ -2021,7 +2027,7 @@ if (strncmp(buf, "SERVER <|> PLUGIN_LIST <|>", 26) == 0) { context_reset_plugins(context); - for(;;) + for (;;) { // FIX requires context->pbar (notes below) #if 0 @@ -2046,7 +2052,7 @@ } /* Count the number of new plugins */ - if(context_add_plugin(context, plugin)) + if (context_add_plugin(context, plugin)) ++n_new_plugins; } } @@ -2095,8 +2101,9 @@ } fail: - efree(&server_md5sum); - efree(&buf); + efree (&server_md5sum); + efree (&buf); + return result; } From scm-commit at wald.intevation.org Thu Nov 5 09:15:45 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 5 Nov 2009 09:15:45 +0100 (CET) Subject: [Openvas-commits] r5798 - in trunk/openvas-client: . openvas Message-ID: <20091105081545.29804852A8CC@pyrosoma.intevation.org> Author: felix Date: 2009-11-05 09:15:43 +0100 (Thu, 05 Nov 2009) New Revision: 5798 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/openvas/comm.c Log: Fixed a cache issue of OMP scopes that prevented update of the cache if outdated (e.g. feed update for scanner/manager). If the cache is outdated, all plugins are fetched anew and the cache is updated. * openvas/comm.c (client_omp_read_plugins): Minor doc added. [USE_OMP] (comm_get_plugins): Fixed md5sum string comparison, query all plugins anew if cache is out of date. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-11-05 07:36:11 UTC (rev 5797) +++ trunk/openvas-client/ChangeLog 2009-11-05 08:15:43 UTC (rev 5798) @@ -1,5 +1,15 @@ 2009-11-05 Felix Wolfsteller + Fixed a cache issue of OMP scopes that prevented update of the cache if + outdated (e.g. feed update for scanner/manager). If the cache is + outdated, all plugins are fetched anew and the cache is updated. + + * openvas/comm.c (client_omp_read_plugins): Minor doc added. + [USE_OMP] (comm_get_plugins): Fixed md5sum string comparison, query all + plugins anew if cache is out of date. + +2009-11-05 Felix Wolfsteller + * openvas/comm.c: Cosmetics, reformatting, doc. 2009-11-04 Felix Wolfsteller Modified: trunk/openvas-client/openvas/comm.c =================================================================== --- trunk/openvas-client/openvas/comm.c 2009-11-05 07:36:11 UTC (rev 5797) +++ trunk/openvas-client/openvas/comm.c 2009-11-05 08:15:43 UTC (rev 5798) @@ -1797,6 +1797,13 @@ #endif /* 0 */ } +/** + * @brief Queries (all) NVT details from an openvas-manager. + * + * @param[in,out] context Context to add fetched NVTs to. + * + * @return Number of "new" NVTs in context. + */ int client_omp_read_plugins (struct context *context) { @@ -1936,13 +1943,19 @@ * error or no cache file exists. Fetch the full list of plugins */ n_new_plugins = client_omp_read_plugins (context); } - else if (strcmp (context->plugins_md5sum, server_md5sum) != 0) + else if (strcmp (context->plugins_md5sum, server_md5sum)) { /* The cache is outdated so we update the individual plugins. We * set the plugins_md5sum temporarily to a different value because * neither the old md5sum nor the new md5sum just read from the * server correspond to the plugin information in the context * while the update is being performed. */ +#if 0 + /** @todo Following code stub could optimize performance, as + * it would fetch the missing plugins only (instead + * of all). + * Therefore, openvas-manager has to send individual + * md5sums. */ context_set_plugins_md5sum (context, ""); if (update_individual_plugins (context, NULL, 0) < 0) { @@ -1950,6 +1963,8 @@ free_entity (response); return -1; } +#endif + n_new_plugins = client_omp_read_plugins (context); context_set_plugins_md5sum (context, server_md5sum); } } From scm-commit at wald.intevation.org Thu Nov 5 12:10:04 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 5 Nov 2009 12:10:04 +0100 (CET) Subject: [Openvas-commits] r5799 - in trunk/openvas-manager: . src Message-ID: <20091105111004.9C3BD861EAB1@pyrosoma.intevation.org> Author: mattm Date: 2009-11-05 12:10:03 +0100 (Thu, 05 Nov 2009) New Revision: 5799 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/omp.c Log: * src/omp.c (latex_severity_colour): Replace openvas_text with openvas_report. (latex_header): Remove openvas_text. Match threat colours to GSA. (latex_footer): Correct typo. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2009-11-05 08:15:43 UTC (rev 5798) +++ trunk/openvas-manager/ChangeLog 2009-11-05 11:10:03 UTC (rev 5799) @@ -1,3 +1,10 @@ +2009-11-05 Matthew Mundell + + * src/omp.c (latex_severity_colour): Replace openvas_text with + openvas_report. + (latex_header): Remove openvas_text. Match threat colours to GSA. + (latex_footer): Correct typo. + 2009-11-04 Matthew Mundell * src/tasks_sql.h (init_result_iterator): Add sorting and filtering args. Modified: trunk/openvas-manager/src/omp.c =================================================================== --- trunk/openvas-manager/src/omp.c 2009-11-05 08:15:43 UTC (rev 5798) +++ trunk/openvas-manager/src/omp.c 2009-11-05 11:10:03 UTC (rev 5799) @@ -2291,7 +2291,7 @@ return "{openvas_note}"; if (strcmp (severity, "Security Warning") == 0) return "{openvas_warning}"; - return "{openvas_text}"; + return "{openvas_report}"; } /** @@ -2315,13 +2315,16 @@ "% must come last\n" "\\usepackage{hyperref}\n" "\\definecolor{linkblue}{rgb}{0.11,0.56,1}\n" - "\\definecolor{openvas_text}{rgb}{0,0,0}\n" "\\definecolor{openvas_debug}{rgb}{0.78,0.78,0.78}\n" - "\\definecolor{openvas_log}{rgb}{0.49,0.49,0.49}\n" - "\\definecolor{openvas_hole}{rgb}{0.80,0,0}\n" - "\\definecolor{openvas_note}{rgb}{0.93,0.86,0.5}\n" + /* Log: #FFFFFF (@todo #3A3A3A 0.2275,0.2275,0.2275 with white text). */ + "\\definecolor{openvas_log}{rgb}{1,1,1}\n" + /* High: #CB1D17 */ + "\\definecolor{openvas_hole}{rgb}{0.7960,0.1137,0.0902}\n" + /* Low: #539DCB */ + "\\definecolor{openvas_note}{rgb}{0.3255,0.6157,0.7961}\n" "\\definecolor{openvas_report}{rgb}{0.68,0.74,0.88}\n" - "\\definecolor{openvas_warning}{rgb}{0.93,0.60,0}\n" + /* Medium: #F99F31 */ + "\\definecolor{openvas_warning}{rgb}{0.9764,0.6235,0.1922}\n" "\\hypersetup{colorlinks=true,linkcolor=linkblue,urlcolor=blue,bookmarks=true,bookmarksopen=true}\n" "\\usepackage[all]{hypcap}\n" "\n" @@ -2349,7 +2352,7 @@ "\\medskip\n" "\\rule{\\textwidth}{0.1pt}\n" "\n" - "This file was automactically generated.\n" + "This file was automatically generated.\n" "\\end{center}\n" "\n" "\\end{document}\n"; From scm-commit at wald.intevation.org Thu Nov 5 12:25:53 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 5 Nov 2009 12:25:53 +0100 (CET) Subject: [Openvas-commits] r5800 - in trunk/openvas-plugins: . scripts Message-ID: <20091105112553.C453A852FE8A@pyrosoma.intevation.org> Author: chandra Date: 2009-11-05 12:25:48 +0100 (Thu, 05 Nov 2009) New Revision: 5800 Added: trunk/openvas-plugins/scripts/gb_eureka_email_bof_vuln.nasl trunk/openvas-plugins/scripts/gb_eureka_email_detect.nasl trunk/openvas-plugins/scripts/gb_ms_sharepoint_info_disc_vuln.nasl trunk/openvas-plugins/scripts/gb_pegasus_mail_detect.nasl trunk/openvas-plugins/scripts/gb_pegasus_mail_pop3_bof_vuln.nasl trunk/openvas-plugins/scripts/gb_perl_detect_win.nasl trunk/openvas-plugins/scripts/gb_perl_utf8_regex_dos_vuln_win.nasl trunk/openvas-plugins/scripts/gb_vmware_prdts_priv_esc_vuln_nov09_lin.nasl trunk/openvas-plugins/scripts/gb_vmware_prdts_priv_esc_vuln_nov09_win.nasl trunk/openvas-plugins/scripts/gb_vmware_serv_dir_trav_vuln_nov09_lin.nasl Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/cve_current.txt trunk/openvas-plugins/scripts/secpod_ms09-054.nasl trunk/openvas-plugins/scripts/secpod_ms09-062.nasl trunk/openvas-plugins/scripts/secpod_office_products_version_900032.nasl Log: Added new plugins Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-11-05 11:10:03 UTC (rev 5799) +++ trunk/openvas-plugins/ChangeLog 2009-11-05 11:25:48 UTC (rev 5800) @@ -1,3 +1,24 @@ +2009-11-05 Chandrashekhar B + + * scripts/gb_eureka_email_detect.nasl, + scripts/gb_vmware_prdts_priv_esc_vuln_nov09_lin.nasl, + scripts/gb_pegasus_mail_pop3_bof_vuln.nasl, + scripts/gb_perl_utf8_regex_dos_vuln_win.nasl, + scripts/gb_pegasus_mail_detect.nasl, + scripts/gb_perl_detect_win.nasl, + scripts/gb_vmware_prdts_priv_esc_vuln_nov09_win.nasl, + scripts/gb_eureka_email_bof_vuln.nasl, + scripts/gb_vmware_serv_dir_trav_vuln_nov09_lin.nasl, + scripts/gb_ms_sharepoint_info_disc_vuln.nasl: + Added new plugins + + * scripts/secpod_ms09-062.nasl, + scripts/secpod_office_products_version_900032.nasl: + Added VisoViewer check. + + * scripts/secpod_ms09-054.nasl: + Included an additional related KB item check. + 2009-11-04 Michael Meyer * scripts/serv_u_36585.nasl, Modified: trunk/openvas-plugins/cve_current.txt =================================================================== --- trunk/openvas-plugins/cve_current.txt 2009-11-05 11:10:03 UTC (rev 5799) +++ trunk/openvas-plugins/cve_current.txt 2009-11-05 11:25:48 UTC (rev 5800) @@ -204,7 +204,7 @@ 36833 Greenbone svn R 36874 Greenbone svn R CVE-2009-3790 SecPod svn L -CVE-2009-3830 SecPod +CVE-2009-3830 SecPod svn R CVE-2009-3549 SecPod svn L CVE-2009-3550 SecPod svn L CVE-2009-3551 SecPod svn L @@ -224,7 +224,7 @@ CVE-2009-3383 SecPod svn L CVE-2009-3382 SecPod svn L CVE-2009-3381 SecPod svn L -CVE-2009-3626 +CVE-2009-3626 SecPod svn L CVE-2009-3832 SecPod svn L CVE-2009-3831 SecPod svn L CVE-2009-3627 @@ -242,4 +242,10 @@ CVE-2009-3625 Greenbone svn R 36585 Greenbone svn R 32494 Greenbone svn R - +CVE-2009-2267 SecPod svn L +CVE-2009-3733 SecPod svn L +CVE-2009-3862 SecPod +CVE-2009-3860 SecPod +CVE-2009-3838 SecPod svn L +CVE-2009-3863 SecPod +CVE-2009-3837 SecPod svn L Added: trunk/openvas-plugins/scripts/gb_eureka_email_bof_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_eureka_email_bof_vuln.nasl 2009-11-05 11:10:03 UTC (rev 5799) +++ trunk/openvas-plugins/scripts/gb_eureka_email_bof_vuln.nasl 2009-11-05 11:25:48 UTC (rev 5800) @@ -0,0 +1,87 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_eureka_email_bof_vuln.nasl 5593 2009-11-05 14:45:29Z nov $ +# +# Eureka Email Stack-Based Buffer Overflow Vulnerability +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801041); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-3837"); + script_name("Eureka Email Stack-Based Buffer Overflow Vulnerability"); + desc = " + Overview: This host is installed with Eureka Email and is prone to stack-based + buffer overflow vulnerability. + + Vulnerability Insight: + The flaw is caused due to a boundary error in the processing POP3 responses. + This can be exploited to cause a stack-based buffer overflow via an overly long + error response. + + Impact: + Successful exploitation allows remote attackers to crash an affected client + or execute arbitrary code by tricking a user into connecting to a malicious + POP3 server. + + Impact level: Application. + + Affected Software/OS: + Eureka Email version 2.2q and prior. + + Fix: No solution or patch is available as on 05th November, 2009. Information + regarding this issue will update once the solution details are available. + For updates refer, http://www.eureka-email.com/ + + References: + http://xforce.iss.net/xforce/xfdb/53940 + http://secunia.com/advisories/product/27632/ + http://www.vupen.com/english/advisories/2009/3025 + http://www.packetstormsecurity.org/0910-exploits/eurekamc-dos.txt + + CVSS Score: + CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 9.0 + Risk factor: Critical"; + + script_description(desc); + script_summary("Check for the version of Eureka Email"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("Buffer overflow"); + script_dependencies("gb_eureka_email_detect.nasl"); + script_require_keys("EurekaEmail/Ver"); + exit(0); +} + + +include("version_func.inc"); + +eeVer = get_kb_item("EurekaEmail/Ver"); +if(eeVer != NULL) +{ + # Eureka Email 2.2q (2.2.0.1) + if(version_is_less_equal(version:eeVer, test_version:"2.2.0.1")){ + security_hole(0); + } +} Added: trunk/openvas-plugins/scripts/gb_eureka_email_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_eureka_email_detect.nasl 2009-11-05 11:10:03 UTC (rev 5799) +++ trunk/openvas-plugins/scripts/gb_eureka_email_detect.nasl 2009-11-05 11:25:48 UTC (rev 5800) @@ -0,0 +1,76 @@ +############################################################################## +# OpenVAS Vulnerability Test +# $Id: gb_eureka_email_detect.nasl 5593 2009-11-05 14:30:24Z nov $ +# +# Eureka Email Version Detection +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801040); + script_version("$Revision: 1.0 $"); + script_name("Eureka Email Version Detection"); + desc = " + Overview: This script detects the installed version of Eureka Email and + sets the result in KB. + + Risk factor: Informational"; + + script_description(desc); + script_summary("Set version of Eureka Email in KB"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("Service detection"); + script_dependencies("secpod_reg_enum.nasl"); + script_require_keys("SMB/WindowsVersion"); + script_require_ports(139, 445); + exit(0); +} + + +include("smb_nt.inc"); +include("secpod_smb_func.inc"); + +if(!get_kb_item("SMB/WindowsVersion")){ + exit(0); +} + +key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; +foreach item (registry_enum_keys(key:key)) +{ + eeName = registry_get_sz(key:key + item, item:"DisplayName"); + if("Eureka Email" >< eeName) + { + eePath = registry_get_sz(key:key + item, item:"Inno Setup: App Path"); + if(eePath) + { + eePath += "\Eureka Email.EXE"; + share = ereg_replace(pattern:"([A-Za-z]):.*", replace:"\1$", string:eePath); + file = ereg_replace(pattern:"[A-Za-z]:(.*)", replace:"\1", string:eePath); + + eeVer = GetVer(file:file, share:share); + if(eeVer != NULL){ + set_kb_item(name:"EurekaEmail/Ver", value:eeVer); + } + } + } +} Added: trunk/openvas-plugins/scripts/gb_ms_sharepoint_info_disc_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_ms_sharepoint_info_disc_vuln.nasl 2009-11-05 11:10:03 UTC (rev 5799) +++ trunk/openvas-plugins/scripts/gb_ms_sharepoint_info_disc_vuln.nasl 2009-11-05 11:25:48 UTC (rev 5800) @@ -0,0 +1,84 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_ms_sharepoint_info_disc_vuln.nasl 5565 2009-11-04 15:47:24Z nov $ +# +# Microsoft SharePoint Team Services Information Disclosure Vulnerability +# +# Authors: +# Nikita MR +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800968); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-3830"); + script_bugtraq_id(36817); + script_name("Microsoft SharePoint Team Services Information Disclosure Vulnerability"); + desc = " + Overview: This host is installed with Microsoft SharePoint Server and is + prone to Information Disclosure Vulnerability. + + Vulnerability Insight: + This flaw is caused due to insufficient validation of user supplied data + passed into 'SourceUrl' and 'Source' parameters in the download.aspx in + SharePoint Team Services. + + Impact: + Attackers can exploit this issue via specially-crafted HTTP requests to + obtain the source code of arbitrary ASP.NET files from the backend database. + + Impact Level: Application + + Affected Software/OS: + Microsoft Office SharePoint Server 2007 12.0.0.6219 and prior. + + Fix: + No solution or patch is available as on 04th November, 2009. Information + regarding this issue will be updated once the solution details are available. + For updates refer, http://sharepoint.microsoft.com/Pages/Default.aspx + + References: + http://support.microsoft.com/kb/976829 + http://xforce.iss.net/xforce/xfdb/53955 + http://www.securityfocus.com/archive/1/archive/1/507419/100/0/threaded + + Risk factor: Informational"; + + script_description(desc); + script_summary("Check for the version of MS SharePoint Team Services"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("Web application abuses"); + script_dependencies("remote-detect-WindowsSharepointServices.nasl"); + script_require_keys("MicrosoftSharePointTeamServices/version"); + exit(0); +} + + +include("version_func.inc"); + +stsVer = get_kb_item("MicrosoftSharePointTeamServices/version"); +if(isnull(stsVer)){ + exit(0); +} + +if(version_in_range(version:stsVer, test_version:"12.0", test_version2:"12.0.0.6219")){ + security_warning(0); +} Added: trunk/openvas-plugins/scripts/gb_pegasus_mail_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_pegasus_mail_detect.nasl 2009-11-05 11:10:03 UTC (rev 5799) +++ trunk/openvas-plugins/scripts/gb_pegasus_mail_detect.nasl 2009-11-05 11:25:48 UTC (rev 5800) @@ -0,0 +1,77 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_pegasus_mail_detect.nasl 5592 2009-11-05 13:25:37Z nov $ +# +# Pegasus Mail Version Detection +# +# Authors: +# Nikita MR +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800969); + script_version("$Revision: 1.0 $"); + script_name("Pegasus Mail Version Detection"); + desc = " + Overview: This script retrieves the installed version of Pegasus Mail and + saves the result in KB. + + Risk factor : Informational"; + + script_description(desc); + script_family("Service detection"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Greenbone Networks GmbH"); + script_summary("Set the version of Pegasus Mail in KB"); + script_dependencies("secpod_reg_enum.nasl"); + script_require_keys("SMB/WindowsVersion"); + script_require_ports(139, 445); + exit(0); +} + + +include("smb_nt.inc"); +include("secpod_smb_func.inc"); + +if(!get_kb_item("SMB/WindowsVersion")){ + exit(0); +} + +key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pegasus Mail"; +pmailName = registry_get_sz(key:key, item:"DisplayName"); +if("Pegasus Mail" >< pmailName) +{ + pmailPath = registry_get_sz(key:key, item:"UninstallString"); + if(pmailPath) + { + pmailPath = eregmatch(pattern:"^(.+(exe|EXE))(.*)?$", string:pmailPath); + if(pmailPath[1] != NULL) + { + pmailPath = pmailPath[1] - "DESETUP.EXE" - "DeSetup.exe" + "winpm-32.exe"; + share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:pmailPath); + file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:pmailPath); + + pmailVer = GetVer(file:file, share:share); + if(!isnull(pmailVer)){ + set_kb_item(name:"Pegasus/Mail/Ver", value:pmailVer); + } + } + } +} Added: trunk/openvas-plugins/scripts/gb_pegasus_mail_pop3_bof_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_pegasus_mail_pop3_bof_vuln.nasl 2009-11-05 11:10:03 UTC (rev 5799) +++ trunk/openvas-plugins/scripts/gb_pegasus_mail_pop3_bof_vuln.nasl 2009-11-05 11:25:48 UTC (rev 5800) @@ -0,0 +1,88 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_pegasus_mail_pop3_bof_vuln.nasl 5592 2009-11-05 14:00:02Z nov $ +# +# Pegasus Mail POP3 Response Buffer Overflow Vulnerability +# +# Authors: +# Nikita MR +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800970); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-3838"); + script_bugtraq_id(36797); + script_name("Pegasus Mail POP3 Response Buffer Overflow Vulnerability"); + desc = " + Overview: This host is running Pegasus Mail which is prone to stack-based + Buffer Overflow vulnerability. + + Vulnerability Insight: + A stack based buffer overflow error occus due to improper bounds checking + when processing POP3 responses. + + Impact: + Successful exploitation will allow attackers to execute arbitrary code or + cause the application to crash by sending overly long error responses from + a remote POP3 server to the affected mail client. + + Impact Level: Application + + Affected Software/OS: + Pegasus Mail 4.51 and prior. + + Fix: + No solution or patch is available as on 05th November, 2009.Information + regarding this issue will be updated once the solution details are available. + For updates refer, http://www.pmail.com/downloads_s3_t.htm + + References: + http://secunia.com/advisories/37134 + http://www.vupen.com/english/advisories/2009/3026 + http://securitytracker.com/alerts/2009/Oct/1023075.html + + CVSS Score: + CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 9.0 + Risk factor: Critical"; + + script_description(desc); + script_summary("Check for the version of Pegasus Mail"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Greenbone Networks GmbH"); + script_family("Buffer overflow"); + script_dependencies("gb_pegasus_mail_detect.nasl"); + script_require_keys("Pegasus/Mail/Ver"); + exit(0); +} + + +include("version_func.inc"); + +pmailVer = get_kb_item("Pegasus/Mail/Ver"); +if(isnull(pmailVer)){ + exit(0); +} + +# Check for version 4.51 (4.5.1.0) and prior. +if(version_is_less_equal(version:pmailVer, test_version:"4.5.1.0")){ + security_hole(0); +} Added: trunk/openvas-plugins/scripts/gb_perl_detect_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_perl_detect_win.nasl 2009-11-05 11:10:03 UTC (rev 5799) +++ trunk/openvas-plugins/scripts/gb_perl_detect_win.nasl 2009-11-05 11:25:48 UTC (rev 5800) @@ -0,0 +1,84 @@ +############################################################################## +# OpenVAS Vulnerability Test +# $Id: gb_perl_detect_win.nasl 5569 2009-11-04 09:52:37Z nov $ +# +# Perl Version Detection (Windows) +# +# Authors: +# Nikita MR +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800966); + script_version("$Revision: 1.0 $"); + script_name("Perl Version Detection (Windows)"); + desc = " + Overview : This script retrieves the version of Perl saves the result + in KB. + + Risk factor : Informational"; + + script_description(desc); + script_summary("Set version of Perl in KB"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("Service detection"); + script_dependencies("secpod_reg_enum.nasl"); + script_require_keys("SMB/WindowsVersion"); + script_require_ports(139, 445); + exit(0); +} + + +include("smb_nt.inc"); +include("secpod_smb_func.inc"); + +if(!get_kb_item("SMB/WindowsVersion")){ + exit(0); +} + +if(!registry_key_exists(key:"SOFTWARE\Perl")){ + exit(0); +} + +key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; +foreach item (registry_enum_keys(key:key)) +{ + perlName = registry_get_sz(key:key + item, item:"DisplayName"); + + # Check for Strawberry Perl + if("Strawberry Perl" >< perlName) + { + perlVer = registry_get_sz(key:key + item, item:"Comments"); + perlVer = eregmatch(pattern:"Strawberry Perl ([0-9.]+)", string:perlVer); + if(!isnull(perlVer[1])){ + set_kb_item(name:"Strawberry/Perl/Ver", value:perlVer[1]); + } + } + + # Check for ActivePerl + if("ActivePerl" >< perlName) + { + perlVer = eregmatch(pattern:"ActivePerl ([0-9.]+)", string:perlName); + if(!isnull(perlVer[1])){ + set_kb_item(name:"ActivePerl/Ver", value:perlVer[1]); + } + } +} Added: trunk/openvas-plugins/scripts/gb_perl_utf8_regex_dos_vuln_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_perl_utf8_regex_dos_vuln_win.nasl 2009-11-05 11:10:03 UTC (rev 5799) +++ trunk/openvas-plugins/scripts/gb_perl_utf8_regex_dos_vuln_win.nasl 2009-11-05 11:25:48 UTC (rev 5800) @@ -0,0 +1,91 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_perl_utf8_regex_dos_vuln_win.nasl 5569 2009-11-04 13:33:41Z nov $ +# +# Perl UTF-8 Regular Expression Processing DoS Vulnerability (Windows) +# +# Authors: +# Nikita MR +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800967); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-3626"); + script_bugtraq_id(36812); + script_name("Perl UTF-8 Regular Expression Processing DoS Vulnerability (Windows)"); + desc = " + Overview: The host is installed with Perl and is prone to Denial of Service + Vulnerability. + + Vulnerability Insight: + An error occurs in Perl while matching an utf-8 character with large or + invalid codepoint with a particular regular expression. + + Impact: + Attackers can exploit this issue to crash an affected application via + specially crafted UTF-8 data leading to Denial of Service. + + Impact Level: Application + + Affected Software/OS: + Perl version 5.10.1 on Windows. + + Fix: Apply the patch. + http://perl5.git.perl.org/perl.git/commit/0abd0d78a73da1c4d13b1c700526b7e5d03b32d4 + + ***** + NOTE: Ignore this warning if the above mentioned patch is already applied. + ***** + + References: + http://xforce.iss.net/xforce/xfdb/53939 + http://www.openwall.com/lists/oss-security/2009/10/23/8 + https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225 + + CVSS Score: + CVSS Base Score : 5.0 (AV:N/AC:L/Au:NR/C:N/I:N/A:P) + CVSS Temporal Score : 3.7 + Risk factor: Medium"; + + script_description(desc); + script_summary("Check for the version of Perl"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("Denial of Service"); + script_dependencies("gb_perl_detect_win.nasl"); + script_require_keys("Strawberry/Perl/Ver", "ActivePerl/Ver"); + exit(0); +} + + +include("version_func.inc"); + +apVer = get_kb_item("ActivePerl/Ver"); +if(!isnull(apVer) && version_is_equal(version:apVer, test_version:"5.10.1")) +{ + security_warning(0); + exit(0); +} + +spVer = get_kb_item("Strawberry/Perl/Ver"); +if(!isnull(spVer) && version_is_equal(version:spVer, test_version:"5.10.1")){ + security_warning(0); +} Added: trunk/openvas-plugins/scripts/gb_vmware_prdts_priv_esc_vuln_nov09_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_vmware_prdts_priv_esc_vuln_nov09_lin.nasl 2009-11-05 11:10:03 UTC (rev 5799) +++ trunk/openvas-plugins/scripts/gb_vmware_prdts_priv_esc_vuln_nov09_lin.nasl 2009-11-05 11:25:48 UTC (rev 5800) @@ -0,0 +1,123 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_vmware_prdts_priv_esc_vuln_nov09_lin.nasl 5590 2009-11-04 17:12:21Z nov $ +# +# VMware Products Guest Privilege Escalation Vulnerability - Nov09 (Linux) +# +# Authors: +# Sharath S +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801143); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-2267"); + script_bugtraq_id(36841); + script_name("VMware Products Guest Privilege Escalation Vulnerability - Nov09 (Linux)"); + desc = " + Overview: The host is installed with VMWare product(s) and is prone to + Privilege Escalation vulnerability. + + Vulnerability Insight: + An error occurs while setting the exception code when a '#PF' (page fault) + exception arises and can be exploited to gain escalated privileges within + the VMware guest. + + Impact: + Local attacker can exploit this issue to gain escalated privileges in a guest + virtual machine. + + Impact Level: System + + Affected Software/OS: + VMware Server version 2.0.x prior to 2.0.2 Build 203138, + VMware Server version 1.0.x prior to 1.0.10 Build 203137, + VMware Player version 2.5.x prior to 2.5.3 Build 185404, + VMware Workstation version 6.5.x prior to 6.5.3 Build 185404 on Linux. + + Fix: Upgrade your VMWares according to the below link, + http://www.vmware.com/security/advisories/VMSA-2009-0015.html + + References: + http://secunia.com/advisories/37172 + http://www.vupen.com/english/advisories/2009/3062 + http://securitytracker.com/alerts/2009/Oct/1023082.html + http://lists.vmware.com/pipermail/security-announce/2009/000069.html + + CVSS Score: + CVSS Base Score : 6.9 (AV:L/AC:M/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 5.4 + Risk factor: High"; + + script_description(desc); + script_summary("Check for the version of VMware Products"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("Privilege escalation"); + script_dependencies("gb_vmware_prdts_detect_lin.nasl"); + script_require_keys("VMware/Linux/Installed"); + exit(0); +} + + +include("version_func.inc"); + +if(!get_kb_item("VMware/Linux/Installed")){ + exit(0); +} + +# VMware Player +vmplayerVer = get_kb_item("VMware/Player/Linux/Ver"); +if(vmplayerVer) +{ + # Check for version 2.5 < 2.5.3 (2.5.3 Build 185404) + if(version_in_range(version:vmplayerVer, test_version:"2.5", + test_version2:"2.5.2")) + { + security_hole(0); + exit(0); + } +} + +# VMware Workstation +vmworkstnVer = get_kb_item("VMware/Workstation/Linux/Ver"); +if(vmworkstnVer) +{ + # Check for version 6.5 < 6.5.3 (6.5.3 Build 185404) + if(version_in_range(version:vmworkstnVer, test_version:"6.5", + test_version2:"6.5.2")) + { + security_hole(0); + exit(0); + } +} + +# Check for VMware Server +vmserverVer = get_kb_item("VMware/Server/Linux/Ver"); +if(vmserverVer) +{ + # Check for version 1.0 < 1.0.10 (1.0.10 Build 203137) or 2.0 < 2.0.2 (2.0.2 Build 203138) + if(version_in_range(version:vmserverVer, test_version:"1.0", + test_version2:"1.0.9")|| + version_in_range(version:vmserverVer, test_version:"2.0", + test_version2:"2.0.1")){ + security_hole(0); + } +} Added: trunk/openvas-plugins/scripts/gb_vmware_prdts_priv_esc_vuln_nov09_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_vmware_prdts_priv_esc_vuln_nov09_win.nasl 2009-11-05 11:10:03 UTC (rev 5799) +++ trunk/openvas-plugins/scripts/gb_vmware_prdts_priv_esc_vuln_nov09_win.nasl 2009-11-05 11:25:48 UTC (rev 5800) @@ -0,0 +1,139 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_vmware_prdts_priv_esc_vuln_nov09_win.nasl 5590 2009-11-04 16:12:21Z nov $ +# +# VMware Products Guest Privilege Escalation Vulnerability - Nov09 (Win) +# +# Authors: +# Sharath S +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801142); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-2267"); + script_bugtraq_id(36841); + script_name("VMware Products Guest Privilege Escalation Vulnerability - Nov09 (Win)"); + desc = " + Overview: The host is installed with VMWare product(s) and is prone to + Privilege Escalation vulnerability. + + Vulnerability Insight: + An error occurs while setting the exception code when a '#PF' (page fault) + exception arises which can be exploited to gain escalated privileges within + VMware guest. + + Impact: + Local attacker can exploit this issue to gain escalated privileges in a guest + virtual machine. + + Impact Level: System + + Affected Software/OS: + VMware ACE version 2.5.x prior to 2.5.3 Build 185404, + VMware Server version 2.0.x prior to 2.0.2 Build 203138, + VMware Server version 1.0.x prior to 1.0.10 Build 203137, + VMware Player version 2.5.x prior to 2.5.3 Build 185404, + VMware Workstation version 6.5.x prior to 6.5.3 Build 185404 on Windows. + + Fix: Upgrade your VMWares according to the below link, + http://www.vmware.com/security/advisories/VMSA-2009-0015.html + + References: + http://secunia.com/advisories/37172 + http://www.vupen.com/english/advisories/2009/3062 + http://securitytracker.com/alerts/2009/Oct/1023082.html + http://lists.vmware.com/pipermail/security-announce/2009/000069.html + + CVSS Score: + CVSS Base Score : 6.9 (AV:L/AC:M/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 5.4 + Risk factor: High"; + + script_description(desc); + script_summary("Check for the version of VMware Products"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("Privilege escalation"); + script_dependencies("gb_vmware_prdts_detect_win.nasl"); + script_require_keys("VMware/Win/Installed"); + exit(0); +} + + +include("version_func.inc"); + +if(!get_kb_item("VMware/Win/Installed")){ + exit(0); +} + +# VMware Player +vmplayerVer = get_kb_item("VMware/Player/Win/Ver"); +if(vmplayerVer) +{ + # Check for version 2.5 < 2.5.3 (2.5.3 Build 185404) + if(version_in_range(version:vmplayerVer, test_version:"2.5", + test_version2:"2.5.2")) + { + security_hole(0); + exit(0); + } +} + +# VMware Workstation +vmworkstnVer = get_kb_item("VMware/Workstation/Win/Ver"); +if(vmworkstnVer) +{ + # Check for version 6.5 < 6.5.3 (6.5.3 Build 185404) + if(version_in_range(version:vmworkstnVer, test_version:"6.5", + test_version2:"6.5.2")) + { + security_hole(0); + exit(0); + } +} + +# Check for VMware Server +vmserverVer = get_kb_item("VMware/Server/Win/Ver"); +if(vmserverVer) +{ + # Check for version 1.0 < 1.0.10 (1.0.10 Build 203137) or 2.0 < 2.0.2 (2.0.2 Build 203138) + if(version_in_range(version:vmserverVer, test_version:"1.0", + test_version2:"1.0.9")|| + version_in_range(version:vmserverVer, test_version:"2.0", + test_version2:"2.0.1")){ + security_hole(0); + exit(0); + } +} + +# VMware ACE +aceVer = get_kb_item("VMware/ACE/Win/Ver"); +if(!aceVer){ + aceVer = get_kb_item("VMware/ACE\Dormant/Win/Ver"); +} +if(aceVer) +{ + # Check for version 2.5 < 2.5.3 (2.5.3 Build 185404) + if(version_is_less(version:aceVer, test_version:"2.5", + test_version2:"2.5.2")){ + security_hole(0); + } +} Added: trunk/openvas-plugins/scripts/gb_vmware_serv_dir_trav_vuln_nov09_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_vmware_serv_dir_trav_vuln_nov09_lin.nasl 2009-11-05 11:10:03 UTC (rev 5799) +++ trunk/openvas-plugins/scripts/gb_vmware_serv_dir_trav_vuln_nov09_lin.nasl 2009-11-05 11:25:48 UTC (rev 5800) @@ -0,0 +1,94 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_vmware_serv_dir_trav_vuln_nov09_lin.nasl 5590 2009-11-04 17:45:21Z nov $ +# +# VMware Server Directory Traversal Vulnerability - Nov09 (Linux) +# +# Authors: +# Sharath S +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801144); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-3733"); + script_bugtraq_id(36842); + script_name("VMware Serve Directory Traversal Vulnerability - Nov09 (Linux)"); + desc = " + Overview: The host is installed with VMWare product(s) and is prone to multiple + vulnerability. + + Vulnerability Insight: + An error exists while handling certain requests can be exploited to download + arbitrary files from the host system via directory traversal attacks. + + Impact: + Successful exploitation will let the remote/local attacker to disclose + sensitive information. + + Impact Level: System + + Affected Software/OS: + VMware Server version 2.0.x prior to 2.0.2 Build 203138, + VMware Server version 1.0.x prior to 1.0.10 Build 203137 on Linux. + + Fix: Upgrade your VMWares according to the below link, + http://www.vmware.com/security/advisories/VMSA-2009-0015.html + + References: + http://secunia.com/advisories/37186 + http://www.vupen.com/english/advisories/2009/3062 + http://securitytracker.com/alerts/2009/Oct/1023088.html + http://lists.vmware.com/pipermail/security-announce/2009/000069.html + + CVSS Score: + CVSS Base Score : 4.3 (AV:N/AC:M/Au:NR/C:P/I:N/A:N) + CVSS Temporal Score : 3.4 + Risk factor: Medium"; + + script_description(desc); + script_summary("Check for the version of VMware Server"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("General"); + script_dependencies("gb_vmware_prdts_detect_lin.nasl"); + script_require_keys("VMware/Linux/Installed", "VMware/Server/Linux/Ver"); + exit(0); +} + + +include("version_func.inc"); + +if(!get_kb_item("VMware/Linux/Installed")){ + exit(0); +} + +# Check for VMware Server +vmserverVer = get_kb_item("VMware/Server/Linux/Ver"); +if(vmserverVer) +{ + # Check for version 1.0 < 1.0.10 (1.0.10 Build 203137) or 2.0 < 2.0.2 (2.0.2 Build 203138) + if(version_in_range(version:vmserverVer, test_version:"1.0", + test_version2:"1.0.9")|| + version_in_range(version:vmserverVer, test_version:"2.0", + test_version2:"2.0.1")){ + security_warning(0); + } +} Modified: trunk/openvas-plugins/scripts/secpod_ms09-054.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_ms09-054.nasl 2009-11-05 11:10:03 UTC (rev 5799) +++ trunk/openvas-plugins/scripts/secpod_ms09-054.nasl 2009-11-05 11:25:48 UTC (rev 5800) @@ -7,6 +7,9 @@ # Authors: # Antu Sanadi # +# Updated to KB976749 +# - By Sharath S On 2009-11-04 +# # Copyright: # Copyright (c) 2009 SecPod, http://www.secpod.com # @@ -27,7 +30,7 @@ if(description) { script_id(901041); - script_version("$Revision: 1.0 $"); + script_version("$Revision: 1.1 $"); script_cve_id("CVE-2009-1547", "CVE-2009-2529", "CVE-2009-2530", "CVE-2009-2531"); script_bugtraq_id(36622, 36621, 36620, 36616); script_name("Microsoft Internet Explorer Multiple Code Execution Vulnerabilities (974455)"); @@ -56,10 +59,15 @@ http://www.microsoft.com/technet/security/Bulletin/MS09-054.mspx References: + http://support.microsoft.com/kb/974455 + http://support.microsoft.com/kb/976749 http://www.vupen.com/english/advisories/2009/2889 http://www.microsoft.com/technet/security/Bulletin/MS09-054.mspx - Risk factor : Critical"; + CVSS Score: + CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 7.3 + Risk factor: High"; script_description(desc); script_summary("Check for the vulnerable mshtml.dll file version"); @@ -88,8 +96,12 @@ } # MS09-054 Hotfix (974455) -if(hotfix_missing(name:"974455") == 0){ - exit(0); +if(hotfix_missing(name:"974455") == 0) +{ + # MS09-054 Hotfix (976749) + if(hotfix_missing(name:"976749") == 0){ + exit(0); + } } dllPath = registry_get_sz(item:"Install Path", @@ -105,9 +117,9 @@ if(hotfix_check_sp(win2k:5) > 0) { - # Check for mshtml.dll version < 5.0.3881.100 or 6.0 < 6.0.2800.1638 - if(version_in_range(version:vers, test_version:"5.0", test_version2:"5.0.3881.99") || - version_in_range(version:vers, test_version:"6.0", test_version2:"6.0.2800.1637")){ + # Check for mshtml.dll version < 5.0.3881.1900 or 6.0 < 6.0.2800.1640 + if(version_in_range(version:vers, test_version:"5.0", test_version2:"5.0.3881.1899") || + version_in_range(version:vers, test_version:"6.0", test_version2:"6.0.2800.1639")){ security_hole(0); } } @@ -116,27 +128,26 @@ SP = get_kb_item("SMB/WinXP/ServicePack"); if("Service Pack 2" >< SP) { - # Check for mshtml.dll version 6.0 < 6.0.2800.1638 and 6.0.2900.0000 < 6.0.2900.3627 - # 7.0 < 7.0.6000.16915, 8.0 < 8.0.6001.18828 and 8.0.6001.20000 < 8.0.6001.22878 - if(version_in_range(version:vers, test_version:"6.0", test_version2:"6.0.2800.1637") || - version_in_range(version:vers, test_version:"6.0.2900.0000", test_version2:"6.0.2900.3626")|| - version_in_range(version:vers, test_version:"7.0", test_version2:"7.0.6000.16914")|| - version_in_range(version:vers, test_version:"8.0", test_version2:"8.0.6001.18827")|| - version_in_range(version:vers, test_version:"8.0.6001.20000", test_version2:"8.0.6001.22877")){ + # Check for mshtml.dll version 6.0 < 6.0.2900.3636 7.0.6000.10000 < 7.0.6000.16939, + # 7.0.6000.20000 < 7.0.6000.21142, 8.0.6001.10000 < 8.0.6001.18852 and 8.0.6001.20000 < 8.0.6001.22942 + if(version_in_range(version:vers, test_version:"6.0", test_version2:"6.0.2900.3635")|| + version_in_range(version:vers, test_version:"7.0", test_version2:"7.0.6000.16938")|| + version_in_range(version:vers, test_version:"7.0.6000.20000", test_version2:"7.0.6000.21141")|| + version_in_range(version:vers, test_version:"8.0", test_version2:"8.0.6001.18851")|| + version_in_range(version:vers, test_version:"8.0.6001.20000", test_version2:"8.0.6001.22941")){ security_hole(0); } exit(0); } else if("Service Pack 3" >< SP) { - # Check for mshtml.dll version 6.0.2800.1638, 7 < 7.0.6000.16915, 6.0 < 6.0.2900.5880, - # 7.0.6000.20000 < 7.0.6000.21115, 8.0 < 8.0.6001.18828 and 8.0.6001.20000 < 8.0.6001.22918 - if(version_in_range(version:vers, test_version:"6.0", test_version2:"6.0.2800.1637")|| - version_in_range(version:vers, test_version:"6.0.2900.0000", test_version2:"6.0.2900.5879")|| - version_in_range(version:vers, test_version:"7.0", test_version2:"7.0.6000.16914") || - version_in_range(version:vers, test_version:"7.0.6000.20000", test_version2:"7.0.6000.21114") || - version_in_range(version:vers, test_version:"8.0", test_version2:"8.0.6001.18827")|| - version_in_range(version:vers, test_version:"8.0.6001.20000", test_version2:"8.0.6001.22917")){ + # Check for mshtml.dll version 6.0 < 6.0.2900.5890, 7.0.6000.10000 < 7.0.6000.16939, + # 7.0.6000.20000 < 7.0.6000.21142, 8.0.6001.10000 < 8.0.6001.18852 and 8.0.6001.20000 < 8.0.6001.22942 + if(version_in_range(version:vers, test_version:"6.0", test_version2:"6.0.2900.5889")|| + version_in_range(version:vers, test_version:"7.0", test_version2:"7.0.6000.16938") || + version_in_range(version:vers, test_version:"7.0.6000.20000", test_version2:"7.0.6000.21141") || + version_in_range(version:vers, test_version:"8.0", test_version2:"8.0.6001.18851")|| + version_in_range(version:vers, test_version:"8.0.6001.20000", test_version2:"8.0.6001.22941")){ security_hole(0); } exit(0); @@ -148,13 +159,13 @@ SP = get_kb_item("SMB/Win2003/ServicePack"); if("Service Pack 2" >< SP) { - # Check for mshtml.dll version 6.0 < 6.0.3790.4589 , 7.0 < 7.0.6000.16915, - # 7.0.6000.20000 < 7.0.6000.21115, 8.0 < 8.0.6001.18828 and 8.0.6001.20000 < 8.0.6001.22918 - if(version_in_range(version:vers, test_version:"6.0", test_version2:"6.0.3790.4588") || - version_in_range(version:vers, test_version:"7.0", test_version2:"7.0.6000.16914") || - version_in_range(version:vers, test_version:"7.0.6000.20000", test_version2:"7.0.6000.21114")|| - version_in_range(version:vers, test_version:"8.0", test_version2:"8.0.6001.18827")|| - version_in_range(version:vers, test_version:"8.0.6001.20000", test_version2:"8.0.6001.22917")){ + # Check for mshtml.dll version 6.0 < 6.0.3790.4605 , 7.0 < 7.0.6000.16939, + # 7.0.6000.20000 < 7.0.6000.21142, 8.0.6001.10000 < 8.0.6001.18852 and 8.0.6001.20000 < 8.0.6001.22942 + if(version_in_range(version:vers, test_version:"6.0", test_version2:"6.0.3790.4604") || + version_in_range(version:vers, test_version:"7.0", test_version2:"7.0.6000.16938") || + version_in_range(version:vers, test_version:"7.0.6000.20000", test_version2:"7.0.6000.21141")|| + version_in_range(version:vers, test_version:"8.0", test_version2:"8.0.6001.18851")|| + version_in_range(version:vers, test_version:"8.0.6001.20000", test_version2:"8.0.6001.22941")){ security_hole(0); } exit(0); Modified: trunk/openvas-plugins/scripts/secpod_ms09-062.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_ms09-062.nasl 2009-11-05 11:10:03 UTC (rev 5799) +++ trunk/openvas-plugins/scripts/secpod_ms09-062.nasl 2009-11-05 11:25:48 UTC (rev 5800) @@ -7,6 +7,9 @@ # Authors: # Sharath S # +# Updated to Check Visio Viewer 2007 +# - By Sharath S On 2009-10-29 +# # Copyright: # Copyright (c) 2009 SecPod, http://www.secpod.com # @@ -27,7 +30,7 @@ if(description) { script_id(900878); - script_version("$Revision: 1.0 $"); + script_version("$Revision: 1.1 $"); script_cve_id("CVE-2009-2500", "CVE-2009-2501", "CVE-2009-2502", "CVE-2009-2503", "CVE-2009-2504", "CVE-2009-2518", "CVE-2009-2528", "CVE-2009-3126"); script_bugtraq_id(36619, 36645, 36646, 36647, 36648, 36651, 36650, 36649); @@ -50,17 +53,18 @@ Affected Software/OS: Microsoft SQL Server 2005 SP 2/3 + Microsoft Office Excel Viewer 2007 Microsoft Office XP/2003 SP 3 and prior Microsoft Office Visio 2002 SP 2 and prior Microsoft Office Groove 2007 SP1 and prior + Microsoft Excel Viewer 2003 SP 3 and prior Microsoft Office 2007 System SP 1/2 and prior Microsoft Office Word Viewer 2003 SP 3 and prior - Microsoft Excel Viewer 2003 SP 3 and prior - Microsoft Office Excel Viewer 2007 - Microsoft Office PowerPoint Viewer 2007 SP2 and prior + Microsoft Office Visio Viewer 2007 SP 2 and prior + Microsoft Office PowerPoint Viewer 2007 SP 2 and prior + Microsoft Visual Studio 2008 SP 1 and prior Microsoft Visual Studio .NET 2003 SP 1 and prior - Microsoft Visual Studio 2008 SP 1 and prior - Microsoft Windows 2k SP4 with Internet Explorer 6 SP 1 + Microsoft Windows 2000 SP4 with Internet Explorer 6 SP 1 Microsoft Office Compatibility Pack for Word/Excel/PowerPoint 2007 File Formats SP 1/2 Fix: @@ -116,7 +120,7 @@ (hotfix_missing(name:"970894") == 0) || (hotfix_missing(name:"971022") == 0)|| (hotfix_missing(name:"971023") == 0) || (hotfix_missing(name:"972221") == 0)|| (hotfix_missing(name:"972222") == 0)){ - exit(0); + exit(0); } # Visio 2002 @@ -140,7 +144,7 @@ } } -# Office XP Check +# Office XP if(get_kb_item("MS/Office/Ver") =~ "^10\..*") { offPath = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion", @@ -148,11 +152,11 @@ if(offPath) { offPath += "\Microsoft Shared\OFFICE10"; - offVer = FileVer(file:"\Mso.dll", path:offPath); - if(offVer) + dllVer = FileVer(file:"\Mso.dll", path:offPath); + if(dllVer) { # Grep for Mso.dll version 10.0 < 10.0.6856.0 - if(version_in_range(version:offVer, test_version:"10.0", test_version2:"10.0.6855.9")) + if(version_in_range(version:dllVer, test_version:"10.0", test_version2:"10.0.6855.9")) { security_hole(0); exit(0); @@ -161,7 +165,7 @@ } } -# Office 2003 Check +# Office 2003 or Excel Viewer 2003 or Word Viewer 2003 if((get_kb_item("MS/Office/Ver") =~ "^11\..*") || (get_kb_item("SMB/Office/XLView/Version") =~ "^11\..*") || (get_kb_item("SMB/Office/WordView/Version") =~ "^11\..*")) @@ -171,11 +175,11 @@ if(offPath) { offPath += "\Microsoft Office\OFFICE11" + - offVer = FileVer(file:"\Gdiplus.dll", path:offPath); - if(offVer) + dllVer = FileVer(file:"\Gdiplus.dll", path:offPath); + if(dllVer) { # Grep for Gdiplus.dll version 11.0 < 11.0.8312.0 - if(version_in_range(version:offVer, test_version:"11.0", test_version2:"11.0.8311.9")) + if(version_in_range(version:dllVer, test_version:"11.0", test_version2:"11.0.8311.9")) { security_hole(0); exit(0); @@ -185,8 +189,9 @@ } # Office 2007 or Groove 2007 or Excel Viewer or PowerPoint Viewer or -# Office Compatibility Pack 2007 +# Office Compatibility Pack 2007 or Visio Viewer 2007 if(((get_kb_item("MS/Office/Ver") =~ "^12\..*") || + (get_kb_item("SMB/Office/VisioViewer/Ver") =~ "^12\..*") || (get_kb_item("SMB/Office/Groove/Version") =~ "^12\..*") || (get_kb_item("SMB/Office/XLView/Version") =~ "^12\..*") || (get_kb_item("SMB/Office/PPView/Version")) =~ "^12\..*")|| @@ -197,11 +202,11 @@ if(offPath) { offPath += "\Microsoft Shared\OFFICE12"; - offVer = FileVer(file:"\Ogl.dll", path:offPath); - if(offVer) + dllVer = FileVer(file:"\Ogl.dll", path:offPath); + if(dllVer) { # Grep for Ogl.dll version 12.0 < 12.0.6509.5000 - if(version_in_range(version:offVer, test_version:"12.0", test_version2:"12.0.6509.4999")) + if(version_in_range(version:dllVer, test_version:"12.0", test_version2:"12.0.6509.4999")) { security_hole(0); exit(0); @@ -231,7 +236,7 @@ } } -# Visual Studio 2008 Check +# Visual Studio 2008 if(egrep(pattern:"^9\..*", string:get_kb_item("Microsoft/VisualStudio/Ver"))) { vsPath = registry_get_sz(key:"SOFTWARE\Microsoft\Microsoft SDKs\Windows", Modified: trunk/openvas-plugins/scripts/secpod_office_products_version_900032.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_office_products_version_900032.nasl 2009-11-05 11:10:03 UTC (rev 5799) +++ trunk/openvas-plugins/scripts/secpod_office_products_version_900032.nasl 2009-11-05 11:25:48 UTC (rev 5800) @@ -1,62 +1,64 @@ -############################################################################## +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_office_products_version_900032.nasl 0021 2008-08-13 19:36:44Z aug $# # -# MS Office Products Version Detection +# MS Office Products Version Detection # -# Copyright: SecPod +# Authors: +# Chandan S # -# Date Written: 2008/08/13 +# Retrieving Version from file (Removed old method and updated with GetVer). +# - By Chandan S 10:46:00 2009-04-24 # -# Revision: 1.3 +# Updated to include detect mechanism for Word Viewer and Word Converter - Sharath S # -# Log: Detect script for word, excel and access. -# Issue #0021 +# Updated to include detect mechanism for Excel Viewer - Sharath S # -# Retrieving Version from file (Removed old method and updated with GetVer). -# -By Chandan S 10:46:00 2009/04/24 +# Updated to include detect mechanism for Power Point Viewer - Sharath S # -# Updated to include detect mechanism for Word Viewer and Word Converter -# Sharath S +# Updated to include detect mechanism for Office Publisher - Sharath S # -# Updated to include detect mechanism for Excel Viewer - Sharath S +# Updated to include detect mechanism for Office Outlook +# - By Antu Sanadi On 2009/10/14 # -# Updated to include detect mechanism for Power Point Viewer - Sharath S +# Updated to include detect mechanism for Office Groove and Office Compatibility Pack +# - By Sharath S On 2009-10-20 #5269 # -# Updated to include detect mechanism for Office Publisher - Sharath S +# Updated to include detect mechanism for Office Visio Viewer 2007 +# - By Sharath S On 2009-10-29 #5269 # -# Updated to include detect mechanism for Office Outlook -# -By Antu Sanadi 2009/10/14 +# Copyright: +# Copyright (c) 2009 SecPod, http://www.secpod.com # -# Updated to include detect mechanism for Office Groove and Office Compatibility Pack -# - By Sharath S On 2009-10-20 +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. # -# ------------------------------------------------------------------------ -# This program was written by SecPod and is licensed under the GNU GPL -# license. Please refer to the below link for details, -# http://www.gnu.org/licenses/gpl.tml -# This header contains information regarding licensing terms under the GPL, -# and information regarding obtaining source code from the Author. -# Consequently, pursuant to section 3(c) of the GPL, you must accompany the -# information found in this header with any distribution you make of this -# Program. -# ------------------------------------------------------------------------ -############################################################################## +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +################################################################################ - if(description) { script_id(900032); - script_version("$Revision: 1.7 $"); - script_category(ACT_GATHER_INFO); - script_family("Windows"); + script_version("$Revision: 1.8 $"); script_name("MS Office Products Version Detection"); - script_summary("Determines the version of Microsoft Office products"); desc = " Overview : Retrieve the version of MS Office products from file and sets KB. Risk factor : Informational"; script_description(desc); + script_summary("Determines the version of Microsoft Office products"); + script_category(ACT_GATHER_INFO); script_copyright("Copyright (C) 2008 SecPod"); + script_family("Windows"); script_dependencies("secpod_reg_enum.nasl", "secpod_ms_office_detection_900025.nasl"); script_require_keys("SMB/WindowsVersion"); script_require_ports(139, 445); @@ -81,8 +83,8 @@ if(wordviewFile) { wordviewFile += "\WORDVIEW.exe"; - share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:wordviewFile); - wview = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:wordviewFile); + share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:wordviewFile); + wview = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:wordviewFile); wordviewVer = GetVer(file:wview, share:share); if(wordviewVer){ set_kb_item(name:"SMB/Office/WordView/Version", value:wordviewVer); @@ -108,7 +110,7 @@ if(xlviewFile != NULL) { - share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:xlviewFile); + share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:xlviewFile); xlview = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:xlviewFile); xlviewVer = GetVer(file:xlview, share:share); if(xlviewVer != NULL){ @@ -131,7 +133,7 @@ ppviewFile += "\Microsoft Office\Office12\PPTVIEW.exe"; if(ppviewFile != NULL) { - share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:ppviewFile); + share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:ppviewFile); pptview = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:ppviewFile); pptviewVer = GetVer(file:pptview, share:share); if(pptviewVer != NULL){ @@ -156,7 +158,7 @@ if(groovePath != NULL) { groovePath += "\GROOVE.exe"; - share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:groovePath); + share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:groovePath); groove = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:groovePath); grooveVer = GetVer(file:groove, share:share); if(grooveVer != NULL){ @@ -172,8 +174,8 @@ if(ppcnvFile) { ppcnvFile += "\Microsoft Office\Office12\PPCNVCOM.exe"; - share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:ppcnvFile); - ppfile = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:ppcnvFile); + share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:ppcnvFile); + ppfile = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:ppcnvFile); ppcnvVer = GetVer(file:ppfile, share:share); if(ppcnvVer){ set_kb_item(name:"SMB/Office/PowerPntCnv/Version", value:ppcnvVer); @@ -181,6 +183,23 @@ } } +# Office Visio Viewer +if(registry_key_exists(key:"SOFTWARE\Microsoft\Office\Visio")) +{ + visioPath = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion", + item:"ProgramFilesDir"); + if(visioPath) + { + visioPath += "\Microsoft Office\Office12\VPREVIEW.EXE"; + share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:visioPath); + vvfile = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:visioPath); + visiovVer = GetVer(file:vvfile, share:share); + if(visiovVer){ + set_kb_item(name:"SMB/Office/VisioViewer/Ver", value:visiovVer); + } + } +} + # To Conform Office Installation if(!get_kb_item("MS/Office/Ver")){ exit(0); @@ -193,7 +212,7 @@ { wordFile += "\winword.exe"; share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:wordFile); - word = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:wordFile); + word = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:wordFile); wordVer = GetVer(file:word, share:share); if(wordVer){ set_kb_item(name:"SMB/Office/Word/Version", value:wordVer); @@ -220,8 +239,8 @@ if(accessFile) { accessFile += "\msaccess.exe"; - share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:accessFile); - access = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:accessFile); + share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:accessFile); + access = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:accessFile); accessVer = GetVer(file:access, share:share); if(accessVer){ set_kb_item(name:"SMB/Office/Access/Version", value:accessVer); @@ -234,8 +253,8 @@ if(powerpointFile) { powerpointFile += "\powerpnt.exe"; - share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:powerpointFile); - power = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:powerpointFile); + share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:powerpointFile); + power = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:powerpointFile); powerPptVer = GetVer(file:power, share:share); if(powerPptVer){ set_kb_item(name:"SMB/Office/PowerPnt/Version", value:powerPptVer); @@ -248,8 +267,8 @@ if(wordcnvFile) { wordcnvFile += "\Microsoft Office\Office12\Wordconv.exe"; - share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:wordcnvFile); - word = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:wordcnvFile); + share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:wordcnvFile); + word = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:wordcnvFile); wordcnvVer = GetVer(file:word, share:share); if(wordcnvVer){ set_kb_item(name:"SMB/Office/WordCnv/Version", value:wordcnvVer); @@ -262,8 +281,8 @@ if(xlcnvFile) { xlcnvFile += "\Microsoft Office\Office12\excelcnv.exe"; - share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:xlcnvFile); - xlfile = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:xlcnvFile); + share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:xlcnvFile); + xlfile = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:xlcnvFile); xlcnvVer = GetVer(file:xlfile, share:share); if(xlcnvVer){ set_kb_item(name:"SMB/Office/XLCnv/Version", value:xlcnvVer); @@ -276,8 +295,8 @@ if(pubFile) { share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:pubFile); - pub = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", - string:pubFile + "\MSPUB.exe"); + pub = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", + string:pubFile + "\MSPUB.exe"); pubVer = GetVer(file:pub, share:share); if(pubVer){ set_kb_item(name:"SMB/Office/Publisher/Version", value:pubVer); @@ -290,8 +309,8 @@ if(outlookFile) { share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:outlookFile); - outlookFile = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", - string:outlookFile + "\OUTLOOK.EXE"); + outlookFile = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", + string:outlookFile + "\OUTLOOK.EXE"); outlookVer = GetVer(file:outlookFile, share:share); if(outlookVer){ set_kb_item(name:"SMB/Office/Outloook/Version", value:outlookVer); From scm-commit at wald.intevation.org Thu Nov 5 13:28:22 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 5 Nov 2009 13:28:22 +0100 (CET) Subject: [Openvas-commits] r5801 - in trunk/openvas-plugins: . scripts Message-ID: <20091105122822.C42CF861EAB1@pyrosoma.intevation.org> Author: chandra Date: 2009-11-05 13:28:03 +0100 (Thu, 05 Nov 2009) New Revision: 5801 Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/gb_CESA-2008_0177_evolution_centos4_i386.nasl trunk/openvas-plugins/scripts/gb_CESA-2008_0177_evolution_centos4_x86_64.nasl trunk/openvas-plugins/scripts/gb_CESA-2008_0617_vim-common_centos3_i386.nasl trunk/openvas-plugins/scripts/gb_CESA-2008_0617_vim-common_centos3_x86_64.nasl trunk/openvas-plugins/scripts/gb_CESA-2008_0617_vim-common_centos4_i386.nasl trunk/openvas-plugins/scripts/gb_CESA-2008_0617_vim-common_centos4_x86_64.nasl trunk/openvas-plugins/scripts/gb_CESA-2008_1028_cups_centos3_i386.nasl trunk/openvas-plugins/scripts/gb_CESA-2008_1028_cups_centos3_x86_64.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0177-01_evolution.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0290-01_samba.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0580-01_vim.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0581-01_bluez-libs_bluez-utils.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0617-01_vim.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0907-01_pam_krb5.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_1017-01_kernel.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_1028-01_cups.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_1029-01_cups.nasl trunk/openvas-plugins/scripts/gb_aceftp_remote_dir_traversal_vuln.nasl trunk/openvas-plugins/scripts/gb_fedora_2007_1219_cups_fc5.nasl trunk/openvas-plugins/scripts/gb_fedora_2007_1541_cups_fc7.nasl trunk/openvas-plugins/scripts/gb_fedora_2007_2295_ntfs-3g_fc7.nasl trunk/openvas-plugins/scripts/gb_fedora_2007_2715_cups_fc7.nasl trunk/openvas-plugins/scripts/gb_fedora_2007_2982_cups_fc8.nasl trunk/openvas-plugins/scripts/gb_fedora_2007_2985_kdepim_fc7.nasl trunk/openvas-plugins/scripts/gb_fedora_2007_3100_cups_fc7.nasl trunk/openvas-plugins/scripts/gb_fedora_2007_4368_xfce4-places-plugin_fc8.nasl trunk/openvas-plugins/scripts/gb_fedora_2007_4385_xfce4-places-plugin_fc7.nasl trunk/openvas-plugins/scripts/gb_fedora_2007_644_cups_fc6.nasl trunk/openvas-plugins/scripts/gb_fedora_2007_740_cups_fc6.nasl trunk/openvas-plugins/scripts/gb_fedora_2007_746_cups_fc6.nasl trunk/openvas-plugins/scripts/gb_fedora_2008_10895_cups_fc10.nasl trunk/openvas-plugins/scripts/gb_fedora_2008_10911_cups_fc8.nasl trunk/openvas-plugins/scripts/gb_fedora_2008_10917_cups_fc9.nasl trunk/openvas-plugins/scripts/gb_fedora_2008_1287_deluge_fc8.nasl trunk/openvas-plugins/scripts/gb_fedora_2008_1288_deluge_fc7.nasl trunk/openvas-plugins/scripts/gb_fedora_2008_1901_cups_fc8.nasl trunk/openvas-plugins/scripts/gb_fedora_2008_1976_cups_fc7.nasl trunk/openvas-plugins/scripts/gb_fedora_2008_2131_cups_fc8.nasl trunk/openvas-plugins/scripts/gb_fedora_2008_2897_cups_fc7.nasl trunk/openvas-plugins/scripts/gb_fedora_2008_3449_cups_fc7.nasl trunk/openvas-plugins/scripts/gb_fedora_2008_3586_cups_fc8.nasl trunk/openvas-plugins/scripts/gb_fedora_2008_3756_cups_fc9.nasl trunk/openvas-plugins/scripts/gb_fedora_2008_8801_cups_fc8.nasl trunk/openvas-plugins/scripts/gb_fedora_2008_8844_cups_fc9.nasl trunk/openvas-plugins/scripts/gb_suse_2007_036.nasl Log: Changed file encoding to ASCII Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/ChangeLog 2009-11-05 12:28:03 UTC (rev 5801) @@ -1,5 +1,54 @@ 2009-11-05 Chandrashekhar B + * scripts/gb_suse_2007_036.nasl, + scripts/gb_RHSA-2008_0580-01_vim.nasl, + scripts/gb_fedora_2007_3100_cups_fc7.nasl, + scripts/gb_fedora_2007_2985_kdepim_fc7.nasl, + scripts/gb_CESA-2008_1028_cups_centos3_x86_64.nasl, + scripts/gb_RHSA-2008_0290-01_samba.nasl, + scripts/gb_RHSA-2008_1017-01_kernel.nasl, + scripts/gb_fedora_2008_3449_cups_fc7.nasl, + scripts/gb_fedora_2007_1541_cups_fc7.nasl, + scripts/gb_fedora_2008_10917_cups_fc9.nasl, + scripts/gb_CESA-2008_0177_evolution_centos4_i386.nasl, + scripts/gb_CESA-2008_0617_vim-common_centos4_i386.nasl, + scripts/gb_CESA-2008_0617_vim-common_centos3_x86_64.nasl, + scripts/gb_fedora_2007_1219_cups_fc5.nasl, + scripts/gb_fedora_2008_10911_cups_fc8.nasl, + scripts/gb_fedora_2008_2897_cups_fc7.nasl, + scripts/gb_CESA-2008_0177_evolution_centos4_x86_64.nasl, + scripts/gb_fedora_2007_4368_xfce4-places-plugin_fc8.nasl, + scripts/gb_fedora_2008_1901_cups_fc8.nasl, + scripts/gb_fedora_2007_740_cups_fc6.nasl, + scripts/gb_fedora_2008_10895_cups_fc10.nasl, + scripts/gb_fedora_2008_2131_cups_fc8.nasl, + scripts/gb_fedora_2008_1288_deluge_fc7.nasl, + scripts/gb_CESA-2008_0617_vim-common_centos3_i386.nasl, + scripts/gb_fedora_2008_1976_cups_fc7.nasl, + scripts/gb_CESA-2008_0617_vim-common_centos4_x86_64.nasl, + scripts/gb_aceftp_remote_dir_traversal_vuln.nasl, + scripts/gb_RHSA-2008_0617-01_vim.nasl, + scripts/gb_fedora_2008_1287_deluge_fc8.nasl, + scripts/gb_fedora_2008_3756_cups_fc9.nasl, + scripts/gb_fedora_2008_8801_cups_fc8.nasl, + scripts/gb_RHSA-2008_0907-01_pam_krb5.nasl, + scripts/gb_fedora_2008_3586_cups_fc8.nasl, + scripts/gb_fedora_2007_2982_cups_fc8.nasl, + scripts/gb_fedora_2007_746_cups_fc6.nasl, + scripts/gb_RHSA-2008_0177-01_evolution.nasl, + scripts/gb_CESA-2008_1028_cups_centos3_i386.nasl, + scripts/gb_fedora_2008_8844_cups_fc9.nasl, + scripts/gb_fedora_2007_644_cups_fc6.nasl, + scripts/gb_RHSA-2008_1029-01_cups.nasl, + scripts/gb_fedora_2007_2295_ntfs-3g_fc7.nasl, + scripts/gb_fedora_2007_4385_xfce4-places-plugin_fc7.nasl, + scripts/gb_RHSA-2008_1028-01_cups.nasl, + scripts/gb_RHSA-2008_0581-01_bluez-libs_bluez-utils.nasl, + scripts/gb_fedora_2007_2715_cups_fc7.nasl: + Changed encoding to ASCII. + +2009-11-05 Chandrashekhar B + * scripts/gb_eureka_email_detect.nasl, scripts/gb_vmware_prdts_priv_esc_vuln_nov09_lin.nasl, scripts/gb_pegasus_mail_pop3_bof_vuln.nasl, Modified: trunk/openvas-plugins/scripts/gb_CESA-2008_0177_evolution_centos4_i386.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_CESA-2008_0177_evolution_centos4_i386.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_CESA-2008_0177_evolution_centos4_i386.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -35,15 +35,15 @@ Vulnerability Insight: Evolution is the GNOME collection of personal information management (PIM) tools. - + A format string flaw was found in the way Evolution displayed encrypted mail content. If a user opened a carefully crafted mail message, arbitrary code could be executed as the user running Evolution. (CVE-2008-0072) - + All users of Evolution should upgrade to these updated packages, which contain a backported patch which resolves this issue. - - Red Hat would like to thank Ulf H?rnhammar of Secunia Research for finding + + Red Hat would like to thank Ulf Hnhammar of Secunia Research for finding and reporting this issue. @@ -105,4 +105,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gb_CESA-2008_0177_evolution_centos4_x86_64.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_CESA-2008_0177_evolution_centos4_x86_64.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_CESA-2008_0177_evolution_centos4_x86_64.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -43,7 +43,7 @@ All users of Evolution should upgrade to these updated packages, which contain a backported patch which resolves this issue. - Red Hat would like to thank Ulf H?rnhammar of Secunia Research for finding + Red Hat would like to thank Ulf Hrnhammar of Secunia Research for finding and reporting this issue. @@ -105,4 +105,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gb_CESA-2008_0617_vim-common_centos3_i386.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_CESA-2008_0617_vim-common_centos3_i386.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_CESA-2008_0617_vim-common_centos3_i386.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -35,26 +35,26 @@ Vulnerability Insight: Vim (Visual editor IMproved) is an updated and improved version of the vi editor. - + Several input sanitization flaws were found in Vim's keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101) - + A heap-based overflow flaw was discovered in Vim's expansion of file name patterns with shell wildcards. An attacker could create a specially-crafted file or directory name that, when opened by Vim, caused the application to crash or, possibly, execute arbitrary code. (CVE-2008-3432) - + Several input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712) - - Ulf H?rnhammar, of Secunia Research, discovered a format string flaw in + + Ulf Hrnhammar, of Secunia Research, discovered a format string flaw in Vim's help tag processor. If a user was tricked into executing the "helptags" command on malicious data, arbitrary code could be executed with the permissions of the user running Vim. (CVE-2007-2953) - + All Vim users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. @@ -123,4 +123,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gb_CESA-2008_0617_vim-common_centos3_x86_64.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_CESA-2008_0617_vim-common_centos3_x86_64.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_CESA-2008_0617_vim-common_centos3_x86_64.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -35,26 +35,26 @@ Vulnerability Insight: Vim (Visual editor IMproved) is an updated and improved version of the vi editor. - + Several input sanitization flaws were found in Vim's keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101) - + A heap-based overflow flaw was discovered in Vim's expansion of file name patterns with shell wildcards. An attacker could create a specially-crafted file or directory name that, when opened by Vim, caused the application to crash or, possibly, execute arbitrary code. (CVE-2008-3432) - + Several input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712) - - Ulf H?rnhammar, of Secunia Research, discovered a format string flaw in + + Ulf Hrnhammar, of Secunia Research, discovered a format string flaw in Vim's help tag processor. If a user was tricked into executing the "helptags" command on malicious data, arbitrary code could be executed with the permissions of the user running Vim. (CVE-2007-2953) - + All Vim users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. @@ -123,4 +123,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gb_CESA-2008_0617_vim-common_centos4_i386.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_CESA-2008_0617_vim-common_centos4_i386.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_CESA-2008_0617_vim-common_centos4_i386.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -35,26 +35,26 @@ Vulnerability Insight: Vim (Visual editor IMproved) is an updated and improved version of the vi editor. - + Several input sanitization flaws were found in Vim's keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101) - + A heap-based overflow flaw was discovered in Vim's expansion of file name patterns with shell wildcards. An attacker could create a specially-crafted file or directory name that, when opened by Vim, caused the application to crash or, possibly, execute arbitrary code. (CVE-2008-3432) - + Several input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712) - - Ulf H?rnhammar, of Secunia Research, discovered a format string flaw in + + Ulf Hrnhammar, of Secunia Research, discovered a format string flaw in Vim's help tag processor. If a user was tricked into executing the "helptags" command on malicious data, arbitrary code could be executed with the permissions of the user running Vim. (CVE-2007-2953) - + All Vim users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. @@ -123,4 +123,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gb_CESA-2008_0617_vim-common_centos4_x86_64.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_CESA-2008_0617_vim-common_centos4_x86_64.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_CESA-2008_0617_vim-common_centos4_x86_64.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -35,26 +35,26 @@ Vulnerability Insight: Vim (Visual editor IMproved) is an updated and improved version of the vi editor. - + Several input sanitization flaws were found in Vim's keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101) - + A heap-based overflow flaw was discovered in Vim's expansion of file name patterns with shell wildcards. An attacker could create a specially-crafted file or directory name that, when opened by Vim, caused the application to crash or, possibly, execute arbitrary code. (CVE-2008-3432) - + Several input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712) - - Ulf H?rnhammar, of Secunia Research, discovered a format string flaw in + + Ulf Hrnhammar, of Secunia Research, discovered a format string flaw in Vim's help tag processor. If a user was tricked into executing the "helptags" command on malicious data, arbitrary code could be executed with the permissions of the user running Vim. (CVE-2007-2953) - + All Vim users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. @@ -123,4 +123,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gb_CESA-2008_1028_cups_centos3_i386.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_CESA-2008_1028_cups_centos3_i386.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_CESA-2008_1028_cups_centos3_i386.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -33,15 +33,15 @@ desc = " Vulnerability Insight: - The Common UNIX? Printing System (CUPS) provides a portable printing layer + The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. - + An integer overflow flaw, leading to a heap buffer overflow, was discovered in the Portable Network Graphics (PNG) decoding routines used by the CUPS image-converting filters, "imagetops" and "imagetoraster". An attacker could create a malicious PNG file that could, potentially, execute arbitrary code as the "lp" user if the file was printed. (CVE-2008-5286) - + CUPS users should upgrade to these updated packages, which contain a backported patch to correct this issue. @@ -98,4 +98,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gb_CESA-2008_1028_cups_centos3_x86_64.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_CESA-2008_1028_cups_centos3_x86_64.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_CESA-2008_1028_cups_centos3_x86_64.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -33,15 +33,15 @@ desc = " Vulnerability Insight: - The Common UNIX? Printing System (CUPS) provides a portable printing layer + The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. - + An integer overflow flaw, leading to a heap buffer overflow, was discovered in the Portable Network Graphics (PNG) decoding routines used by the CUPS image-converting filters, "imagetops" and "imagetoraster". An attacker could create a malicious PNG file that could, potentially, execute arbitrary code as the "lp" user if the file was printed. (CVE-2008-5286) - + CUPS users should upgrade to these updated packages, which contain a backported patch to correct this issue. @@ -98,4 +98,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gb_RHSA-2008_0177-01_evolution.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0177-01_evolution.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0177-01_evolution.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -35,15 +35,15 @@ Vulnerability Insight: Evolution is the GNOME collection of personal information management (PIM) tools. - + A format string flaw was found in the way Evolution displayed encrypted mail content. If a user opened a carefully crafted mail message, arbitrary code could be executed as the user running Evolution. (CVE-2008-0072) - + All users of Evolution should upgrade to these updated packages, which contain a backported patch which resolves this issue. - - Red Hat would like to thank Ulf H?rnhammar of Secunia Research for finding + + Red Hat would like to thank Ulf Hrnhammar of Secunia Research for finding and reporting this issue. @@ -119,4 +119,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gb_RHSA-2008_0290-01_samba.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0290-01_samba.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0290-01_samba.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -35,7 +35,7 @@ Vulnerability Insight: Samba is a suite of programs used by machines to share files, printers, and other information. - + A heap-based buffer overflow flaw was found in the way Samba clients handle over-sized packets. If a client connected to a malicious Samba server, it was possible to execute arbitrary code as the Samba client user. It was @@ -43,26 +43,26 @@ to a Samba server that could result in the server executing the vulnerable client code, resulting in arbitrary code execution with the permissions of the Samba server. (CVE-2008-1105) - + Red Hat would like to thank Alin Rad Pop of Secunia Research for responsibly disclosing this issue. - + This update also addresses two issues which prevented Samba from joining certain Windows domains with tightened security policies, and prevented certain signed SMB content from working as expected: - - * when some Windows? 2000-based domain controllers were set to use + + * when some Windows 2000-based domain controllers were set to use mandatory signing, Samba clients would drop the connection because of an error when generating signatures. This presented as a "Server packet had invalid SMB signature" error to the Samba client. This update corrects the signature generation error. - + * Samba servers using the "net ads join" command to connect to a Windows - Server? 2003-based domain would fail with "failed to get schannel session + Server 2003-based domain would fail with "failed to get schannel session key from server" and "NT_STATUS_ACCESS_DENIED" errors. This update correctly binds to the NETLOGON share, allowing Samba servers to connect to the domain properly. - + Users of Samba are advised to upgrade to these updated packages, which contain a backported patch to resolve these issues. @@ -131,4 +131,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gb_RHSA-2008_0580-01_vim.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0580-01_vim.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0580-01_vim.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -35,36 +35,36 @@ Vulnerability Insight: Vim (Visual editor IMproved) is an updated and improved version of the vi editor. - + Several input sanitization flaws were found in Vim's keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101) - + Multiple security flaws were found in netrw.vim, the Vim plug-in providing file reading and writing over the network. If a user opened a specially crafted file or directory with the netrw plug-in, it could result in arbitrary code execution as the user running Vim. (CVE-2008-3076) - + A security flaw was found in zip.vim, the Vim plug-in that handles ZIP archive browsing. If a user opened a ZIP archive using the zip.vim plug-in, it could result in arbitrary code execution as the user running Vim. (CVE-2008-3075) - + A security flaw was found in tar.vim, the Vim plug-in which handles TAR archive browsing. If a user opened a TAR archive using the tar.vim plug-in, it could result in arbitrary code execution as the user runnin Vim. (CVE-2008-3074) - + Several input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712) - - Ulf H?rnhammar, of Secunia Research, discovered a format string flaw in + + Ulf Hrnhammar, of Secunia Research, discovered a format string flaw in Vim's help tag processor. If a user was tricked into executing the "helptags" command on malicious data, arbitrary code could be executed with the permissions of the user running Vim. (CVE-2007-2953) - + All Vim users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. @@ -133,4 +133,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gb_RHSA-2008_0581-01_bluez-libs_bluez-utils.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0581-01_bluez-libs_bluez-utils.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0581-01_bluez-libs_bluez-utils.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -35,14 +35,14 @@ Vulnerability Insight: The bluez-libs package contains libraries for use in Bluetooth applications. The bluez-utils package contains Bluetooth daemons and utilities. - + An input validation flaw was found in the Bluetooth Session Description Protocol (SDP) packet parser used by the Bluez Bluetooth utilities. A Bluetooth device with an already-established trust relationship, or a local - user registering a service record via a UNIX? socket or D-Bus interface, + user registering a service record via a UNIX socket or D-Bus interface, could cause a crash, or possibly execute arbitrary code with privileges of the hcid daemon. (CVE-2008-2374) - + Users of bluez-libs and bluez-utils are advised to upgrade to these updated packages, which contains a backported patch to correct this issue. @@ -163,4 +163,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gb_RHSA-2008_0617-01_vim.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0617-01_vim.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0617-01_vim.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -35,26 +35,26 @@ Vulnerability Insight: Vim (Visual editor IMproved) is an updated and improved version of the vi editor. - + Several input sanitization flaws were found in Vim's keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101) - + A heap-based overflow flaw was discovered in Vim's expansion of file name patterns with shell wildcards. An attacker could create a specially-crafted file or directory name that, when opened by Vim, caused the application to crash or, possibly, execute arbitrary code. (CVE-2008-3432) - + Several input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712) - - Ulf H?rnhammar, of Secunia Research, discovered a format string flaw in + + Ulf Hrnhammar, of Secunia Research, discovered a format string flaw in Vim's help tag processor. If a user was tricked into executing the "helptags" command on malicious data, arbitrary code could be executed with the permissions of the user running Vim. (CVE-2007-2953) - + All Vim users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. @@ -165,4 +165,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gb_RHSA-2008_0907-01_pam_krb5.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0907-01_pam_krb5.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0907-01_pam_krb5.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -36,16 +36,16 @@ The pam_krb5 module allows Pluggable Authentication Modules (PAM) aware applications to use Kerberos to verify user identities by obtaining user credentials at log in time. - + A flaw was found in the pam_krb5 "existing_ticket" configuration option. If a system is configured to use an existing credential cache via the "existing_ticket" option, it may be possible for a local user to gain elevated privileges by using a different, local user's credential cache. (CVE-2008-3825) - - Red Hat would like to thank St?phane Bertin for responsibly disclosing this + + Red Hat would like to thank Stphane Bertin for responsibly disclosing this issue. - + Users of pam_krb5 should upgrade to this updated package, which contains a backported patch to resolve this issue. @@ -96,4 +96,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gb_RHSA-2008_1017-01_kernel.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_1017-01_kernel.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_1017-01_kernel.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -35,58 +35,58 @@ Vulnerability Insight: The kernel packages contain the Linux kernel, the core of any Linux operating system. - + * Olaf Kirch reported a flaw in the i915 kernel driver that only affects the Intel G33 series and newer. This flaw could, potentially, lead to local privilege escalation. (CVE-2008-3831, Important) - + * Miklos Szeredi reported a missing check for files opened with O_APPEND in the sys_splice(). This could allow a local, unprivileged user to bypass the append-only file restrictions. (CVE-2008-4554, Important) - + * a deficiency was found in the Linux kernel Stream Control Transmission Protocol (SCTP) implementation. This could lead to a possible denial of service if one end of a SCTP connection did not support the AUTH extension. (CVE-2008-4576, Important) - + In addition, these updated packages fix the following bugs: - - * on Itanium? systems, when a multithreaded program was traced using the + + * on Itanium systems, when a multithreaded program was traced using the command "strace -f", messages similar to the following ones were displayed, after which the trace would stop: - - PANIC: attached pid 10740 exited - PANIC: handle_group_exit: 10740 leader 10721 - PANIC: attached pid 10739 exited - PANIC: handle_group_exit: 10739 leader 10721 - ... - + + PANIC: attached pid 10740 exited + PANIC: handle_group_exit: 10740 leader 10721 + PANIC: attached pid 10739 exited + PANIC: handle_group_exit: 10739 leader 10721 + ... + In these updated packages, tracing a multithreaded program using the "strace -f" command no longer results in these error messages, and strace terminates normally after tracing all threads. - + * on big-endian systems such as PowerPC, the getsockopt() function incorrectly returned 0 depending on the parameters passed to it when the time to live (TTL) value equaled 255. - + * when using an NFSv4 file system, accessing the same file with two separate processes simultaneously resulted in the NFS client process becoming unresponsive. - - * on AMD64 and Intel? 64 hypervisor-enabled systems, in cases in which a + + * on AMD64 and Intel 64 hypervisor-enabled systems, in cases in which a syscall correctly returned '-1' in code compiled on Red Hat Enterprise Linux 5, the same code, when run with the strace utility, would incorrectly return an invalid return value. This has been fixed so that on AMD64 and - Intel? 64 hypervisor-enabled systems, syscalls in compiled code return the + Intel 64 hypervisor-enabled systems, syscalls in compiled code return the same, correct values as syscalls do when run with strace. - - * on the Itanium? architecture, fully-virtualized guest domains which were + + * on the Itanium architecture, fully-virtualized guest domains which were created using more than 64 GB of memory caused other guest domains not to receive interrupts, which caused a soft lockup on other guests. All guest domains are now able to receive interrupts regardless of their allotted memory. - - * when user-space used SIGIO notification, which wasn't disabled ... + * when user-space used SIGIO notification, which wasn't disabled ... + Description truncated, for more information please check the Reference URL Affected Software/OS: @@ -213,4 +213,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gb_RHSA-2008_1028-01_cups.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_1028-01_cups.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_1028-01_cups.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -33,15 +33,15 @@ desc = " Vulnerability Insight: - The Common UNIX? Printing System (CUPS) provides a portable printing layer + The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. - + An integer overflow flaw, leading to a heap buffer overflow, was discovered in the Portable Network Graphics (PNG) decoding routines used by the CUPS image-converting filters, "imagetops" and "imagetoraster". An attacker could create a malicious PNG file that could, potentially, execute arbitrary code as the "lp" user if the file was printed. (CVE-2008-5286) - + CUPS users should upgrade to these updated packages, which contain a backported patch to correct this issue. @@ -106,4 +106,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gb_RHSA-2008_1029-01_cups.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_1029-01_cups.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_1029-01_cups.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -33,15 +33,15 @@ desc = " Vulnerability Insight: - The Common UNIX? Printing System (CUPS) provides a portable printing layer + The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. - + A null pointer dereference flaw was found in the way CUPS handled subscriptions for printing job completion notifications. A local user could use this flaw to crash the CUPS daemon by submitting a large number of printing jobs requiring mail notification on completion, leading to a denial of service. (CVE-2008-5183) - + Users of cups should upgrade to these updated packages, which contain a backported patch to correct this issue. @@ -110,4 +110,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gb_aceftp_remote_dir_traversal_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_aceftp_remote_dir_traversal_vuln.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_aceftp_remote_dir_traversal_vuln.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -50,7 +50,7 @@ Impact Level: Application Affected Software/OS: - Visicom Media?s AceFTP Freeware/Pro Version 3.80.3 and prior on W + Visicom Media AceFTP Freeware/Pro Version 3.80.3 and prior on W Windows Fix: No solution/patch is available as on 1st December, 2008. Information Modified: trunk/openvas-plugins/scripts/gb_fedora_2007_1219_cups_fc5.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2007_1219_cups_fc5.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_fedora_2007_1219_cups_fc5.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -34,7 +34,7 @@ Vulnerability Insight: The Common UNIX Printing System provides a portable printing layer for - UNIX?? operating systems. It has been developed by Easy Software Products + UNIX operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. @@ -139,4 +139,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gb_fedora_2007_1541_cups_fc7.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2007_1541_cups_fc7.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_fedora_2007_1541_cups_fc7.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -34,7 +34,7 @@ Vulnerability Insight: The Common UNIX Printing System provides a portable printing layer for - UNIX? operating systems. It has been developed by Easy Software Products + UNIX operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. @@ -139,4 +139,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gb_fedora_2007_2295_ntfs-3g_fc7.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2007_2295_ntfs-3g_fc7.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_fedora_2007_2295_ntfs-3g_fc7.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -37,11 +37,11 @@ Linux NTFS driver. It provides full read-write access to NTFS, excluding access to encrypted files, writing compressed files, changing file ownership, access right. - - Technically it?s based on and a major improvement to the third + + Technically it is based on and a major improvement to the third generation Linux NTFS driver, ntfsmount. The improvements include functionality, quality and performance enhancements. - + ntfs-3g features are being merged to ntfsmount. In the meanwhile, ntfs-3g is currently the only free, as in either speech or beer, NTFS driver for Linux that supports unlimited file creation and deletion. @@ -123,4 +123,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gb_fedora_2007_2715_cups_fc7.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2007_2715_cups_fc7.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_fedora_2007_2715_cups_fc7.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -34,7 +34,7 @@ Vulnerability Insight: The Common UNIX Printing System provides a portable printing layer for - UNIX? operating systems. It has been developed by Easy Software Products + UNIX operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. @@ -139,4 +139,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gb_fedora_2007_2982_cups_fc8.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2007_2982_cups_fc8.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_fedora_2007_2982_cups_fc8.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -34,7 +34,7 @@ Vulnerability Insight: The Common UNIX Printing System provides a portable printing layer for - UNIX? operating systems. It has been developed by Easy Software Products + UNIX operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. @@ -139,4 +139,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gb_fedora_2007_2985_kdepim_fc7.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2007_2985_kdepim_fc7.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_fedora_2007_2985_kdepim_fc7.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -40,7 +40,7 @@ * knotes: sticky notes for the desktop * kontact: integrated PIM management * korganizer: journal, appointments, events, todos - * kpilot: HotSync? software for Palm OS? devices + * kpilot: HotSync software for Palm OS devices Affected Software/OS: @@ -119,4 +119,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gb_fedora_2007_3100_cups_fc7.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2007_3100_cups_fc7.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_fedora_2007_3100_cups_fc7.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -34,7 +34,7 @@ Vulnerability Insight: The Common UNIX Printing System provides a portable printing layer for - UNIX? operating systems. It has been developed by Easy Software Products + UNIX operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. @@ -139,4 +139,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gb_fedora_2007_4368_xfce4-places-plugin_fc8.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2007_4368_xfce4-places-plugin_fc8.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_fedora_2007_4368_xfce4-places-plugin_fc8.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -34,7 +34,7 @@ Vulnerability Insight: A menu with quick access to folders, documents, and removable media. The - Places plugin brings much of the functionality of GNOME?s Places menu to + Places plugin brings much of the functionality of GNOMEs Places menu to Xfce. It puts a simple button on the panel. Clicking on this button opens up a menu with 4 sections: 1) System-defined directories (home folder, trash, desktop, file system) @@ -107,4 +107,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gb_fedora_2007_4385_xfce4-places-plugin_fc7.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2007_4385_xfce4-places-plugin_fc7.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_fedora_2007_4385_xfce4-places-plugin_fc7.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -34,7 +34,7 @@ Vulnerability Insight: A menu with quick access to folders, documents, and removable media. The - Places plugin brings much of the functionality of GNOME?s Places menu to + Places plugin brings much of the functionality of GNOMEs Places menu to Xfce. It puts a simple button on the panel. Clicking on this button opens up a menu with 4 sections: 1) System-defined directories (home folder, trash, desktop, file system) @@ -107,4 +107,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gb_fedora_2007_644_cups_fc6.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2007_644_cups_fc6.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_fedora_2007_644_cups_fc6.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -34,7 +34,7 @@ Vulnerability Insight: The Common UNIX Printing System provides a portable printing layer for - UNIX?? operating systems. It has been developed by Easy Software Products + UNIX operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. @@ -139,4 +139,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gb_fedora_2007_740_cups_fc6.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2007_740_cups_fc6.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_fedora_2007_740_cups_fc6.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -34,7 +34,7 @@ Vulnerability Insight: The Common UNIX Printing System provides a portable printing layer for - UNIX?? operating systems. It has been developed by Easy Software Products + UNIX operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. @@ -139,4 +139,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gb_fedora_2007_746_cups_fc6.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2007_746_cups_fc6.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_fedora_2007_746_cups_fc6.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -34,7 +34,7 @@ Vulnerability Insight: The Common UNIX Printing System provides a portable printing layer for - UNIX?? operating systems. It has been developed by Easy Software Products + UNIX operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. @@ -139,4 +139,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gb_fedora_2008_10895_cups_fc10.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2008_10895_cups_fc10.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_fedora_2008_10895_cups_fc10.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -34,7 +34,7 @@ Vulnerability Insight: The Common UNIX Printing System provides a portable printing layer for - UNIX? operating systems. It has been developed by Easy Software Products + UNIX operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. @@ -79,4 +79,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gb_fedora_2008_10911_cups_fc8.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2008_10911_cups_fc8.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_fedora_2008_10911_cups_fc8.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -34,7 +34,7 @@ Vulnerability Insight: The Common UNIX Printing System provides a portable printing layer for - UNIX? operating systems. It has been developed by Easy Software Products + UNIX operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. @@ -79,4 +79,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gb_fedora_2008_10917_cups_fc9.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2008_10917_cups_fc9.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_fedora_2008_10917_cups_fc9.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -34,7 +34,7 @@ Vulnerability Insight: The Common UNIX Printing System provides a portable printing layer for - UNIX? operating systems. It has been developed by Easy Software Products + UNIX operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. @@ -79,4 +79,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gb_fedora_2008_1287_deluge_fc8.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2008_1287_deluge_fc8.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_fedora_2008_1287_deluge_fc8.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -36,7 +36,7 @@ Deluge is a new BitTorrent client, created using Python and GTK+. It is intended to bring a native, full-featured client to Linux GTK+ desktop environments such as GNOME and XFCE. It supports features such as DHT - (Distributed Hash Tables), PEX (?Torrent-compatible Peer Exchange), and UPnP + (Distributed Hash Tables), PEX (Torrent-compatible Peer Exchange), and UPnP (Universal Plug-n-Play) that allow one to more easily share BitTorrent data even from behind a router with virtually zero configuration of port-forwarding. @@ -81,4 +81,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gb_fedora_2008_1288_deluge_fc7.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2008_1288_deluge_fc7.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_fedora_2008_1288_deluge_fc7.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -36,7 +36,7 @@ Deluge is a new BitTorrent client, created using Python and GTK+. It is intended to bring a native, full-featured client to Linux GTK+ desktop environments such as GNOME and XFCE. It supports features such as DHT - (Distributed Hash Tables), PEX (?Torrent-compatible Peer Exchange), and UPnP + (Distributed Hash Tables), PEX (Torrent-compatible Peer Exchange), and UPnP (Universal Plug-n-Play) that allow one to more easily share BitTorrent data even from behind a router with virtually zero configuration of port-forwarding. @@ -81,4 +81,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gb_fedora_2008_1901_cups_fc8.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2008_1901_cups_fc8.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_fedora_2008_1901_cups_fc8.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -34,7 +34,7 @@ Vulnerability Insight: The Common UNIX Printing System provides a portable printing layer for - UNIX? operating systems. It has been developed by Easy Software Products + UNIX operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. @@ -79,4 +79,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gb_fedora_2008_1976_cups_fc7.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2008_1976_cups_fc7.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_fedora_2008_1976_cups_fc7.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -34,7 +34,7 @@ Vulnerability Insight: The Common UNIX Printing System provides a portable printing layer for - UNIX? operating systems. It has been developed by Easy Software Products + UNIX operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. @@ -79,4 +79,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gb_fedora_2008_2131_cups_fc8.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2008_2131_cups_fc8.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_fedora_2008_2131_cups_fc8.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -34,7 +34,7 @@ Vulnerability Insight: The Common UNIX Printing System provides a portable printing layer for - UNIX? operating systems. It has been developed by Easy Software Products + UNIX operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. @@ -79,4 +79,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gb_fedora_2008_2897_cups_fc7.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2008_2897_cups_fc7.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_fedora_2008_2897_cups_fc7.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -34,7 +34,7 @@ Vulnerability Insight: The Common UNIX Printing System provides a portable printing layer for - UNIX? operating systems. It has been developed by Easy Software Products + UNIX operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. @@ -79,4 +79,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gb_fedora_2008_3449_cups_fc7.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2008_3449_cups_fc7.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_fedora_2008_3449_cups_fc7.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -34,7 +34,7 @@ Vulnerability Insight: The Common UNIX Printing System provides a portable printing layer for - UNIX? operating systems. It has been developed by Easy Software Products + UNIX operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. @@ -79,4 +79,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gb_fedora_2008_3586_cups_fc8.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2008_3586_cups_fc8.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_fedora_2008_3586_cups_fc8.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -34,7 +34,7 @@ Vulnerability Insight: The Common UNIX Printing System provides a portable printing layer for - UNIX? operating systems. It has been developed by Easy Software Products + UNIX operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. @@ -79,4 +79,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gb_fedora_2008_3756_cups_fc9.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2008_3756_cups_fc9.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_fedora_2008_3756_cups_fc9.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -34,7 +34,7 @@ Vulnerability Insight: The Common UNIX Printing System provides a portable printing layer for - UNIX? operating systems. It has been developed by Easy Software Products + UNIX operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. @@ -79,4 +79,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gb_fedora_2008_8801_cups_fc8.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2008_8801_cups_fc8.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_fedora_2008_8801_cups_fc8.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -34,7 +34,7 @@ Vulnerability Insight: The Common UNIX Printing System provides a portable printing layer for - UNIX? operating systems. It has been developed by Easy Software Products + UNIX operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. @@ -79,4 +79,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gb_fedora_2008_8844_cups_fc9.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2008_8844_cups_fc9.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_fedora_2008_8844_cups_fc9.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -34,7 +34,7 @@ Vulnerability Insight: The Common UNIX Printing System provides a portable printing layer for - UNIX? operating systems. It has been developed by Easy Software Products + UNIX operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. @@ -79,4 +79,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gb_suse_2007_036.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_suse_2007_036.nasl 2009-11-05 11:25:48 UTC (rev 5800) +++ trunk/openvas-plugins/scripts/gb_suse_2007_036.nasl 2009-11-05 12:28:03 UTC (rev 5801) @@ -69,7 +69,7 @@ - CVE-2007-1558: - Ga??tan Leurent informed us of a weakness in APOP authentication + Gatan Leurent informed us of a weakness in APOP authentication that could allow an attacker to recover the first part of your mail password if the attacker could interpose a malicious mail server on your network masquerading as your legitimate mail server. With normal @@ -668,4 +668,4 @@ } exit(0); -} \ No newline at end of file +} From scm-commit at wald.intevation.org Thu Nov 5 16:14:53 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 5 Nov 2009 16:14:53 +0100 (CET) Subject: [Openvas-commits] r5802 - in trunk/openvas-manager: . src Message-ID: <20091105151453.59E30861EAB1@pyrosoma.intevation.org> Author: mattm Date: 2009-11-05 16:14:52 +0100 (Thu, 05 Nov 2009) New Revision: 5802 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/omp.c trunk/openvas-manager/src/tasks_sql.h Log: * src/omp.c (init_result_iterator): Include all levels if levels is NULL. Add level 'd' for type "Debug Message". Simplify the SQL if all levels are requested. * src/tasks_sql.h (omp_xml_handle_end_element): Ensure globals used for sort_field and levels attributes are cleared after commands. In CLIENT_GET_REPORT correct attribute name in error response, set levels to all levels if the attribute is NULL, add a 'd' entry in FILTERS and add a NULL check on current_name. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2009-11-05 12:28:03 UTC (rev 5801) +++ trunk/openvas-manager/ChangeLog 2009-11-05 15:14:52 UTC (rev 5802) @@ -1,5 +1,17 @@ 2009-11-05 Matthew Mundell + * src/omp.c (init_result_iterator): Include all levels if levels is NULL. + Add level 'd' for type "Debug Message". Simplify the SQL if all levels are + requested. + + * src/tasks_sql.h (omp_xml_handle_end_element): Ensure globals used for + sort_field and levels attributes are cleared after commands. In + CLIENT_GET_REPORT correct attribute name in error response, set levels + to all levels if the attribute is NULL, add a 'd' entry in FILTERS and + add a NULL check on current_name. + +2009-11-05 Matthew Mundell + * src/omp.c (latex_severity_colour): Replace openvas_text with openvas_report. (latex_header): Remove openvas_text. Match threat colours to GSA. Modified: trunk/openvas-manager/src/omp.c =================================================================== --- trunk/openvas-manager/src/omp.c 2009-11-05 12:28:03 UTC (rev 5801) +++ trunk/openvas-manager/src/omp.c 2009-11-05 15:14:52 UTC (rev 5802) @@ -3023,6 +3023,7 @@ SEND_TO_CLIENT_OR_FAIL (XML_SERVICE_DOWN ("get_nvt_details")); } openvas_free_string_var (¤t_uuid); + openvas_free_string_var (&modify_task_value); set_client_state (CLIENT_AUTHENTIC); break; @@ -3083,10 +3084,10 @@ break; } - if (current_uuid == NULL) + if (current_uuid == NULL) /* Attribute report_id. */ SEND_TO_CLIENT_OR_FAIL (XML_ERROR_SYNTAX ("get_report", - "GET_REPORT must have a current_uuid attribute")); + "GET_REPORT must have a report_id attribute")); else { report_t report; @@ -3115,7 +3116,7 @@ const char *levels; /* Attribute levels. */ - levels = modify_task_value ? modify_task_value : "hm"; + levels = modify_task_value ? modify_task_value : "hmlgd"; if (report_task (report, &task)) { @@ -3158,6 +3159,8 @@ SEND_TO_CLIENT_OR_FAIL ("Low"); if (strchr (levels, 'g')) SEND_TO_CLIENT_OR_FAIL ("Log"); + if (strchr (levels, 'd')) + SEND_TO_CLIENT_OR_FAIL ("Debug"); SENDF_TO_CLIENT_OR_FAIL ("" @@ -3245,8 +3248,9 @@ /* Ensure the buffered results are sorted. */ - if (strcmp (current_name, /* Attribute sort_field. */ - "port")) + if (current_name + && strcmp (current_name, /* Attribute sort_field. */ + "port")) { /* Sort by threat. */ if (current_int_3) /* Attribute sort_order. */ @@ -3888,6 +3892,8 @@ } openvas_free_string_var (¤t_uuid); openvas_free_string_var (¤t_format); + openvas_free_string_var (&modify_task_value); + openvas_free_string_var (¤t_name); set_client_state (CLIENT_AUTHENTIC); break; @@ -5475,6 +5481,7 @@ cleanup_task_iterator (&iterator); SEND_TO_CLIENT_OR_FAIL (""); } + openvas_free_string_var (¤t_format); set_client_state (CLIENT_AUTHENTIC); break; @@ -5654,6 +5661,7 @@ SENDF_TO_CLIENT_OR_FAIL (""); } openvas_free_string_var (¤t_name); + openvas_free_string_var (¤t_format); cleanup_iterator (&configs); SEND_TO_CLIENT_OR_FAIL (""); set_client_state (CLIENT_AUTHENTIC); @@ -5765,6 +5773,7 @@ cleanup_iterator (&targets); SEND_TO_CLIENT_OR_FAIL (""); } + openvas_free_string_var (¤t_name); set_client_state (CLIENT_AUTHENTIC); break; } @@ -5797,6 +5806,7 @@ (target_iterator_name (&targets))); cleanup_iterator (&targets); SEND_TO_CLIENT_OR_FAIL (""); + openvas_free_string_var (¤t_format); set_client_state (CLIENT_AUTHENTIC); break; } Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2009-11-05 12:28:03 UTC (rev 5801) +++ trunk/openvas-manager/src/tasks_sql.h 2009-11-05 15:14:52 UTC (rev 5802) @@ -2996,8 +2996,9 @@ * @param[in] ascending Whether to sort ascending or descending. * @param[in] sort_field Field to sort on, or NULL for "type". * @param[in] levels String describing threat levels (message types) - * to include in report (for example, "hmlg" for - * High, Medium, Low and loG). + * to include in report (for example, "hmlgd" for + * High, Medium, Low, loG and Debug). All levels if + * NULL. */ void init_result_iterator (iterator_t* iterator, report_t report, const char* host, @@ -3006,7 +3007,7 @@ { gchar* sql; if (sort_field == NULL) sort_field = "type"; - if (levels == NULL) levels = "hm"; + if (levels == NULL) levels = "hmlgd"; if (report) { GString *levels_sql = NULL; @@ -3015,52 +3016,67 @@ if (strlen (levels)) { - int first = 1; + int count = 0; /* High. */ if (strchr (levels, 'h')) { - first = 0; + count = 1; levels_sql = g_string_new (" AND (type = 'Security Hole'"); } /* Medium. */ if (strchr (levels, 'm')) { - if (first) - { - levels_sql = g_string_new (" AND (type = 'Security Warning'"); - first = 0; - } + if (count == 0) + levels_sql = g_string_new (" AND (type = 'Security Warning'"); else levels_sql = g_string_append (levels_sql, " OR type = 'Security Warning'"); + count++; } /* Low. */ if (strchr (levels, 'l')) { - if (first) - { - levels_sql = g_string_new (" AND (type = 'Security Note'"); - first = 0; - } + if (count == 0) + levels_sql = g_string_new (" AND (type = 'Security Note'"); else levels_sql = g_string_append (levels_sql, " OR type = 'Security Note'"); + count++; } /* loG. */ if (strchr (levels, 'g')) { - if (first) - levels_sql = g_string_new (" AND (type = 'Log Message')"); + if (count == 0) + levels_sql = g_string_new (" AND (type = 'Log Message'"); else levels_sql = g_string_append (levels_sql, - " OR type = 'Log Message')"); + " OR type = 'Log Message'"); + count++; } - else if (first == 0) + + /* Debug. */ + if (strchr (levels, 'd')) + { + if (count == 0) + levels_sql = g_string_new (" AND (type = 'Debug Message')"); + else + levels_sql = g_string_append (levels_sql, + " OR type = 'Debug Message')"); + count++; + } + else if (count) levels_sql = g_string_append (levels_sql, ")"); + + if (count == 5) + { + /* All levels. */ + g_string_free (levels_sql, TRUE); + levels_sql = NULL; + } } /* Allocate the query. */ From scm-commit at wald.intevation.org Fri Nov 6 08:22:44 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 6 Nov 2009 08:22:44 +0100 (CET) Subject: [Openvas-commits] r5803 - in trunk/openvas-client: . openvas/prefs_dialog Message-ID: <20091106072244.313E7861EAD4@pyrosoma.intevation.org> Author: mwiegand Date: 2009-11-06 08:22:42 +0100 (Fri, 06 Nov 2009) New Revision: 5803 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/openvas/prefs_dialog/prefs_report.c Log: Fixed an issue where the content of a report was not properly inserted into the Gtk report pane when it contained special characters and was not UTF-8 encoded. * openvas/prefs_dialog/prefs_report.c (row_activated): Convert the report contents to UTF-8 before inserting them into the text buffer. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-11-05 15:14:52 UTC (rev 5802) +++ trunk/openvas-client/ChangeLog 2009-11-06 07:22:42 UTC (rev 5803) @@ -1,3 +1,12 @@ +2009-11-06 Michael Wiegand + + Fixed an issue where the content of a report was not properly inserted + into the Gtk report pane when it contained special characters and was + not UTF-8 encoded. + + * openvas/prefs_dialog/prefs_report.c (row_activated): Convert the + report contents to UTF-8 before inserting them into the text buffer. + 2009-11-05 Felix Wolfsteller Fixed a cache issue of OMP scopes that prevented update of the cache if Modified: trunk/openvas-client/openvas/prefs_dialog/prefs_report.c =================================================================== --- trunk/openvas-client/openvas/prefs_dialog/prefs_report.c 2009-11-05 15:14:52 UTC (rev 5802) +++ trunk/openvas-client/openvas/prefs_dialog/prefs_report.c 2009-11-06 07:22:42 UTC (rev 5803) @@ -541,7 +541,15 @@ gtk_text_buffer_get_end_iter (buffer, &iter); /* Field "report" */ - gtk_text_buffer_insert (buffer, &iter, subset_nth_value (walk, 4), -1); + /* Since there is no defined standard encoding for scanner or NVTs, we + * expect the NBE to be ISO-8859-1 encoded here and convert it to UTF-8 + * like gtk_text_buffer_insert expects. */ + gsize size_dummy; + gchar* report_utf8 = g_convert (subset_nth_value (walk, 4), -1, + "UTF-8", "ISO_8859-1", + NULL, &size_dummy, NULL); + gtk_text_buffer_insert (buffer, &iter, report_utf8, -1); + g_free (report_utf8); // Add selected issue to a list, so that we can always find out which // items are viewed by the user From scm-commit at wald.intevation.org Fri Nov 6 08:45:36 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 6 Nov 2009 08:45:36 +0100 (CET) Subject: [Openvas-commits] r5804 - in trunk/openvas-manager: . src Message-ID: <20091106074536.639D6861EAD4@pyrosoma.intevation.org> Author: felix Date: 2009-11-06 08:45:35 +0100 (Fri, 06 Nov 2009) New Revision: 5804 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/omp.c Log: * src/omp.c (latex_print_text): New, extracted from latex_escape_text. Writes to file directly (bufferless) in contrast to memory. (latex_escape_text): Added todo, function might be obsolete. (print_report_latex): Use (new) latex_print_text. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2009-11-06 07:22:42 UTC (rev 5803) +++ trunk/openvas-manager/ChangeLog 2009-11-06 07:45:35 UTC (rev 5804) @@ -1,3 +1,10 @@ +2009-11-06 Felix Wolfsteller + + * src/omp.c (latex_print_text): New, extracted from latex_escape_text. + Writes to file directly (bufferless) in contrast to memory. + (latex_escape_text): Added todo, function might be obsolete. + (print_report_latex): Use (new) latex_print_text. + 2009-11-05 Matthew Mundell * src/omp.c (init_result_iterator): Include all levels if levels is NULL. @@ -33,8 +40,7 @@ (omp_xml_handle_end_element): For the XML report, include the filtering and sorting info in the response, add a port summary section. Pass sorting and filtering attributes to init_result_iterator. - -omp_xml_handle_end_element): In CLIENT_GET_CONFIGS send OID + (omp_xml_handle_end_element): In CLIENT_GET_CONFIGS send OID with NVT in PREFERENCE. 2009-11-04 Felix Wolfsteller Modified: trunk/openvas-manager/src/omp.c =================================================================== --- trunk/openvas-manager/src/omp.c 2009-11-06 07:22:42 UTC (rev 5803) +++ trunk/openvas-manager/src/omp.c 2009-11-06 07:45:35 UTC (rev 5804) @@ -2119,6 +2119,8 @@ * Replace LaTeX special characters with LaTeX equivalents. * * @return A newly allocated version of text. + * + * @todo Evaluate whether there will be use for this function. */ static gchar* latex_escape_text (const char *text) @@ -2196,6 +2198,81 @@ } /** + * @brief Writes \ref text to \ref file, escaping characters on the fly. + * + * @param[in] file File descriptor to write to. + * @param[out] text Text to write to file, while escaping 'special' + * characters. + */ +static void +latex_print_text (FILE* file, const char* text) +{ + const char* pos = text; + while (*pos) + { + switch (*pos) + { + case '\\': + // Look ahead + ++pos; + // Skip "\r" + if (*pos && *pos == 'r') + break; /* skip */ + // Replace "\n" by '\n''\n' + else if (*pos && *pos == 'n') + { + fputc ('\n', file); + fputc ('\n', file); + break; + } + --pos; + // No escaped special char. + fputs ("$\\backslash$", file); + break; + /** @todo following cases simply place a backslash ('\') in front of + * the character to be escaped. simplification possible? + * case '%': + * //... + * case '$': + * fputc ('&', file); + * fputc (*pos, file); + * break; + * default: //... + */ + case '#': + fputs ("\\#", file); + break; + case '$': + fputs ("\\$", file); + break; + case '%': + fputs ("\\%", file); + break; + case '&': + fputs ("\\&", file); + break; + case '{': + fputs ("\\{", file); + break; + case '}': + fputs ("\\}", file); + break; + case '_': + fputs ("\\_", file); + break; + case '^': + fputs ("\\^", file); + break; + default: + fputc (*pos, file); + break; + } + ++pos; + } +} + + +/** * @brief Convert \n's to real newline's. * * @return A newly allocated version of text. @@ -2544,11 +2621,8 @@ // FIX severity ordering is alphabetical on severity name while (next (&results)) { - gchar *descr; const char *severity; - descr = latex_escape_text (result_iterator_descr (&results)); - if (last_port == NULL || strcmp (last_port, result_iterator_port (&results))) { @@ -2580,8 +2654,12 @@ fprintf (out, "\\hline\n" "\\rowcolor%s%s\\\\\n" - "\\hline\n" - "%s\\\\\n" + "\\hline\n", + latex_severity_colour (severity), + latex_severity_heading (severity)); + latex_print_text (out, result_iterator_descr (&results)); + fprintf (out, + "\\\\\n" "OID of test routine: %s\\\\\n" "\\hline\n" "\\end{tabularx}\n" @@ -2589,12 +2667,8 @@ "\n" "\\begin{tabular}{l}\n" "\\begin{tabularx}{\\textwidth * 1}{|X|}\n", - latex_severity_colour (severity), - latex_severity_heading (severity), - descr, result_iterator_nvt (&results)); - g_free (descr); } if (last_port) { From scm-commit at wald.intevation.org Fri Nov 6 09:46:44 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 6 Nov 2009 09:46:44 +0100 (CET) Subject: [Openvas-commits] r5805 - in trunk/openvas-manager: . src Message-ID: <20091106084644.D2AAA852DB25@pyrosoma.intevation.org> Author: felix Date: 2009-11-06 09:46:43 +0100 (Fri, 06 Nov 2009) New Revision: 5805 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/omp.c Log: Improved pdf report generation: Use longtable environment for issues (like security hole, security warning etc.) to allow for tables across multiple pages. For tables to break across pages, text in the tables has to be put in multiple rows. Some issues persist, added respective todos. * src/omp.c (latex_print_text): Replace "\n" by linebreak/ row-termination "\\" instead of two newlines (print_report_latex): Use longtable instead of tabularx environment, added todos. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2009-11-06 07:45:35 UTC (rev 5804) +++ trunk/openvas-manager/ChangeLog 2009-11-06 08:46:43 UTC (rev 5805) @@ -1,5 +1,18 @@ 2009-11-06 Felix Wolfsteller + Improved pdf report generation: Use longtable environment for issues + (like security hole, security warning etc.) to allow for tables across + multiple pages. For tables to break across pages, text in the tables + has to be put in multiple rows. + Some issues persist, added respective todos. + + * src/omp.c (latex_print_text): Replace "\n" by linebreak/ + row-termination "\\" instead of two newlines + (print_report_latex): Use longtable instead of tabularx environment, + added todos. + +2009-11-06 Felix Wolfsteller + * src/omp.c (latex_print_text): New, extracted from latex_escape_text. Writes to file directly (bufferless) in contrast to memory. (latex_escape_text): Added todo, function might be obsolete. Modified: trunk/openvas-manager/src/omp.c =================================================================== --- trunk/openvas-manager/src/omp.c 2009-11-06 07:45:35 UTC (rev 5804) +++ trunk/openvas-manager/src/omp.c 2009-11-06 08:46:43 UTC (rev 5805) @@ -2200,6 +2200,11 @@ /** * @brief Writes \ref text to \ref file, escaping characters on the fly. * + * Function to be used to print text to latex documents in a longtable + * environment. + * Newlines will be replaced by row/line breaks, thus might cause trouble in + * non- tabular environments. + * * @param[in] file File descriptor to write to. * @param[out] text Text to write to file, while escaping 'special' * characters. @@ -2217,12 +2222,11 @@ ++pos; // Skip "\r" if (*pos && *pos == 'r') - break; /* skip */ - // Replace "\n" by '\n''\n' + break; + // Replace "\n" by row/line break else if (*pos && *pos == 'n') { - fputc ('\n', file); - fputc ('\n', file); + fputs ("\\\\", file); break; } --pos; @@ -2382,6 +2386,7 @@ "\\usepackage{tabularx}\n" "\\usepackage{geometry}\n" "\\usepackage{comment}\n" + "\\usepackage{longtable}\n" "\\usepackage{titlesec}\n" "\\usepackage{chngpage}\n" "\\usepackage{calc}\n" @@ -2443,6 +2448,14 @@ * @param[in] sort_field Field to sort on, or NULL for "type". * * @return 0 on success, else -1 with errno set. + * + * @todo Lines of issue texts (descriptions of message like "security hole") + * are printed as rows. This will lead to trouble if a single issue line + * does not fit on a whole page, because page breaks can only be inserted + * _between_ rows. Consider using the verbatim environment with manually + * added row breaks after a certain number of characters. + * @todo Use more features of the longtable environment, e.g. declare table + * headings and "continues/d on/from next/previous page" texts. */ static int print_report_latex (report_t report, gchar* latex_file, int ascending, @@ -2629,11 +2642,10 @@ if (last_port) { fprintf (out, - "\\end{tabularx}\\\\\n" + "\\end{longtable}\n" "\\begin{footnotesize}" "\\hyperref[host:%s]{[ return to %s ]}\n" - "\\end{footnotesize}" - "\\end{tabular}\n", + "\\end{footnotesize}\n", host, host); g_free (last_port); @@ -2642,8 +2654,7 @@ fprintf (out, "\\subsubsection{%s}\n" "\\label{port:%s %s}\n\n" - "\\begin{tabular}{l}\n" - "\\begin{tabularx}{\\textwidth * 1}{|X|}\n", + "\\begin{longtable}{|p{\\textwidth * 1}|}\n", result_iterator_port (&results), host_iterator_host (&hosts), result_iterator_port (&results)); @@ -2662,11 +2673,9 @@ "\\\\\n" "OID of test routine: %s\\\\\n" "\\hline\n" - "\\end{tabularx}\n" - "\\end{tabular}\n" + "\\end{longtable}\n" "\n" - "\\begin{tabular}{l}\n" - "\\begin{tabularx}{\\textwidth * 1}{|X|}\n", + "\\begin{longtable}{|p{\\textwidth * 1}|}\n", result_iterator_nvt (&results)); } @@ -2675,11 +2684,10 @@ g_free (last_port); fprintf (out, - "\\end{tabularx}\n\\\\" + "\\end{longtable}\n" "\\begin{footnotesize}" "\\hyperref[host:%s]{[ return to %s ]}" - "\\end{footnotesize}\n" - "\\end{tabular}\n", + "\\end{footnotesize}\n", host, host); } From scm-commit at wald.intevation.org Fri Nov 6 12:41:12 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 6 Nov 2009 12:41:12 +0100 (CET) Subject: [Openvas-commits] r5806 - in trunk/openvas-plugins: . scripts Message-ID: <20091106114112.81C6A852FE9D@pyrosoma.intevation.org> Author: mime Date: 2009-11-06 12:41:10 +0100 (Fri, 06 Nov 2009) New Revision: 5806 Added: trunk/openvas-plugins/scripts/novell_edirectory_detect.nasl Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/ping_host.nasl Log: Added new plugin Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-11-06 08:46:43 UTC (rev 5805) +++ trunk/openvas-plugins/ChangeLog 2009-11-06 11:41:10 UTC (rev 5806) @@ -1,3 +1,12 @@ +2009-11-06 Michael Meyer + + * scripts/novell_edirectory_detect.nasl: + Added new plugin. + + * scripts/ping_host.nasl: + Set "Mark unrechable Hosts as dead" to "no" by default. Added + some data to ICMP-Packet. + 2009-11-05 Chandrashekhar B * scripts/gb_suse_2007_036.nasl, Added: trunk/openvas-plugins/scripts/novell_edirectory_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/novell_edirectory_detect.nasl 2009-11-06 08:46:43 UTC (rev 5805) +++ trunk/openvas-plugins/scripts/novell_edirectory_detect.nasl 2009-11-06 11:41:10 UTC (rev 5806) @@ -0,0 +1,113 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# Novell eDirectory Detection +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +# need desc here to modify it later in script. +desc = "Overview: +This host is running Novell eDirectory server. + +Risk factor : None"; + +if (description) +{ + script_id(100339); + script_version ("1.0-$Revision$"); + + script_name("Novell eDirectory Detection"); + script_description(desc); + script_summary("Checks for the presence of Novell eDirectory"); + script_category(ACT_GATHER_INFO); + script_family("Service detection"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("ldap_detect.nasl"); + script_require_ports("Services/ldap", 389); + exit(0); +} + +include("misc_func.inc"); +include("dump.inc"); +include("global_settings.inc"); + +port = get_kb_item("Services/ldap"); +if(!get_port_state(port))exit(0); + +soc = open_sock_tcp(port); +if(!soc)exit(0); + +req = +raw_string(0x30,0x25,0x02,0x01,0x01,0x63,0x20,0x04,0x00,0x0a,0x01,0x00,0x0a,0x01,0x00,0x02, + 0x01,0x00,0x02,0x01,0x00,0x01,0x01,0x00,0x87,0x0b,0x6f,0x62,0x6a,0x65,0x63,0x74, + 0x43,0x6c,0x61,0x73,0x73,0x30,0x00); + +send(socket:soc, data:req); +data = recv(socket:soc, length:5000); + +if( data == NULL ) exit(0); +close(soc); + +len = strlen (data); + +if(len <32)exit(0); + +linenumber = len / 16; + +for (i=0;i<=linenumber;i++) { + for (j=0;j<16;j++) { + if ((i*16+j)< len) { + if(ord(data[i*16+j]) == "48" && ord(data[i*16+j+2]) == '4') { + str += "#"; + } else { + c = data[i*16+j]; + if (isprint (c:c)) { + str += c; + } + } + } + } +} + + if("eDirectory" >< str ) { + version = eregmatch(string:str, pattern:"LDAP Agent for Novell eDirectory ([0-9.]+ ([^#]+)?)"); + if(!isnull(version[1])) { + set_kb_item(name:string("ldap/",port,"/eDirectory"), value:version[1]); + + info = string("None\n\nNovell eDirectory Version '"); + info += string(version[1]); + info += string("' was detected on the remote host\n"); + + desc = ereg_replace( + string:desc, + pattern:"None$", + replace:info + ); + } + if(report_verbosity > 0) { + security_note(port:port,data:desc); + exit(0); + } + } + +exit(0); + Property changes on: trunk/openvas-plugins/scripts/novell_edirectory_detect.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Modified: trunk/openvas-plugins/scripts/ping_host.nasl =================================================================== --- trunk/openvas-plugins/scripts/ping_host.nasl 2009-11-06 08:46:43 UTC (rev 5805) +++ trunk/openvas-plugins/scripts/ping_host.nasl 2009-11-06 11:41:10 UTC (rev 5806) @@ -42,19 +42,29 @@ script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); script_add_preference(name:"Report about unrechable Hosts", type:"checkbox", value:"no"); - script_add_preference(name:"Mark unrechable Hosts as dead (not scanning)", type:"checkbox", value:"yes"); + script_add_preference(name:"Mark unrechable Hosts as dead (not scanning)", type:"checkbox", value:"no"); exit(0); } set_kb_item(name: "/tmp/start_time", value: unixtime()); if(islocalhost())exit(0); +if(TARGET_IS_IPV6)exit(0); +mark_dead = script_get_preference("Mark unrechable Hosts as dead (not scanning)"); +if("no" >< mark_dead)exit(0); + # Try ICMP (Ping) first ICMP_ECHO_REQUEST = 8; IP_ID = 0xBABA; ICMP_ID = rand() % 65536; +data = +raw_string(0x0c,0xf5,0xf3,0x4a,0x88,0x39,0x08,0x00,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f, + 0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f, + 0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28,0x29,0x2a,0x2b,0x2c,0x2d,0x2e,0x2f, + 0x30,0x31,0x32,0x33,0x34,0x35,0x36,0x37); + ip_packet = forge_ip_packet(ip_tos : 6, ip_id : IP_ID, @@ -67,6 +77,7 @@ icmp_code : 123, icmp_seq : 256, icmp_id : ICMP_ID, + data : data, ip : ip_packet); attempt = 2; ret = NULL; @@ -89,7 +100,6 @@ # Host seems to be dead. report_dead = script_get_preference("Report about unrechable Hosts"); -mark_dead = script_get_preference("Mark unrechable Hosts as dead (not scanning)"); if("yes" >< report_dead) { data = string("The remote host ", get_host_ip(), " is considered as dead.\nOpenVAS has not scanned this host.\n"); From scm-commit at wald.intevation.org Fri Nov 6 22:19:21 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 6 Nov 2009 22:19:21 +0100 (CET) Subject: [Openvas-commits] r5807 - in trunk/gsa: . src/html/src src/html/src/img Message-ID: <20091106211921.44825865999E@pyrosoma.intevation.org> Author: jan Date: 2009-11-06 22:19:19 +0100 (Fri, 06 Nov 2009) New Revision: 5807 Added: trunk/gsa/src/html/src/about.htm4 trunk/gsa/src/html/src/gplv2.htm4 trunk/gsa/src/html/src/img/ascending_inactive.png trunk/gsa/src/html/src/img/descending_inactive.png trunk/gsa/src/html/src/img/edit.png trunk/gsa/src/html/src/img/edit_inactive.png Modified: trunk/gsa/ChangeLog Log: * src/html/src/about.htm4, src/html/src/gplv2.htm4: New. * src/html/src/img/edit_inactive.png, src/html/src/img/ascending_inactive.png, src/html/src/img/edit.png, src/html/src/img/descending_inactive.png: New. Modified: trunk/gsa/ChangeLog =================================================================== --- trunk/gsa/ChangeLog 2009-11-06 11:41:10 UTC (rev 5806) +++ trunk/gsa/ChangeLog 2009-11-06 21:19:19 UTC (rev 5807) @@ -1,3 +1,11 @@ +2009-11-06 Jan-Oliver Wagner + + * src/html/src/about.htm4, src/html/src/gplv2.htm4: New. + + * src/html/src/img/edit_inactive.png, + src/html/src/img/ascending_inactive.png, src/html/src/img/edit.png, + src/html/src/img/descending_inactive.png: New. + 2009-11-04 Jan-Oliver Wagner * src/html/src/img/descending.png, src/html/src/img/ascending.png: New. Added: trunk/gsa/src/html/src/about.htm4 =================================================================== --- trunk/gsa/src/html/src/about.htm4 2009-11-06 11:41:10 UTC (rev 5806) +++ trunk/gsa/src/html/src/about.htm4 2009-11-06 21:19:19 UTC (rev 5807) @@ -0,0 +1,42 @@ +m4_define(`PAGE_TITLE', `About GSA') +m4_include(`header.m4') + + + + +

Greenbone Security Assistant Version 0.7.4

+ +

+The Greenbone Security Assistant is a web-based graphical +user interface for OpenVAS Manager. It offers a straight-forward, +yet powerful method to manage network vulnerability scans. +

+ +

+Copyright 2009 by Greenbone Networks GmbH, +www.greenbone.net +

+ +

+License: GNU General Public License version 2 or any later version +(full license text) +

+ +

+Contact: For updates, feature proposals and bug reports please +contact info at greenbone.net. +

+ +

+Main Authors (in alphabetical order): +

+ +
    +
  • Matthew Mundell +
  • Karl-Heinz Ruskowski +
  • Jan-Oliver Wagner +
  • Michael Wiegand +
  • Felix Wolfsteller +
+ +m4_include(`footer.m4') Added: trunk/gsa/src/html/src/gplv2.htm4 =================================================================== --- trunk/gsa/src/html/src/gplv2.htm4 2009-11-06 11:41:10 UTC (rev 5806) +++ trunk/gsa/src/html/src/gplv2.htm4 2009-11-06 21:19:19 UTC (rev 5807) @@ -0,0 +1,347 @@ +m4_define(`PAGE_TITLE', `GNU General Public License Version 2') +m4_include(`header.m4') + +
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+     51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+		     END OF TERMS AND CONDITIONS
+
+	    How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    
+    Copyright (C)   
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) year  name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+  , 1 April 1989
+  Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs.  If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library.  If this is what you want to do, use the GNU Library General
+Public License instead of this License.
+
+ +m4_include(`footer.m4') Added: trunk/gsa/src/html/src/img/ascending_inactive.png =================================================================== (Binary files differ) Property changes on: trunk/gsa/src/html/src/img/ascending_inactive.png ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/gsa/src/html/src/img/descending_inactive.png =================================================================== (Binary files differ) Property changes on: trunk/gsa/src/html/src/img/descending_inactive.png ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/gsa/src/html/src/img/edit.png =================================================================== (Binary files differ) Property changes on: trunk/gsa/src/html/src/img/edit.png ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/gsa/src/html/src/img/edit_inactive.png =================================================================== (Binary files differ) Property changes on: trunk/gsa/src/html/src/img/edit_inactive.png ___________________________________________________________________ Name: svn:mime-type + application/octet-stream From scm-commit at wald.intevation.org Fri Nov 6 23:15:39 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 6 Nov 2009 23:15:39 +0100 (CET) Subject: [Openvas-commits] r5808 - in trunk/gsa: . src src/html/src/help Message-ID: <20091106221539.0B0D0865999E@pyrosoma.intevation.org> Author: jan Date: 2009-11-06 23:15:38 +0100 (Fri, 06 Nov 2009) New Revision: 5808 Added: trunk/gsa/src/html/src/help/reports.htm4 Modified: trunk/gsa/ChangeLog trunk/gsa/src/validator.c trunk/gsa/src/validator.h Log: * src/html/src/help/reports.htm4: New. * src/validator.c (openvas_validator_alias): New. (openvas_validate): Some more tracef-calls. * src/validator.h: Add proto accordingly. Modified: trunk/gsa/ChangeLog =================================================================== --- trunk/gsa/ChangeLog 2009-11-06 21:19:19 UTC (rev 5807) +++ trunk/gsa/ChangeLog 2009-11-06 22:15:38 UTC (rev 5808) @@ -1,5 +1,14 @@ 2009-11-06 Jan-Oliver Wagner + * src/html/src/help/reports.htm4: New. + + * src/validator.c (openvas_validator_alias): New. + (openvas_validate): Some more tracef-calls. + + * src/validator.h: Add proto accordingly. + +2009-11-06 Jan-Oliver Wagner + * src/html/src/about.htm4, src/html/src/gplv2.htm4: New. * src/html/src/img/edit_inactive.png, Added: trunk/gsa/src/html/src/help/reports.htm4 =================================================================== --- trunk/gsa/src/html/src/help/reports.htm4 2009-11-06 21:19:19 UTC (rev 5807) +++ trunk/gsa/src/html/src/help/reports.htm4 2009-11-06 22:15:38 UTC (rev 5808) @@ -0,0 +1,145 @@ +m4_define(`PAGE_TITLE', `Help: Reports') +m4_include(`header.m4') + + +
+ + +

Task Summary

+ +

+This information dialog lists name, status and number of reports for +the task for which the report list is shown below. +

+ + +

Reports

+ +

+This table provides on overview on all +reports +for the selected task (see Task Summary box). +

+ + + + + + + + + + + + + + + + + + + + + + +
ColumnDescription
ReportShows the time stamp for the report. This indicates + when the scan finished and the final report + was created.
ThreatThreat level of the report. These levels + can occur: +
+ + + + + + + + + + + + + + +
+ High: At least one NVT reported severity "High" for at least one + target host in the report. +
+ Medium: Severity "High" does not occur in the + report. At least one NVT reported severity "Medium" + for at least one target host in the report. +
+ Low: Neither severity "High" nor "Medium" occurs in the report. + At least one NVT reported severity "Low" for at + least one target host in the report. +
+ None: The report does not contain a single severe finding. This could + also mean that the scan was interrupted or failed, especially if + even no log information occur in the report. +
+
Scan ResultsThis column lists the number + of occurances for each severity level. +
+ + + + + +
High + The number of issues of severity "High" found during the scan. +
Medium + The number of issues of severity "Medium" found during the scan. +
Low + The number of issues of severity "Low" found during the scan. +
Log + The number of log-entries that occured during the scan. +
+
DownloadThis field offers to download the report in various formats: +
+ + + + + +
PDF: + A single PDF file is created from the report details. +
HTML: + A single HTML file is created from the report details. + This is similar to the page created via action "Details" + but is an self-contained document that could be viewed + independent of GSA. +
XML: + A single XML file is created from the report details. + This should be the basis for creating your own style + for a report or post-process the results in other ways. +
NBE: + A single NBE file is created. This format is supported + by OpenVAS-Client and in the past often used for + post-processing the results. It is offered primarily + for compatibility purposes. It is recommended to + set up post-processing based on the XML file, not + based on the NBE file. +
+
+ + +

Actions

+ +

Details

+ +

+Pressing the details icon +Details will +display all report details on a new page +View Report. +

+ +

Delete Report

+ +

+Pressing the delete icon Delete will +remove the report immediately. The list of reports will be updated. +

+ +m4_include(`footer.m4') Modified: trunk/gsa/src/validator.c =================================================================== --- trunk/gsa/src/validator.c 2009-11-06 21:19:19 UTC (rev 5807) +++ trunk/gsa/src/validator.c 2009-11-06 22:15:38 UTC (rev 5808) @@ -79,6 +79,32 @@ } /** + * @brief Make an alias for a rule name. + * + * @param validator Validator to add alias to. + * @param alias Name of alias for rule. + * @param name Name of the rule. + * + * @return 0 success, -1 error. + */ +int +openvas_validator_alias (validator_t validator, + const char *alias, + const char *name) +{ + gpointer key, regex; + + if (g_hash_table_lookup_extended (validator, name, &key, ®ex)) + { + g_hash_table_insert (validator, + (gpointer) g_strdup (alias), + (gpointer) (regex ? g_strdup (regex) : NULL)); + return 0; + } + return -1; +} + +/** * @brief Validate a string for a given rule. * * @param validator Validator to validate from. @@ -93,6 +119,8 @@ { gpointer key, regex; + tracef ("%s: name %s value %s", __FUNCTION__, name, value); + if (g_hash_table_lookup_extended (validator, name, &key, ®ex)) { if (regex == NULL) @@ -106,6 +134,12 @@ return 2; } + if (value == NULL) + { + tracef ("%s: failed to match, value NULL", __FUNCTION__); + return 2; + } + tracef ("matching <%s> against <%s>: ", (char *) regex, value); if (g_regex_match_simple ((const gchar *) regex, (const gchar *) value, @@ -119,7 +153,7 @@ return 2; } - tracef ("%s: failed to find name", __FUNCTION__); + tracef ("%s: failed to find name: %s", __FUNCTION__, name); return 1; } Modified: trunk/gsa/src/validator.h =================================================================== --- trunk/gsa/src/validator.h 2009-11-06 21:19:19 UTC (rev 5807) +++ trunk/gsa/src/validator.h 2009-11-06 22:15:38 UTC (rev 5808) @@ -41,6 +41,7 @@ validator_t openvas_validator_new (); void openvas_validator_add (validator_t, const char *, const char *); +int openvas_validator_alias (validator_t, const char *, const char *); int openvas_validate (validator_t, const char *, const char *); void openvas_validator_free (validator_t); From scm-commit at wald.intevation.org Fri Nov 6 23:26:23 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 6 Nov 2009 23:26:23 +0100 (CET) Subject: [Openvas-commits] r5809 - in trunk/gsa: . src Message-ID: <20091106222623.E79C1852FE9D@pyrosoma.intevation.org> Author: jan Date: 2009-11-06 23:26:23 +0100 (Fri, 06 Nov 2009) New Revision: 5809 Modified: trunk/gsa/ChangeLog trunk/gsa/src/gsad_base.c trunk/gsa/src/gsad_base.h Log: * src/gsad_base.h, src/gsad_base.c: Cleanups and documentation. Modified: trunk/gsa/ChangeLog =================================================================== --- trunk/gsa/ChangeLog 2009-11-06 22:15:38 UTC (rev 5808) +++ trunk/gsa/ChangeLog 2009-11-06 22:26:23 UTC (rev 5809) @@ -1,5 +1,9 @@ 2009-11-06 Jan-Oliver Wagner + * src/gsad_base.h, src/gsad_base.c: Cleanups and documentation. + +2009-11-06 Jan-Oliver Wagner + * src/html/src/help/reports.htm4: New. * src/validator.c (openvas_validator_alias): New. Modified: trunk/gsa/src/gsad_base.c =================================================================== --- trunk/gsa/src/gsad_base.c 2009-11-06 22:15:38 UTC (rev 5808) +++ trunk/gsa/src/gsad_base.c 2009-11-06 22:26:23 UTC (rev 5809) @@ -29,6 +29,9 @@ * @brief Base functionality of GSA. */ +/** + * @brief Location of XSL file. + */ #define XSL_PATH GSA_STATE_DIR "/gsad.xsl" #include "gsad_base.h" @@ -78,7 +81,7 @@ doc = xmlParseMemory (xml_text, strlen (xml_text)); res = xsltApplyStylesheet (cur, doc, NULL); - if (cur == NULL) + if (res == NULL) { g_error ("Failed to apply stylesheet " XSL_PATH); abort (); @@ -100,19 +103,19 @@ * * @todo Make it accept formatted strings. * - * @param title The title for the message. - * It should contain a error code. - * By convention these code ranges are reserved: - * 1NNN: Problems with manager daemon - * 2NNN: Problems with gsad - * 3NNN: Problems with administrator daemon + * @param[in] title The title for the message. + * It should contain a error code. + * By convention these code ranges are reserved: + * 1NNN: Problems with manager daemon + * 2NNN: Problems with gsad + * 3NNN: Problems with administrator daemon * - * @param msg The response message. + * @param[in] msg The response message. * - * @param backurl The URL offered to get back to a sane situation. - * If NULL, a default is used. + * @param[in] backurl The URL offered to get back to a sane situation. + * If NULL, a default is used. * - * @return A HTML document as string. + * @return An HTML document as a string. */ char * gsad_message (const char *title, const char *msg, const char *backurl) Modified: trunk/gsa/src/gsad_base.h =================================================================== --- trunk/gsa/src/gsad_base.h 2009-11-06 22:15:38 UTC (rev 5808) +++ trunk/gsa/src/gsad_base.h 2009-11-06 22:26:23 UTC (rev 5809) @@ -26,7 +26,7 @@ /** * @file gsad_base.h - * @brief Headers/structs used generally in GSA + * @brief Headers/structs used generally in GSA. */ #ifndef _GSAD_BASE_H @@ -46,8 +46,8 @@ */ typedef struct { - char *username; - char *password; + char *username; ///< Name of user. + char *password; ///< User's password. } credentials_t; char * xsl_transform (const char *); From scm-commit at wald.intevation.org Sat Nov 7 00:36:27 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Sat, 7 Nov 2009 00:36:27 +0100 (CET) Subject: [Openvas-commits] r5810 - in trunk/gsa: . src/html/src src/html/src/help Message-ID: <20091106233627.A021D865F4A4@pyrosoma.intevation.org> Author: jan Date: 2009-11-07 00:36:26 +0100 (Sat, 07 Nov 2009) New Revision: 5810 Added: trunk/gsa/src/html/src/gsa-style.css trunk/gsa/src/html/src/help/view_report.htm4 Modified: trunk/gsa/ChangeLog Log: * src/html/src/gsa-style.css, src/html/src/help/view_report.htm4: New. Modified: trunk/gsa/ChangeLog =================================================================== --- trunk/gsa/ChangeLog 2009-11-06 22:26:23 UTC (rev 5809) +++ trunk/gsa/ChangeLog 2009-11-06 23:36:26 UTC (rev 5810) @@ -1,3 +1,7 @@ +2009-11-07 Jan-Oliver Wagner + + * src/html/src/gsa-style.css, src/html/src/help/view_report.htm4: New. + 2009-11-06 Jan-Oliver Wagner * src/gsad_base.h, src/gsad_base.c: Cleanups and documentation. Added: trunk/gsa/src/html/src/gsa-style.css =================================================================== --- trunk/gsa/src/html/src/gsa-style.css 2009-11-06 22:26:23 UTC (rev 5809) +++ trunk/gsa/src/html/src/gsa-style.css 2009-11-06 23:36:26 UTC (rev 5810) @@ -0,0 +1,457 @@ +/* + * Greenbone Security Assistant + * $Id$ + * Description: HTML stylesheet + * + * Authors: + * Matthew Mundell + * Karl-Heinz Ruskowski + * Jan-Oliver Wagner + * + * Copyright: + * Copyright (C) 2009 Greenbone Networks GmbH + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2, + * or, at your option, any later version as published by the Free + * Software Foundation + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +body { + background-color: #FFFFFF; + margin: 0px; + font: small Verdana, sans-serif; + font-size: 12px; + color: #1A1A1A; +} + +a { + color: blue; +} + +img { + border: 0px; +} + +h1 { + font-size: 20px; +} + +h2 { + font-size: 18px; +} + +h3 { + font-size: 16px; +} + +h4 { + font-size:14px; + margin-bottom:0px; +} + +form { + font-size: 12px; +} + +table { + font-size: 12px; +} + +.envelope { + width: 98%; + max-width:900px; +} + +p { + margin-left:5px; +} + +.actionbar { + background-color: #1A1A1A; + height: 77px; + border-top: 3px solid #70C000; + border-left: 3px solid #70C000; + padding-top:3px; + padding-left:3px; +} + +.task { + background-color: #FFFFFF; + height: 50px; + padding: 5px; +} + +.task_odd { + background-color: #d5d5d5; + margin-top: 1px; + height: 50px; + padding: 5px; +} + +.error { + text-align: center; + background-color: #FFFF99; + border: 3px solid #CC0000; + margin: 10px; +} + +/* BEGIN Greenbone Progress Bar */ + +.progressbar_box { + margin-left:0px; + margin-top:0px; + float:left; + + height:12px; + width:100px; + background: #454545 url('img/p_bar_bg.png'); + vertical-align:middle; + text-align:center; + border:1px solid #999999; +} + +.progressbar_bar { + height:12px; + background:#70C000 url('img/p_bar.png'); +} + +.progressbar_bar_done { + height: 12px; + background:#CCCCCC url('img/p_bar_done.png'); +} + +.progressbar_bar_new { + height: 12px; + background: #df8e31 url('img/p_bar_new.png'); +} + +.progressbar_bar_error { + height: 12px; + background: #bd3309 url('img/p_bar_error.png'); +} + +.progressbar_bar_request { + height: 12px; + background: #bd8634 url('img/p_bar_request.png'); +} + +.progressbar_text { + z-index:1; + position:relative; + top:-12px; + font-weight:bold; + color:#FFFFFF; + font-size:9px; +} + +/* END Greenbone Progress Bar */ + +/* BEGIN Greenbone Tables */ + +table.gbntable { + text-align:left; + width: 100%; + margin-bottom: 20px; +} + +.gbntable th { + background-color: #70C000; +} + +/* green row */ +.gbntablehead1 td{ + text-align: left; + background-color: #70C000; + color: #FFFFFF; + font-weight: bold; +} + +/* dark grey row */ +.gbntablehead2 td { + text-align:left; + background-color: #3A3A3A; + color: #FFFFFF; + font-weight: bold; +} + +tr.odd { + text-align:left; + background-color: #EEEEEE; +} + +/* END Greenbone Tables */ + +/* BEGIN Window decorations */ + +.gb_window { +} + +.gb_window_part_left { + background: url('img/style/window_dec_a.png') no-repeat; + width:6px; + height:32px; + float:left; + margin:0px; +} + +.gb_window_part_center { + background: url('img/style/window_dec_b.png') repeat-x; + height: 32px; + color: #FFFFFF; + font-weight: bold; + padding-top:5px; + text-align:left; + margin:0px; + font-size:13px; +} + +.gb_window_part_right { + background: url('img/style/window_dec_c.png') no-repeat; + width: 76px; + height: 32px; + float: right; + margin:0px; +} + +.gb_window_part_content { + background: #f9f9f9; + border: 1px solid #7c7c7c; + border-top: none; + padding: 5px; + text-align: left; + position:relative; + top:-5px; + font-size:12px; +} + +.gb_window_part_content_no_pad { + background: #f9f9f9; + border: 1px solid #7c7c7c; + border-top: none; + position:relative; + top:-5px; +} + +.gb_window_error { +} + +.gb_window_part_left_error { + background: url('img/style/window_dec_a_error.png') no-repeat; + width:6px; + height:32px; + float:left; + margin:0px; +} + +.gb_window_part_center_error { + background: url('img/style/window_dec_b_error.png') repeat-x; + height: 32px; + color: #FFFFFF; + font-weight: bold; + padding-top:5px; + text-align:left; + margin:0px; + font-size:13px; +} + +.gb_window_part_right_error { + background: url('img/style/window_dec_c_error.png') no-repeat; + width: 76px; + height: 32px; + float: right; + margin:0px; +} + +.gb_window_part_content_error { + background: #fffac7; + border: 1px solid #7c7c7c; + border-top: none; + padding: 5px; + text-align: left; + position:relative; + top:-5px; + font-size:12px; +} + +/* END Window decorations */ + +/* Logo Bar */ +.logo_l { + float:left; + margin:0px; +} + +.logo_r { + float:right; + background: url('img/style/logo_r.png'); + height: 51px; + width: 9px; +} + +.logo_m { + background: url('img/style/logo_m.png'); + height: 51px; +} + +/* Logout panel */ +.logout_panel { + color:#FFFFFF; + float:right; + margin: 3px; + vertical-align:top; +} + +.logout_panel a { + color: #FFFFFF; +} + +/* Miniicons */ +.mini_i { + float:left; + margin-right:3px; +} + +/* BEGIN Navigation */ + +#nav ul { + text-align:left; + font-size:12px; + list-style:none; + padding:0px; + margin: 0px; +} + +#nav li { + padding:3px; + text-align:left; + padding-left:12px; + margin-left:2px; + color: #313131; + font-weight:bold; + background:url('img/bullet.png') no-repeat 0px 6px #f9f9f9; +} + +#nav a { + display:block; + text-align:left; + color: #313131; + font-weight:bold; +} + +#nav a:hover { +} + +#nav li li { + background:url('img/bullet2.png') no-repeat 0px 8px #EEEEEE; + text-align:left; +} + +#nav li li a { +} + +/* END Navigation */ + +/* BEGIN Lists */ + +#list ul { + list-style:none; + padding:0px; + margin: 0px; + padding-left:4px; + margin-left:4px; +} + +#list li { + padding:4px; + padding-left:13px; + margin-left:8px; + background:url('img/bullet.png') no-repeat 0px 9px; + border:0px; +} + +#list li li { +} + +#list a { +} + +/* END Lists */ + +#download ul { + font-size:12px; + list-style:none; + padding:0px; + margin: 0px; +} + +#download li { +} + +#download a { + padding:8px; + padding-left:21px; + margin-left:8px; + background:url('img/download.png') no-repeat 0px 9px; +} + +/* Small Form */ + +#small_form select, #small_form input { + font-size:10px; +} + +.threat_info_table { +text-align:right; +} + +.threat_info_table_h { + text-align: center; +} + +/* Footer */ +.gsa_footer { + font-size:10px; + text-align:right; + color: #787878; + margin-bottom:10px; + margin-right:5px; +} + +.gsa_footer a { + color: #787878; +} + +/* Issue Box */ +.issue_box_head { + padding:4px; + margin:3px; + margin-bottom:0px; + background: #3a3a3a; + color: #FFFFFF; + border:1px solid: #CCCCCC; + border-bottom:0px; +} + +/* Links in Issue Box shall be white */ +.issue_box_head a { + color: #FFFFFF; +} + +.issue_box_box { + background: #f9f6e8; + border:1px solid #CCCCCC; + border-top:0px; + margin:3px; + margin-top:0px; + padding:3px; +} Added: trunk/gsa/src/html/src/help/view_report.htm4 =================================================================== --- trunk/gsa/src/html/src/help/view_report.htm4 2009-11-06 22:26:23 UTC (rev 5809) +++ trunk/gsa/src/html/src/help/view_report.htm4 2009-11-06 23:36:26 UTC (rev 5810) @@ -0,0 +1,27 @@ +m4_define(`PAGE_TITLE', `Help: View Report') +m4_include(`header.m4') + + +
+ + +

View Report

+ +

+This "View Report" page summarizes all information the selected +report contains. +This page is structured and designed similar to the +download formats HTML and PDF. +

+ +

+It is a single page, the links e.g. to the hosts +reference to the same page further up or down. +Exceptions are the links to the +list of reports +that result from the same +task. +

+ +m4_include(`footer.m4') From scm-commit at wald.intevation.org Mon Nov 9 09:33:49 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 9 Nov 2009 09:33:49 +0100 (CET) Subject: [Openvas-commits] r5811 - in trunk/openvas-plugins: . scripts Message-ID: <20091109083349.A2ECB852FB1F@pyrosoma.intevation.org> Author: chandra Date: 2009-11-09 09:33:39 +0100 (Mon, 09 Nov 2009) New Revision: 5811 Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/gb_CESA-2008_0177_evolution_centos4_i386.nasl trunk/openvas-plugins/scripts/gb_CESA-2008_0177_evolution_centos4_x86_64.nasl trunk/openvas-plugins/scripts/gb_CESA-2008_0617_vim-common_centos3_i386.nasl trunk/openvas-plugins/scripts/gb_CESA-2008_0617_vim-common_centos3_x86_64.nasl trunk/openvas-plugins/scripts/gb_CESA-2008_0617_vim-common_centos4_i386.nasl trunk/openvas-plugins/scripts/gb_CESA-2008_0617_vim-common_centos4_x86_64.nasl trunk/openvas-plugins/scripts/gb_CESA-2008_1028_cups_centos3_i386.nasl trunk/openvas-plugins/scripts/gb_CESA-2008_1028_cups_centos3_x86_64.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0177-01_evolution.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0290-01_samba.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0580-01_vim.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0581-01_bluez-libs_bluez-utils.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0617-01_vim.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0907-01_pam_krb5.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_1017-01_kernel.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_1028-01_cups.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_1029-01_cups.nasl trunk/openvas-plugins/scripts/gb_aceftp_remote_dir_traversal_vuln.nasl trunk/openvas-plugins/scripts/gb_fedora_2007_1219_cups_fc5.nasl trunk/openvas-plugins/scripts/gb_fedora_2007_1541_cups_fc7.nasl trunk/openvas-plugins/scripts/gb_fedora_2007_2295_ntfs-3g_fc7.nasl trunk/openvas-plugins/scripts/gb_fedora_2007_2715_cups_fc7.nasl trunk/openvas-plugins/scripts/gb_fedora_2007_2982_cups_fc8.nasl trunk/openvas-plugins/scripts/gb_fedora_2007_2985_kdepim_fc7.nasl trunk/openvas-plugins/scripts/gb_fedora_2007_3100_cups_fc7.nasl trunk/openvas-plugins/scripts/gb_fedora_2007_4368_xfce4-places-plugin_fc8.nasl trunk/openvas-plugins/scripts/gb_fedora_2007_4385_xfce4-places-plugin_fc7.nasl trunk/openvas-plugins/scripts/gb_fedora_2007_644_cups_fc6.nasl trunk/openvas-plugins/scripts/gb_fedora_2007_740_cups_fc6.nasl trunk/openvas-plugins/scripts/gb_fedora_2007_746_cups_fc6.nasl trunk/openvas-plugins/scripts/gb_fedora_2008_10895_cups_fc10.nasl trunk/openvas-plugins/scripts/gb_fedora_2008_10911_cups_fc8.nasl trunk/openvas-plugins/scripts/gb_fedora_2008_10917_cups_fc9.nasl trunk/openvas-plugins/scripts/gb_fedora_2008_1287_deluge_fc8.nasl trunk/openvas-plugins/scripts/gb_fedora_2008_1288_deluge_fc7.nasl trunk/openvas-plugins/scripts/gb_fedora_2008_1901_cups_fc8.nasl trunk/openvas-plugins/scripts/gb_fedora_2008_1976_cups_fc7.nasl trunk/openvas-plugins/scripts/gb_fedora_2008_2131_cups_fc8.nasl trunk/openvas-plugins/scripts/gb_fedora_2008_2897_cups_fc7.nasl trunk/openvas-plugins/scripts/gb_fedora_2008_3449_cups_fc7.nasl trunk/openvas-plugins/scripts/gb_fedora_2008_3586_cups_fc8.nasl trunk/openvas-plugins/scripts/gb_fedora_2008_3756_cups_fc9.nasl trunk/openvas-plugins/scripts/gb_fedora_2008_8801_cups_fc8.nasl trunk/openvas-plugins/scripts/gb_fedora_2008_8844_cups_fc9.nasl trunk/openvas-plugins/scripts/gb_suse_2007_036.nasl Log: Converted file encoding to ISO-8859-1 Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/ChangeLog 2009-11-09 08:33:39 UTC (rev 5811) @@ -1,3 +1,52 @@ +2009-11-09 Chandrashekhar B + + * scripts/gb_suse_2007_036.nasl, + scripts/gb_RHSA-2008_0580-01_vim.nasl, + scripts/gb_fedora_2007_3100_cups_fc7.nasl, + scripts/gb_fedora_2007_2985_kdepim_fc7.nasl, + scripts/gb_CESA-2008_1028_cups_centos3_x86_64.nasl, + scripts/gb_RHSA-2008_0290-01_samba.nasl, + scripts/gb_RHSA-2008_1017-01_kernel.nasl, + scripts/gb_fedora_2008_3449_cups_fc7.nasl, + scripts/gb_fedora_2007_1541_cups_fc7.nasl, + scripts/gb_fedora_2008_10917_cups_fc9.nasl, + scripts/gb_CESA-2008_0177_evolution_centos4_i386.nasl, + scripts/gb_CESA-2008_0617_vim-common_centos4_i386.nasl, + scripts/gb_CESA-2008_0617_vim-common_centos3_x86_64.nasl, + scripts/gb_fedora_2007_1219_cups_fc5.nasl, + scripts/gb_fedora_2008_10911_cups_fc8.nasl, + scripts/gb_fedora_2008_2897_cups_fc7.nasl, + scripts/gb_CESA-2008_0177_evolution_centos4_x86_64.nasl, + scripts/gb_fedora_2007_4368_xfce4-places-plugin_fc8.nasl, + scripts/gb_fedora_2008_1901_cups_fc8.nasl, + scripts/gb_fedora_2007_740_cups_fc6.nasl, + scripts/gb_fedora_2008_10895_cups_fc10.nasl, + scripts/gb_fedora_2008_2131_cups_fc8.nasl, + scripts/gb_fedora_2008_1288_deluge_fc7.nasl, + scripts/gb_CESA-2008_0617_vim-common_centos3_i386.nasl, + scripts/gb_fedora_2008_1976_cups_fc7.nasl, + scripts/gb_CESA-2008_0617_vim-common_centos4_x86_64.nasl, + scripts/gb_aceftp_remote_dir_traversal_vuln.nasl, + scripts/gb_RHSA-2008_0617-01_vim.nasl, + scripts/gb_fedora_2008_1287_deluge_fc8.nasl, + scripts/gb_fedora_2008_3756_cups_fc9.nasl, + scripts/gb_fedora_2008_8801_cups_fc8.nasl, + scripts/gb_RHSA-2008_0907-01_pam_krb5.nasl, + scripts/gb_fedora_2008_3586_cups_fc8.nasl, + scripts/gb_fedora_2007_2982_cups_fc8.nasl, + scripts/gb_fedora_2007_746_cups_fc6.nasl, + scripts/gb_RHSA-2008_0177-01_evolution.nasl, + scripts/gb_CESA-2008_1028_cups_centos3_i386.nasl, + scripts/gb_fedora_2008_8844_cups_fc9.nasl, + scripts/gb_fedora_2007_644_cups_fc6.nasl, + scripts/gb_RHSA-2008_1029-01_cups.nasl, + scripts/gb_fedora_2007_2295_ntfs-3g_fc7.nasl, + scripts/gb_fedora_2007_4385_xfce4-places-plugin_fc7.nasl, + scripts/gb_RHSA-2008_1028-01_cups.nasl, + scripts/gb_RHSA-2008_0581-01_bluez-libs_bluez-utils.nasl, + scripts/gb_fedora_2007_2715_cups_fc7.nasl: + Coverted file encoding to ISO-8859-1. + 2009-11-06 Michael Meyer * scripts/novell_edirectory_detect.nasl: Modified: trunk/openvas-plugins/scripts/gb_CESA-2008_0177_evolution_centos4_i386.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_CESA-2008_0177_evolution_centos4_i386.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_CESA-2008_0177_evolution_centos4_i386.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -35,15 +35,15 @@ Vulnerability Insight: Evolution is the GNOME collection of personal information management (PIM) tools. - + A format string flaw was found in the way Evolution displayed encrypted mail content. If a user opened a carefully crafted mail message, arbitrary code could be executed as the user running Evolution. (CVE-2008-0072) - + All users of Evolution should upgrade to these updated packages, which contain a backported patch which resolves this issue. - - Red Hat would like to thank Ulf Hnhammar of Secunia Research for finding + + Red Hat would like to thank Ulf Härnhammar of Secunia Research for finding and reporting this issue. @@ -105,4 +105,4 @@ } exit(0); -} +} \ No newline at end of file Modified: trunk/openvas-plugins/scripts/gb_CESA-2008_0177_evolution_centos4_x86_64.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_CESA-2008_0177_evolution_centos4_x86_64.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_CESA-2008_0177_evolution_centos4_x86_64.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -43,7 +43,7 @@ All users of Evolution should upgrade to these updated packages, which contain a backported patch which resolves this issue. - Red Hat would like to thank Ulf Hrnhammar of Secunia Research for finding + Red Hat would like to thank Ulf Härnhammar of Secunia Research for finding and reporting this issue. @@ -105,4 +105,4 @@ } exit(0); -} +} \ No newline at end of file Modified: trunk/openvas-plugins/scripts/gb_CESA-2008_0617_vim-common_centos3_i386.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_CESA-2008_0617_vim-common_centos3_i386.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_CESA-2008_0617_vim-common_centos3_i386.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -35,26 +35,26 @@ Vulnerability Insight: Vim (Visual editor IMproved) is an updated and improved version of the vi editor. - + Several input sanitization flaws were found in Vim's keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101) - + A heap-based overflow flaw was discovered in Vim's expansion of file name patterns with shell wildcards. An attacker could create a specially-crafted file or directory name that, when opened by Vim, caused the application to crash or, possibly, execute arbitrary code. (CVE-2008-3432) - + Several input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712) - - Ulf Hrnhammar, of Secunia Research, discovered a format string flaw in + + Ulf Härnhammar, of Secunia Research, discovered a format string flaw in Vim's help tag processor. If a user was tricked into executing the "helptags" command on malicious data, arbitrary code could be executed with the permissions of the user running Vim. (CVE-2007-2953) - + All Vim users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. @@ -123,4 +123,4 @@ } exit(0); -} +} \ No newline at end of file Modified: trunk/openvas-plugins/scripts/gb_CESA-2008_0617_vim-common_centos3_x86_64.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_CESA-2008_0617_vim-common_centos3_x86_64.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_CESA-2008_0617_vim-common_centos3_x86_64.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -35,26 +35,26 @@ Vulnerability Insight: Vim (Visual editor IMproved) is an updated and improved version of the vi editor. - + Several input sanitization flaws were found in Vim's keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101) - + A heap-based overflow flaw was discovered in Vim's expansion of file name patterns with shell wildcards. An attacker could create a specially-crafted file or directory name that, when opened by Vim, caused the application to crash or, possibly, execute arbitrary code. (CVE-2008-3432) - + Several input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712) - - Ulf Hrnhammar, of Secunia Research, discovered a format string flaw in + + Ulf Härnhammar, of Secunia Research, discovered a format string flaw in Vim's help tag processor. If a user was tricked into executing the "helptags" command on malicious data, arbitrary code could be executed with the permissions of the user running Vim. (CVE-2007-2953) - + All Vim users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. @@ -123,4 +123,4 @@ } exit(0); -} +} \ No newline at end of file Modified: trunk/openvas-plugins/scripts/gb_CESA-2008_0617_vim-common_centos4_i386.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_CESA-2008_0617_vim-common_centos4_i386.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_CESA-2008_0617_vim-common_centos4_i386.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -35,26 +35,26 @@ Vulnerability Insight: Vim (Visual editor IMproved) is an updated and improved version of the vi editor. - + Several input sanitization flaws were found in Vim's keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101) - + A heap-based overflow flaw was discovered in Vim's expansion of file name patterns with shell wildcards. An attacker could create a specially-crafted file or directory name that, when opened by Vim, caused the application to crash or, possibly, execute arbitrary code. (CVE-2008-3432) - + Several input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712) - - Ulf Hrnhammar, of Secunia Research, discovered a format string flaw in + + Ulf Härnhammar, of Secunia Research, discovered a format string flaw in Vim's help tag processor. If a user was tricked into executing the "helptags" command on malicious data, arbitrary code could be executed with the permissions of the user running Vim. (CVE-2007-2953) - + All Vim users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. @@ -123,4 +123,4 @@ } exit(0); -} +} \ No newline at end of file Modified: trunk/openvas-plugins/scripts/gb_CESA-2008_0617_vim-common_centos4_x86_64.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_CESA-2008_0617_vim-common_centos4_x86_64.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_CESA-2008_0617_vim-common_centos4_x86_64.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -35,26 +35,26 @@ Vulnerability Insight: Vim (Visual editor IMproved) is an updated and improved version of the vi editor. - + Several input sanitization flaws were found in Vim's keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101) - + A heap-based overflow flaw was discovered in Vim's expansion of file name patterns with shell wildcards. An attacker could create a specially-crafted file or directory name that, when opened by Vim, caused the application to crash or, possibly, execute arbitrary code. (CVE-2008-3432) - + Several input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712) - - Ulf Hrnhammar, of Secunia Research, discovered a format string flaw in + + Ulf Härnhammar, of Secunia Research, discovered a format string flaw in Vim's help tag processor. If a user was tricked into executing the "helptags" command on malicious data, arbitrary code could be executed with the permissions of the user running Vim. (CVE-2007-2953) - + All Vim users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. @@ -123,4 +123,4 @@ } exit(0); -} +} \ No newline at end of file Modified: trunk/openvas-plugins/scripts/gb_CESA-2008_1028_cups_centos3_i386.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_CESA-2008_1028_cups_centos3_i386.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_CESA-2008_1028_cups_centos3_i386.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -33,15 +33,15 @@ desc = " Vulnerability Insight: - The Common UNIX Printing System (CUPS) provides a portable printing layer + The Common UNIX® Printing System (CUPS) provides a portable printing layer for UNIX operating systems. - + An integer overflow flaw, leading to a heap buffer overflow, was discovered in the Portable Network Graphics (PNG) decoding routines used by the CUPS image-converting filters, "imagetops" and "imagetoraster". An attacker could create a malicious PNG file that could, potentially, execute arbitrary code as the "lp" user if the file was printed. (CVE-2008-5286) - + CUPS users should upgrade to these updated packages, which contain a backported patch to correct this issue. @@ -98,4 +98,4 @@ } exit(0); -} +} \ No newline at end of file Modified: trunk/openvas-plugins/scripts/gb_CESA-2008_1028_cups_centos3_x86_64.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_CESA-2008_1028_cups_centos3_x86_64.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_CESA-2008_1028_cups_centos3_x86_64.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -33,15 +33,15 @@ desc = " Vulnerability Insight: - The Common UNIX Printing System (CUPS) provides a portable printing layer + The Common UNIX® Printing System (CUPS) provides a portable printing layer for UNIX operating systems. - + An integer overflow flaw, leading to a heap buffer overflow, was discovered in the Portable Network Graphics (PNG) decoding routines used by the CUPS image-converting filters, "imagetops" and "imagetoraster". An attacker could create a malicious PNG file that could, potentially, execute arbitrary code as the "lp" user if the file was printed. (CVE-2008-5286) - + CUPS users should upgrade to these updated packages, which contain a backported patch to correct this issue. @@ -98,4 +98,4 @@ } exit(0); -} +} \ No newline at end of file Modified: trunk/openvas-plugins/scripts/gb_RHSA-2008_0177-01_evolution.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0177-01_evolution.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0177-01_evolution.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -35,15 +35,15 @@ Vulnerability Insight: Evolution is the GNOME collection of personal information management (PIM) tools. - + A format string flaw was found in the way Evolution displayed encrypted mail content. If a user opened a carefully crafted mail message, arbitrary code could be executed as the user running Evolution. (CVE-2008-0072) - + All users of Evolution should upgrade to these updated packages, which contain a backported patch which resolves this issue. - - Red Hat would like to thank Ulf Hrnhammar of Secunia Research for finding + + Red Hat would like to thank Ulf Härnhammar of Secunia Research for finding and reporting this issue. @@ -119,4 +119,4 @@ } exit(0); -} +} \ No newline at end of file Modified: trunk/openvas-plugins/scripts/gb_RHSA-2008_0290-01_samba.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0290-01_samba.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0290-01_samba.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -35,7 +35,7 @@ Vulnerability Insight: Samba is a suite of programs used by machines to share files, printers, and other information. - + A heap-based buffer overflow flaw was found in the way Samba clients handle over-sized packets. If a client connected to a malicious Samba server, it was possible to execute arbitrary code as the Samba client user. It was @@ -43,26 +43,26 @@ to a Samba server that could result in the server executing the vulnerable client code, resulting in arbitrary code execution with the permissions of the Samba server. (CVE-2008-1105) - + Red Hat would like to thank Alin Rad Pop of Secunia Research for responsibly disclosing this issue. - + This update also addresses two issues which prevented Samba from joining certain Windows domains with tightened security policies, and prevented certain signed SMB content from working as expected: - - * when some Windows 2000-based domain controllers were set to use + + * when some Windows® 2000-based domain controllers were set to use mandatory signing, Samba clients would drop the connection because of an error when generating signatures. This presented as a "Server packet had invalid SMB signature" error to the Samba client. This update corrects the signature generation error. - + * Samba servers using the "net ads join" command to connect to a Windows - Server 2003-based domain would fail with "failed to get schannel session + Server® 2003-based domain would fail with "failed to get schannel session key from server" and "NT_STATUS_ACCESS_DENIED" errors. This update correctly binds to the NETLOGON share, allowing Samba servers to connect to the domain properly. - + Users of Samba are advised to upgrade to these updated packages, which contain a backported patch to resolve these issues. @@ -131,4 +131,4 @@ } exit(0); -} +} \ No newline at end of file Modified: trunk/openvas-plugins/scripts/gb_RHSA-2008_0580-01_vim.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0580-01_vim.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0580-01_vim.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -35,36 +35,36 @@ Vulnerability Insight: Vim (Visual editor IMproved) is an updated and improved version of the vi editor. - + Several input sanitization flaws were found in Vim's keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101) - + Multiple security flaws were found in netrw.vim, the Vim plug-in providing file reading and writing over the network. If a user opened a specially crafted file or directory with the netrw plug-in, it could result in arbitrary code execution as the user running Vim. (CVE-2008-3076) - + A security flaw was found in zip.vim, the Vim plug-in that handles ZIP archive browsing. If a user opened a ZIP archive using the zip.vim plug-in, it could result in arbitrary code execution as the user running Vim. (CVE-2008-3075) - + A security flaw was found in tar.vim, the Vim plug-in which handles TAR archive browsing. If a user opened a TAR archive using the tar.vim plug-in, it could result in arbitrary code execution as the user runnin Vim. (CVE-2008-3074) - + Several input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712) - - Ulf Hrnhammar, of Secunia Research, discovered a format string flaw in + + Ulf Härnhammar, of Secunia Research, discovered a format string flaw in Vim's help tag processor. If a user was tricked into executing the "helptags" command on malicious data, arbitrary code could be executed with the permissions of the user running Vim. (CVE-2007-2953) - + All Vim users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. @@ -133,4 +133,4 @@ } exit(0); -} +} \ No newline at end of file Modified: trunk/openvas-plugins/scripts/gb_RHSA-2008_0581-01_bluez-libs_bluez-utils.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0581-01_bluez-libs_bluez-utils.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0581-01_bluez-libs_bluez-utils.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -35,14 +35,14 @@ Vulnerability Insight: The bluez-libs package contains libraries for use in Bluetooth applications. The bluez-utils package contains Bluetooth daemons and utilities. - + An input validation flaw was found in the Bluetooth Session Description Protocol (SDP) packet parser used by the Bluez Bluetooth utilities. A Bluetooth device with an already-established trust relationship, or a local - user registering a service record via a UNIX socket or D-Bus interface, + user registering a service record via a UNIX® socket or D-Bus interface, could cause a crash, or possibly execute arbitrary code with privileges of the hcid daemon. (CVE-2008-2374) - + Users of bluez-libs and bluez-utils are advised to upgrade to these updated packages, which contains a backported patch to correct this issue. @@ -163,4 +163,4 @@ } exit(0); -} +} \ No newline at end of file Modified: trunk/openvas-plugins/scripts/gb_RHSA-2008_0617-01_vim.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0617-01_vim.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0617-01_vim.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -35,26 +35,26 @@ Vulnerability Insight: Vim (Visual editor IMproved) is an updated and improved version of the vi editor. - + Several input sanitization flaws were found in Vim's keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101) - + A heap-based overflow flaw was discovered in Vim's expansion of file name patterns with shell wildcards. An attacker could create a specially-crafted file or directory name that, when opened by Vim, caused the application to crash or, possibly, execute arbitrary code. (CVE-2008-3432) - + Several input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712) - - Ulf Hrnhammar, of Secunia Research, discovered a format string flaw in + + Ulf Härnhammar, of Secunia Research, discovered a format string flaw in Vim's help tag processor. If a user was tricked into executing the "helptags" command on malicious data, arbitrary code could be executed with the permissions of the user running Vim. (CVE-2007-2953) - + All Vim users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. @@ -165,4 +165,4 @@ } exit(0); -} +} \ No newline at end of file Modified: trunk/openvas-plugins/scripts/gb_RHSA-2008_0907-01_pam_krb5.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0907-01_pam_krb5.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0907-01_pam_krb5.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -36,16 +36,16 @@ The pam_krb5 module allows Pluggable Authentication Modules (PAM) aware applications to use Kerberos to verify user identities by obtaining user credentials at log in time. - + A flaw was found in the pam_krb5 "existing_ticket" configuration option. If a system is configured to use an existing credential cache via the "existing_ticket" option, it may be possible for a local user to gain elevated privileges by using a different, local user's credential cache. (CVE-2008-3825) - - Red Hat would like to thank Stphane Bertin for responsibly disclosing this + + Red Hat would like to thank Stéphane Bertin for responsibly disclosing this issue. - + Users of pam_krb5 should upgrade to this updated package, which contains a backported patch to resolve this issue. @@ -96,4 +96,4 @@ } exit(0); -} +} \ No newline at end of file Modified: trunk/openvas-plugins/scripts/gb_RHSA-2008_1017-01_kernel.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_1017-01_kernel.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_1017-01_kernel.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -35,58 +35,58 @@ Vulnerability Insight: The kernel packages contain the Linux kernel, the core of any Linux operating system. - + * Olaf Kirch reported a flaw in the i915 kernel driver that only affects the Intel G33 series and newer. This flaw could, potentially, lead to local privilege escalation. (CVE-2008-3831, Important) - + * Miklos Szeredi reported a missing check for files opened with O_APPEND in the sys_splice(). This could allow a local, unprivileged user to bypass the append-only file restrictions. (CVE-2008-4554, Important) - + * a deficiency was found in the Linux kernel Stream Control Transmission Protocol (SCTP) implementation. This could lead to a possible denial of service if one end of a SCTP connection did not support the AUTH extension. (CVE-2008-4576, Important) - + In addition, these updated packages fix the following bugs: - - * on Itanium systems, when a multithreaded program was traced using the + + * on Itanium® systems, when a multithreaded program was traced using the command "strace -f", messages similar to the following ones were displayed, after which the trace would stop: - - PANIC: attached pid 10740 exited - PANIC: handle_group_exit: 10740 leader 10721 - PANIC: attached pid 10739 exited - PANIC: handle_group_exit: 10739 leader 10721 - ... - + + PANIC: attached pid 10740 exited + PANIC: handle_group_exit: 10740 leader 10721 + PANIC: attached pid 10739 exited + PANIC: handle_group_exit: 10739 leader 10721 + ... + In these updated packages, tracing a multithreaded program using the "strace -f" command no longer results in these error messages, and strace terminates normally after tracing all threads. - + * on big-endian systems such as PowerPC, the getsockopt() function incorrectly returned 0 depending on the parameters passed to it when the time to live (TTL) value equaled 255. - + * when using an NFSv4 file system, accessing the same file with two separate processes simultaneously resulted in the NFS client process becoming unresponsive. - - * on AMD64 and Intel 64 hypervisor-enabled systems, in cases in which a + + * on AMD64 and Intel® 64 hypervisor-enabled systems, in cases in which a syscall correctly returned '-1' in code compiled on Red Hat Enterprise Linux 5, the same code, when run with the strace utility, would incorrectly return an invalid return value. This has been fixed so that on AMD64 and - Intel 64 hypervisor-enabled systems, syscalls in compiled code return the + Intel® 64 hypervisor-enabled systems, syscalls in compiled code return the same, correct values as syscalls do when run with strace. - - * on the Itanium architecture, fully-virtualized guest domains which were + + * on the Itanium® architecture, fully-virtualized guest domains which were created using more than 64 GB of memory caused other guest domains not to receive interrupts, which caused a soft lockup on other guests. All guest domains are now able to receive interrupts regardless of their allotted memory. + + * when user-space used SIGIO notification, which wasn't disabled ... - * when user-space used SIGIO notification, which wasn't disabled ... - Description truncated, for more information please check the Reference URL Affected Software/OS: @@ -213,4 +213,4 @@ } exit(0); -} +} \ No newline at end of file Modified: trunk/openvas-plugins/scripts/gb_RHSA-2008_1028-01_cups.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_1028-01_cups.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_1028-01_cups.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -33,15 +33,15 @@ desc = " Vulnerability Insight: - The Common UNIX Printing System (CUPS) provides a portable printing layer + The Common UNIX® Printing System (CUPS) provides a portable printing layer for UNIX operating systems. - + An integer overflow flaw, leading to a heap buffer overflow, was discovered in the Portable Network Graphics (PNG) decoding routines used by the CUPS image-converting filters, "imagetops" and "imagetoraster". An attacker could create a malicious PNG file that could, potentially, execute arbitrary code as the "lp" user if the file was printed. (CVE-2008-5286) - + CUPS users should upgrade to these updated packages, which contain a backported patch to correct this issue. @@ -106,4 +106,4 @@ } exit(0); -} +} \ No newline at end of file Modified: trunk/openvas-plugins/scripts/gb_RHSA-2008_1029-01_cups.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_1029-01_cups.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_1029-01_cups.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -33,15 +33,15 @@ desc = " Vulnerability Insight: - The Common UNIX Printing System (CUPS) provides a portable printing layer + The Common UNIX® Printing System (CUPS) provides a portable printing layer for UNIX operating systems. - + A null pointer dereference flaw was found in the way CUPS handled subscriptions for printing job completion notifications. A local user could use this flaw to crash the CUPS daemon by submitting a large number of printing jobs requiring mail notification on completion, leading to a denial of service. (CVE-2008-5183) - + Users of cups should upgrade to these updated packages, which contain a backported patch to correct this issue. @@ -110,4 +110,4 @@ } exit(0); -} +} \ No newline at end of file Modified: trunk/openvas-plugins/scripts/gb_aceftp_remote_dir_traversal_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_aceftp_remote_dir_traversal_vuln.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_aceftp_remote_dir_traversal_vuln.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -50,7 +50,7 @@ Impact Level: Application Affected Software/OS: - Visicom Media AceFTP Freeware/Pro Version 3.80.3 and prior on W + Visicom Media´s AceFTP Freeware/Pro Version 3.80.3 and prior on W Windows Fix: No solution/patch is available as on 1st December, 2008. Information Modified: trunk/openvas-plugins/scripts/gb_fedora_2007_1219_cups_fc5.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2007_1219_cups_fc5.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_fedora_2007_1219_cups_fc5.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -34,7 +34,7 @@ Vulnerability Insight: The Common UNIX Printing System provides a portable printing layer for - UNIX operating systems. It has been developed by Easy Software Products + UNIX® operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. @@ -139,4 +139,4 @@ } exit(0); -} +} \ No newline at end of file Modified: trunk/openvas-plugins/scripts/gb_fedora_2007_1541_cups_fc7.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2007_1541_cups_fc7.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_fedora_2007_1541_cups_fc7.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -34,7 +34,7 @@ Vulnerability Insight: The Common UNIX Printing System provides a portable printing layer for - UNIX operating systems. It has been developed by Easy Software Products + UNIX® operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. @@ -139,4 +139,4 @@ } exit(0); -} +} \ No newline at end of file Modified: trunk/openvas-plugins/scripts/gb_fedora_2007_2295_ntfs-3g_fc7.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2007_2295_ntfs-3g_fc7.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_fedora_2007_2295_ntfs-3g_fc7.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -37,11 +37,11 @@ Linux NTFS driver. It provides full read-write access to NTFS, excluding access to encrypted files, writing compressed files, changing file ownership, access right. - - Technically it is based on and a major improvement to the third + + Technically it´s based on and a major improvement to the third generation Linux NTFS driver, ntfsmount. The improvements include functionality, quality and performance enhancements. - + ntfs-3g features are being merged to ntfsmount. In the meanwhile, ntfs-3g is currently the only free, as in either speech or beer, NTFS driver for Linux that supports unlimited file creation and deletion. @@ -123,4 +123,4 @@ } exit(0); -} +} \ No newline at end of file Modified: trunk/openvas-plugins/scripts/gb_fedora_2007_2715_cups_fc7.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2007_2715_cups_fc7.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_fedora_2007_2715_cups_fc7.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -34,7 +34,7 @@ Vulnerability Insight: The Common UNIX Printing System provides a portable printing layer for - UNIX operating systems. It has been developed by Easy Software Products + UNIX® operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. @@ -139,4 +139,4 @@ } exit(0); -} +} \ No newline at end of file Modified: trunk/openvas-plugins/scripts/gb_fedora_2007_2982_cups_fc8.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2007_2982_cups_fc8.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_fedora_2007_2982_cups_fc8.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -34,7 +34,7 @@ Vulnerability Insight: The Common UNIX Printing System provides a portable printing layer for - UNIX operating systems. It has been developed by Easy Software Products + UNIX® operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. @@ -139,4 +139,4 @@ } exit(0); -} +} \ No newline at end of file Modified: trunk/openvas-plugins/scripts/gb_fedora_2007_2985_kdepim_fc7.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2007_2985_kdepim_fc7.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_fedora_2007_2985_kdepim_fc7.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -40,7 +40,7 @@ * knotes: sticky notes for the desktop * kontact: integrated PIM management * korganizer: journal, appointments, events, todos - * kpilot: HotSync software for Palm OS devices + * kpilot: HotSync® software for Palm OS® devices Affected Software/OS: @@ -119,4 +119,4 @@ } exit(0); -} +} \ No newline at end of file Modified: trunk/openvas-plugins/scripts/gb_fedora_2007_3100_cups_fc7.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2007_3100_cups_fc7.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_fedora_2007_3100_cups_fc7.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -34,7 +34,7 @@ Vulnerability Insight: The Common UNIX Printing System provides a portable printing layer for - UNIX operating systems. It has been developed by Easy Software Products + UNIX® operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. @@ -139,4 +139,4 @@ } exit(0); -} +} \ No newline at end of file Modified: trunk/openvas-plugins/scripts/gb_fedora_2007_4368_xfce4-places-plugin_fc8.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2007_4368_xfce4-places-plugin_fc8.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_fedora_2007_4368_xfce4-places-plugin_fc8.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -34,7 +34,7 @@ Vulnerability Insight: A menu with quick access to folders, documents, and removable media. The - Places plugin brings much of the functionality of GNOMEs Places menu to + Places plugin brings much of the functionality of GNOME´s Places menu to Xfce. It puts a simple button on the panel. Clicking on this button opens up a menu with 4 sections: 1) System-defined directories (home folder, trash, desktop, file system) @@ -107,4 +107,4 @@ } exit(0); -} +} \ No newline at end of file Modified: trunk/openvas-plugins/scripts/gb_fedora_2007_4385_xfce4-places-plugin_fc7.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2007_4385_xfce4-places-plugin_fc7.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_fedora_2007_4385_xfce4-places-plugin_fc7.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -34,7 +34,7 @@ Vulnerability Insight: A menu with quick access to folders, documents, and removable media. The - Places plugin brings much of the functionality of GNOMEs Places menu to + Places plugin brings much of the functionality of GNOME´s Places menu to Xfce. It puts a simple button on the panel. Clicking on this button opens up a menu with 4 sections: 1) System-defined directories (home folder, trash, desktop, file system) @@ -107,4 +107,4 @@ } exit(0); -} +} \ No newline at end of file Modified: trunk/openvas-plugins/scripts/gb_fedora_2007_644_cups_fc6.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2007_644_cups_fc6.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_fedora_2007_644_cups_fc6.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -34,7 +34,7 @@ Vulnerability Insight: The Common UNIX Printing System provides a portable printing layer for - UNIX operating systems. It has been developed by Easy Software Products + UNIX® operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. @@ -139,4 +139,4 @@ } exit(0); -} +} \ No newline at end of file Modified: trunk/openvas-plugins/scripts/gb_fedora_2007_740_cups_fc6.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2007_740_cups_fc6.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_fedora_2007_740_cups_fc6.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -34,7 +34,7 @@ Vulnerability Insight: The Common UNIX Printing System provides a portable printing layer for - UNIX operating systems. It has been developed by Easy Software Products + UNIX® operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. @@ -139,4 +139,4 @@ } exit(0); -} +} \ No newline at end of file Modified: trunk/openvas-plugins/scripts/gb_fedora_2007_746_cups_fc6.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2007_746_cups_fc6.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_fedora_2007_746_cups_fc6.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -34,7 +34,7 @@ Vulnerability Insight: The Common UNIX Printing System provides a portable printing layer for - UNIX operating systems. It has been developed by Easy Software Products + UNIX® operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. @@ -139,4 +139,4 @@ } exit(0); -} +} \ No newline at end of file Modified: trunk/openvas-plugins/scripts/gb_fedora_2008_10895_cups_fc10.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2008_10895_cups_fc10.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_fedora_2008_10895_cups_fc10.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -34,7 +34,7 @@ Vulnerability Insight: The Common UNIX Printing System provides a portable printing layer for - UNIX operating systems. It has been developed by Easy Software Products + UNIX® operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. @@ -79,4 +79,4 @@ } exit(0); -} +} \ No newline at end of file Modified: trunk/openvas-plugins/scripts/gb_fedora_2008_10911_cups_fc8.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2008_10911_cups_fc8.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_fedora_2008_10911_cups_fc8.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -34,7 +34,7 @@ Vulnerability Insight: The Common UNIX Printing System provides a portable printing layer for - UNIX operating systems. It has been developed by Easy Software Products + UNIX® operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. @@ -79,4 +79,4 @@ } exit(0); -} +} \ No newline at end of file Modified: trunk/openvas-plugins/scripts/gb_fedora_2008_10917_cups_fc9.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2008_10917_cups_fc9.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_fedora_2008_10917_cups_fc9.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -34,7 +34,7 @@ Vulnerability Insight: The Common UNIX Printing System provides a portable printing layer for - UNIX operating systems. It has been developed by Easy Software Products + UNIX® operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. @@ -79,4 +79,4 @@ } exit(0); -} +} \ No newline at end of file Modified: trunk/openvas-plugins/scripts/gb_fedora_2008_1287_deluge_fc8.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2008_1287_deluge_fc8.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_fedora_2008_1287_deluge_fc8.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -36,7 +36,7 @@ Deluge is a new BitTorrent client, created using Python and GTK+. It is intended to bring a native, full-featured client to Linux GTK+ desktop environments such as GNOME and XFCE. It supports features such as DHT - (Distributed Hash Tables), PEX (Torrent-compatible Peer Exchange), and UPnP + (Distributed Hash Tables), PEX (µTorrent-compatible Peer Exchange), and UPnP (Universal Plug-n-Play) that allow one to more easily share BitTorrent data even from behind a router with virtually zero configuration of port-forwarding. @@ -81,4 +81,4 @@ } exit(0); -} +} \ No newline at end of file Modified: trunk/openvas-plugins/scripts/gb_fedora_2008_1288_deluge_fc7.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2008_1288_deluge_fc7.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_fedora_2008_1288_deluge_fc7.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -36,7 +36,7 @@ Deluge is a new BitTorrent client, created using Python and GTK+. It is intended to bring a native, full-featured client to Linux GTK+ desktop environments such as GNOME and XFCE. It supports features such as DHT - (Distributed Hash Tables), PEX (Torrent-compatible Peer Exchange), and UPnP + (Distributed Hash Tables), PEX (µTorrent-compatible Peer Exchange), and UPnP (Universal Plug-n-Play) that allow one to more easily share BitTorrent data even from behind a router with virtually zero configuration of port-forwarding. @@ -81,4 +81,4 @@ } exit(0); -} +} \ No newline at end of file Modified: trunk/openvas-plugins/scripts/gb_fedora_2008_1901_cups_fc8.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2008_1901_cups_fc8.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_fedora_2008_1901_cups_fc8.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -34,7 +34,7 @@ Vulnerability Insight: The Common UNIX Printing System provides a portable printing layer for - UNIX operating systems. It has been developed by Easy Software Products + UNIX® operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. @@ -79,4 +79,4 @@ } exit(0); -} +} \ No newline at end of file Modified: trunk/openvas-plugins/scripts/gb_fedora_2008_1976_cups_fc7.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2008_1976_cups_fc7.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_fedora_2008_1976_cups_fc7.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -34,7 +34,7 @@ Vulnerability Insight: The Common UNIX Printing System provides a portable printing layer for - UNIX operating systems. It has been developed by Easy Software Products + UNIX® operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. @@ -79,4 +79,4 @@ } exit(0); -} +} \ No newline at end of file Modified: trunk/openvas-plugins/scripts/gb_fedora_2008_2131_cups_fc8.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2008_2131_cups_fc8.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_fedora_2008_2131_cups_fc8.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -34,7 +34,7 @@ Vulnerability Insight: The Common UNIX Printing System provides a portable printing layer for - UNIX operating systems. It has been developed by Easy Software Products + UNIX® operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. @@ -79,4 +79,4 @@ } exit(0); -} +} \ No newline at end of file Modified: trunk/openvas-plugins/scripts/gb_fedora_2008_2897_cups_fc7.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2008_2897_cups_fc7.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_fedora_2008_2897_cups_fc7.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -34,7 +34,7 @@ Vulnerability Insight: The Common UNIX Printing System provides a portable printing layer for - UNIX operating systems. It has been developed by Easy Software Products + UNIX® operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. @@ -79,4 +79,4 @@ } exit(0); -} +} \ No newline at end of file Modified: trunk/openvas-plugins/scripts/gb_fedora_2008_3449_cups_fc7.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2008_3449_cups_fc7.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_fedora_2008_3449_cups_fc7.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -34,7 +34,7 @@ Vulnerability Insight: The Common UNIX Printing System provides a portable printing layer for - UNIX operating systems. It has been developed by Easy Software Products + UNIX® operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. @@ -79,4 +79,4 @@ } exit(0); -} +} \ No newline at end of file Modified: trunk/openvas-plugins/scripts/gb_fedora_2008_3586_cups_fc8.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2008_3586_cups_fc8.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_fedora_2008_3586_cups_fc8.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -34,7 +34,7 @@ Vulnerability Insight: The Common UNIX Printing System provides a portable printing layer for - UNIX operating systems. It has been developed by Easy Software Products + UNIX® operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. @@ -79,4 +79,4 @@ } exit(0); -} +} \ No newline at end of file Modified: trunk/openvas-plugins/scripts/gb_fedora_2008_3756_cups_fc9.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2008_3756_cups_fc9.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_fedora_2008_3756_cups_fc9.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -34,7 +34,7 @@ Vulnerability Insight: The Common UNIX Printing System provides a portable printing layer for - UNIX operating systems. It has been developed by Easy Software Products + UNIX® operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. @@ -79,4 +79,4 @@ } exit(0); -} +} \ No newline at end of file Modified: trunk/openvas-plugins/scripts/gb_fedora_2008_8801_cups_fc8.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2008_8801_cups_fc8.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_fedora_2008_8801_cups_fc8.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -34,7 +34,7 @@ Vulnerability Insight: The Common UNIX Printing System provides a portable printing layer for - UNIX operating systems. It has been developed by Easy Software Products + UNIX® operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. @@ -79,4 +79,4 @@ } exit(0); -} +} \ No newline at end of file Modified: trunk/openvas-plugins/scripts/gb_fedora_2008_8844_cups_fc9.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2008_8844_cups_fc9.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_fedora_2008_8844_cups_fc9.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -34,7 +34,7 @@ Vulnerability Insight: The Common UNIX Printing System provides a portable printing layer for - UNIX operating systems. It has been developed by Easy Software Products + UNIX® operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. @@ -79,4 +79,4 @@ } exit(0); -} +} \ No newline at end of file Modified: trunk/openvas-plugins/scripts/gb_suse_2007_036.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_suse_2007_036.nasl 2009-11-06 23:36:26 UTC (rev 5810) +++ trunk/openvas-plugins/scripts/gb_suse_2007_036.nasl 2009-11-09 08:33:39 UTC (rev 5811) @@ -69,7 +69,7 @@ - CVE-2007-1558: - Gatan Leurent informed us of a weakness in APOP authentication + Gaëtan Leurent informed us of a weakness in APOP authentication that could allow an attacker to recover the first part of your mail password if the attacker could interpose a malicious mail server on your network masquerading as your legitimate mail server. With normal @@ -668,4 +668,4 @@ } exit(0); -} +} \ No newline at end of file From scm-commit at wald.intevation.org Mon Nov 9 11:17:05 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 9 Nov 2009 11:17:05 +0100 (CET) Subject: [Openvas-commits] r5812 - in trunk/openvas-plugins: . scripts Message-ID: <20091109101705.7944B865F4A6@pyrosoma.intevation.org> Author: mime Date: 2009-11-09 11:17:02 +0100 (Mon, 09 Nov 2009) New Revision: 5812 Added: trunk/openvas-plugins/scripts/novell_edirectory_36902.nasl Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/cve_current.txt trunk/openvas-plugins/scripts/novell_edirectory_detect.nasl trunk/openvas-plugins/scripts/slad_run.nasl Log: Added new plugin Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-11-09 08:33:39 UTC (rev 5811) +++ trunk/openvas-plugins/ChangeLog 2009-11-09 10:17:02 UTC (rev 5812) @@ -1,3 +1,14 @@ +2009-11-06 Michael Meyer + + * scripts/novell_edirectory_36902.nasl: + Added new plugin. + + * scripts/slad_run.nasl: + Check that init_add_preferences() exist. + + * scripts/novell_edirectory_detect.nasl: + Exit if !port. + 2009-11-09 Chandrashekhar B * scripts/gb_suse_2007_036.nasl, Modified: trunk/openvas-plugins/cve_current.txt =================================================================== --- trunk/openvas-plugins/cve_current.txt 2009-11-09 08:33:39 UTC (rev 5811) +++ trunk/openvas-plugins/cve_current.txt 2009-11-09 10:17:02 UTC (rev 5812) @@ -249,3 +249,4 @@ CVE-2009-3838 SecPod svn L CVE-2009-3863 SecPod CVE-2009-3837 SecPod svn L +36902 Greenbone svn R Added: trunk/openvas-plugins/scripts/novell_edirectory_36902.nasl =================================================================== --- trunk/openvas-plugins/scripts/novell_edirectory_36902.nasl 2009-11-09 08:33:39 UTC (rev 5811) +++ trunk/openvas-plugins/scripts/novell_edirectory_36902.nasl 2009-11-09 10:17:02 UTC (rev 5812) @@ -0,0 +1,171 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# Novell eDirectory NULL Base DN Denial Of Service Vulnerability +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100340); + script_bugtraq_id(36902); + script_version ("1.0-$Revision$"); + + script_name("Novell eDirectory NULL Base DN Denial Of Service Vulnerability"); + +desc = "Overview: +Novell eDirectory is prone to a denial-of-service vulnerability. + +Remote attackers can exploit this issue to cause the server to become +unresponsive, denying service to legitimate users. + +Versions prior to Novell eDirectory 8.8.5 ftf1 and eDirectory 8.7.3.10 +ftf2 are vulnerable. + +Solution: +Updates are available. Please see the references for details. + +References: +http://www.securityfocus.com/bid/36902 +http://www.novell.com +http://www.novell.com/support/viewContent.do?externalId=7004721 +http://www.zerodayinitiative.com/advisories/ZDI-09-075/ + +Risk factor : Medium"; + + script_description(desc); + script_summary("Determine if eDirectory is prone to a denial-of-service vulnerability."); + script_category(ACT_GATHER_INFO); + script_family("Denial of Service"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("novell_edirectory_detect.nasl"); + script_require_ports("Services/ldap", 389); + exit(0); +} + +include("version_func.inc"); + +port = get_kb_item("Services/ldap"); +if(!port)exit(0); +if(!get_port_state(port))exit(0); + +if(!version = get_kb_item(string("ldap/", port, "/eDirectory")))exit(0); +if(!isnull(version)) { + + versions = split(version,sep: " ", keep:FALSE); + + if(!isnull(versions[0])) { + major = versions[0]; + } else { + exit(0); + } + + if(!isnull(versions[1])) { + if("SP" >< versions[1]) { + sp = versions[1]; + sp -= "SP"; + sp = int(sp); + } else { + revision = versions[1]; + } + } + + if(sp && !isnull(versions[2])) { + revision = versions[2]; + } + + if(revision) { + revision -= "("; + revision -= ")"; + revision -= "."; + revision = int(revision); + } + + if(major == "8.8") { + if(sp && sp > 0) { + if(sp == 5) { + + if(revision && revision < 2050100) { + vuln = TRUE; + } + + } else { + + if(sp < 5) { + vuln = TRUE; + } + + } + } else { + vuln = TRUE; + } + } + + else if(major =~ "^8\.7\.3") { + + m = major - "8.7.3"; + + if(m =~ "^\.[0-9]+") { + m -= "."; + } + + if(strlen(m) > 0) { + + m = int(m); + + if(m && m < 10) { + vuln = TRUE; + } + + if(m && m == 10) { + if(!sp && !revision) { + vuln = TRUE; + } + } + + } else { + vuln = TRUE; + } + } + + else if(major == "8.8.1") { + vuln = TRUE; + } + + else if(major == "8.8.2") { + if(!revision && !sp) { + vuln = TRUE; + } + } + + else if(major =~ "^[0-7]\.") { + vuln = TRUE; + } + + if(vuln) { + security_warning(port:port); + exit(0); + } + +} +exit(0); + Property changes on: trunk/openvas-plugins/scripts/novell_edirectory_36902.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Modified: trunk/openvas-plugins/scripts/novell_edirectory_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/novell_edirectory_detect.nasl 2009-11-09 08:33:39 UTC (rev 5811) +++ trunk/openvas-plugins/scripts/novell_edirectory_detect.nasl 2009-11-09 10:17:02 UTC (rev 5812) @@ -51,6 +51,7 @@ include("global_settings.inc"); port = get_kb_item("Services/ldap"); +if(!port)exit(0); if(!get_port_state(port))exit(0); soc = open_sock_tcp(port); Modified: trunk/openvas-plugins/scripts/slad_run.nasl =================================================================== --- trunk/openvas-plugins/scripts/slad_run.nasl 2009-11-09 08:33:39 UTC (rev 5811) +++ trunk/openvas-plugins/scripts/slad_run.nasl 2009-11-09 10:17:02 UTC (rev 5812) @@ -41,7 +41,9 @@ script_require_ports (22, "Services/ssh"); # Dynamic entries for running from slad.inc - init_add_preferences (); + if(defined_func("init_add_preferences")) { + init_add_preferences (); + } exit(0); } From scm-commit at wald.intevation.org Mon Nov 9 11:18:42 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 9 Nov 2009 11:18:42 +0100 (CET) Subject: [Openvas-commits] r5813 - in trunk/openvas-scanner: . cnvts/find_service Message-ID: <20091109101842.72A6E865F4A6@pyrosoma.intevation.org> Author: mime Date: 2009-11-09 11:18:41 +0100 (Mon, 09 Nov 2009) New Revision: 5813 Modified: trunk/openvas-scanner/ChangeLog trunk/openvas-scanner/cnvts/find_service/find_service.c Log: Removed HAVE_SSL remains Modified: trunk/openvas-scanner/ChangeLog =================================================================== --- trunk/openvas-scanner/ChangeLog 2009-11-09 10:17:02 UTC (rev 5812) +++ trunk/openvas-scanner/ChangeLog 2009-11-09 10:18:41 UTC (rev 5813) @@ -1,3 +1,8 @@ +2009-11-09 Michael Meyer + + * cnvts/find_service/find_service.c: + Removed HAVE_SSL remains. + 2009-10-26 Michael Wiegand Post-release version bump. Modified: trunk/openvas-scanner/cnvts/find_service/find_service.c =================================================================== --- trunk/openvas-scanner/cnvts/find_service/find_service.c 2009-11-09 10:17:02 UTC (rev 5812) +++ trunk/openvas-scanner/cnvts/find_service/find_service.c 2009-11-09 10:18:41 UTC (rev 5813) @@ -34,12 +34,10 @@ #define EN_SUMM "Find what is listening on which port" -#ifdef HAVE_SSL #define CERT_FILE "SSL certificate : " #define KEY_FILE "SSL private key : " #define PEM_PASS "PEM password : " #define CA_FILE "CA file : " -#endif #define CNX_TIMEOUT_PREF "Network connection timeout : " #define RW_TIMEOUT_PREF "Network read/write timeout : " #ifdef DETECT_WRAPPED_SVC @@ -84,7 +82,6 @@ add_plugin_preference(desc, WRAP_TIMEOUT_PREF, PREF_ENTRY, "2"); #endif -#ifdef HAVE_SSL add_plugin_preference(desc, CERT_FILE, PREF_FILE, ""); add_plugin_preference(desc, KEY_FILE, PREF_FILE, ""); add_plugin_preference(desc, PEM_PASS, PREF_PASSWORD, ""); @@ -92,7 +89,6 @@ #define TEST_SSL_PREF "Test SSL based services" add_plugin_preference(desc, TEST_SSL_PREF, PREF_RADIO, "Known SSL ports;All;None"); -#endif plug_set_timeout(desc, PLUGIN_TIMEOUT * 4); return (0); } @@ -1978,7 +1974,6 @@ plug_set_port_transport(desc, port, trp); (void) stream_set_timeout(port, rw_timeout2); -#ifdef HAVE_SSL if (IS_ENCAPS_SSL(trp)) { char report[160]; snprintf(report, sizeof(report), "A %s server answered on this port\n", @@ -1986,9 +1981,7 @@ post_note(desc, port, report); plug_set_key(desc, "Transport/SSL", ARG_INT, (void *) port); } -#endif - #define HTTP_GET "GET / HTTP/1.0\r\n\r\n" len = 0; @@ -2658,7 +2651,6 @@ struct arglist *globals = arg_get_value(desc, "globals"); int one_true_pipe = GPOINTER_TO_SIZE(arg_get_value(globals, "global_socket")); int test_ssl = 0; -#ifdef HAVE_SSL char *key = get_plugin_preference(desc, KEY_FILE); char *cert = get_plugin_preference(desc, CERT_FILE); char *pempass = get_plugin_preference(desc, PEM_PASS); @@ -2701,10 +2693,8 @@ plug_set_ssl_pem_password(desc, pempass); if (cafile != NULL) plug_set_ssl_CA_file(desc, cafile); -#endif /* HAVE_SSL */ - signal(SIGTERM, sigterm); signal(SIGCHLD, sigchld); if (num_sons_s != NULL) From scm-commit at wald.intevation.org Mon Nov 9 12:06:20 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 9 Nov 2009 12:06:20 +0100 (CET) Subject: [Openvas-commits] r5814 - in trunk/openvas-plugins: . scripts Message-ID: <20091109110620.30316865F4A6@pyrosoma.intevation.org> Author: mime Date: 2009-11-09 12:06:17 +0100 (Mon, 09 Nov 2009) New Revision: 5814 Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/cherokee_36874.nasl Log: Modified because only Cherokee on Windows is affected Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-11-09 10:18:41 UTC (rev 5813) +++ trunk/openvas-plugins/ChangeLog 2009-11-09 11:06:17 UTC (rev 5814) @@ -1,5 +1,10 @@ -2009-11-06 Michael Meyer +2009-11-09 Michael Meyer + * scripts/cherokee_36874.nasl: + Modified because only Cherokee on Windows is affected. + +2009-11-09 Michael Meyer + * scripts/novell_edirectory_36902.nasl: Added new plugin. Modified: trunk/openvas-plugins/scripts/cherokee_36874.nasl =================================================================== --- trunk/openvas-plugins/scripts/cherokee_36874.nasl 2009-11-09 10:18:41 UTC (rev 5813) +++ trunk/openvas-plugins/scripts/cherokee_36874.nasl 2009-11-09 11:06:17 UTC (rev 5814) @@ -49,7 +49,7 @@ Risk factor : Medium"; script_description(desc); - script_summary("Determine if Cherokee Web Server version is <= 0.5.4"); + script_summary("Determine if Cherokee Web Server is prone to a directory-traversal vulnerability"); script_category(ACT_GATHER_INFO); script_family("Web Servers"); script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); @@ -59,7 +59,7 @@ } include("http_func.inc"); -include("version_func.inc"); +include("http_keepalive.inc"); port = get_http_port(default:80); if(!get_port_state(port))exit(0); @@ -67,18 +67,18 @@ banner = get_http_banner(port: port); if(!banner)exit(0); -if("Cherokee" >< banner) { +if("Cherokee" >< banner && "Win" >< banner) { + + url = string("/\\../\\../\\../boot.ini"); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req, bodyonly:TRUE); + if( buf == NULL )exit(0); - if(!version = eregmatch(pattern:"Server: Cherokee/([0-9.]+)", string:banner))exit(0); - vers = version[1]; + if(egrep(pattern:"\[boot loader\]", string: buf)) { + security_warning(port:port); + exit(0); + } +} - if(!isnull(vers)) { - if(version_is_less_equal(version: vers,test_version:"0.5.4")) { - security_warning(port:port); - exit(0); - } - } - } - exit(0); From scm-commit at wald.intevation.org Mon Nov 9 12:10:06 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 9 Nov 2009 12:10:06 +0100 (CET) Subject: [Openvas-commits] r5815 - in trunk/openvas-libraries: . doc Message-ID: <20091109111006.E793E865F4A6@pyrosoma.intevation.org> Author: mwiegand Date: 2009-11-09 12:10:06 +0100 (Mon, 09 Nov 2009) New Revision: 5815 Modified: trunk/openvas-libraries/CHANGES trunk/openvas-libraries/ChangeLog trunk/openvas-libraries/VERSION trunk/openvas-libraries/doc/Doxyfile trunk/openvas-libraries/doc/Doxyfile_full Log: Preparing the openvas-libraries 3.0.0-beta6 release. * CHANGES: Updated. * VERSION: Set to 3.0.0.beta6. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. Modified: trunk/openvas-libraries/CHANGES =================================================================== --- trunk/openvas-libraries/CHANGES 2009-11-09 11:06:17 UTC (rev 5814) +++ trunk/openvas-libraries/CHANGES 2009-11-09 11:10:06 UTC (rev 5815) @@ -1,3 +1,51 @@ +openvas-libraries 3.0.0-beta6 (2009-11-09) + +This release is the sixth beta version of openvas-libraries +leading up to the upcoming 3.0 release of OpenVAS. +It introduces a significantly improved and changed source +code architecture and therefore introduces a new API for the +other OpenVAS components. + +OpenVAS 3.0 will introduce a new architecture where openvas-libraries +now includes openvas-libnasl as well as redundant code from openvas-client +and where openvas-server is renamed to openvas-scanner and includes any +platform-dependent elements of openvas-plugins. As a result of this, +the source code will shrink, though new features will be added. Also, +for running the scanner now only 2 modules are required (instead of 4 +as for OpenVAS 2.0). + +New features of OpenVAS include support for IPv6 and WMI-Clients. +Version 3.0 prepares the new OpenVAS Manager and OpenVAS Administrator +as optional extension. This combination leverages the vulnerability +scanner to a comprehensive vulnerability management solution. + +The "beta" releases are intended to allow testing of the upcoming +3.0 series. It should be kept separate from OpenVAS 2.0 installations +and not be used in a production environment. + +Many thanks to everyone who has contributed to the 3.0.0 release: +Chandrashekhar B, Marcus Brinkmann, Tim Brown, Vlatko Kosturjak, Michael Meyer, +Matthew Mundell, Laban Mwangi, Srinivasa NL, Jan Wagner, Jan-Oliver Wagner, +Michael Wiegand and Felix Wolfsteller. + +Main changes compared to 2.0.x: + +* IPv6 support +* WMI-Client support +* Integration of openvas-libnasl +* New library "base" +* New library "omp" +* Former libopenvas renamed to libopenvas_misc +* New NVT cache implementation to overcome limitations +* Several files from openvas-client integrated +* Use of "cmake" to build base, omp and nasl +* glib dependency raised from 2.6 to 2.12 + +Main changes compared to 3.0.0-beta5: + +* XML parsing has been made more robust. + + openvas-libraries 3.0.0-beta5 (2009-10-26) This release is the fifth beta version of openvas-libraries Modified: trunk/openvas-libraries/ChangeLog =================================================================== --- trunk/openvas-libraries/ChangeLog 2009-11-09 11:06:17 UTC (rev 5814) +++ trunk/openvas-libraries/ChangeLog 2009-11-09 11:10:06 UTC (rev 5815) @@ -1,3 +1,13 @@ +2009-11-09 Michael Wiegand + + Preparing the openvas-libraries 3.0.0-beta6 release. + + * CHANGES: Updated. + + * VERSION: Set to 3.0.0.beta6. + + * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. + 2009-10-30 Matthew Mundell * omp/omp.c (read_entity_and_string): New function. Body from Modified: trunk/openvas-libraries/VERSION =================================================================== --- trunk/openvas-libraries/VERSION 2009-11-09 11:06:17 UTC (rev 5814) +++ trunk/openvas-libraries/VERSION 2009-11-09 11:10:06 UTC (rev 5815) @@ -1 +1 @@ -3.0.0.beta6.SVN +3.0.0.beta6 Modified: trunk/openvas-libraries/doc/Doxyfile =================================================================== --- trunk/openvas-libraries/doc/Doxyfile 2009-11-09 11:06:17 UTC (rev 5814) +++ trunk/openvas-libraries/doc/Doxyfile 2009-11-09 11:10:06 UTC (rev 5815) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 3.0.0.beta6.SVN +PROJECT_NUMBER = 3.0.0.beta6 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. Modified: trunk/openvas-libraries/doc/Doxyfile_full =================================================================== --- trunk/openvas-libraries/doc/Doxyfile_full 2009-11-09 11:06:17 UTC (rev 5814) +++ trunk/openvas-libraries/doc/Doxyfile_full 2009-11-09 11:10:06 UTC (rev 5815) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 3.0.0.beta6.SVN +PROJECT_NUMBER = 3.0.0.beta6 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. From scm-commit at wald.intevation.org Mon Nov 9 12:17:20 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 9 Nov 2009 12:17:20 +0100 (CET) Subject: [Openvas-commits] r5816 - tags Message-ID: <20091109111720.A8B30861EABE@pyrosoma.intevation.org> Author: mwiegand Date: 2009-11-09 12:17:20 +0100 (Mon, 09 Nov 2009) New Revision: 5816 Added: tags/openvas-libraries-release-3.0.0-beta6/ Log: Tagging openvas-libraries 3.0.0-beta6 release. Copied: tags/openvas-libraries-release-3.0.0-beta6 (from rev 5815, trunk/openvas-libraries) From scm-commit at wald.intevation.org Mon Nov 9 12:20:12 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 9 Nov 2009 12:20:12 +0100 (CET) Subject: [Openvas-commits] r5817 - in trunk/openvas-libraries: . doc Message-ID: <20091109112012.C45CB861EABE@pyrosoma.intevation.org> Author: mwiegand Date: 2009-11-09 12:20:12 +0100 (Mon, 09 Nov 2009) New Revision: 5817 Modified: trunk/openvas-libraries/ChangeLog trunk/openvas-libraries/VERSION trunk/openvas-libraries/doc/Doxyfile trunk/openvas-libraries/doc/Doxyfile_full Log: Post-release version bump. * VERSION: Set to 3.0.0.beta7.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. Modified: trunk/openvas-libraries/ChangeLog =================================================================== --- trunk/openvas-libraries/ChangeLog 2009-11-09 11:17:20 UTC (rev 5816) +++ trunk/openvas-libraries/ChangeLog 2009-11-09 11:20:12 UTC (rev 5817) @@ -1,5 +1,13 @@ 2009-11-09 Michael Wiegand + Post-release version bump. + + * VERSION: Set to 3.0.0.beta7.SVN. + + * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. + +2009-11-09 Michael Wiegand + Preparing the openvas-libraries 3.0.0-beta6 release. * CHANGES: Updated. Modified: trunk/openvas-libraries/VERSION =================================================================== --- trunk/openvas-libraries/VERSION 2009-11-09 11:17:20 UTC (rev 5816) +++ trunk/openvas-libraries/VERSION 2009-11-09 11:20:12 UTC (rev 5817) @@ -1 +1 @@ -3.0.0.beta6 +3.0.0.beta7.SVN Modified: trunk/openvas-libraries/doc/Doxyfile =================================================================== --- trunk/openvas-libraries/doc/Doxyfile 2009-11-09 11:17:20 UTC (rev 5816) +++ trunk/openvas-libraries/doc/Doxyfile 2009-11-09 11:20:12 UTC (rev 5817) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 3.0.0.beta6 +PROJECT_NUMBER = 3.0.0.beta7.SVN # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. Modified: trunk/openvas-libraries/doc/Doxyfile_full =================================================================== --- trunk/openvas-libraries/doc/Doxyfile_full 2009-11-09 11:17:20 UTC (rev 5816) +++ trunk/openvas-libraries/doc/Doxyfile_full 2009-11-09 11:20:12 UTC (rev 5817) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 3.0.0.beta6 +PROJECT_NUMBER = 3.0.0.beta7.SVN # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. From scm-commit at wald.intevation.org Mon Nov 9 12:23:12 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 9 Nov 2009 12:23:12 +0100 (CET) Subject: [Openvas-commits] r5818 - in trunk/openvas-manager: . doc Message-ID: <20091109112312.3D1B3861EAB4@pyrosoma.intevation.org> Author: mwiegand Date: 2009-11-09 12:23:11 +0100 (Mon, 09 Nov 2009) New Revision: 5818 Modified: trunk/openvas-manager/CHANGES trunk/openvas-manager/CMakeLists.txt trunk/openvas-manager/ChangeLog trunk/openvas-manager/VERSION trunk/openvas-manager/doc/Doxyfile trunk/openvas-manager/doc/Doxyfile_full Log: Preparing the openvas-manager 0.9.3 release. * VERSION: Set to 0.9.3. * CMakeLists.txt: CPACK_PACKAGE_VERSION_PATCH updated. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. * CHANGES: Updated. Modified: trunk/openvas-manager/CHANGES =================================================================== --- trunk/openvas-manager/CHANGES 2009-11-09 11:20:12 UTC (rev 5817) +++ trunk/openvas-manager/CHANGES 2009-11-09 11:23:11 UTC (rev 5818) @@ -1,3 +1,24 @@ +openvas-manager 0.9.3 (2009-11-09) + +This is the ninth development release of the openvas-manager module +for the Open Vulnerability Assessment System (OpenVAS). + +Many thanks to everyone who has contributed to this release: +Matthew Mundell, Felix Wolfsteller and Michael Wiegand. + +Main changes since 0.9.2: + +* Database handling and migration has been improved. +* Code cleanup. +* NVT selection based on the family attributed has been introduced. +* Sorting parameters have been added to most data retrieval commands. +* Support for retrieving NVT preferences has been introduced. +* The NBE output has been harmonized with the NBE output of openvas-client. +* Support for filtering results has been added. +* The layout of the LaTeX reports has been improved. +* The layout of the PDF reports has been improved. + + openvas-manager 0.9.2 (2009-10-26) This is the eigth development release of the openvas-manager module Modified: trunk/openvas-manager/CMakeLists.txt =================================================================== --- trunk/openvas-manager/CMakeLists.txt 2009-11-09 11:20:12 UTC (rev 5817) +++ trunk/openvas-manager/CMakeLists.txt 2009-11-09 11:23:11 UTC (rev 5818) @@ -49,7 +49,7 @@ SET(CPACK_TOPLEVEL_TAG "") SET(CPACK_PACKAGE_VERSION_MAJOR "0") SET(CPACK_PACKAGE_VERSION_MINOR "9") -SET(CPACK_PACKAGE_VERSION_PATCH "3.SVN") +SET(CPACK_PACKAGE_VERSION_PATCH "3") SET(CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.${CPACK_PACKAGE_VERSION_PATCH}") SET(CPACK_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}") SET(CPACK_SOURCE_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}") Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2009-11-09 11:20:12 UTC (rev 5817) +++ trunk/openvas-manager/ChangeLog 2009-11-09 11:23:11 UTC (rev 5818) @@ -1,3 +1,15 @@ +2009-11-09 Michael Wiegand + + Preparing the openvas-manager 0.9.3 release. + + * VERSION: Set to 0.9.3. + + * CMakeLists.txt: CPACK_PACKAGE_VERSION_PATCH updated. + + * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. + + * CHANGES: Updated. + 2009-11-06 Felix Wolfsteller Improved pdf report generation: Use longtable environment for issues Modified: trunk/openvas-manager/VERSION =================================================================== --- trunk/openvas-manager/VERSION 2009-11-09 11:20:12 UTC (rev 5817) +++ trunk/openvas-manager/VERSION 2009-11-09 11:23:11 UTC (rev 5818) @@ -1 +1 @@ -0.9.3.SVN +0.9.3 Modified: trunk/openvas-manager/doc/Doxyfile =================================================================== --- trunk/openvas-manager/doc/Doxyfile 2009-11-09 11:20:12 UTC (rev 5817) +++ trunk/openvas-manager/doc/Doxyfile 2009-11-09 11:23:11 UTC (rev 5818) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 0.9.3.SVN +PROJECT_NUMBER = 0.9.3 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. Modified: trunk/openvas-manager/doc/Doxyfile_full =================================================================== --- trunk/openvas-manager/doc/Doxyfile_full 2009-11-09 11:20:12 UTC (rev 5817) +++ trunk/openvas-manager/doc/Doxyfile_full 2009-11-09 11:23:11 UTC (rev 5818) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 0.9.3.SVN +PROJECT_NUMBER = 0.9.3 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. From scm-commit at wald.intevation.org Mon Nov 9 12:33:10 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 9 Nov 2009 12:33:10 +0100 (CET) Subject: [Openvas-commits] r5819 - tags Message-ID: <20091109113310.AC29985D9F67@pyrosoma.intevation.org> Author: mwiegand Date: 2009-11-09 12:33:09 +0100 (Mon, 09 Nov 2009) New Revision: 5819 Added: tags/openvas-manager-release-0.9.3/ Log: Tagging openvas-manager 0.9.3 release. Copied: tags/openvas-manager-release-0.9.3 (from rev 5818, trunk/openvas-manager) From scm-commit at wald.intevation.org Mon Nov 9 12:35:22 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 9 Nov 2009 12:35:22 +0100 (CET) Subject: [Openvas-commits] r5820 - in trunk/openvas-manager: . doc Message-ID: <20091109113522.A9400861EAB4@pyrosoma.intevation.org> Author: mwiegand Date: 2009-11-09 12:35:21 +0100 (Mon, 09 Nov 2009) New Revision: 5820 Modified: trunk/openvas-manager/CMakeLists.txt trunk/openvas-manager/ChangeLog trunk/openvas-manager/VERSION trunk/openvas-manager/doc/Doxyfile trunk/openvas-manager/doc/Doxyfile_full Log: Post-release version bump. * VERSION: Set to 0.9.4.SVN. * CMakeLists.txt: CPACK_PACKAGE_VERSION_PATCH updated. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. Modified: trunk/openvas-manager/CMakeLists.txt =================================================================== --- trunk/openvas-manager/CMakeLists.txt 2009-11-09 11:33:09 UTC (rev 5819) +++ trunk/openvas-manager/CMakeLists.txt 2009-11-09 11:35:21 UTC (rev 5820) @@ -49,7 +49,7 @@ SET(CPACK_TOPLEVEL_TAG "") SET(CPACK_PACKAGE_VERSION_MAJOR "0") SET(CPACK_PACKAGE_VERSION_MINOR "9") -SET(CPACK_PACKAGE_VERSION_PATCH "3") +SET(CPACK_PACKAGE_VERSION_PATCH "4.SVN") SET(CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.${CPACK_PACKAGE_VERSION_PATCH}") SET(CPACK_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}") SET(CPACK_SOURCE_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}") Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2009-11-09 11:33:09 UTC (rev 5819) +++ trunk/openvas-manager/ChangeLog 2009-11-09 11:35:21 UTC (rev 5820) @@ -1,5 +1,15 @@ 2009-11-09 Michael Wiegand + Post-release version bump. + + * VERSION: Set to 0.9.4.SVN. + + * CMakeLists.txt: CPACK_PACKAGE_VERSION_PATCH updated. + + * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. + +2009-11-09 Michael Wiegand + Preparing the openvas-manager 0.9.3 release. * VERSION: Set to 0.9.3. Modified: trunk/openvas-manager/VERSION =================================================================== --- trunk/openvas-manager/VERSION 2009-11-09 11:33:09 UTC (rev 5819) +++ trunk/openvas-manager/VERSION 2009-11-09 11:35:21 UTC (rev 5820) @@ -1 +1 @@ -0.9.3 +0.9.4.SVN Modified: trunk/openvas-manager/doc/Doxyfile =================================================================== --- trunk/openvas-manager/doc/Doxyfile 2009-11-09 11:33:09 UTC (rev 5819) +++ trunk/openvas-manager/doc/Doxyfile 2009-11-09 11:35:21 UTC (rev 5820) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 0.9.3 +PROJECT_NUMBER = 0.9.4.SVN # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. Modified: trunk/openvas-manager/doc/Doxyfile_full =================================================================== --- trunk/openvas-manager/doc/Doxyfile_full 2009-11-09 11:33:09 UTC (rev 5819) +++ trunk/openvas-manager/doc/Doxyfile_full 2009-11-09 11:35:21 UTC (rev 5820) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 0.9.3 +PROJECT_NUMBER = 0.9.4.SVN # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. From scm-commit at wald.intevation.org Mon Nov 9 12:40:27 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 9 Nov 2009 12:40:27 +0100 (CET) Subject: [Openvas-commits] r5821 - in trunk/openvas-client: . doc Message-ID: <20091109114027.55FB1861EAB4@pyrosoma.intevation.org> Author: mwiegand Date: 2009-11-09 12:40:26 +0100 (Mon, 09 Nov 2009) New Revision: 5821 Modified: trunk/openvas-client/CHANGES trunk/openvas-client/ChangeLog trunk/openvas-client/VERSION trunk/openvas-client/doc/Doxyfile trunk/openvas-client/doc/Doxyfile_full Log: Preparing the openvas-client 3.0.0-beta4 release. * VERSION: Set to 3.0.0.beta4. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. * CHANGES: Updated. Modified: trunk/openvas-client/CHANGES =================================================================== --- trunk/openvas-client/CHANGES 2009-11-09 11:35:21 UTC (rev 5820) +++ trunk/openvas-client/CHANGES 2009-11-09 11:40:26 UTC (rev 5821) @@ -1,3 +1,49 @@ +openvas-client 3.0.0-beta4 (2009-11-09) + +This release is the fourth beta version of openvas-client +leading up to the upcoming 3.0 release of OpenVAS. + +OpenVAS 3.0 will introduce a new architecture where openvas-libraries +is now mandatory dependency for openvas-client (removing a +significant amount of redundant source code). + +New features of OpenVAS-Client include support for IPv6 and +OpenVAS Management Protocol (OMP). The latter is optional for +use of the new OpenVAS Manager. OpenVAS-Client 3.0 remains +compatible with OpenVAS 2.0 Scanners. + +The "beta" releases are intended to allow testing of the upcoming +3.0 series. It should be kept separate from OpenVAS 2.0 installations +and not be used in a production environment. + +Many thanks to everyone who has contributed to the 3.0.0 release: +Marcus Brinkmann, Tim Brown, Matthew Mundell, Jan-Oliver Wagner, +Michael Wiegand and Felix Wolfsteller. + +Main changes compared to 2.0.x: + +* IPv6 support +* Integration of OMP Support (to be activated at compile time) + It is even possible to configure the client at compile time + to use only OMP. +* Introduces dependency to openvas-libraries +* Redundant consolidated into openvas-libraries and removed +* Migration from OpenSSL to GNUTLS for the SSL-based + communication encryption +* glib dependency raised from 2.6 to 2.12 +* openvasclient-mkrand is removed + +Main changes compared to 3.0.0-beta3: + +* omp-cli now respects the verbosity flag properly. +* Internal reorganisations and cleanups. +* Saving an openvasrc file is now possible via the menu when in OMP mode. +* Error handling has been improved for cases when a NVT can not be found in the + client cache. +* Cache handling for OMP connections has been improved. +* An encoding issue in the report display has been fixed. + + openvas-client 3.0.0-beta3 (2009-10-26) This release is the third beta version of openvas-client Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-11-09 11:35:21 UTC (rev 5820) +++ trunk/openvas-client/ChangeLog 2009-11-09 11:40:26 UTC (rev 5821) @@ -1,3 +1,13 @@ +2009-11-09 Michael Wiegand + + Preparing the openvas-client 3.0.0-beta4 release. + + * VERSION: Set to 3.0.0.beta4. + + * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. + + * CHANGES: Updated. + 2009-11-06 Michael Wiegand Fixed an issue where the content of a report was not properly inserted Modified: trunk/openvas-client/VERSION =================================================================== --- trunk/openvas-client/VERSION 2009-11-09 11:35:21 UTC (rev 5820) +++ trunk/openvas-client/VERSION 2009-11-09 11:40:26 UTC (rev 5821) @@ -1 +1 @@ -3.0.0.beta4.SVN +3.0.0.beta4 Modified: trunk/openvas-client/doc/Doxyfile =================================================================== --- trunk/openvas-client/doc/Doxyfile 2009-11-09 11:35:21 UTC (rev 5820) +++ trunk/openvas-client/doc/Doxyfile 2009-11-09 11:40:26 UTC (rev 5821) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 3.0.0.beta4.SVN +PROJECT_NUMBER = 3.0.0.beta4 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. Modified: trunk/openvas-client/doc/Doxyfile_full =================================================================== --- trunk/openvas-client/doc/Doxyfile_full 2009-11-09 11:35:21 UTC (rev 5820) +++ trunk/openvas-client/doc/Doxyfile_full 2009-11-09 11:40:26 UTC (rev 5821) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 3.0.0.beta4.SVN +PROJECT_NUMBER = 3.0.0.beta4 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. From scm-commit at wald.intevation.org Mon Nov 9 12:50:06 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 9 Nov 2009 12:50:06 +0100 (CET) Subject: [Openvas-commits] r5822 - trunk/openvas-client Message-ID: <20091109115006.7FF72861EAB4@pyrosoma.intevation.org> Author: mwiegand Date: 2009-11-09 12:50:05 +0100 (Mon, 09 Nov 2009) New Revision: 5822 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/MANIFEST Log: Last minute fix. * MANIFEST: Remove packaging/debian from MANIFEST since it is not shipped with the source tarball anymore. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-11-09 11:40:26 UTC (rev 5821) +++ trunk/openvas-client/ChangeLog 2009-11-09 11:50:05 UTC (rev 5822) @@ -1,5 +1,12 @@ 2009-11-09 Michael Wiegand + Last minute fix. + + * MANIFEST: Remove packaging/debian from MANIFEST since it is not + shipped with the source tarball anymore. + +2009-11-09 Michael Wiegand + Preparing the openvas-client 3.0.0-beta4 release. * VERSION: Set to 3.0.0.beta4. Modified: trunk/openvas-client/MANIFEST =================================================================== --- trunk/openvas-client/MANIFEST 2009-11-09 11:40:26 UTC (rev 5821) +++ trunk/openvas-client/MANIFEST 2009-11-09 11:50:05 UTC (rev 5822) @@ -161,7 +161,6 @@ openvas/xpm/white.xpm openvas/xpm/yellow.xpm openvasclient-mkcert.in -packaging/debian/ po/de.po po/es.po po/fr.po From scm-commit at wald.intevation.org Mon Nov 9 12:57:13 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 9 Nov 2009 12:57:13 +0100 (CET) Subject: [Openvas-commits] r5823 - tags Message-ID: <20091109115713.33B29865F4A6@pyrosoma.intevation.org> Author: mwiegand Date: 2009-11-09 12:57:10 +0100 (Mon, 09 Nov 2009) New Revision: 5823 Added: tags/openvas-client-release-3.0.0-beta4/ Log: Tagging openvas-client 3.0.0-beta4 release. Copied: tags/openvas-client-release-3.0.0-beta4 (from rev 5822, trunk/openvas-client) From scm-commit at wald.intevation.org Mon Nov 9 12:58:53 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 9 Nov 2009 12:58:53 +0100 (CET) Subject: [Openvas-commits] r5824 - in trunk/openvas-client: . doc Message-ID: <20091109115853.9C73D865F46E@pyrosoma.intevation.org> Author: mwiegand Date: 2009-11-09 12:58:52 +0100 (Mon, 09 Nov 2009) New Revision: 5824 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/VERSION trunk/openvas-client/doc/Doxyfile trunk/openvas-client/doc/Doxyfile_full Log: Post-release version bump. * VERSION: Set to 3.0.0.beta5.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-11-09 11:57:10 UTC (rev 5823) +++ trunk/openvas-client/ChangeLog 2009-11-09 11:58:52 UTC (rev 5824) @@ -1,5 +1,13 @@ 2009-11-09 Michael Wiegand + Post-release version bump. + + * VERSION: Set to 3.0.0.beta5.SVN. + + * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. + +2009-11-09 Michael Wiegand + Last minute fix. * MANIFEST: Remove packaging/debian from MANIFEST since it is not Modified: trunk/openvas-client/VERSION =================================================================== --- trunk/openvas-client/VERSION 2009-11-09 11:57:10 UTC (rev 5823) +++ trunk/openvas-client/VERSION 2009-11-09 11:58:52 UTC (rev 5824) @@ -1 +1 @@ -3.0.0.beta4 +3.0.0.beta5.SVN Modified: trunk/openvas-client/doc/Doxyfile =================================================================== --- trunk/openvas-client/doc/Doxyfile 2009-11-09 11:57:10 UTC (rev 5823) +++ trunk/openvas-client/doc/Doxyfile 2009-11-09 11:58:52 UTC (rev 5824) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 3.0.0.beta4 +PROJECT_NUMBER = 3.0.0.beta5.SVN # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. Modified: trunk/openvas-client/doc/Doxyfile_full =================================================================== --- trunk/openvas-client/doc/Doxyfile_full 2009-11-09 11:57:10 UTC (rev 5823) +++ trunk/openvas-client/doc/Doxyfile_full 2009-11-09 11:58:52 UTC (rev 5824) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 3.0.0.beta4 +PROJECT_NUMBER = 3.0.0.beta5.SVN # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. From scm-commit at wald.intevation.org Mon Nov 9 14:01:47 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 9 Nov 2009 14:01:47 +0100 (CET) Subject: [Openvas-commits] r5825 - in trunk/openvas-plugins: . scripts Message-ID: <20091109130147.1A53A865F4A0@pyrosoma.intevation.org> Author: chandra Date: 2009-11-09 14:01:44 +0100 (Mon, 09 Nov 2009) New Revision: 5825 Added: trunk/openvas-plugins/scripts/gb_adobe_shockwave_player_mult_code_exe_vuln.nasl trunk/openvas-plugins/scripts/gb_html_parser_detect_lin.nasl trunk/openvas-plugins/scripts/gb_html_parser_dos_vuln_nov09_lin.nasl trunk/openvas-plugins/scripts/gb_ibm_java_jre_xml4j_unspecified_vuln.nasl trunk/openvas-plugins/scripts/gb_novell_groupwise_client_activex_bof_vuln.nasl Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/cve_current.txt trunk/openvas-plugins/scripts/secpod_adobe_shockwave_player_bof_vuln.nasl trunk/openvas-plugins/scripts/secpod_novell_prdts_detect_win.nasl Log: Added new plugins Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-11-09 11:58:52 UTC (rev 5824) +++ trunk/openvas-plugins/ChangeLog 2009-11-09 13:01:44 UTC (rev 5825) @@ -1,3 +1,18 @@ +2009-11-09 Chandrashekhar B + + * scripts/gb_html_parser_detect_lin.nasl, + scripts/gb_novell_groupwise_client_activex_bof_vuln.nasl, + scripts/gb_adobe_shockwave_player_mult_code_exe_vuln.nasl, + scripts/gb_html_parser_dos_vuln_nov09_lin.nasl, + scripts/gb_ibm_java_jre_xml4j_unspecified_vuln.nasl: + Added new plugins + + * scripts/secpod_novell_prdts_detect_win.nasl: + Added check for Novell Groupwise client. + + * scripts/secpod_adobe_shockwave_player_bof_vuln.nasl: + Updated the solution. + 2009-11-09 Michael Meyer * scripts/cherokee_36874.nasl: Modified: trunk/openvas-plugins/cve_current.txt =================================================================== --- trunk/openvas-plugins/cve_current.txt 2009-11-09 11:58:52 UTC (rev 5824) +++ trunk/openvas-plugins/cve_current.txt 2009-11-09 13:01:44 UTC (rev 5825) @@ -227,7 +227,7 @@ CVE-2009-3626 SecPod svn L CVE-2009-3832 SecPod svn L CVE-2009-3831 SecPod svn L -CVE-2009-3627 +CVE-2009-3627 SecPod svn L CVE-2009-3664 SecPod svn R CVE-2009-3665 SecPod svn R CVE-2009-3666 SecPod svn R @@ -245,8 +245,14 @@ CVE-2009-2267 SecPod svn L CVE-2009-3733 SecPod svn L CVE-2009-3862 SecPod -CVE-2009-3860 SecPod +CVE-2009-3860 SecPod CVE-2009-3838 SecPod svn L -CVE-2009-3863 SecPod +CVE-2009-3863 SecPod svn L CVE-2009-3837 SecPod svn L 36902 Greenbone svn R +CVE-2009-3463 SecPod svn L +CVE-2009-3464 SecPod svn L +CVE-2009-3465 SecPod svn L +CVE-2009-3466 SecPod svn L +CVE-2009-3852 SecPod svn L + Added: trunk/openvas-plugins/scripts/gb_adobe_shockwave_player_mult_code_exe_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_adobe_shockwave_player_mult_code_exe_vuln.nasl 2009-11-09 11:58:52 UTC (rev 5824) +++ trunk/openvas-plugins/scripts/gb_adobe_shockwave_player_mult_code_exe_vuln.nasl 2009-11-09 13:01:44 UTC (rev 5825) @@ -0,0 +1,89 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_adobe_shockwave_player_mult_code_exe_vuln.nasl 937 2009-11-06 12:24:24Z nov $ +# +# Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities +# +# Authors: +# Nikita MR +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800971); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-3463", "CVE-2009-3464", "CVE-2009-3465", + "CVE-2009-3466"); + script_bugtraq_id(36905); + script_name("Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities"); + desc = " + Overview: This host is installed with Adobe Shockwave Player and is prone + to Multiple Remote Code Execution Vulnerabilities. + + Vulnerability Insight: + - Multiple errors ocur due to the use of invalid index and invalid pointer + while processing specially crafted Shockwave content. + - An error while processing invalid string lenghts can result in memory + corruption. + + Impact: + Successful exploitation will let the attacker execute arbitrary code in the + context of the affected application by tricking a user into visiting a + specially crafted web page. + + Impact Level: Application. + + Affected Software/OS: + Adobe Shockwave Player prior to 11.5.2.602 on Windows. + + Fix: Upgrade to Adobe Shockwave Player 11.5.2.602 + http://get.adobe.com/shockwave/otherversions/ + + References: + http://www.vupen.com/english/advisories/2009/3134 + http://securitytracker.com/alerts/2009/Nov/1023123.html + http://www.adobe.com/support/security/bulletins/apsb09-16.html + + CVSS Score: + CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 7.8 + Risk factor: High"; + + script_description(desc); + script_summary("Check for the version of Adobe Shockwave Player"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Greenbone Networks GmbH"); + script_family("General"); + script_dependencies("secpod_adobe_shockwave_player_detect.nasl"); + script_require_keys("Adobe/ShockwavePlayer/Ver"); + exit(0); +} + + +include("version_func.inc"); + +shockVer = get_kb_item("Adobe/ShockwavePlayer/Ver"); +if(!shockVer){ + exit(0); +} + +# Check for versions prior to 11.5.2.602 +if(version_is_less(version:shockVer, test_version:"11.5.2.602")){ + security_hole(0); +} Added: trunk/openvas-plugins/scripts/gb_html_parser_detect_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_html_parser_detect_lin.nasl 2009-11-09 11:58:52 UTC (rev 5824) +++ trunk/openvas-plugins/scripts/gb_html_parser_detect_lin.nasl 2009-11-09 13:01:44 UTC (rev 5825) @@ -0,0 +1,95 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_html_parser_detect_lin.nasl 5568 2009-11-05 14:40:29Z nov $ +# +# HTML Parser Version Detection (Linux) +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801038); + script_version("$Revision: 1.0 $"); + script_name("HTML Parser Version Detection (Linux)"); + desc = " + Overview: The script detects the installed version of HTML Parser and sets the + reuslt into KB. + + Risk Factor: Informational"; + + script_description(desc); + script_summary("Check HTML Parser version"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Greenbone Networks GmbH"); + script_family("Service detection"); + exit(0); +} + + +include("ssh_func.inc"); +include("version_func.inc"); + +parserSock = ssh_login_or_reuse_connection(); +if(!parserSock){ + exit(0); +} + +grep = find_bin(prog_name:"grep", sock:parserSock); +grep = chomp(grep[0]); +garg[0] = "-o"; +garg[1] = "-m1"; +garg[2] = "-a"; +garg[3] = string("XS_VERSION.*"); + +parserName = find_file(file_name:"Parser.so", file_path:"/", useregex:TRUE, + regexpar:"$", sock:parserSock); + +foreach binaryName (parserName) +{ + binaryName = chomp(binaryName); + if(islocalhost()) + { + garg[4] = binaryName; + arg = garg; + } + else + { + arg = garg[0] + " " + garg[1] + " " + garg[2] + " " + raw_string(0x22) + + garg[3] + raw_string(0x22) + " " + binaryName; + } + + parserVer = get_bin_version(full_prog_name:grep, version_argv:arg, + ver_pattern:"XS_VERSION.*", sock:parserSock); + if(parserVer[1] != NULL) + { + parserVer = chomp(parserVer[1]); + parserVer = str_replace(find:raw_string(0x00), replace:"",string:parserVer); + + if("HTML::Parser" >< parserVer || ("bootstrap parameter" >< parserVer)) + { + parserVer = eregmatch(pattern:"([0-9.]+)", string:parserVer); + if(parserVer[1]){ + set_kb_item(name:"HTML-Parser/Linux/Ver", value:parserVer[1]); + } + } + } +} +ssh_close_connection(); Added: trunk/openvas-plugins/scripts/gb_html_parser_dos_vuln_nov09_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_html_parser_dos_vuln_nov09_lin.nasl 2009-11-09 11:58:52 UTC (rev 5824) +++ trunk/openvas-plugins/scripts/gb_html_parser_dos_vuln_nov09_lin.nasl 2009-11-09 13:01:44 UTC (rev 5825) @@ -0,0 +1,93 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_html_parser_dos_vuln_nov09_lin.nasl 5568 2009-11-05 17:15:12Z nov $ +# +# HTML-Parser 'decode_entities()' Denial of Service Vulnerability +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801039); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-3627"); + script_bugtraq_id(36807); + script_name("HTML-Parser 'decode_entities()' Denial of Service Vulnerability"); + desc = " + Overview: This host is installed with HTML-Parser and is prone to Denial of + Service Vulnerability. + + Vulnerability Insight: + The flaw is due to an error within the 'decode_entities()' function in 'utils.c', + which can be exploited to cause an infinite loop by tricking an application into + processing a specially crafted string using this library. + + Impact: + Successful exploitation could result in Denial of Serivce condition. + + Impact Level: Application. + + Affected Software/OS: + HTML-Parser versions prior to 3.63 on Linux. + + Fix: Upgrade to HTML-Parser version 3.63 or later + http://search.cpan.org/CPAN/authors/id/G/GA/GAAS/HTML-Parser-3.63.tar.gz + (or) + Apply the patch, + http://github.com/gisle/html-parser/commit/b9aae1e43eb2c8e989510187cff0ba3e996f9a4c + + ***** + NOTE: Please ignore this warning if the patch is already applied. + ***** + + References: + http://secunia.com/advisories/37155 + http://xforce.iss.net/xforce/xfdb/53941 + http://www.openwall.com/lists/oss-security/2009/10/23/9 + https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225 + + CVSS Score: + CVSS Base Score : 4.3 (AV:N/AC:M/Au:NR/C:N/I:N/A:P) + CVSS Temporal Score : 3.2 + Risk factor: Medium"; + + script_description(desc); + script_summary("Check for the version of HTML Parser"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("Denial of Service"); + script_dependencies("gb_html_parser_detect_lin.nasl"); + script_require_keys("HTML-Parser/Linux/Ver"); + exit(0); +} + + +include("version_func.inc"); + +parserVer = get_kb_item("HTML-Parser/Linux/Ver"); +if(!parserVer){ + exit(0); +} + +# Grep for HTML Parser version < 3.63 +if(version_is_less(version:parserVer, test_version:"3.63")){ + security_warning(0); +} Added: trunk/openvas-plugins/scripts/gb_ibm_java_jre_xml4j_unspecified_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_ibm_java_jre_xml4j_unspecified_vuln.nasl 2009-11-09 11:58:52 UTC (rev 5824) +++ trunk/openvas-plugins/scripts/gb_ibm_java_jre_xml4j_unspecified_vuln.nasl 2009-11-09 13:01:44 UTC (rev 5825) @@ -0,0 +1,89 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_ibm_java_jre_xml4j_unspecified_vuln.nasl 5601 2009-11-09 15:03:20Z nov $ +# +# IBM Runtimes for Java Technology XML4J Unspecified Vulnerability +# +# Authors: +# Nikita MR +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800974); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-3852"); + script_bugtraq_id(36894); + script_name("IBM Runtimes for Java Technology XML4J Unspecified Vulnerability"); + desc = " + Overview: This host is installed with IBM Runtime for Java Technology and + is prone to unspecified vulnerability. + + Vulnerability Insight: + An unspecified error occurs in the 'XML4J' component while parsing XML + code. + + Impact: Unknown impact. + + Affected Software/OS: + IBM Runtimes for Java Technology 5.0.0 before SR10 on Linux. + + Fix: Apply the following patch. + http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg1IZ63920 + + ***** + NOTE: Ignore this warning if above mentioned patch is already applied. + ***** + + References: + http://secunia.com/advisories/37210 + http://xforce.iss.net/xforce/xfdb/54069 + http://www.vupen.com/english/advisories/2009/3106 + + CVSS Score: + CVSS Base Score : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P) + CVSS Temporal Score : 5.5 + Risk factor: High"; + + script_description(desc); + script_summary("Check for the version of IBM Java Runtime"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Greenbone Networks GmbH"); + script_family("General"); + script_dependencies("gb_java_prdts_detect_lin.nasl"); + script_require_keys("IBM/Java/JRE/Linux/Ver"); + exit(0); +} + + +include("version_func.inc"); + +jreVer = get_kb_item("IBM/Java/JRE/Linux/Ver"); +if(!jreVer){ + exit(0); +} + +jreVer = ereg_replace(pattern:"_", string:jreVer, replace: "."); +if(jreVer) +{ + # Check for version < 5.0.0 SR10 (1.5.0.SR10) + if(version_in_range(version:jreVer, test_version:"1.5", test_version2:"1.5.0.SR9")){ + security_hole(0); + } +} Added: trunk/openvas-plugins/scripts/gb_novell_groupwise_client_activex_bof_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_novell_groupwise_client_activex_bof_vuln.nasl 2009-11-09 11:58:52 UTC (rev 5824) +++ trunk/openvas-plugins/scripts/gb_novell_groupwise_client_activex_bof_vuln.nasl 2009-11-09 13:01:44 UTC (rev 5825) @@ -0,0 +1,109 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_novell_groupwise_client_activex_bof_vuln.nasl 5622 2009-11-09 18:45:38Z nov $ +# +# Novell Groupwise Client ActiveX Control Buffer Overflow Vulnerability +# +# Authors: +# Nikita MR +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800973); + script_version("$ Revision: 1.0 $"); + script_cve_id("CVE-2009-3863"); + script_bugtraq_id(36398); + script_name("Novell Groupwise Client ActiveX Control Buffer Overflow Vulnerability"); + desc = " + Overview: This host is installed with Novell Groupwise Client ActiveX Control + and is prone to Buffer Overflow vulnerability. + + Vulnerability Insight: + A boundary error occurs in Novell Groupwise Client ActiveX control (gxmim1.dll) + while handling overly long arguments passed to the 'SetFontFace()' method. + + Impact: + Successful expoitation will allow remote attackers to execute arbitrary + code on the affected system and may crash the client. + + Affected Software/OS: + Novell GroupWise Client 7.0.3.1294 and prior on Windows. + + Fix: + No solution or patch is available as on 09th November, 2009. Information + regarding this issue will be updated once the solution details are available. + For further updates refer, http://www.novell.com/products/groupwise/ + + Workaround: + Set the Killbit for the vulnerable CLSID + http://support.microsoft.com/kb/240797 + + References: + http://www.milw0rm.com/exploits/9683 + http://en.securitylab.ru/nvd/387373.php + + CVSS Score: + CVSS Base Score : 5.0 (AV:N/AC:L/Au:NR/C:N/I:N/A:P) + CVSS Temporal Score : 4.0 + Risk factor: Medium"; + + script_description(desc); + script_summary("Check the version of Novell Groupwise Client ActiveX control"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Greenbone Networks GmbH"); + script_family("Buffer overflow"); + script_dependencies("secpod_novell_prdts_detect_win.nasl"); + script_require_keys("Novell/Groupwise/Client/Win/Ver"); + exit(0); +} + + +include("smb_nt.inc"); +include("version_func.inc"); +include("secpod_activex.inc"); +include("secpod_smb_func.inc"); + +gcVer = get_kb_item("Novell/Groupwise/Client/Win/Ver"); +if(gcVer == NULL){ + exit(0); +} + +if(version_is_less_equal(version:gcVer, test_version:"7.0.3.1294")) +{ + dllPath = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion"+ + "\App Paths\GrpWise.exe", item:"Path"); + if(dllPath == NULL){ + exit(0); + } + + share = ereg_replace(pattern:"([A-Z]):.*",replace:"\1$", string:dllPath); + file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:dllPath+ + "\gxmim1.dll"); + dllVer = GetVer(share:share, file:file); + + # Check if gxmim1.dll version is 7.0.3.1294 or prior + if(version_is_less_equal(version:dllVer, test_version:"7.0.3.1294")) + { + # Check if the Killbits are set + if(is_killbit_set(clsid:"{9796BED2-C1CF-11D2-9384-0008C7396667}") == 0){ + security_warning(0); + } + } +} Modified: trunk/openvas-plugins/scripts/secpod_adobe_shockwave_player_bof_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_adobe_shockwave_player_bof_vuln.nasl 2009-11-09 11:58:52 UTC (rev 5824) +++ trunk/openvas-plugins/scripts/secpod_adobe_shockwave_player_bof_vuln.nasl 2009-11-09 13:01:44 UTC (rev 5825) @@ -7,6 +7,9 @@ # Authors: # Nikita MR # +# Updated the Fix. +# - Nikita MR 2009-11-06 +# # Copyright: # Copyright (c) 2009 SecPod, http://www.secpod.com # @@ -29,7 +32,7 @@ script_id(900949); script_version("$Revision: 1.0$"); script_cve_id("CVE-2009-3244"); - script_bugtraq_id(36434); + script_bugtraq_id(36434, 36905); script_name("Adobe Shockwave Player ActiveX Control BOF Vulnerability"); desc = " Overview: This host has Adobe Shockwave Player ActiveX Control installed @@ -40,7 +43,7 @@ user supplied data containig a long PlayerVersion property value. Impact: - Successful attack could allow attackers to execute of arbitrary code and to + Successful attack could allow attackers to execute arbitrary code and to cause denial of service. Impact Level: Application @@ -48,18 +51,16 @@ Affected Software/OS: Adobe Shockwave Player 11.5.1.601 and prior on Windows. - Fix: - No solution or patch is available as on 24th September, 2009. Information - regarding this issue will be updated once the solution details are available. - http://get.adobe.com/shockwave + Fix: Upgrade to Adobe Shockwave Player 11.5.2.602 + http://get.adobe.com/shockwave/otherversions/ References: http://www.milw0rm.com/exploits/9682 CVSS Score: CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C) - CVSS Temporal Score : 8.4 - Risk factor: Critical"; + CVSS Temporal Score : 7.3 + Risk factor: High"; script_description(desc); script_summary("Check for the version of Adobe Shockwave Player ActiveX Control"); Modified: trunk/openvas-plugins/scripts/secpod_novell_prdts_detect_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_novell_prdts_detect_win.nasl 2009-11-09 11:58:52 UTC (rev 5824) +++ trunk/openvas-plugins/scripts/secpod_novell_prdts_detect_win.nasl 2009-11-09 13:01:44 UTC (rev 5825) @@ -11,6 +11,10 @@ # Date: 24th July 2009 # Changes: Modified the kb name to indicate windows version. # +# Modified by: Nikita MR (rnikita at secpod.com) +# Date: 09th Nov 2009 +# Changes: Added check for Novell Groupwise client. +# # Copyright: # Copyright (c) 2009 SecPod, http://www.secpod.com # @@ -31,10 +35,9 @@ if(description) { script_id(900340); - script_version("Revision: 1.0 "); + script_version("Revision: 1.2"); script_name("Novell Multiple Products Version Detection"); desc = " - Overview : This script detects the installed version of Novell Products and sets the result in KB. @@ -156,3 +159,20 @@ } } } + +# Set kb for Novell Groupwise Client +if(registry_key_exists(key:"SOFTWARE\Novell\GroupWise")) +{ + gcPath = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion"+ + "\App Paths\GrpWise.exe", item:"Path"); + if(gcPath != NULL) + { + share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:gcPath); + file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:gcPath + + "\GrpWise.exe"); + gcVer = GetVer(file:file, share:share); + if(gcVer != NULL){ + set_kb_item(name:"Novell/Groupwise/Client/Win/Ver", value:gcVer); + } + } +} From scm-commit at wald.intevation.org Mon Nov 9 14:45:10 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 9 Nov 2009 14:45:10 +0100 (CET) Subject: [Openvas-commits] r5826 - trunk/doc/website Message-ID: <20091109134510.0795B865F4A6@pyrosoma.intevation.org> Author: mwiegand Date: 2009-11-09 14:45:10 +0100 (Mon, 09 Nov 2009) New Revision: 5826 Modified: trunk/doc/website/template_header.m4 Log: Update versions and download links for the lastest releases. Modified: trunk/doc/website/template_header.m4 =================================================================== --- trunk/doc/website/template_header.m4 2009-11-09 13:01:44 UTC (rev 5825) +++ trunk/doc/website/template_header.m4 2009-11-09 13:45:10 UTC (rev 5826) @@ -178,11 +178,11 @@

OpenVAS 3.0 BETA:
- -libraries 3.0.0-beta5
+ -libraries 3.0.0-beta6
-scanner 3.0.0-beta5
- -client 3.0.0-beta3
+ -client 3.0.0-beta4
Optional:
- -manager 0.9.2
+ -manager 0.9.3
-administrator 0.2.2
From scm-commit at wald.intevation.org Tue Nov 10 08:59:23 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 10 Nov 2009 08:59:23 +0100 (CET) Subject: [Openvas-commits] r5827 - in trunk/openvas-scanner: . openvassd Message-ID: <20091110075923.6310585D9F7C@pyrosoma.intevation.org> Author: felix Date: 2009-11-10 08:59:21 +0100 (Tue, 10 Nov 2009) New Revision: 5827 Modified: trunk/openvas-scanner/ChangeLog trunk/openvas-scanner/openvassd/utils.c Log: * openvassd/utils.c (temp_file_name): Doc, added comment about toctou race condition and why its not totally straight-forward to replace by glib functions. Modified: trunk/openvas-scanner/ChangeLog =================================================================== --- trunk/openvas-scanner/ChangeLog 2009-11-09 13:45:10 UTC (rev 5826) +++ trunk/openvas-scanner/ChangeLog 2009-11-10 07:59:21 UTC (rev 5827) @@ -1,3 +1,9 @@ +2009-11-10 Felix Wolfsteller + + * openvassd/utils.c (temp_file_name): Doc, added comment about toctou + race condition and why its not totally straight-forward to replace by + glib functions. + 2009-11-09 Michael Meyer * cnvts/find_service/find_service.c: Modified: trunk/openvas-scanner/openvassd/utils.c =================================================================== --- trunk/openvas-scanner/openvassd/utils.c 2009-11-09 13:45:10 UTC (rev 5826) +++ trunk/openvas-scanner/openvassd/utils.c 2009-11-10 07:59:21 UTC (rev 5827) @@ -283,11 +283,19 @@ } /** - * Returns a name suitable for a temporary file. + * @brief Returns a name for a temporary file. + * * This function ensures that this name is not taken * already. */ -/** @todo consider using glib functions, the current code is subject to a TOCTOU race condition */ +/** @todo Consider reworking, the current code is subject to a TOCTOU race + * condition. + * Problem is that these temporary files are used to store user-uploaded + * content and are needed by child processes, where the content is read + * in again. + * In between, file names are stored in a GHashTable ('translation'). + * Maybe this hashtable should instead carry the (uploaded) file itself. + */ char* temp_file_name() { From scm-commit at wald.intevation.org Tue Nov 10 09:31:38 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 10 Nov 2009 09:31:38 +0100 (CET) Subject: [Openvas-commits] r5828 - in trunk: openvas-libraries openvas-libraries/misc openvas-libraries/nasl openvas-scanner openvas-scanner/openvassd Message-ID: <20091110083138.C5A01852DB35@pyrosoma.intevation.org> Author: chandra Date: 2009-11-10 09:31:36 +0100 (Tue, 10 Nov 2009) New Revision: 5828 Modified: trunk/openvas-libraries/ChangeLog trunk/openvas-libraries/misc/pcap.c trunk/openvas-libraries/misc/pcap_openvas.h trunk/openvas-libraries/nasl/nasl_host.c trunk/openvas-scanner/ChangeLog trunk/openvas-scanner/openvassd/attack.c Log: IPv6 changes to pcap module and the relevant changes Modified: trunk/openvas-libraries/ChangeLog =================================================================== --- trunk/openvas-libraries/ChangeLog 2009-11-10 07:59:21 UTC (rev 5827) +++ trunk/openvas-libraries/ChangeLog 2009-11-10 08:31:36 UTC (rev 5828) @@ -1,3 +1,21 @@ +2009-11-10 Chandrashekhar B + + * misc/pcap.c: Migrating to ipv6, first phase. + Implemented new functions, v6_getinterfaces, + v6_is_local_ip, v6_get_mac_addr, v6_ipaddr2devname, + v6_islocalhost, v6_getinterfaces, v6_getsourceip, + getipv4routes, getipv6routes, v6_routethrough, + ipv6addrmask. + + * misc/pcap.c (routethrough): Minor formatting. + + * misc/pcap_openvas.h: Prototypes declaration of new functions. + + * nasl/nasl_host.h (nasl_islocalhost, nasl_islocalnet, + nasl_this_host): Use new ipv6 enabled functions from misc/pcap.c + + Coding by Srinivasa NL . + 2009-11-09 Michael Wiegand Post-release version bump. Modified: trunk/openvas-libraries/misc/pcap.c =================================================================== --- trunk/openvas-libraries/misc/pcap.c 2009-11-10 07:59:21 UTC (rev 5827) +++ trunk/openvas-libraries/misc/pcap.c 2009-11-10 08:31:36 UTC (rev 5828) @@ -42,12 +42,117 @@ struct interface_info { char name[64]; struct in_addr addr; + struct in6_addr addr6; + struct in6_addr mask; }; +struct myroute { + struct interface_info *dev; + struct in6_addr dest6; + unsigned long mask; + unsigned long dest; +}; + struct interface_info *getinterfaces(int *howmany); +struct interface_info *v6_getinterfaces(int *howmany); +int getipv6routes(struct myroute *myroutes, int *numroutes); +static void ipv6addrmask(struct in6_addr *in6addr, int mask) +{ + int wordmask; + int word; + uint32_t *ptr; + uint32_t addr; + word = mask / 32; + wordmask = mask % 32; + ptr = (uint32_t *)in6addr; + switch(word) + { + case 0: + ptr[1] = ptr[2] = ptr[3] = 0; + addr = ptr[0]; + addr = ntohl(addr) >> (32 - wordmask); + addr = htonl(addr << (32 - wordmask)); + ptr[0] = addr; + break; + case 1: + ptr[2] = ptr[3] = 0; + addr = ptr[1]; + addr = ntohl(addr) >> (32 - wordmask); + addr = htonl(addr << (32 - wordmask)); + ptr[1] = addr; + break; + case 2: + ptr[3] = 0; + addr = ptr[2]; + addr = ntohl(addr) >> (32 - wordmask); + addr = htonl(addr << (32 - wordmask)); + ptr[2] = addr; + break; + case 3: + addr = ptr[3]; + addr = ntohl(addr) >> (32 - wordmask); + addr = htonl(addr << (32 - wordmask)); + ptr[3] = addr; + break; + } +} + int +v6_is_local_ip (struct in6_addr *addr) +{ + int ifaces; + struct interface_info * ifs; + int i; + static struct myroute myroutes[MAXROUTES]; + int numroutes=0; + struct in6_addr in6addr; +#if TCPIP_DEBUGGING + char addr1[INET6_ADDRSTRLEN]; + char addr2[INET6_ADDRSTRLEN]; +#endif + + if ((ifs = v6_getinterfaces(&ifaces)) == NULL) + return -1; + + if(IN6_IS_ADDR_V4MAPPED(addr)) + { + for(i=0;is6_addr32[3] & mask)) + return 1; + } + } + else + { + if(IN6_IS_ADDR_LINKLOCAL(addr)) + return 1; + if(IN6_IS_ADDR_LOOPBACK(addr)) + return 1; + if(getipv6routes(myroutes, &numroutes) == 0) + { + for(i=0; i < numroutes; i++) + { + memcpy(&in6addr, addr, sizeof(struct in6_addr)); + ipv6addrmask(&in6addr, myroutes[i].mask); +#if TCPIP_DEBUGGING + printf("comparing addresses %s and %s\n",inet_ntop(AF_INET6, &in6addr,addr1,sizeof(addr1)),inet_ntop(AF_INET6, &myroutes[i].dest6,addr2,sizeof(addr2))); +#endif + if(IN6_ARE_ADDR_EQUAL(&in6addr, &myroutes[i].dest6)) + { + return 1; + } + } + } + } + return 0; +} + +int is_local_ip (struct in_addr addr) { int ifaces; @@ -67,8 +172,157 @@ return 0; } +/** + * @brief We send an empty UDP packet to the remote host, and read back its mac + * @brief address. + * + * (we should first interrogate the kernel's arp cache - we may + * rely on libdnet in the future to do that) + * + * As a bonus, this function works well as a local ping. + */ +int +v6_get_mac_addr (struct in6_addr *addr, char ** mac) +{ + int soc; + struct sockaddr_in soca; + struct sockaddr_in6 soca6; + int bpf; + struct in6_addr me; + struct in_addr inaddr; + char * iface = v6_routethrough(addr, &me); + char filter[255]; + char * src_host, * dst_host; + unsigned char * packet; + int len; + char hostname[INET6_ADDRSTRLEN]; + if(IN6_IS_ADDR_V4MAPPED(addr)) + { + soc = socket(AF_INET, SOCK_DGRAM, 0); + *mac = NULL; + if(soc < 0) + return -1; + inaddr.s_addr = me.s6_addr32[3]; + src_host = estrdup(inet_ntoa(inaddr)); + inaddr.s_addr = addr->s6_addr32[3]; + dst_host = estrdup(inet_ntoa(inaddr)); + snprintf(filter, sizeof(filter), "ip and (src host %s and dst host %s)", + src_host, dst_host); + efree(&src_host); + efree(&dst_host); + + bpf = bpf_open_live(iface, filter); + if(bpf < 0) + { + close(soc); + return -1; + } + + /* + * We only deal with ethernet + */ + if(bpf_datalink(bpf) != DLT_EN10MB) + { + bpf_close(bpf); + close(soc); + return -1; + } + + + soca.sin_addr.s_addr = addr->s6_addr32[3]; + soca.sin_port = htons(9); /* or whatever */ + soca.sin_family = AF_INET; + if(sendto(soc, NULL, 0, 0, (struct sockaddr*)&soca, sizeof(soca)) != 0) + { + bpf_close(bpf); + close(soc); + return -1; + } + } + else + { + soc = socket(AF_INET6, SOCK_DGRAM, 0); + *mac = NULL; + if(soc < 0) + return -1; + src_host = estrdup(inet_ntop(AF_INET6, &me, hostname, sizeof(hostname))); + dst_host = estrdup(inet_ntop(AF_INET6, addr, hostname, sizeof(hostname))); + snprintf(filter, sizeof(filter), "ip6 and (src host %s and dst host %s)", + src_host, dst_host); + efree(&src_host); + efree(&dst_host); + + + bpf = bpf_open_live(iface, filter); + if(bpf < 0) + { + close(soc); + return -1; + } + + /* + * We only deal with ethernet + */ + if(bpf_datalink(bpf) != DLT_EN10MB) + { + bpf_close(bpf); + close(soc); + return -1; + } + + + memcpy(&soca6.sin6_addr, addr, sizeof(struct in6_addr)); + soca6.sin6_port = htons(9); /* or whatever */ + soca6.sin6_family = AF_INET6; + if(sendto(soc, NULL, 0, 0, (struct sockaddr*)&soca6, sizeof(soca6)) != 0) + { + bpf_close(bpf); + close(soc); + return -1; + } + } + + packet = (unsigned char*)bpf_next(bpf, &len); + if(packet) + { + if(len >= get_datalink_size(bpf_datalink(bpf))) + { + int i; + for(i=0;i<6;i++) + if(packet[i]!=0xFF)break; + + if(i == 6) + { + bpf_close(bpf); + close(soc); + return 1; + } + + *mac = emalloc(22); + snprintf(*mac, 22, "%.2x.%.2x.%.2x.%.2x.%.2x.%.2x", + (unsigned char)packet[0], + (unsigned char)packet[1], + (unsigned char)packet[2], + (unsigned char)packet[3], + (unsigned char)packet[4], + (unsigned char)packet[5]); + bpf_close(bpf); + close(soc); + return 0; + } + } + else + { + bpf_close(bpf); + close(soc); + return 1; + } + return 1; /* keep the compiler happy */ +} + + /** * @brief We send an empty UDP packet to the remote host, and read back its mac * @brief address. @@ -172,23 +426,92 @@ * Taken straight out of Fyodor's Nmap */ int +v6_ipaddr2devname (char *dev, int sz, struct in6_addr *addr ) +{ + struct interface_info *mydevs; + int numdevs; + int i; + mydevs = v6_getinterfaces(&numdevs); +#if TCPIP_DEBUGGING + char addr1[INET6_ADDRSTRLEN]; + char addr2[INET6_ADDRSTRLEN]; +#endif + + if (!mydevs) return -1; + + for(i=0; i < numdevs; i++) + { +#if TCPIP_DEBUGGING + printf("comparing addresses %s and %s\n",inet_ntop(AF_INET6, addr,addr1,sizeof(addr1)),inet_ntop(AF_INET6, &mydevs[i].addr6,addr2,sizeof(addr2))); +#endif + if(IN6_ARE_ADDR_EQUAL(addr, &mydevs[i].addr6)) + { + dev[sz - 1] = '\0'; + strncpy(dev, mydevs[i].name, sz); + return 0; + } + } + return -1; +} + +/* + * Taken straight out of Fyodor's Nmap + */ +int ipaddr2devname (char *dev, int sz, struct in_addr *addr ) { -struct interface_info *mydevs; -int numdevs; -int i; -mydevs = getinterfaces(&numdevs); + struct interface_info *mydevs; + int numdevs; + int i; + mydevs = getinterfaces(&numdevs); -if (!mydevs) return -1; + if (!mydevs) return -1; -for(i=0; i < numdevs; i++) { - if (addr->s_addr == mydevs[i].addr.s_addr) { - dev[sz - 1] = '\0'; - strncpy(dev, mydevs[i].name, sz); - return 0; + for(i=0; i < numdevs; i++) { + if (addr->s_addr == mydevs[i].addr.s_addr) { + dev[sz - 1] = '\0'; + strncpy(dev, mydevs[i].name, sz); + return 0; + } } + return -1; } -return -1; + +/** + * @brief Tests whether a packet sent to IP is LIKELY to route through the + * kernel localhost interface + */ +int +v6_islocalhost (struct in6_addr *addr) +{ + char dev[128]; + + if(addr == NULL) + return -1; + + if(IN6_IS_ADDR_V4MAPPED(addr)) + { + /* If it is 0.0.0.0 or starts with 127.0.0.1 then it is + probably localhost */ + if ((addr->s6_addr32[3] & htonl(0xFF000000)) == htonl(0x7F000000)) + return 1; + + if (!addr->s6_addr32[3]) + return 1; + } + + if(IN6_IS_ADDR_LOOPBACK(addr)) + return 1; + + /* If it is the same addy as a local interface, then it is + probably localhost */ + + if (v6_ipaddr2devname(dev, sizeof(dev), addr) != -1) + return 1; + + /* OK, so to a first approximation, this addy is probably not + localhost */ + return 0; } /** @@ -256,56 +579,139 @@ int get_random_bytes (void *buf, int numbytes) { -static char bytebuf[2048]; -static char badrandomwarning = 0; -static int bytesleft = 0; -int res; -int tmp; -struct timeval tv; -FILE *fp = NULL; -int i; -short *iptr; + static char bytebuf[2048]; + static char badrandomwarning = 0; + static int bytesleft = 0; + int res; + int tmp; + struct timeval tv; + FILE *fp = NULL; + int i; + short *iptr; -if (numbytes < 0 || numbytes > 0xFFFF) return -1; + if (numbytes < 0 || numbytes > 0xFFFF) return -1; -if (bytesleft == 0) { - fp = fopen("/dev/urandom", "r"); - if (!fp) fp = fopen("/dev/random", "r"); - if (fp) { - res = fread(bytebuf, 1, sizeof(bytebuf), fp); - if (res != sizeof(bytebuf)) { - fclose(fp); - fp = NULL; + if (bytesleft == 0) { + fp = fopen("/dev/urandom", "r"); + if (!fp) fp = fopen("/dev/random", "r"); + if (fp) { + res = fread(bytebuf, 1, sizeof(bytebuf), fp); + if (res != sizeof(bytebuf)) { + fclose(fp); + fp = NULL; + } + bytesleft = sizeof(bytebuf); } - bytesleft = sizeof(bytebuf); + if (!fp) { + if (badrandomwarning == 0) { + badrandomwarning++; + } + /* Seed our random generator */ + gettimeofday(&tv, NULL); + srand((tv.tv_sec ^ tv.tv_usec) ^ getpid()); /* RATS: ignore */ + + for(i=0; i < sizeof(bytebuf) / sizeof(short); i++) { + iptr = (short *) ((char *)bytebuf + i * sizeof(short)); + *iptr = rand(); + } + bytesleft = (sizeof(bytebuf) / sizeof(short)) * sizeof(short); + /* ^^^^^^^^^^^^^^^not as meaningless as it looks */ + } else fclose(fp); } - if (!fp) { - if (badrandomwarning == 0) { - badrandomwarning++; - } - /* Seed our random generator */ - gettimeofday(&tv, NULL); - srand((tv.tv_sec ^ tv.tv_usec) ^ getpid()); /* RATS: ignore */ + if (numbytes <= bytesleft) { /* we can cover it */ + memcpy(buf, bytebuf + (sizeof(bytebuf) - bytesleft), numbytes); + bytesleft -= numbytes; + return 0; + } - for(i=0; i < sizeof(bytebuf) / sizeof(short); i++) { - iptr = (short *) ((char *)bytebuf + i * sizeof(short)); - *iptr = rand(); - } - bytesleft = (sizeof(bytebuf) / sizeof(short)) * sizeof(short); - /* ^^^^^^^^^^^^^^^not as meaningless as it looks */ - } else fclose(fp); + /* We don't have enough */ + memcpy(buf, bytebuf + (sizeof(bytebuf) - bytesleft), bytesleft); + tmp = bytesleft; + bytesleft = 0; + return get_random_bytes((char *)buf + tmp, numbytes - tmp); } -if (numbytes <= bytesleft) { /* we can cover it */ - memcpy(buf, bytebuf + (sizeof(bytebuf) - bytesleft), numbytes); - bytesleft -= numbytes; - return 0; -} -/* We don't have enough */ -memcpy(buf, bytebuf + (sizeof(bytebuf) - bytesleft), bytesleft); -tmp = bytesleft; -bytesleft = 0; -return get_random_bytes((char *)buf + tmp, numbytes - tmp); +struct interface_info *v6_getinterfaces(int *howmany) +{ + char errbuf[PCAP_ERRBUF_SIZE]; + pcap_if_t *alldevap; + pcap_if_t *tmp; + int retval; + pcap_addr_t *addr; + struct sockaddr *sa; + struct sockaddr_in *saddr; + struct sockaddr_in6 *s6addr; + static struct interface_info mydevs[1024]; + int numinterfaces = 0; + + memset(errbuf, 0, sizeof(errbuf)); + + retval = pcap_findalldevs(&alldevap, errbuf); + if(retval == -1) + { + printf("pcap_findalldevs returned error %s\n",errbuf); + } + else + { + tmp = alldevap; + while(tmp) + { + if(tmp->addresses) + { + addr = tmp->addresses; + while(addr) + { + sa = addr->addr; + if(sa->sa_family == AF_INET) + { + memcpy(mydevs[numinterfaces].name,tmp->name, strlen(tmp->name)); + saddr = (struct sockaddr_in *) sa; + mydevs[numinterfaces].addr6.s6_addr32[0] = 0; + mydevs[numinterfaces].addr6.s6_addr32[1] = 0; + mydevs[numinterfaces].addr6.s6_addr32[2] = htonl(0xffff); + mydevs[numinterfaces].addr6.s6_addr32[3] = saddr->sin_addr.s_addr; + saddr = (struct sockaddr_in *) addr->netmask; + mydevs[numinterfaces].mask.s6_addr32[0] = 0; + mydevs[numinterfaces].mask.s6_addr32[1] = 0; + mydevs[numinterfaces].mask.s6_addr32[2] = htonl(0xffff); + mydevs[numinterfaces].mask.s6_addr32[3] = saddr->sin_addr.s_addr; +#ifdef TCPIP_DEBUGGING + printf("interface name is %s\n",tmp->name); + printf("\tAF_INET family\n"); + printf("\taddress is %s\n",inet_ntoa(saddr->sin_addr)); + printf("\tnetmask is %s\n",inet_ntoa(saddr->sin_addr)); +#endif + numinterfaces++; + } + else if(sa->sa_family == AF_INET6) + { + memcpy(mydevs[numinterfaces].name,tmp->name, strlen(tmp->name)); + s6addr = (struct sockaddr_in6 *) sa; + memcpy(&(mydevs[numinterfaces].addr6), (char *) &(s6addr->sin6_addr), sizeof(struct in6_addr)); + s6addr = (struct sockaddr_in6 *) addr->netmask; + memcpy(&(mydevs[numinterfaces].mask), (char *) &(s6addr->sin6_addr), sizeof(struct in6_addr)); + numinterfaces++; +#ifdef TCPIP_DEBUGGING + printf("\tAF_INET6 family\n"); + printf("interface name is %s\n",tmp->name); + printf("\taddress is %s\n",inet_ntop(AF_INET6, &s6addr->sin6_addr, ipaddr, sizeof(ipaddr))); + printf("\tnetmask is %s\n",inet_ntop(AF_INET6, &s6addr->sin6_addr, ipaddr, sizeof(ipaddr))); +#endif + } + else + { +#ifdef TCPIP_DEBUGGING + printf("\tfamily is %d\n",sa->sa_family); +#endif + } + addr = addr->next; + } + } + tmp = tmp->next; + } + *howmany = numinterfaces; + } + return mydevs; } struct interface_info* @@ -373,7 +779,104 @@ return mydevs; } +int +v6_getsourceip (struct in6_addr *src, struct in6_addr *dst) +{ + int sd; + struct sockaddr_in sock; + struct sockaddr_in6 sock6; + unsigned int socklen; + unsigned short p1; + /* We will use socket_get_next_source_addr function + when it is ported to handle ipv6 address + Right now we will always send a UDP packet + and get the source ip*/ +#if 0 + *src = socket_get_next_source_addr(NULL); + if ( src->s_addr != INADDR_ANY ) + { + return 1; + } +#endif + + get_random_bytes(&p1, 2); + if (p1 < 5000) p1 += 5000; + + if(IN6_IS_ADDR_V4MAPPED(dst)) + { + if ((sd = socket(AF_INET, SOCK_DGRAM, 0)) == -1) + { + perror("Socket troubles"); + return 0; + } + sock.sin_family = AF_INET; + sock.sin_addr.s_addr = dst->s6_addr32[3]; + sock.sin_port = htons(p1); + if (connect(sd, (struct sockaddr *) &sock, sizeof(struct sockaddr_in)) == -1) + { + perror("UDP connect()"); + close(sd); + return 0; + } + bzero(&sock, sizeof(struct sockaddr_in)); + socklen = sizeof(struct sockaddr_in); + if (getsockname(sd, (struct sockaddr *)&sock, &socklen) == -1) { + perror("getsockname"); + close(sd); + return 0; + } + + + src->s6_addr32[0] = 0; + src->s6_addr32[1] = 0; + src->s6_addr32[2] = htonl(0xffff); + src->s6_addr32[3] = sock.sin_addr.s_addr; +#ifdef TCPIP_DEBUGGING + printf("source addrss is %s\n",inet_ntop(AF_INET6, src, name, sizeof(name))); +#endif + close(sd); + } + else + { + if ((sd = socket(AF_INET6, SOCK_DGRAM, 0)) == -1) + { + perror("Socket troubles"); + return 0; + } + sock6.sin6_family = AF_INET6; + sock6.sin6_addr.s6_addr32[0] = dst->s6_addr32[0]; + sock6.sin6_addr.s6_addr32[1] = dst->s6_addr32[1]; + sock6.sin6_addr.s6_addr32[2] = dst->s6_addr32[2]; + sock6.sin6_addr.s6_addr32[3] = dst->s6_addr32[3]; + sock6.sin6_port = htons(p1); + if (connect(sd, (struct sockaddr *) &sock6, sizeof(struct sockaddr_in6)) == -1) + { + perror("UDP connect()"); + close(sd); + return 0; + } + bzero(&sock6, sizeof(struct sockaddr_in6)); + socklen = sizeof(struct sockaddr_in6); + if (getsockname(sd, (struct sockaddr *)&sock6, &socklen) == -1) { + perror("getsockname"); + close(sd); + return 0; + } + + src->s6_addr32[0] = sock6.sin6_addr.s6_addr32[0]; + src->s6_addr32[1] = sock6.sin6_addr.s6_addr32[1]; + src->s6_addr32[2] = sock6.sin6_addr.s6_addr32[2]; + src->s6_addr32[3] = sock6.sin6_addr.s6_addr32[3]; + memcpy(src,&sock6.sin6_addr, sizeof(struct in6_addr)); +#ifdef TCPIP_DEBUGGING + printf("source addrss is %s\n",inet_ntop(AF_INET6, src, name, sizeof(name))); +#endif + close(sd); + } + return 1; /* Calling function responsible for checking validity */ +} + int getsourceip (struct in_addr *src, struct in_addr *dst) { @@ -414,6 +917,202 @@ return 1; /* Calling function responsible for checking validity */ } +int getipv4routes(struct myroute *myroutes, int *numroutes) +{ + struct interface_info *mydevs; + int i; + int numinterfaces; + char buf[1024]; + char *p, *endptr; + char iface[64]; + FILE *routez; + unsigned long dest; + struct in_addr inaddr; + unsigned long mask; + unsigned long ones; + + /* Dummy socket for ioctl */ + mydevs = v6_getinterfaces(&numinterfaces); + + /* Now we must go through several techniques to determine info */ + routez = fopen("/proc/net/route", "r"); + + if (routez) { + /* OK, linux style /proc/net/route ... we can handle this ... */ + /* Now that we've got the interfaces, we g0 after the r0ut3Z */ + fgets(buf, sizeof(buf), routez); /* Kill the first line */ + while(fgets(buf,sizeof(buf), routez)) { + p = strtok(buf, " \t\n"); + if (!p) { + printf("Could not find interface in /proc/net/route line"); + continue; + } + strncpy(iface, p, sizeof(iface)); + if ((p = strchr(iface, ':'))) { + *p = '\0'; /* To support IP aliasing */ + } + p = strtok(NULL, " \t\n"); + endptr = NULL; + dest = strtoul(p, &endptr, 16); +#ifdef TCPIP_DEBUGGING + printf("ipv4 dest is %s\n",p); +#endif + if (!endptr || *endptr) { + printf("Failed to determine Destination from /proc/net/route"); + continue; + } + inaddr.s_addr = dest; + myroutes[*numroutes].dest6.s6_addr32[0] = 0; + myroutes[*numroutes].dest6.s6_addr32[1] = 0; + myroutes[*numroutes].dest6.s6_addr32[2] = htonl(0xffff); + myroutes[*numroutes].dest6.s6_addr32[3] = inaddr.s_addr; + for(i=0; i < 6; i++) { + p = strtok(NULL, " \t\n"); + if (!p) break; + } + if (!p) { + printf("Failed to find field %d in /proc/net/route", i + 2); + continue; + } + endptr = NULL; + mask = strtoul(p, &endptr, 16); + i = 31; + ones = 0; + i = 0; + while(mask & (1 << i++) && i < 32) + ones++; + myroutes[*numroutes].mask = ones + 96; +#ifdef TCPIP_DEBUGGING + printf("mask is %d\n",myroutes[*numroutes].mask); +#endif + if (!endptr || *endptr) { + printf("Failed to determine mask from /proc/net/route"); + continue; + } + + +#if TCPIP_DEBUGGING + printf("#%d: for dev %s, The dest is %lX and the mask is %lX\n", *numroutes, iface, myroutes[*numroutes].dest, myroutes[*numroutes].mask); +#endif + for(i=0; i < numinterfaces; i++) + if (!strcmp(iface, mydevs[i].name)) { + myroutes[*numroutes].dev = &mydevs[i]; + break; + } + if (i == numinterfaces) + printf("Failed to find interface %s mentioned in /proc/net/route\n", iface); + (*numroutes)++; + if (*numroutes >= MAXROUTES) + { + printf("My god! You seem to have WAY to many routes!\n"); + break; + } + } + fclose(routez); + return 0; + } + else + return -1; +} + +int getipv6routes(struct myroute *myroutes, int *numroutes) +{ + struct interface_info *mydevs; + int i,j; + int len; + struct in6_addr in6addr; + char destaddr[100]; + int numinterfaces; + char buf[1024]; + char *endptr; + char iface[64]; + FILE *routez; + char v6addr[INET6_ADDRSTRLEN]; + char *token; + int cnt; + + /* Dummy socket for ioctl */ + mydevs = v6_getinterfaces(&numinterfaces); + routez = fopen("/proc/net/ipv6_route","r"); + if(routez) + { + /* linux style /proc/net/ipv6_route ... we can handle this too... */ + while(fgets(buf, sizeof(buf),routez) != NULL) + { +#if TCPIP_DEBUGGING + printf("%s\n",buf); +#endif + token = strtok(buf, " \t\n"); + if(token) + { +#if TCPIP_DEBUGGING + printf("first token is %s\n",token); +#endif + strcpy(destaddr, token); + len = strlen(destaddr); + for(i = 0,j = 0; j < len; j++) + { + v6addr[i++] = destaddr[j]; + if(j % 4 == 3) + v6addr[i++] = ':'; + } + v6addr[--i] = '\0'; +#if TCPIP_DEBUGGING + printf("ipv6 dest is %s\n",v6addr); +#endif + if(inet_pton(AF_INET6, v6addr, &in6addr) <= 0) + { + printf("invalid ipv6 addressd\n"); + continue; + } + memcpy(&myroutes[*numroutes].dest6,&in6addr, sizeof(struct in6_addr)); + } + token = strtok(NULL, " \t\n"); + if(token) + { + endptr = NULL; + myroutes[*numroutes].mask = strtoul(token, &endptr, 16); + } + cnt = 7; + while(cnt--) + { + token = strtok(NULL, " \t\n"); + if(!token) + printf("error\n"); + } + + token = strtok(NULL, " \t\n"); + if(token) + { + strcpy(iface, token); +#ifdef _DEBUG + printf("name token is %s\n",token); +#endif + } + for(i=0; i < numinterfaces; i++) + if (!strcmp(iface, mydevs[i].name) && !IN6_IS_ADDR_V4MAPPED(&mydevs[i].addr6)) { + myroutes[*numroutes].dev = &mydevs[i]; + break; + } + if (i == numinterfaces) + printf("Failed to find interface %s mentioned in /proc/net/route\n", iface); + (*numroutes)++; + if (*numroutes >= MAXROUTES) + { + printf("My god! You seem to have WAY to many routes!\n"); + break; + } + } + fclose(routez); + return 0; + } + else + { + printf("returning error getipv6route\n"); + return -1; + } +} + /** @brief An awesome function to determine what interface a packet to a given * destination should be routed through. * @@ -424,6 +1123,157 @@ * for doing this (in the book), but it isn't portable :( */ char* +v6_routethrough (struct in6_addr *dest, struct in6_addr *source) +{ + static int initialized = 0; + int i; + struct in6_addr addy; + static enum { procroutetechnique, connectsockettechnique, guesstechnique } technique = procroutetechnique; + struct interface_info *mydevs; + static struct myroute myroutes[MAXROUTES]; + int numinterfaces = 0; + static int numroutes = 0; + struct in6_addr in6addr; +#ifdef TCPIP_DEBUGGING + char addr1[INET6_ADDRSTRLEN]; + char addr2[INET6_ADDRSTRLEN]; +#endif + + + if (!dest) printf("ipaddr2devname passed a NULL dest address"); + + if (!initialized) { + /* Dummy socket for ioctl */ + initialized = 1; + mydevs = v6_getinterfaces(&numinterfaces); + if(getipv4routes(myroutes, &numroutes) < 0) + { + if(getipv6routes(myroutes, &numroutes) < 0) + technique = connectsockettechnique; + } + if(getipv6routes(myroutes, &numroutes) < 0) + technique = connectsockettechnique; + } else { + mydevs = v6_getinterfaces(&numinterfaces); + } + /* WHEW, that takes care of initializing, now we have the easy job of + finding which route matches */ + if (v6_islocalhost(dest)) + { + if (source) + { + if(IN6_IS_ADDR_V4MAPPED(source)) + { + source->s6_addr32[0] = 0; + source->s6_addr32[1] = 0; + source->s6_addr32[2] = htonl(0xffff); + source->s6_addr32[3] = htonl(0x7F000001); + } + else + { + source->s6_addr32[0] = 0; + source->s6_addr32[1] = 0; + source->s6_addr32[2] = 0; + source->s6_addr32[3] = htonl(1); + } + } + /* Now we find the localhost interface name, assuming 127.0.0.1 + or ::1 is localhost (it damn well better be!)... */ + for(i=0; i < numinterfaces; i++) + { + if(IN6_IS_ADDR_V4MAPPED(&mydevs[i].addr6)) + { + if (mydevs[i].addr6.s6_addr32[3] == htonl(0x7F000001)) + return mydevs[i].name; + } + else + { + if(IN6_ARE_ADDR_EQUAL(&in6addr_any, &mydevs[i].addr6)) + return mydevs[i].name; + } + } + return NULL; + } + + if (technique == procroutetechnique) + { + for(i=0; i < numroutes; i++) { + memcpy(&in6addr, dest, sizeof(struct in6_addr)); + ipv6addrmask(&in6addr, myroutes[i].mask); +#if TCPIP_DEBUGGING + printf("comparing addresses %s and %s\n",inet_ntop(AF_INET6, &in6addr,addr1,sizeof(addr1)),inet_ntop(AF_INET6, &myroutes[i].dest6,addr2,sizeof(addr2))); +#endif + if(IN6_ARE_ADDR_EQUAL(&in6addr, &myroutes[i].dest6)) + { + if (source) + { + /* We will add this check when -S option is implemented */ + /*if ( src.s_addr != INADDR_ANY ) + source->s_addr = src.s_addr; + else*/ +#if TCPIP_DEBUGGING + printf("copying address %s\n",inet_ntop(AF_INET6,&myroutes[i].dev->addr6,addr1,sizeof(addr1))); + printf("dev name is %s\n",myroutes[i].dev->name); +#endif + memcpy(source,&myroutes[i].dev->addr6, sizeof(struct in6_addr)); + } + return myroutes[i].dev->name; + } + } + } else if (technique == connectsockettechnique) { + if (!v6_getsourceip(&addy, dest)) + return NULL; + if(IN6_ARE_ADDR_EQUAL(&addy, &in6addr)) + { + struct hostent *myhostent = NULL; + char myname[MAXHOSTNAMELEN + 1]; + + myhostent = gethostbyname(myname); + if (gethostname(myname, MAXHOSTNAMELEN) || + !myhostent) + printf("Cannot get hostname! Try using -S or -e \n"); + if(myhostent->h_addrtype == AF_INET) + { + addy.s6_addr32[0] = 0; + addy.s6_addr32[1] = 0; + addy.s6_addr32[2] = htonl(0xffff); + memcpy(&addy.s6_addr32[0], myhostent->h_addr_list[0], sizeof(struct in6_addr)); + } + else + memcpy(&addy, myhostent->h_addr_list[0], sizeof(struct in6_addr)); + } + + /* Now we insure this claimed address is a real interface ... */ + for(i=0; i < numinterfaces; i++) + { +#ifdef TCPIP_DEBUGGING + printf("comparing addresses %s and %s\n",inet_ntop(AF_INET6, &mydevs[i].addr6,addr1,sizeof(addr1)),inet_ntop(AF_INET6, &addy,addr2,sizeof(addr2))); +#endif + if (IN6_ARE_ADDR_EQUAL(&mydevs[i].addr6, &addy)) + { + if (source) + { + memcpy(source,&addy, sizeof(struct in6_addr)); + } + return mydevs[i].name; + } + } + return NULL; + } else + printf("I know sendmail technique ... I know rdist technique ... but I don't know what the hell kindof technique you are attempting!!!"); + return NULL; +} + +/** @brief An awesome function to determine what interface a packet to a given + * destination should be routed through. + * + * It returns NULL if no appropriate + * interface is found, oterwise it returns the device name and fills in the + * source parameter. Some of the stuff is + * from Stevens' Unix Network Programming V2. He had an easier suggestion + * for doing this (in the book), but it isn't portable :( + */ +char* routethrough (struct in_addr *dest, struct in_addr *source) { static int initialized = 0; @@ -447,7 +1297,7 @@ if (!dest) printf("ipaddr2devname passed a NULL dest address"); - if (!initialized) { + if (!initialized) { /* Dummy socket for ioctl */ initialized = 1; mydevs = getinterfaces(&numinterfaces); @@ -460,54 +1310,54 @@ /* Now that we've got the interfaces, we g0 after the r0ut3Z */ fgets(buf, sizeof(buf), routez); /* Kill the first line */ while(fgets(buf,sizeof(buf), routez)) { - p = strtok(buf, " \t\n"); - if (!p) { - printf("Could not find interface in /proc/net/route line"); - continue; - } - strncpy(iface, p, sizeof(iface)); - if ((p = strchr(iface, ':'))) { - *p = '\0'; /* To support IP aliasing */ - } - p = strtok(NULL, " \t\n"); - endptr = NULL; - myroutes[numroutes].dest = strtoul(p, &endptr, 16); - if (!endptr || *endptr) { - printf("Failed to determine Destination from /proc/net/route"); - continue; - } - for(i=0; i < 6; i++) { - p = strtok(NULL, " \t\n"); - if (!p) break; - } - if (!p) { - printf("Failed to find field %d in /proc/net/route", i + 2); - continue; - } - endptr = NULL; - myroutes[numroutes].mask = strtoul(p, &endptr, 16); - if (!endptr || *endptr) { - printf("Failed to determine mask from /proc/net/route"); - continue; - } + p = strtok(buf, " \t\n"); + if (!p) { + printf("Could not find interface in /proc/net/route line"); + continue; + } + strncpy(iface, p, sizeof(iface)); + if ((p = strchr(iface, ':'))) { + *p = '\0'; /* To support IP aliasing */ + } + p = strtok(NULL, " \t\n"); + endptr = NULL; + myroutes[numroutes].dest = strtoul(p, &endptr, 16); + if (!endptr || *endptr) { + printf("Failed to determine Destination from /proc/net/route"); + continue; + } + for(i=0; i < 6; i++) { + p = strtok(NULL, " \t\n"); + if (!p) break; + } + if (!p) { + printf("Failed to find field %d in /proc/net/route", i + 2); + continue; + } + endptr = NULL; + myroutes[numroutes].mask = strtoul(p, &endptr, 16); + if (!endptr || *endptr) { + printf("Failed to determine mask from /proc/net/route"); + continue; + } #if TCPIP_DEBUGGING - printf("#%d: for dev %s, The dest is %lX and the mask is %lX\n", numroutes, iface, myroutes[numroutes].dest, myroutes[numroutes].mask); + printf("#%d: for dev %s, The dest is %lX and the mask is %lX\n", numroutes, iface, myroutes[numroutes].dest, myroutes[numroutes].mask); #endif - for(i=0; i < numinterfaces; i++) - if (!strcmp(iface, mydevs[i].name)) { - myroutes[numroutes].dev = &mydevs[i]; - break; - } - if (i == numinterfaces) - printf("Failed to find interface %s mentioned in /proc/net/route\n", iface); - numroutes++; - if (numroutes >= MAXROUTES) - { - printf("My god! You seem to have WAY to many routes!\n"); + for(i=0; i < numinterfaces; i++) + if (!strcmp(iface, mydevs[i].name)) { + myroutes[numroutes].dev = &mydevs[i]; break; - } + } + if (i == numinterfaces) + printf("Failed to find interface %s mentioned in /proc/net/route\n", iface); + numroutes++; + if (numroutes >= MAXROUTES) + { + printf("My god! You seem to have WAY to many routes!\n"); + break; + } } fclose(routez); } else { @@ -516,7 +1366,7 @@ } else { mydevs = getinterfaces(&numinterfaces); } - /* WHEW, that takes care of initializing, now we have the easy job of + /* WHEW, that takes care of initializing, now we have the easy job of finding which route matches */ if (islocalhost(dest)) { if (source) @@ -525,7 +1375,7 @@ localhost (it damn well better be!)... */ for(i=0; i < numinterfaces; i++) { if (mydevs[i].addr.s_addr == htonl(0x7F000001)) { - return mydevs[i].name; + return mydevs[i].name; } } return NULL; @@ -534,63 +1384,63 @@ if (technique == procroutetechnique) { for(i=0; i < numroutes; i++) { if ((dest->s_addr & myroutes[i].mask) == myroutes[i].dest) { - if (source) { - if ( src.s_addr != INADDR_ANY ) - source->s_addr = src.s_addr; - else - source->s_addr = myroutes[i].dev->addr.s_addr; - } - return myroutes[i].dev->name; + if (source) { + if ( src.s_addr != INADDR_ANY ) + source->s_addr = src.s_addr; + else + source->s_addr = myroutes[i].dev->addr.s_addr; + } + return myroutes[i].dev->name; } } } else if (technique == connectsockettechnique) { - if (!getsourceip(&addy, dest)) - return NULL; - if (!addy.s_addr) { /* Solaris 2.4 */ - struct hostent *myhostent = NULL; - char myname[MAXHOSTNAMELEN + 1]; + if (!getsourceip(&addy, dest)) + return NULL; + if (!addy.s_addr) { /* Solaris 2.4 */ + struct hostent *myhostent = NULL; + char myname[MAXHOSTNAMELEN + 1]; #if defined(USE_PTHREADS) && defined(HAVE_GETHOSTBYNAME_R) - int Errno = 0; - char * buf = emalloc(4096); - struct hostent * res = NULL; - struct hostent * t = NULL; - - myhostent = emalloc(sizeof(struct hostent)); + int Errno = 0; + char * buf = emalloc(4096); + struct hostent * res = NULL; + struct hostent * t = NULL; + + myhostent = emalloc(sizeof(struct hostent)); #ifdef HAVE_SOLARIS_GETHOSTBYNAME_R - gethostbyname_r(myname, myhostent, buf, 4096, &Errno); - if(Errno){ - free(myhostent); - myhostent = NULL; - } + gethostbyname_r(myname, myhostent, buf, 4096, &Errno); + if(Errno){ + free(myhostent); + myhostent = NULL; + } #else - gethostbyname_r(myname, myhostent, buf, 4096, &res, &Errno); - t = myhostent; - myhostent = res; + gethostbyname_r(myname, myhostent, buf, 4096, &res, &Errno); + t = myhostent; + myhostent = res; #endif /* HAVE_SOLARIS_... */ - myhostent = res; + myhostent = res; #else - myhostent = gethostbyname(myname); + myhostent = gethostbyname(myname); #endif /* USE_PTHREADS */ - if (gethostname(myname, MAXHOSTNAMELEN) || - !myhostent) - printf("Cannot get hostname! Try using -S or -e \n"); - memcpy(&(addy.s_addr), myhostent->h_addr_list[0], sizeof(struct in_addr)); + if (gethostname(myname, MAXHOSTNAMELEN) || + !myhostent) + printf("Cannot get hostname! Try using -S or -e \n"); + memcpy(&(addy.s_addr), myhostent->h_addr_list[0], sizeof(struct in_addr)); #if defined(USE_PTHREADS) && defined(HAVE_GETHOSTBYNAME_R) - if(myhostent)free(myhostent); - free(buf); + if(myhostent)free(myhostent); + free(buf); #endif + } + + /* Now we insure this claimed address is a real interface ... */ + for(i=0; i < numinterfaces; i++) + if (mydevs[i].addr.s_addr == addy.s_addr) { + if (source) { + source->s_addr = addy.s_addr; + } + return mydevs[i].name; } - - /* Now we insure this claimed address is a real interface ... */ - for(i=0; i < numinterfaces; i++) - if (mydevs[i].addr.s_addr == addy.s_addr) { - if (source) { - source->s_addr = addy.s_addr; - } - return mydevs[i].name; - } - return NULL; - } else - printf("I know sendmail technique ... I know rdist technique ... but I don't know what the hell kindof technique you are attempting!!!"); return NULL; + } else + printf("I know sendmail technique ... I know rdist technique ... but I don't know what the hell kindof technique you are attempting!!!"); + return NULL; } Modified: trunk/openvas-libraries/misc/pcap_openvas.h =================================================================== --- trunk/openvas-libraries/misc/pcap_openvas.h 2009-11-10 07:59:21 UTC (rev 5827) +++ trunk/openvas-libraries/misc/pcap_openvas.h 2009-11-10 08:31:36 UTC (rev 5828) @@ -29,9 +29,13 @@ #include int is_local_ip(struct in_addr); +int v6_is_local_ip(struct in6_addr *); int get_mac_addr(struct in_addr, char**); +int v6_get_mac_addr(struct in6_addr *, char**); int islocalhost(struct in_addr *); +int v6_islocalhost(struct in6_addr *); int get_datalink_size(int); char *routethrough(struct in_addr *, struct in_addr *); +char *v6_routethrough(struct in6_addr *, struct in6_addr *); #endif Modified: trunk/openvas-libraries/nasl/nasl_host.c =================================================================== --- trunk/openvas-libraries/nasl/nasl_host.c 2009-11-10 07:59:21 UTC (rev 5827) +++ trunk/openvas-libraries/nasl/nasl_host.c 2009-11-10 08:31:36 UTC (rev 5828) @@ -47,6 +47,8 @@ extern int islocalhost (struct in_addr *addr); /* pcap.c */ extern char* routethrough (struct in_addr *dest, struct in_addr *source); /* pcap.c */ +extern char *v6_routethrough (struct in6_addr *dest, struct in6_addr *source); +extern int v6_islocalhost(struct in6_addr *); tree_cell * get_hostname(lex_ctxt * lexic) { @@ -154,7 +156,7 @@ retc = alloc_tree_cell(0, NULL); retc->type = CONST_INT; inaddr.s_addr = dst->s6_addr32[3]; - retc->x.i_val = islocalhost(&inaddr); + retc->x.i_val = v6_islocalhost(dst); return retc; } @@ -165,11 +167,11 @@ struct in6_addr * ip = plug_get_host_ip(script_infos); tree_cell * retc; struct in_addr inaddr; - + retc = alloc_tree_cell(0, NULL); retc->type = CONST_INT; inaddr.s_addr = ip->s6_addr32[3]; - retc->x.i_val = is_local_ip(inaddr); + retc->x.i_val = v6_is_local_ip(ip); return retc; } @@ -185,6 +187,7 @@ struct in_addr src; struct in6_addr in6addr; struct in_addr inaddr; + struct in6_addr src6; retc = alloc_tree_cell(0, NULL); retc->type = CONST_DATA; @@ -200,46 +203,47 @@ if(ia) { - if(IN6_IS_ADDR_V4MAPPED(ia)) + if(v6_islocalhost(ia)) { - inaddr.s_addr = ia->s6_addr32[3]; - src.s_addr = 0; - if(islocalhost(&inaddr)) - src.s_addr = ia->s6_addr32[3]; - else - (void)routethrough(&inaddr, &src); - - if(src.s_addr) - { - char * ret; - - ret = estrdup(inet_ntoa(src)); - retc->x.str_val = ret; - retc->size = strlen(ret); - - return retc; - } - - hostname[sizeof(hostname) - 1] = '\0'; - gethostname(hostname, sizeof(hostname) - 1); - nn_resolve(hostname, &in6addr); - - addr.s_addr = in6addr.s6_addr32[3]; - - ret = estrdup(inet_ntoa(addr)); - retc->x.str_val = ret; - retc->size = strlen(ret); + memcpy(&src6, ia, sizeof(struct in6_addr)); } else { + (void)v6_routethrough(ia, &src6); + } + + if(!IN6_ARE_ADDR_EQUAL(&src, &in6addr_any)) + { char * ret; - ret = estrdup(inet_ntop(AF_INET6, ia, hostname, sizeof(hostname))); + if(IN6_IS_ADDR_V4MAPPED(&src6)) + { + inaddr.s_addr = src6.s6_addr32[3]; + ret = estrdup(inet_ntop(AF_INET, &inaddr,hostname, sizeof(hostname))); + } + else + ret = estrdup(inet_ntop(AF_INET6, &src6,hostname, sizeof(hostname))); + retc->x.str_val = ret; retc->size = strlen(ret); return retc; } + + hostname[sizeof(hostname) - 1] = '\0'; + gethostname(hostname, sizeof(hostname) - 1); + nn_resolve(hostname, &in6addr); + + if(IN6_IS_ADDR_V4MAPPED(&in6addr)) + { + inaddr.s_addr = in6addr.s6_addr32[3]; + ret = estrdup(inet_ntop(AF_INET, &inaddr,hostname, sizeof(hostname))); + } + else + ret = estrdup(inet_ntop(AF_INET6, &in6addr,hostname, sizeof(hostname))); + + retc->x.str_val = ret; + retc->size = strlen(ret); } return retc; } Modified: trunk/openvas-scanner/ChangeLog =================================================================== --- trunk/openvas-scanner/ChangeLog 2009-11-10 07:59:21 UTC (rev 5827) +++ trunk/openvas-scanner/ChangeLog 2009-11-10 08:31:36 UTC (rev 5828) @@ -1,3 +1,15 @@ +2009-11-10 Chandrashekhar B + + * openvassd/attack.c (attack_network): Use new + functions from pcap to get MAC address and check + whether target belongs to localnet. + + * openvassd/attack.c (attack_network): Use new + functions from pcap to get MAC address and check + whether target belongs to localnet. + + Coding by Srinivasa NL . + 2009-11-10 Felix Wolfsteller * openvassd/utils.c (temp_file_name): Doc, added comment about toctou Modified: trunk/openvas-scanner/openvassd/attack.c =================================================================== --- trunk/openvas-scanner/openvassd/attack.c 2009-11-10 07:59:21 UTC (rev 5827) +++ trunk/openvas-scanner/openvassd/attack.c 2009-11-10 08:31:36 UTC (rev 5828) @@ -34,7 +34,7 @@ #include /* for kb_new */ #include /* for auth_printf */ #include /* for ACT_INIT */ -#include /* for is_local_ip */ +#include /* for v6_is_local_ip */ #include /* for plug_get_path */ #include /* for setproctitle */ #include /* for emalloc */ @@ -898,9 +898,9 @@ struct in_addr addr; addr.s_addr = host_ip.s6_addr32[3]; - if(preferences_use_mac_addr(preferences) && is_local_ip(addr)) + if(preferences_use_mac_addr(preferences) && v6_is_local_ip(&host_ip)) { - mac_err = get_mac_addr(addr, &MAC); + mac_err = v6_get_mac_addr(&host_ip, &MAC); if(mac_err > 0) { /* remote host is down */ From scm-commit at wald.intevation.org Tue Nov 10 09:43:10 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 10 Nov 2009 09:43:10 +0100 (CET) Subject: [Openvas-commits] r5829 - trunk/openvas-scanner Message-ID: <20091110084310.59BB4865F46E@pyrosoma.intevation.org> Author: chandra Date: 2009-11-10 09:43:09 +0100 (Tue, 10 Nov 2009) New Revision: 5829 Modified: trunk/openvas-scanner/ChangeLog Log: removed a duplicate line Modified: trunk/openvas-scanner/ChangeLog =================================================================== --- trunk/openvas-scanner/ChangeLog 2009-11-10 08:31:36 UTC (rev 5828) +++ trunk/openvas-scanner/ChangeLog 2009-11-10 08:43:09 UTC (rev 5829) @@ -4,10 +4,6 @@ functions from pcap to get MAC address and check whether target belongs to localnet. - * openvassd/attack.c (attack_network): Use new - functions from pcap to get MAC address and check - whether target belongs to localnet. - Coding by Srinivasa NL . 2009-11-10 Felix Wolfsteller From scm-commit at wald.intevation.org Tue Nov 10 10:03:54 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 10 Nov 2009 10:03:54 +0100 (CET) Subject: [Openvas-commits] r5830 - in trunk/openvas-client: . include openvas Message-ID: <20091110090354.C36E2865F4A0@pyrosoma.intevation.org> Author: felix Date: 2009-11-10 10:03:52 +0100 (Tue, 10 Nov 2009) New Revision: 5830 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/include/ntcompat.h trunk/openvas-client/openvas/latex_output.c Log: Resolved typos lead to by Ryan Schmidt. * include/ntcompat.h, openvas/latex_output.c: Replaced recommand by recommend, added todo about duplicate code. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-11-10 08:43:09 UTC (rev 5829) +++ trunk/openvas-client/ChangeLog 2009-11-10 09:03:52 UTC (rev 5830) @@ -1,3 +1,10 @@ +2009-11-10 Felix Wolfsteller + + Resolved typos lead to by Ryan Schmidt. + + * include/ntcompat.h, openvas/latex_output.c: Replaced recommand by + recommend, added todo about duplicate code. + 2009-11-09 Michael Wiegand Post-release version bump. Modified: trunk/openvas-client/include/ntcompat.h =================================================================== --- trunk/openvas-client/include/ntcompat.h 2009-11-10 08:43:09 UTC (rev 5829) +++ trunk/openvas-client/include/ntcompat.h 2009-11-10 09:03:52 UTC (rev 5830) @@ -61,10 +61,11 @@ #define _EXIT(x) EXIT(x) #define DO_EXIT(x) exit(x) +/** @todo Remove duplicates (openvas-scanner/include/threadcompat.h) */ #ifdef HAVE_PTHREAD_CANCEL #define TERMINATE_THREAD(x) {pthread_cancel(x->thread);pthread_detach(x->thread);} #else -#warning "Your system lacks pthread_cancel() ! Using the pthreads is not recommanded" +#warning "Your system lacks pthread_cancel() ! Using the pthreads is not recommended" #define TERMINATE_THREAD(x) #endif /* HAVE_PTHREAD_CANCEL */ #endif /* USE_PTHREADS */ Modified: trunk/openvas-client/openvas/latex_output.c =================================================================== --- trunk/openvas-client/openvas/latex_output.c 2009-11-10 08:43:09 UTC (rev 5829) +++ trunk/openvas-client/openvas/latex_output.c 2009-11-10 09:03:52 UTC (rev 5830) @@ -151,7 +151,7 @@ fprintf(f, "On the overall, your network seems to be pretty safe.\n"); fprintf(f, "However, \\textbf{the result of a security scanner can not garantee your "); fprintf(f, "complete safety !}. Security Scanners can not test things such as home made "); - fprintf(f, "CGIs, so if you want the garantee that you network is secure, we recommand "); + fprintf(f, "CGIs, so if you want the garantee that you network is secure, we recommend "); fprintf(f, "that you check these things manually.\\\\\n"); fprintf(f, "However, your network was given the highest mark that OpenVAS can give, "); fprintf(f, "that is a A (worst being E). Congratulations !"); @@ -175,7 +175,7 @@ fprintf(f, "although we know it is not always possible.\\\\\n"); if((num_of_hosts > 1)&&most) { - fprintf(f, "We recommand that you take a closer look at %s, as it is the host ", + fprintf(f, "We recommend that you take a closer look at %s, as it is the host ", most->name); fprintf(f, "the most affected by these warnings.\\\\\n"); } @@ -213,7 +213,7 @@ fprintf(f, "although we know it is not always possible.\\\\\n"); if((num_of_hosts > 1)&&most) { - fprintf(f, "We recommand that you take a closer look at \\verb+%s+, as it is the host ", + fprintf(f, "We recommend that you take a closer look at \\verb+%s+, as it is the host ", most->name); fprintf(f, "the most affected by these warnings.\\\\\n"); } @@ -248,7 +248,7 @@ fprintf(f, "although we know it is not always possible.\\\\\n"); if((num_of_hosts > 1)&&most) { - fprintf(f, "We recommand that you take a closer look at \\verb+%s+, as it is the host ", + fprintf(f, "We recommend that you take a closer look at \\verb+%s+, as it is the host ", most->name); fprintf(f, "that is the most likely to be the entry point of any cracker.\n"); } @@ -284,7 +284,7 @@ fprintf(f, "although we know it is not always possible.\\\\\n"); if((num_of_hosts > 1)&&most) { - fprintf(f, "We recommand that you take a closer look at \\verb+%s+, as it is the host ", + fprintf(f, "We recommend that you take a closer look at \\verb+%s+, as it is the host ", most->name); fprintf(f, "that is the most likely to be the entry point of any cracker.\n"); } @@ -461,12 +461,12 @@ fprintf(f, "the practices of the users of the network, the home-made "); fprintf(f, "services and CGIs, and so on... So, you should not have "); fprintf(f, "a false sense of security now that the tests are done. "); - fprintf(f, "We recommand that you monitor actively what happens on "); + fprintf(f, "We recommend that you monitor actively what happens on "); fprintf(f, "your firewall, and that you use some tools such as "); fprintf(f, "tripwire to restore your servers more easily in the case "); fprintf(f, "of an intrusion.\\\\\n"); fprintf(f, "In addition to that, you must know that new security holes "); - fprintf(f, "are found each week. This is the reason why we recommand that you visit "); + fprintf(f, "are found each week. This is the reason why we recommend that you visit "); fprintf(f, "\\verb+http://www.osvdb.org/+ and \\verb+http://www.openvas.org/+ for an "); fprintf(f, "update of security vulnerabilites as they are published "); fprintf(f, "on public mailing lists such as BugTraq. (see "); From scm-commit at wald.intevation.org Tue Nov 10 10:10:01 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 10 Nov 2009 10:10:01 +0100 (CET) Subject: [Openvas-commits] r5831 - in trunk/openvas-libraries: . doc Message-ID: <20091110091001.8335A865F4A0@pyrosoma.intevation.org> Author: felix Date: 2009-11-10 10:10:00 +0100 (Tue, 10 Nov 2009) New Revision: 5831 Modified: trunk/openvas-libraries/ChangeLog trunk/openvas-libraries/configure trunk/openvas-libraries/configure.in trunk/openvas-libraries/doc/README.BPF Log: Fixed typos found by Ryan Schmidt. This change closes bug #1167. (bugs.openvas.org/1167) * configure.in, doc/README.BPF: Fixed typos. * configure: Regenerated Modified: trunk/openvas-libraries/ChangeLog =================================================================== --- trunk/openvas-libraries/ChangeLog 2009-11-10 09:03:52 UTC (rev 5830) +++ trunk/openvas-libraries/ChangeLog 2009-11-10 09:10:00 UTC (rev 5831) @@ -1,3 +1,12 @@ +2009-11-10 Felix Wolfsteller + + Fixed typos found by Ryan Schmidt. This change closes bug #1167. + (bugs.openvas.org/1167) + + * configure.in, doc/README.BPF: Fixed typos. + + * configure: Regenerated + 2009-11-10 Chandrashekhar B * misc/pcap.c: Migrating to ipv6, first phase. Modified: trunk/openvas-libraries/configure =================================================================== --- trunk/openvas-libraries/configure 2009-11-10 09:03:52 UTC (rev 5830) +++ trunk/openvas-libraries/configure 2009-11-10 09:10:00 UTC (rev 5831) @@ -26504,11 +26504,11 @@ BPFs are used to capture incoming packets without using the operating system. OpenVAS uses those for some of its security checks and port scanners. -However, you seem to not have enough bpfs, (we recommand that you get about +However, you seem to not have enough bpfs, (we recommend that you get about 100 of them) so OpenVAS might miss some hosts or produce inaccurate port scans. If you can not create more bpfs, there once was a feature 'enable-bpf-sharing' -which has been removed (see OpenVAS Change Reuqest 5). Please report on the +which has been removed (see OpenVAS Change Request 5). Please report on the OpenVAS Mailing Lists if this causes a problem to you. Please read README.BPF before continuing" >&5 echo "${ECHO_T} @@ -26519,11 +26519,11 @@ BPFs are used to capture incoming packets without using the operating system. OpenVAS uses those for some of its security checks and port scanners. -However, you seem to not have enough bpfs, (we recommand that you get about +However, you seem to not have enough bpfs, (we recommend that you get about 100 of them) so OpenVAS might miss some hosts or produce inaccurate port scans. If you can not create more bpfs, there once was a feature 'enable-bpf-sharing' -which has been removed (see OpenVAS Change Reuqest 5). Please report on the +which has been removed (see OpenVAS Change Request 5). Please report on the OpenVAS Mailing Lists if this causes a problem to you. Please read README.BPF before continuing" >&6; } Modified: trunk/openvas-libraries/configure.in =================================================================== --- trunk/openvas-libraries/configure.in 2009-11-10 09:03:52 UTC (rev 5830) +++ trunk/openvas-libraries/configure.in 2009-11-10 09:10:00 UTC (rev 5831) @@ -576,11 +576,11 @@ BPFs are used to capture incoming packets without using the operating system. OpenVAS uses those for some of its security checks and port scanners. -However, you seem to not have enough bpfs, (we recommand that you get about +However, you seem to not have enough bpfs, (we recommend that you get about 100 of them) so OpenVAS might miss some hosts or produce inaccurate port scans. If you can not create more bpfs, there once was a feature 'enable-bpf-sharing' -which has been removed (see OpenVAS Change Reuqest 5). Please report on the +which has been removed (see OpenVAS Change Request 5). Please report on the OpenVAS Mailing Lists if this causes a problem to you. Please read README.BPF before continuing]) Modified: trunk/openvas-libraries/doc/README.BPF =================================================================== --- trunk/openvas-libraries/doc/README.BPF 2009-11-10 09:03:52 UTC (rev 5830) +++ trunk/openvas-libraries/doc/README.BPF 2009-11-10 09:10:00 UTC (rev 5831) @@ -23,7 +23,7 @@ (as openvasd is extremely lightweight, you can expect to have this amount of processes running at the same time) -If you plan to scan a whole network, we recommand you create at least +If you plan to scan a whole network, we recommend you create at least 100 of them. Once your kernel has been rebuilt, get root, cd to /dev @@ -39,5 +39,5 @@ ./MAKEDEV bpf+100 If you can not recompile your kernel, there once was a feature -'enable-bpf-sharing' which has been removed (see OpenVAS Change Reuqest 5). +'enable-bpf-sharing' which has been removed (see OpenVAS Change Request 5). Please report on the OpenVAS Mailing Lists if this causes a problem to you. From scm-commit at wald.intevation.org Tue Nov 10 10:58:25 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 10 Nov 2009 10:58:25 +0100 (CET) Subject: [Openvas-commits] r5832 - in trunk/openvas-scanner: . include Message-ID: <20091110095825.94A55852DB53@pyrosoma.intevation.org> Author: felix Date: 2009-11-10 10:58:24 +0100 (Tue, 10 Nov 2009) New Revision: 5832 Modified: trunk/openvas-scanner/ChangeLog trunk/openvas-scanner/include/threadcompat.h Log: Resolved typos lead to by Ryan Schmidt. * include/threadcompat.h: Replaced "recommand" by "recommend", added todo about duplicate code. Modified: trunk/openvas-scanner/ChangeLog =================================================================== --- trunk/openvas-scanner/ChangeLog 2009-11-10 09:10:00 UTC (rev 5831) +++ trunk/openvas-scanner/ChangeLog 2009-11-10 09:58:24 UTC (rev 5832) @@ -1,3 +1,10 @@ +2009-11-10 Felix Wolfsteller + + Resolved typos lead to by Ryan Schmidt. + + * include/threadcompat.h: Replaced "recommand" by "recommend", added + todo about duplicate code. + 2009-11-10 Chandrashekhar B * openvassd/attack.c (attack_network): Use new Modified: trunk/openvas-scanner/include/threadcompat.h =================================================================== --- trunk/openvas-scanner/include/threadcompat.h 2009-11-10 09:10:00 UTC (rev 5831) +++ trunk/openvas-scanner/include/threadcompat.h 2009-11-10 09:58:24 UTC (rev 5832) @@ -69,10 +69,11 @@ #define _EXIT(x) EXIT(x) #define DO_EXIT(x) exit(x) +/** @todo Remove duplicates (openvas-client/include/ntcompat.h) */ #ifdef HAVE_PTHREAD_CANCEL #define TERMINATE_THREAD(x) {pthread_cancel(x->thread);pthread_detach(x->thread);} #else -#warning "Your system lacks pthread_cancel() ! Using the pthreads is not recommanded" +#warning "Your system lacks pthread_cancel() ! Using the pthreads is not recommended" #define TERMINATE_THREAD(x) #endif /* HAVE_PTHREAD_CANCEL */ #endif /* USE_PTHREADS */ From scm-commit at wald.intevation.org Tue Nov 10 11:07:58 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 10 Nov 2009 11:07:58 +0100 (CET) Subject: [Openvas-commits] r5833 - in trunk/openvas-manager: . src Message-ID: <20091110100758.C3496852DB4D@pyrosoma.intevation.org> Author: felix Date: 2009-11-10 11:07:57 +0100 (Tue, 10 Nov 2009) New Revision: 5833 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/omp.c Log: Improved pdf reports. Text of issues like "security warning" is printed verbatim. To allow for page breaks in issue tables, put one verbatim line into one row of the table. Break lines at 80 characters and do word wrapping. Indicate "artificial" line breaks with a special symbol. Indicate that tables were broken over pages. * src/omp.c (print_report_latex): Use more features of the longtable environment in latex/pdf report. (next_break): New. Used for the line and word wrapping in latex_print_verbatim_text. (latex_print_verbatim_text): New. Prints verbatim text, doing line and word wrapping. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2009-11-10 09:58:24 UTC (rev 5832) +++ trunk/openvas-manager/ChangeLog 2009-11-10 10:07:57 UTC (rev 5833) @@ -1,3 +1,18 @@ +2009-11-10 Felix Wolfsteller + + Improved pdf reports. Text of issues like "security warning" is printed + verbatim. To allow for page breaks in issue tables, put one verbatim + line into one row of the table. Break lines at 80 characters and do + word wrapping. Indicate "artificial" line breaks with a special symbol. + Indicate that tables were broken over pages. + + * src/omp.c (print_report_latex): Use more features of the longtable + environment in latex/pdf report. + (next_break): New. Used for the line and word wrapping in + latex_print_verbatim_text. + (latex_print_verbatim_text): New. Prints verbatim text, doing line and + word wrapping. + 2009-11-09 Michael Wiegand Post-release version bump. Modified: trunk/openvas-manager/src/omp.c =================================================================== --- trunk/openvas-manager/src/omp.c 2009-11-10 09:58:24 UTC (rev 5832) +++ trunk/openvas-manager/src/omp.c 2009-11-10 10:07:57 UTC (rev 5833) @@ -2198,6 +2198,133 @@ } /** + * @brief Returns next good position to wrap text. Only space is considered a + * @brief word boundary. + * + * @param[in] text Text to inspect. + * @param[in] line_width Line width before or at which to wrap. + * + * @return Good position to insert a line break in printable characters in the + * sense of latex_print_verbatim_text. + * + * @todo Test special cases. + * @todo Do this a bit better. + */ +static int +next_break (const char* text, int line_width) +{ + const char* pos = text; + int last_space = 0; + int nchars = 0; + + while (*pos && nchars < line_width) + { + switch (*pos) + { + case '\\': + ++pos; + if (*pos && *pos == 'n') + { + return nchars + 1; + } + if (*pos && *pos == 'r') + { + --nchars; + --nchars; + break; + } + --pos; + break; + case '\n': + return nchars; + break; + case ' ': + last_space = nchars; + break; + default: + break; + } /* switch (*pos) */ + + ++pos; + ++nchars; + } + + if (nchars == line_width && last_space != 0) + return last_space; + else + return nchars; +} + +/** + * @brief Writes \ref text to \ref file, doing line wraps at 80 chars and + * @brief putting a symbol to indicate line wrap. + * + * Function to be used to print verbatim text to latex documents in a longtable + * environment. + * Newlines will be replaced by row/line breaks, thus might cause trouble in + * non- tabular environments. + * + * @param[in] file File descriptor to write to. + * @param[out] text Text to write to file. + * + * @todo Do this better. Word wrapping has problems with first line. + */ +static void +latex_print_verbatim_text (FILE* file, const char* text) +{ + const char* pos = text; + int nchars = 0; + int line_width = 80; + int break_pos = next_break (pos, line_width); + + fputs ("\\verb=", file); + while (*pos) + { + if (nchars == break_pos) + { + fputs ("=\\\\\n", file); + fputs ("$\\hookrightarrow$\\verb=", file); + nchars = 0; + break_pos = next_break (pos, line_width - 2); + continue; + } + switch (*pos) + { + case '\\': + ++pos; + if (*pos && *pos == 'n') + { + fputs ("=\\\\\n\\verb=", file); + nchars = -1; + break_pos = next_break (pos, line_width); + break; + } + else if (*pos && *pos == 'r') + { + --nchars; + break; + } + --pos; + fputc (*pos, file); + break; + case '\n': + fputs ("=\\\\\n\\verb=", file); + nchars = -1; + break_pos = next_break (pos, line_width); + break; + default: + fputc (*pos, file); + break; + } /* switch (*pos) */ + ++nchars; + ++pos; + } + /** @todo Handle special situations (empty string, newline at end etc) + * more clever, break at word boundaries */ + fputs ("=\\\\\n", file); +} + +/** * @brief Writes \ref text to \ref file, escaping characters on the fly. * * Function to be used to print text to latex documents in a longtable @@ -2226,11 +2353,11 @@ // Replace "\n" by row/line break else if (*pos && *pos == 'n') { - fputs ("\\\\", file); + fputs ("\\\\\n", file); break; } --pos; - // No escaped special char. + // No escaped special char. fputs ("$\\backslash$", file); break; /** @todo following cases simply place a backslash ('\') in front of @@ -2454,8 +2581,9 @@ * does not fit on a whole page, because page breaks can only be inserted * _between_ rows. Consider using the verbatim environment with manually * added row breaks after a certain number of characters. - * @todo Use more features of the longtable environment, e.g. declare table - * headings and "continues/d on/from next/previous page" texts. + * @todo Also, this code produces empty tables (probably because of the + * 'if (last_port == )' code). + * @todo Escape all text that should appear as text in latex. */ static int print_report_latex (report_t report, gchar* latex_file, int ascending, @@ -2664,15 +2792,24 @@ severity = result_iterator_type (&results); fprintf (out, "\\hline\n" - "\\rowcolor%s%s\\\\\n" - "\\hline\n", + "\\rowcolor%s{\\color{white}{%s}}\\\\\n" + "\\hline\n" + "\\endfirsthead\n" + "\\hfill\\ldots continued from previous page \\ldots \\\\\n" + "\\hline\n" + "\\endhead\n" + "\\hline\n" + "\\ldots continues on next page \\ldots \\\\\n" + "\\endfoot\n" + "\\hline\n" + "\\endlastfoot\n", latex_severity_colour (severity), latex_severity_heading (severity)); - latex_print_text (out, result_iterator_descr (&results)); + latex_print_verbatim_text (out, result_iterator_descr (&results)); fprintf (out, "\\\\\n" "OID of test routine: %s\\\\\n" - "\\hline\n" + //"\\hline\n" "\\end{longtable}\n" "\n" "\\begin{longtable}{|p{\\textwidth * 1}|}\n", From scm-commit at wald.intevation.org Tue Nov 10 11:41:43 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 10 Nov 2009 11:41:43 +0100 (CET) Subject: [Openvas-commits] r5834 - in trunk/openvas-manager: . src Message-ID: <20091110104143.8BB73852DB57@pyrosoma.intevation.org> Author: mattm Date: 2009-11-10 11:41:40 +0100 (Tue, 10 Nov 2009) New Revision: 5834 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/tasks_sql.h Log: * src/tasks_sql.h (manage_db_version): Check version instead of number. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2009-11-10 10:07:57 UTC (rev 5833) +++ trunk/openvas-manager/ChangeLog 2009-11-10 10:41:40 UTC (rev 5834) @@ -1,5 +1,9 @@ -2009-11-10 Felix Wolfsteller +2009-11-10 Matthew Mundell + * src/tasks_sql.h (manage_db_version): Check version instead of number. + +2009-11-10 Felix Wolfsteller + Improved pdf reports. Text of issues like "security warning" is printed verbatim. To allow for page breaks in issue tables, put one verbatim line into one row of the table. Break lines at 80 characters and do Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2009-11-10 10:07:57 UTC (rev 5833) +++ trunk/openvas-manager/src/tasks_sql.h 2009-11-10 10:41:40 UTC (rev 5834) @@ -592,7 +592,7 @@ char *version = sql_string (0, 0, "SELECT value FROM meta" " WHERE name = 'database_version' LIMIT 1;"); - if (number) + if (version) { number = atoi (version); free (version); From scm-commit at wald.intevation.org Tue Nov 10 12:46:01 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 10 Nov 2009 12:46:01 +0100 (CET) Subject: [Openvas-commits] r5835 - in trunk/openvas-plugins: . scripts Message-ID: <20091110114601.8D2D9861EAAB@pyrosoma.intevation.org> Author: mime Date: 2009-11-10 12:45:58 +0100 (Tue, 10 Nov 2009) New Revision: 5835 Added: trunk/openvas-plugins/scripts/asterisk_36924.nasl Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/yahoo_dos.nasl Log: Added new plugin Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-11-10 10:41:40 UTC (rev 5834) +++ trunk/openvas-plugins/ChangeLog 2009-11-10 11:45:58 UTC (rev 5835) @@ -1,3 +1,11 @@ +2009-11-10 Michael Meyer + + * scripts/asterisk_36924.nasl: + Added new plugin. + + * scripts/yahoo_dos.nas: + Added script_name (was removed by i18n patch). + 2009-11-09 Chandrashekhar B * scripts/gb_html_parser_detect_lin.nasl, Added: trunk/openvas-plugins/scripts/asterisk_36924.nasl =================================================================== --- trunk/openvas-plugins/scripts/asterisk_36924.nasl 2009-11-10 10:41:40 UTC (rev 5834) +++ trunk/openvas-plugins/scripts/asterisk_36924.nasl 2009-11-10 11:45:58 UTC (rev 5835) @@ -0,0 +1,87 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# Asterisk SIP Response Username Enumeration Remote Information Disclosure Vulnerability +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100341); + script_bugtraq_id(36924); + script_cve_id("CVE-2009-3727"); + script_version ("1.0-$Revision$"); + + script_name("Asterisk SIP Response Username Enumeration Remote Information Disclosure Vulnerability"); + +desc = "Overview: +Asterisk is prone to an information-disclosure vulnerability because +it doesn't provide safe responses to failed authentication attempts. + +Attackers can exploit this issue to discover whether specific +usernames exist. Information harvested may aid in launching +further attacks. + +Solution: +The vendor has released an advisory and updates. Please see the +references for details. + +References: +http://www.securityfocus.com/bid/36924 +http://www.asterisk.org/ +http://www.securityfocus.com/archive/1/507688 +http://downloads.asterisk.org/pub/security/AST-2009-008.html + +Risk factor : Medium"; + + script_description(desc); + script_summary("Determine if Asterisk is prone to an information-disclosure vulnerability"); + script_category(ACT_GATHER_INFO); + script_family("General"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("secpod_asterisk_detect.nasl"); + script_require_keys("Services/udp/sip"); + exit(0); +} + +include("version_func.inc"); + +asterisk_port = get_kb_item("Services/udp/sip"); +if(!asterisk_port)exit(0); +if(!get_udp_port_state(asterisk_port))exit(0); + +asteriskVer = get_kb_item("Asterisk-PBX/Ver"); +if(!asteriskVer){ + exit(0); +} + +if(version_in_range(version:asteriskVer, test_version:"1.6.1", test_version2:"1.6.1.8") || + version_in_range(version:asteriskVer, test_version:"1.6", test_version2:"1.6.16") || + version_in_range(version:asteriskVer, test_version:"1.4.26", test_version2:"1.4.26.2") || + version_in_range(version:asteriskVer, test_version:"1.2", test_version2:"1.2.34")) { + + security_warning(port:asterisk_port, proto:"udp"); + exit(0); + +} + +exit(0); Property changes on: trunk/openvas-plugins/scripts/asterisk_36924.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Modified: trunk/openvas-plugins/scripts/yahoo_dos.nasl =================================================================== --- trunk/openvas-plugins/scripts/yahoo_dos.nasl 2009-11-10 10:41:40 UTC (rev 5834) +++ trunk/openvas-plugins/scripts/yahoo_dos.nasl 2009-11-10 11:45:58 UTC (rev 5835) @@ -13,7 +13,7 @@ script_id(10326); script_version("$Revision$"); script_cve_id("CVE-2000-0047"); - script_name(""); + script_name("Yahoo Messenger Denial of Service attack"); desc = " Overview: This host has Yahoo Messenger or Pager installed and is prone to From scm-commit at wald.intevation.org Tue Nov 10 15:24:13 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 10 Nov 2009 15:24:13 +0100 (CET) Subject: [Openvas-commits] r5836 - in trunk/openvas-plugins: . scripts Message-ID: <20091110142413.CBDD7861EAB1@pyrosoma.intevation.org> Author: mime Date: 2009-11-10 15:24:11 +0100 (Tue, 10 Nov 2009) New Revision: 5836 Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/secpod_pumpkin_tftp_server_dos_vuln.nasl Log: Fixed typo Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-11-10 11:45:58 UTC (rev 5835) +++ trunk/openvas-plugins/ChangeLog 2009-11-10 14:24:11 UTC (rev 5836) @@ -1,5 +1,10 @@ 2009-11-10 Michael Meyer + * scripts/secpod_pumpkin_tftp_server_dos_vuln.nasl: + Fixed typo. + +2009-11-10 Michael Meyer + * scripts/asterisk_36924.nasl: Added new plugin. Modified: trunk/openvas-plugins/scripts/secpod_pumpkin_tftp_server_dos_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_pumpkin_tftp_server_dos_vuln.nasl 2009-11-10 11:45:58 UTC (rev 5835) +++ trunk/openvas-plugins/scripts/secpod_pumpkin_tftp_server_dos_vuln.nasl 2009-11-10 14:24:11 UTC (rev 5836) @@ -91,7 +91,7 @@ { # Attack request req1 = crap(length:16, data:"0x00"); - req2 = crap(lenght:32000, data:"0x00"); + req2 = crap(length:32000, data:"0x00"); req = raw_string(0x00, 0x02) + req1 + raw_string(0x00) + req2 + raw_string(0x00); } else{ From scm-commit at wald.intevation.org Tue Nov 10 17:16:48 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 10 Nov 2009 17:16:48 +0100 (CET) Subject: [Openvas-commits] r5837 - in trunk/openvas-plugins: . scripts Message-ID: <20091110161648.3E0E9852FEBF@pyrosoma.intevation.org> Author: mime Date: 2009-11-10 17:16:44 +0100 (Tue, 10 Nov 2009) New Revision: 5837 Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/gb_apache_struts_dir_traversal_vuln.nasl trunk/openvas-plugins/scripts/remote-MS00-060.nasl Log: Bugfix Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-11-10 14:24:11 UTC (rev 5836) +++ trunk/openvas-plugins/ChangeLog 2009-11-10 16:16:44 UTC (rev 5837) @@ -1,5 +1,11 @@ 2009-11-10 Michael Meyer + * scripts/remote-MS00-060.nasl, + scripts/gb_apache_struts_dir_traversal_vuln.nasl: + Make sure that open_sock_tcp() was successful. + +2009-11-10 Michael Meyer + * scripts/secpod_pumpkin_tftp_server_dos_vuln.nasl: Fixed typo. Modified: trunk/openvas-plugins/scripts/gb_apache_struts_dir_traversal_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_apache_struts_dir_traversal_vuln.nasl 2009-11-10 14:24:11 UTC (rev 5836) +++ trunk/openvas-plugins/scripts/gb_apache_struts_dir_traversal_vuln.nasl 2009-11-10 16:16:44 UTC (rev 5837) @@ -91,16 +91,19 @@ { # Try out the attack string here soc = open_sock_tcp(strutsPort); - attack = string("GET ", dir + "/struts/..%252f..%252f..%252fWEB-INF \r\n", - "Host: ", get_host_name(), "\r\n\r\n"); - send(socket:soc, data:attack); - atkRes = recv(socket:soc, length:30720); - close(soc); - if("classes" >< atkRes && "lib" >< atkRes && "src" >< atkRes) - { - security_warning(strutsPort); - exit(0); - } + if(soc) { + attack = string("GET ", dir + "/struts/..%252f..%252f..%252fWEB-INF \r\n", + "Host: ", get_host_name(), "\r\n\r\n"); + send(socket:soc, data:attack); + atkRes = recv(socket:soc, length:30720); + close(soc); + + if("classes" >< atkRes && "lib" >< atkRes && "src" >< atkRes) + { + security_warning(strutsPort); + exit(0); + } + } } } Modified: trunk/openvas-plugins/scripts/remote-MS00-060.nasl =================================================================== --- trunk/openvas-plugins/scripts/remote-MS00-060.nasl 2009-11-10 14:24:11 UTC (rev 5836) +++ trunk/openvas-plugins/scripts/remote-MS00-060.nasl 2009-11-10 16:16:44 UTC (rev 5837) @@ -91,6 +91,7 @@ foreach port (iis) { soc = open_sock_tcp(port); + if(!soc)continue; req = http_get(item:page, port:port); send(socket:soc, data: req); From scm-commit at wald.intevation.org Wed Nov 11 08:22:33 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 11 Nov 2009 08:22:33 +0100 (CET) Subject: [Openvas-commits] r5838 - in trunk/openvas-client: . openvas openvas/prefs_dialog Message-ID: <20091111072233.DE747865F4A6@pyrosoma.intevation.org> Author: felix Date: 2009-11-11 08:22:32 +0100 (Wed, 11 Nov 2009) New Revision: 5838 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/openvas/prefs_dialog/prefs_help.h trunk/openvas-client/openvas/read_target_file.c Log: Applying modified patch of Christian Kuersteiner to add support for vhosts. * openvas/read_target_file.c (translate_vhosts): New. "Expands syntax" to add vhosts to an IP. (target_file_to_list, target_translate): Call new function. * openvas/prefs_dialog/prefs_help.h: Modified help text. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-11-10 16:16:44 UTC (rev 5837) +++ trunk/openvas-client/ChangeLog 2009-11-11 07:22:32 UTC (rev 5838) @@ -1,5 +1,15 @@ 2009-11-10 Felix Wolfsteller + Applying modified patch of Christian Kuersteiner to add support for + vhosts. + + * openvas/read_target_file.c (translate_vhosts): New. "Expands syntax" + to add vhosts to an IP. + (target_file_to_list, target_translate): Call new function. + + +2009-11-10 Felix Wolfsteller + Resolved typos lead to by Ryan Schmidt. * include/ntcompat.h, openvas/latex_output.c: Replaced recommand by Modified: trunk/openvas-client/openvas/prefs_dialog/prefs_help.h =================================================================== --- trunk/openvas-client/openvas/prefs_dialog/prefs_help.h 2009-11-10 16:16:44 UTC (rev 5837) +++ trunk/openvas-client/openvas/prefs_dialog/prefs_help.h 2009-11-11 07:22:32 UTC (rev 5838) @@ -122,12 +122,16 @@ _("The first host(s) that will be attacked by OpenVAS Server. \ The options below allow you to extend the test to a larger set of \ computer. You may define several primary targets by separating \ -them with a comma (,). ie : \"host1,host2\".") +hem with a comma (,). ie : \"host1,host2\". Additionally it is possible \ +to define virtual hosts in square brackets ([]). ie : \"host1[vhost1,vhost2],\ +host2\".") #define HLP_TARGET_READ_FROM_FILE \ _("A textfile can be specified that contains the list of targets. \ This textfile may contain comma-separated lists of host and also \ -may contain many of such lines.") +may contain many of such lines.). Additionally it is possible \ +to define virtual hosts in square brackets ([]). ie : \"host1[vhost1,vhost2],\ +host2\".") #define HLP_CGI_PATH \ _("It is possible to check for the presence of CGIs in multiple paths \ Modified: trunk/openvas-client/openvas/read_target_file.c =================================================================== --- trunk/openvas-client/openvas/read_target_file.c 2009-11-10 16:16:44 UTC (rev 5837) +++ trunk/openvas-client/openvas/read_target_file.c 2009-11-11 07:22:32 UTC (rev 5838) @@ -104,6 +104,38 @@ /** + * @brief Convert target string with virtual hosts to comma separated string. + * + * This function translates a string from the format + * IP[virtual_host1,virtual host2, ...] to a string in the format + * IP,virtual_host1,virtual host2,... + * It has to be called from every function which reads targets in. + * + * @param targets Target string with possible virtual hosts in it. + * + * @return New comma separated target string with virtual hosts as targets. + */ +static char* +translate_vhosts (const char* targets) +{ + gchar * temp = g_strdup (targets); + gchar ** v_wo_bracket = NULL; + gchar * s_wo_bracket = NULL; + + // Strip out '[' and replace it with a comma. + g_strdelimit (temp, "[", ','); + + // Delete the character ']' entirely. + v_wo_bracket = g_strsplit (temp, "]", -1); + s_wo_bracket = g_strjoinv (NULL, v_wo_bracket); + + g_free (temp); + g_strfreev (v_wo_bracket); + return s_wo_bracket; +} + + +/** * @brief Returns a string assembled out of the lines in file filename. * * The string will contain all the content of the file where newlines have been @@ -122,6 +154,7 @@ int len; struct_stat sb; int n, offs, left ; + gchar* result = NULL; if(fd < 0) { @@ -166,7 +199,12 @@ ret[len-1]='\0'; len--; } - return(ret); + + // Strip out the virtual hosts. + result = translate_vhosts (ret); + + efree (&ret); + return (result); } @@ -188,6 +226,7 @@ { char* untouched = NULL; gchar* s_wo_white = NULL; + gchar* result = NULL; gchar** v_wo_white; // Get untouched list of targets @@ -202,9 +241,13 @@ // Collapse the vector. s_wo_white = g_strjoinv (NULL, v_wo_white); + // strip out the virtual hosts + result = translate_vhosts (s_wo_white); + // Free and return g_strfreev (v_wo_white); - return s_wo_white; + g_free (s_wo_white); + return result; } /** From scm-commit at wald.intevation.org Wed Nov 11 10:58:33 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 11 Nov 2009 10:58:33 +0100 (CET) Subject: [Openvas-commits] r5839 - trunk/openvas-packaging/openvas-scanner/debian/trunk/debian Message-ID: <20091111095833.DB9B2852DB53@pyrosoma.intevation.org> Author: mwiegand Date: 2009-11-11 10:58:32 +0100 (Wed, 11 Nov 2009) New Revision: 5839 Modified: trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/openvas-scanner.postinst Log: Changed signature algorithm to SHA1 to match the default in openvas-mkcert. Modified: trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/openvas-scanner.postinst =================================================================== --- trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/openvas-scanner.postinst 2009-11-11 07:22:32 UTC (rev 5838) +++ trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/openvas-scanner.postinst 2009-11-11 09:58:32 UTC (rev 5839) @@ -78,7 +78,7 @@ default_days = 365 # how long to certify for default_crl_days= 30 # how long before next CRL -default_md = md5 # which md to use. +default_md = sha1 # which md to use. preserve = no # keep passed DN ordering policy = policy_anything From scm-commit at wald.intevation.org Wed Nov 11 15:39:55 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 11 Nov 2009 15:39:55 +0100 (CET) Subject: [Openvas-commits] r5840 - in trunk/openvas-plugins: . scripts Message-ID: <20091111143955.3B5F685D9F67@pyrosoma.intevation.org> Author: mime Date: 2009-11-11 15:39:37 +0100 (Wed, 11 Nov 2009) New Revision: 5840 Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/gb_adobe_flash_player_detect_win.nasl trunk/openvas-plugins/scripts/gb_becky_internet_mail_detect.nasl trunk/openvas-plugins/scripts/gb_blazevideo_hdtv_detect.nasl trunk/openvas-plugins/scripts/gb_bpsoft_hex_workshop_detect.nasl trunk/openvas-plugins/scripts/gb_bsplayer_detect.nasl trunk/openvas-plugins/scripts/gb_ccproxy_detect.nasl trunk/openvas-plugins/scripts/gb_eureka_email_detect.nasl trunk/openvas-plugins/scripts/gb_icq_toolbar_detect.nasl trunk/openvas-plugins/scripts/gb_kaspersky_internet_sec_suite_dos_vuln.nasl trunk/openvas-plugins/scripts/gb_magic_iso_maker_detect.nasl trunk/openvas-plugins/scripts/gb_mcafee_groupshield_detect.nasl trunk/openvas-plugins/scripts/gb_nullftp_server_detect.nasl trunk/openvas-plugins/scripts/gb_openssl_detect_win.nasl trunk/openvas-plugins/scripts/gb_python_imageop_bof_vuln_win.nasl trunk/openvas-plugins/scripts/gb_python_intgr_overflow_vuln_win.nasl trunk/openvas-plugins/scripts/gb_qip_detect.nasl trunk/openvas-plugins/scripts/gb_qtweb_detect.nasl trunk/openvas-plugins/scripts/gb_ultraiso_detect.nasl trunk/openvas-plugins/scripts/gb_ultravnc_cpp_file_mult_bof_vuln.nasl trunk/openvas-plugins/scripts/gb_xemacs_detect_win.nasl trunk/openvas-plugins/scripts/gb_xvid_detect_win.nasl trunk/openvas-plugins/scripts/secpod_adobe_flex_sdk_xss_vuln_win.nasl trunk/openvas-plugins/scripts/secpod_audacity_detect_win.nasl trunk/openvas-plugins/scripts/secpod_easy_rmtomp3_conv_detect.nasl trunk/openvas-plugins/scripts/secpod_euphonics_player_bof_vuln.nasl trunk/openvas-plugins/scripts/secpod_expert_pdf_editorx_activex_vuln.nasl trunk/openvas-plugins/scripts/secpod_freesshd_detect.nasl trunk/openvas-plugins/scripts/secpod_ftpshell_client_detect.nasl trunk/openvas-plugins/scripts/secpod_hamster_audio_player_detect.nasl trunk/openvas-plugins/scripts/secpod_ibm_db2_detect_win_900218.nasl trunk/openvas-plugins/scripts/secpod_ms_wpp_enterprise_library_detect.nasl trunk/openvas-plugins/scripts/secpod_opera_detection_win_900036.nasl trunk/openvas-plugins/scripts/secpod_pplive_detect.nasl trunk/openvas-plugins/scripts/secpod_sdp_downloader_detect.nasl trunk/openvas-plugins/scripts/secpod_thegreenbow_ipsec_vpn_client_detect.nasl trunk/openvas-plugins/scripts/secpod_tightvnc_detect_win.nasl trunk/openvas-plugins/scripts/secpod_ultravnc_detect_win.nasl trunk/openvas-plugins/scripts/secpod_viplay_detect.nasl trunk/openvas-plugins/scripts/secpod_xilisoft_video_conv_detect.nasl Log: Avoid some messages in dump log Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-11-11 09:58:32 UTC (rev 5839) +++ trunk/openvas-plugins/ChangeLog 2009-11-11 14:39:37 UTC (rev 5840) @@ -1,3 +1,47 @@ +2009-11-11 Michael Meyer + + * scripts/secpod_ms_wpp_enterprise_library_detect.nasl, + scripts/gb_magic_iso_maker_detect.nasl, + scripts/gb_bsplayer_detect.nasl, + scripts/gb_adobe_flash_player_detect_win.nasl, + scripts/gb_eureka_email_detect.nasl, + scripts/gb_nullftp_server_detect.nasl, + scripts/secpod_ibm_db2_detect_win_900218.nasl, + scripts/secpod_audacity_detect_win.nasl, + scripts/secpod_ftpshell_client_detect.nasl, + scripts/gb_becky_internet_mail_detect.nasl, + scripts/secpod_euphonics_player_bof_vuln.nasl, + scripts/secpod_easy_rmtomp3_conv_detect.nasl, + scripts/secpod_adobe_flex_sdk_xss_vuln_win.nasl, + scripts/gb_ultravnc_cpp_file_mult_bof_vuln.nasl, + scripts/gb_icq_toolbar_detect.nasl, + scripts/gb_bpsoft_hex_workshop_detect.nasl, + scripts/gb_xvid_detect_win.nasl, + scripts/gb_openssl_detect_win.nasl, + scripts/secpod_xilisoft_video_conv_detect.nasl, + scripts/secpod_ultravnc_detect_win.nasl, + scripts/gb_ccproxy_detect.nasl, + scripts/secpod_thegreenbow_ipsec_vpn_client_detect.nasl, + scripts/gb_xemacs_detect_win.nasl, + scripts/gb_ultraiso_detect.nasl, + scripts/secpod_tightvnc_detect_win.nasl, + scripts/gb_python_imageop_bof_vuln_win.nasl, + scripts/secpod_sdp_downloader_detect.nasl, + scripts/secpod_expert_pdf_editorx_activex_vuln.nasl, + scripts/secpod_freesshd_detect.nasl, + scripts/gb_blazevideo_hdtv_detect.nasl, + scripts/secpod_pplive_detect.nasl, + scripts/secpod_hamster_audio_player_detect.nasl, + scripts/secpod_opera_detection_win_900036.nasl, + scripts/gb_kaspersky_internet_sec_suite_dos_vuln.nasl, + scripts/gb_qtweb_detect.nasl, + scripts/gb_mcafee_groupshield_detect.nasl, + scripts/secpod_viplay_detect.nasl, + scripts/gb_python_intgr_overflow_vuln_win.nasl, + scripts/gb_qip_detect.nasl: + Avoid "nasl_array_iterator: unhandled type 57 (0x39)" messages + in dump log. + 2009-11-10 Michael Meyer * scripts/remote-MS00-060.nasl, Modified: trunk/openvas-plugins/scripts/gb_adobe_flash_player_detect_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_adobe_flash_player_detect_win.nasl 2009-11-11 09:58:32 UTC (rev 5839) +++ trunk/openvas-plugins/scripts/gb_adobe_flash_player_detect_win.nasl 2009-11-11 14:39:37 UTC (rev 5840) @@ -58,6 +58,10 @@ playerFlag = 0; airFlag = 0; csFlag = 0; flexFlag = 0; key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; +if(!registry_key_exists(key:key)){ + exit(0); +} + foreach item (registry_enum_keys(key:key)) { adobeName = registry_get_sz(key:key + item, item:"DisplayName"); Modified: trunk/openvas-plugins/scripts/gb_becky_internet_mail_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_becky_internet_mail_detect.nasl 2009-11-11 09:58:32 UTC (rev 5839) +++ trunk/openvas-plugins/scripts/gb_becky_internet_mail_detect.nasl 2009-11-11 14:39:37 UTC (rev 5840) @@ -56,6 +56,11 @@ } key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; + +if(!registry_key_exists(key:key)){ + exit(0); +} + foreach item (registry_enum_keys(key:key)) { if("Becky!" >< registry_get_sz(key:key + item, item:"DisplayName")) Modified: trunk/openvas-plugins/scripts/gb_blazevideo_hdtv_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_blazevideo_hdtv_detect.nasl 2009-11-11 09:58:32 UTC (rev 5839) +++ trunk/openvas-plugins/scripts/gb_blazevideo_hdtv_detect.nasl 2009-11-11 14:39:37 UTC (rev 5840) @@ -55,6 +55,11 @@ } key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; + +if(!registry_key_exists(key:key)){ + exit(0); +} + foreach item(registry_enum_keys(key:key)) { appName = registry_get_sz(key:key+item, item:"DisplayName"); Modified: trunk/openvas-plugins/scripts/gb_bpsoft_hex_workshop_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_bpsoft_hex_workshop_detect.nasl 2009-11-11 09:58:32 UTC (rev 5839) +++ trunk/openvas-plugins/scripts/gb_bpsoft_hex_workshop_detect.nasl 2009-11-11 14:39:37 UTC (rev 5840) @@ -55,6 +55,11 @@ } key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; + +if(!registry_key_exists(key:key)){ + exit(0); +} + foreach item (registry_enum_keys(key:key)) { if("Hex Workshop" >< registry_get_sz(key:key + item, item:"DisplayName")) Modified: trunk/openvas-plugins/scripts/gb_bsplayer_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_bsplayer_detect.nasl 2009-11-11 09:58:32 UTC (rev 5839) +++ trunk/openvas-plugins/scripts/gb_bsplayer_detect.nasl 2009-11-11 14:39:37 UTC (rev 5840) @@ -57,22 +57,31 @@ # Method 1 key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; -foreach item (registry_enum_keys(key:key)) -{ - bsName = registry_get_sz(key:key + item, item:"DisplayName"); - if("BS.Player" >< bsName) + +if(registry_key_exists(key:key)){ + + foreach item (registry_enum_keys(key:key)) { - bsVer = registry_get_sz(key:key + item, item:"DisplayVersion"); - if(bsVer != NULL) + bsName = registry_get_sz(key:key + item, item:"DisplayName"); + if("BS.Player" >< bsName) { - set_kb_item(name:"BSPlayer/Ver", value:bsVer); - exit(0); + bsVer = registry_get_sz(key:key + item, item:"DisplayVersion"); + if(bsVer != NULL) + { + set_kb_item(name:"BSPlayer/Ver", value:bsVer); + exit(0); + } } } } # Method 2 key2 = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; + +if(!registry_key_exists(key:key2)){ + exit(0); +} + foreach item (registry_enum_keys(key:key2)) { bsName = registry_get_sz(key:key2 + item, item:"DisplayName"); Modified: trunk/openvas-plugins/scripts/gb_ccproxy_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_ccproxy_detect.nasl 2009-11-11 09:58:32 UTC (rev 5839) +++ trunk/openvas-plugins/scripts/gb_ccproxy_detect.nasl 2009-11-11 14:39:37 UTC (rev 5840) @@ -55,6 +55,11 @@ } key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; + +if(!registry_key_exists(key:key)){ + exit(0); +} + foreach item (registry_enum_keys(key:key)) { ccproxyName = registry_get_sz(key:key + item, item:"DisplayName"); Modified: trunk/openvas-plugins/scripts/gb_eureka_email_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_eureka_email_detect.nasl 2009-11-11 09:58:32 UTC (rev 5839) +++ trunk/openvas-plugins/scripts/gb_eureka_email_detect.nasl 2009-11-11 14:39:37 UTC (rev 5840) @@ -55,6 +55,11 @@ } key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; + +if(!registry_key_exists(key:key)){ + exit(0); +} + foreach item (registry_enum_keys(key:key)) { eeName = registry_get_sz(key:key + item, item:"DisplayName"); Modified: trunk/openvas-plugins/scripts/gb_icq_toolbar_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_icq_toolbar_detect.nasl 2009-11-11 09:58:32 UTC (rev 5839) +++ trunk/openvas-plugins/scripts/gb_icq_toolbar_detect.nasl 2009-11-11 14:39:37 UTC (rev 5840) @@ -56,6 +56,11 @@ } Key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; + +if(!registry_key_exists(key:Key)){ + exit(0); +} + foreach item (registry_enum_keys(key:Key)) { icqName = registry_get_sz(key:Key + item, item:"DisplayName"); Modified: trunk/openvas-plugins/scripts/gb_kaspersky_internet_sec_suite_dos_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_kaspersky_internet_sec_suite_dos_vuln.nasl 2009-11-11 09:58:32 UTC (rev 5839) +++ trunk/openvas-plugins/scripts/gb_kaspersky_internet_sec_suite_dos_vuln.nasl 2009-11-11 14:39:37 UTC (rev 5840) @@ -76,6 +76,11 @@ } uninstall = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; + +if(!registry_key_exists(key:uninstall)){ + exit(0); +} + foreach key (registry_enum_keys(key:uninstall)) { kisName = registry_get_sz(key:uninstall + key, item:"DisplayName"); Modified: trunk/openvas-plugins/scripts/gb_magic_iso_maker_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_magic_iso_maker_detect.nasl 2009-11-11 09:58:32 UTC (rev 5839) +++ trunk/openvas-plugins/scripts/gb_magic_iso_maker_detect.nasl 2009-11-11 14:39:37 UTC (rev 5840) @@ -55,6 +55,11 @@ } key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; + +if(!registry_key_exists(key:key)){ + exit(0); +} + foreach item (registry_enum_keys(key:key)) { name = registry_get_sz(key:key + item, item:"DisplayName"); Modified: trunk/openvas-plugins/scripts/gb_mcafee_groupshield_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_mcafee_groupshield_detect.nasl 2009-11-11 09:58:32 UTC (rev 5839) +++ trunk/openvas-plugins/scripts/gb_mcafee_groupshield_detect.nasl 2009-11-11 14:39:37 UTC (rev 5840) @@ -56,6 +56,12 @@ } groupshieldKey = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; + +if(!registry_key_exists(key:groupshieldKey)){ + exit(0); +} + + foreach item(registry_enum_keys(key:groupshieldKey)) { groupName = registry_get_sz(key:groupshieldKey + item, item:"DisplayName"); Modified: trunk/openvas-plugins/scripts/gb_nullftp_server_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_nullftp_server_detect.nasl 2009-11-11 09:58:32 UTC (rev 5839) +++ trunk/openvas-plugins/scripts/gb_nullftp_server_detect.nasl 2009-11-11 14:39:37 UTC (rev 5840) @@ -55,6 +55,11 @@ } key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; + +if(!registry_key_exists(key:key)){ + exit(0); +} + foreach item (registry_enum_keys(key:key)) { appName = registry_get_sz(key:key + item, item:"DisplayName"); Modified: trunk/openvas-plugins/scripts/gb_openssl_detect_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_openssl_detect_win.nasl 2009-11-11 09:58:32 UTC (rev 5839) +++ trunk/openvas-plugins/scripts/gb_openssl_detect_win.nasl 2009-11-11 14:39:37 UTC (rev 5840) @@ -55,6 +55,11 @@ } key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; + +if(!registry_key_exists(key:key)){ + exit(0); +} + foreach item (registry_enum_keys(key:key)) { name = registry_get_sz(key:key + item, item:"DisplayName"); Modified: trunk/openvas-plugins/scripts/gb_python_imageop_bof_vuln_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_python_imageop_bof_vuln_win.nasl 2009-11-11 09:58:32 UTC (rev 5839) +++ trunk/openvas-plugins/scripts/gb_python_imageop_bof_vuln_win.nasl 2009-11-11 14:39:37 UTC (rev 5840) @@ -79,6 +79,11 @@ } key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; + +if(!registry_key_exists(key:key)){ + exit(0); +} + foreach entry (registry_enum_keys(key:key)) { pyName = registry_get_sz(key:key + entry, item:"DisplayName"); Modified: trunk/openvas-plugins/scripts/gb_python_intgr_overflow_vuln_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_python_intgr_overflow_vuln_win.nasl 2009-11-11 09:58:32 UTC (rev 5839) +++ trunk/openvas-plugins/scripts/gb_python_intgr_overflow_vuln_win.nasl 2009-11-11 14:39:37 UTC (rev 5840) @@ -79,6 +79,11 @@ } key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; + +if(!registry_key_exists(key:key)){ + exit(0); +} + foreach entry (registry_enum_keys(key:key)) { pyName = registry_get_sz(key:key + entry, item:"DisplayName"); Modified: trunk/openvas-plugins/scripts/gb_qip_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_qip_detect.nasl 2009-11-11 09:58:32 UTC (rev 5839) +++ trunk/openvas-plugins/scripts/gb_qip_detect.nasl 2009-11-11 14:39:37 UTC (rev 5840) @@ -54,6 +54,11 @@ } key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; + +if(!registry_key_exists(key:key)){ + exit(0); +} + foreach item (registry_enum_keys(key:key)) { qipName = registry_get_sz(key:key + item, item:"DisplayName"); Modified: trunk/openvas-plugins/scripts/gb_qtweb_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_qtweb_detect.nasl 2009-11-11 09:58:32 UTC (rev 5839) +++ trunk/openvas-plugins/scripts/gb_qtweb_detect.nasl 2009-11-11 14:39:37 UTC (rev 5840) @@ -57,6 +57,11 @@ } key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; + +if(!registry_key_exists(key:key)){ + exit(0); +} + foreach item (registry_enum_keys(key:key)) { qtwebName = registry_get_sz(key:key + item, item:"DisplayName"); Modified: trunk/openvas-plugins/scripts/gb_ultraiso_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_ultraiso_detect.nasl 2009-11-11 09:58:32 UTC (rev 5839) +++ trunk/openvas-plugins/scripts/gb_ultraiso_detect.nasl 2009-11-11 14:39:37 UTC (rev 5840) @@ -55,6 +55,11 @@ } key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; + +if(!registry_key_exists(key:key)){ + exit(0); +} + foreach item (registry_enum_keys(key:key)) { ultraName = registry_get_sz(key:key + item, item:"DisplayName"); Modified: trunk/openvas-plugins/scripts/gb_ultravnc_cpp_file_mult_bof_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_ultravnc_cpp_file_mult_bof_vuln.nasl 2009-11-11 09:58:32 UTC (rev 5839) +++ trunk/openvas-plugins/scripts/gb_ultravnc_cpp_file_mult_bof_vuln.nasl 2009-11-11 14:39:37 UTC (rev 5840) @@ -84,6 +84,11 @@ } key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; + +if(!registry_key_exists(key:key)){ + exit(0); +} + foreach item (registry_enum_keys(key:key)) { vncName = registry_get_sz(item:"DisplayName", key:key +item); Modified: trunk/openvas-plugins/scripts/gb_xemacs_detect_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_xemacs_detect_win.nasl 2009-11-11 09:58:32 UTC (rev 5839) +++ trunk/openvas-plugins/scripts/gb_xemacs_detect_win.nasl 2009-11-11 14:39:37 UTC (rev 5840) @@ -56,6 +56,11 @@ } key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; + +if(!registry_key_exists(key:key)){ + exit(0); +} + foreach item (registry_enum_keys(key:key)) { xemacsName = registry_get_sz(key:key + item, item:"DisplayName"); Modified: trunk/openvas-plugins/scripts/gb_xvid_detect_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_xvid_detect_win.nasl 2009-11-11 09:58:32 UTC (rev 5839) +++ trunk/openvas-plugins/scripts/gb_xvid_detect_win.nasl 2009-11-11 14:39:37 UTC (rev 5840) @@ -55,6 +55,11 @@ } key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; + +if(!registry_key_exists(key:key)){ + exit(0); +} + foreach item (registry_enum_keys(key:key)) { xvidName = registry_get_sz(key:key +item, item:"DisplayName"); Modified: trunk/openvas-plugins/scripts/secpod_adobe_flex_sdk_xss_vuln_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_adobe_flex_sdk_xss_vuln_win.nasl 2009-11-11 09:58:32 UTC (rev 5839) +++ trunk/openvas-plugins/scripts/secpod_adobe_flex_sdk_xss_vuln_win.nasl 2009-11-11 14:39:37 UTC (rev 5840) @@ -90,6 +90,11 @@ } key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; + +if(!registry_key_exists(key:key)){ + exit(0); +} + foreach item (registry_enum_keys(key:key)) { flexName = registry_get_sz(key:key + item, item:"DisplayName"); Modified: trunk/openvas-plugins/scripts/secpod_audacity_detect_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_audacity_detect_win.nasl 2009-11-11 09:58:32 UTC (rev 5839) +++ trunk/openvas-plugins/scripts/secpod_audacity_detect_win.nasl 2009-11-11 14:39:37 UTC (rev 5840) @@ -55,6 +55,11 @@ } key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; + +if(!registry_key_exists(key:key)){ + exit(0); +} + foreach item (registry_enum_keys(key:key)) { audacityName = registry_get_sz(key:key + item, item:"DisplayName"); Modified: trunk/openvas-plugins/scripts/secpod_easy_rmtomp3_conv_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_easy_rmtomp3_conv_detect.nasl 2009-11-11 09:58:32 UTC (rev 5839) +++ trunk/openvas-plugins/scripts/secpod_easy_rmtomp3_conv_detect.nasl 2009-11-11 14:39:37 UTC (rev 5840) @@ -56,6 +56,11 @@ } key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; + +if(!registry_key_exists(key:key)){ + exit(0); +} + foreach item (registry_enum_keys(key:key)) { rmtomp3Name = registry_get_sz(item:"DisplayName", key:key + item); Modified: trunk/openvas-plugins/scripts/secpod_euphonics_player_bof_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_euphonics_player_bof_vuln.nasl 2009-11-11 09:58:32 UTC (rev 5839) +++ trunk/openvas-plugins/scripts/secpod_euphonics_player_bof_vuln.nasl 2009-11-11 14:39:37 UTC (rev 5840) @@ -88,6 +88,11 @@ } key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; + +if(!registry_key_exists(key:key)){ + exit(0); +} + key2 = "SOFTWARE\Microsoft\Windows\CurrentVersion\"; foreach item (registry_enum_keys(key:key)) Modified: trunk/openvas-plugins/scripts/secpod_expert_pdf_editorx_activex_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_expert_pdf_editorx_activex_vuln.nasl 2009-11-11 09:58:32 UTC (rev 5839) +++ trunk/openvas-plugins/scripts/secpod_expert_pdf_editorx_activex_vuln.nasl 2009-11-11 14:39:37 UTC (rev 5840) @@ -89,6 +89,11 @@ } key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; + +if(!registry_key_exists(key:key)){ + exit(0); +} + foreach item (registry_enum_keys(key:key)) { editorx = registry_get_sz(key:key + item, item:"DisplayName"); Modified: trunk/openvas-plugins/scripts/secpod_freesshd_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_freesshd_detect.nasl 2009-11-11 09:58:32 UTC (rev 5839) +++ trunk/openvas-plugins/scripts/secpod_freesshd_detect.nasl 2009-11-11 14:39:37 UTC (rev 5840) @@ -55,6 +55,11 @@ } key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; + +if(!registry_key_exists(key:key)){ + exit(0); +} + foreach item (registry_enum_keys(key:key)) { sshdName = registry_get_sz(key:key + item, item:"DisplayName"); Modified: trunk/openvas-plugins/scripts/secpod_ftpshell_client_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_ftpshell_client_detect.nasl 2009-11-11 09:58:32 UTC (rev 5839) +++ trunk/openvas-plugins/scripts/secpod_ftpshell_client_detect.nasl 2009-11-11 14:39:37 UTC (rev 5840) @@ -56,6 +56,10 @@ key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; +if(!registry_key_exists(key:key)){ + exit(0); +} + foreach item (registry_enum_keys(key:key)) { fclntName = registry_get_sz(key:key + item, item:"DisplayName"); Modified: trunk/openvas-plugins/scripts/secpod_hamster_audio_player_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_hamster_audio_player_detect.nasl 2009-11-11 09:58:32 UTC (rev 5839) +++ trunk/openvas-plugins/scripts/secpod_hamster_audio_player_detect.nasl 2009-11-11 14:39:37 UTC (rev 5840) @@ -56,6 +56,11 @@ } key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; + +if(!registry_key_exists(key:key)){ + exit(0); +} + foreach item (registry_enum_keys(key:key)) { hamsterName = registry_get_sz(key:key + item, item:"DisplayName"); Modified: trunk/openvas-plugins/scripts/secpod_ibm_db2_detect_win_900218.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_ibm_db2_detect_win_900218.nasl 2009-11-11 09:58:32 UTC (rev 5839) +++ trunk/openvas-plugins/scripts/secpod_ibm_db2_detect_win_900218.nasl 2009-11-11 14:39:37 UTC (rev 5840) @@ -56,6 +56,11 @@ } key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; + +if(!registry_key_exists(key:key)){ + exit(0); +} + foreach item (registry_enum_keys(key:key)) { if(registry_get_sz(key:key + item, item:"Publisher") =~ "IBM") Modified: trunk/openvas-plugins/scripts/secpod_ms_wpp_enterprise_library_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_ms_wpp_enterprise_library_detect.nasl 2009-11-11 09:58:32 UTC (rev 5839) +++ trunk/openvas-plugins/scripts/secpod_ms_wpp_enterprise_library_detect.nasl 2009-11-11 14:39:37 UTC (rev 5840) @@ -55,6 +55,11 @@ } key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; + +if(!registry_key_exists(key:key)){ + exit(0); +} + foreach item (registry_enum_keys(key:key)) { entlibName = registry_get_sz(key:key + item, item:"DisplayName"); Modified: trunk/openvas-plugins/scripts/secpod_opera_detection_win_900036.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_opera_detection_win_900036.nasl 2009-11-11 09:58:32 UTC (rev 5839) +++ trunk/openvas-plugins/scripts/secpod_opera_detection_win_900036.nasl 2009-11-11 14:39:37 UTC (rev 5840) @@ -77,6 +77,11 @@ operaflag = 1; key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; + +if(!registry_key_exists(key:key)){ + exit(0); +} + foreach item (registry_enum_keys(key:key)) { operaName = registry_get_sz(key:key + item, item:"DisplayName"); Modified: trunk/openvas-plugins/scripts/secpod_pplive_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_pplive_detect.nasl 2009-11-11 09:58:32 UTC (rev 5839) +++ trunk/openvas-plugins/scripts/secpod_pplive_detect.nasl 2009-11-11 14:39:37 UTC (rev 5840) @@ -55,6 +55,11 @@ } key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; + +if(!registry_key_exists(key:key)){ + exit(0); +} + foreach item (registry_enum_keys(key:key)) { ppliveName = registry_get_sz(key:key + item, item:"DisplayName"); Modified: trunk/openvas-plugins/scripts/secpod_sdp_downloader_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_sdp_downloader_detect.nasl 2009-11-11 09:58:32 UTC (rev 5839) +++ trunk/openvas-plugins/scripts/secpod_sdp_downloader_detect.nasl 2009-11-11 14:39:37 UTC (rev 5840) @@ -56,6 +56,11 @@ } sdpKey = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; + +if(!registry_key_exists(key:sdpKey)){ + exit(0); +} + foreach item(registry_enum_keys(key:sdpKey)) { sdpName = registry_get_sz(key:sdpKey + item, item:"DisplayName"); Modified: trunk/openvas-plugins/scripts/secpod_thegreenbow_ipsec_vpn_client_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_thegreenbow_ipsec_vpn_client_detect.nasl 2009-11-11 09:58:32 UTC (rev 5839) +++ trunk/openvas-plugins/scripts/secpod_thegreenbow_ipsec_vpn_client_detect.nasl 2009-11-11 14:39:37 UTC (rev 5840) @@ -56,6 +56,11 @@ } key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; + +if(!registry_key_exists(key:key)){ + exit(0); +} + foreach item (registry_enum_keys(key:key)) { vpnName = registry_get_sz(key:key + item, item:"DisplayIcon"); Modified: trunk/openvas-plugins/scripts/secpod_tightvnc_detect_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_tightvnc_detect_win.nasl 2009-11-11 09:58:32 UTC (rev 5839) +++ trunk/openvas-plugins/scripts/secpod_tightvnc_detect_win.nasl 2009-11-11 14:39:37 UTC (rev 5840) @@ -55,6 +55,11 @@ } key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; + +if(!registry_key_exists(key:key)){ + exit(0); +} + foreach item (registry_enum_keys(key:key)) { tvncName = registry_get_sz(key:key + item, item:"DisplayName"); Modified: trunk/openvas-plugins/scripts/secpod_ultravnc_detect_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_ultravnc_detect_win.nasl 2009-11-11 09:58:32 UTC (rev 5839) +++ trunk/openvas-plugins/scripts/secpod_ultravnc_detect_win.nasl 2009-11-11 14:39:37 UTC (rev 5840) @@ -55,6 +55,11 @@ } key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; + +if(!registry_key_exists(key:key)){ + exit(0); +} + foreach item (registry_enum_keys(key:key)) { uvncName = registry_get_sz(key:key + item, item:"DisplayName"); Modified: trunk/openvas-plugins/scripts/secpod_viplay_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_viplay_detect.nasl 2009-11-11 09:58:32 UTC (rev 5839) +++ trunk/openvas-plugins/scripts/secpod_viplay_detect.nasl 2009-11-11 14:39:37 UTC (rev 5840) @@ -55,6 +55,11 @@ } viplayKey = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; + +if(!registry_key_exists(key:viplayKey)){ + exit(0); +} + foreach item (registry_enum_keys(key:viplayKey)) { viplayName = registry_get_sz(key:viplayKey + item, item:"DisplayName"); Modified: trunk/openvas-plugins/scripts/secpod_xilisoft_video_conv_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_xilisoft_video_conv_detect.nasl 2009-11-11 09:58:32 UTC (rev 5839) +++ trunk/openvas-plugins/scripts/secpod_xilisoft_video_conv_detect.nasl 2009-11-11 14:39:37 UTC (rev 5840) @@ -56,6 +56,11 @@ } key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; + +if(!registry_key_exists(key:key)){ + exit(0); +} + foreach item (registry_enum_keys(key:key)) { xilisoftName= registry_get_sz(item:"DisplayName", key:key +item); From scm-commit at wald.intevation.org Wed Nov 11 15:57:04 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 11 Nov 2009 15:57:04 +0100 (CET) Subject: [Openvas-commits] r5841 - in trunk/openvas-plugins: . scripts Message-ID: <20091111145704.0314C865F477@pyrosoma.intevation.org> Author: reinke Date: 2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009) New Revision: 5841 Added: trunk/openvas-plugins/scripts/RHSA_2009_1528.nasl trunk/openvas-plugins/scripts/RHSA_2009_1529.nasl trunk/openvas-plugins/scripts/RHSA_2009_1530.nasl trunk/openvas-plugins/scripts/RHSA_2009_1531.nasl trunk/openvas-plugins/scripts/RHSA_2009_1535.nasl trunk/openvas-plugins/scripts/RHSA_2009_1536.nasl trunk/openvas-plugins/scripts/RHSA_2009_1540.nasl trunk/openvas-plugins/scripts/RHSA_2009_1541.nasl trunk/openvas-plugins/scripts/RHSA_2009_1548.nasl trunk/openvas-plugins/scripts/RHSA_2009_1549.nasl trunk/openvas-plugins/scripts/RHSA_2009_1550.nasl trunk/openvas-plugins/scripts/RHSA_2009_1560.nasl trunk/openvas-plugins/scripts/RHSA_2009_1561.nasl trunk/openvas-plugins/scripts/RHSA_2009_1562.nasl trunk/openvas-plugins/scripts/RHSA_2009_1563.nasl trunk/openvas-plugins/scripts/deb_1921_1.nasl trunk/openvas-plugins/scripts/deb_1922_1.nasl trunk/openvas-plugins/scripts/deb_1923_1.nasl trunk/openvas-plugins/scripts/deb_1924_1.nasl trunk/openvas-plugins/scripts/deb_1925_1.nasl trunk/openvas-plugins/scripts/deb_1926_1.nasl trunk/openvas-plugins/scripts/deb_1927_1.nasl trunk/openvas-plugins/scripts/deb_1928_1.nasl trunk/openvas-plugins/scripts/deb_1929_1.nasl trunk/openvas-plugins/scripts/deb_1930_1.nasl trunk/openvas-plugins/scripts/deb_1931_1.nasl trunk/openvas-plugins/scripts/deb_1932_1.nasl trunk/openvas-plugins/scripts/fcore_2009_10170.nasl trunk/openvas-plugins/scripts/fcore_2009_10225.nasl trunk/openvas-plugins/scripts/fcore_2009_10329.nasl trunk/openvas-plugins/scripts/fcore_2009_10377.nasl trunk/openvas-plugins/scripts/fcore_2009_10426.nasl trunk/openvas-plugins/scripts/fcore_2009_10461.nasl trunk/openvas-plugins/scripts/fcore_2009_10475.nasl trunk/openvas-plugins/scripts/fcore_2009_10498.nasl trunk/openvas-plugins/scripts/fcore_2009_10639.nasl trunk/openvas-plugins/scripts/fcore_2009_10718.nasl trunk/openvas-plugins/scripts/fcore_2009_10719.nasl trunk/openvas-plugins/scripts/fcore_2009_10737.nasl trunk/openvas-plugins/scripts/fcore_2009_10743.nasl trunk/openvas-plugins/scripts/fcore_2009_10761.nasl trunk/openvas-plugins/scripts/fcore_2009_10780.nasl trunk/openvas-plugins/scripts/fcore_2009_10793.nasl trunk/openvas-plugins/scripts/fcore_2009_10795.nasl trunk/openvas-plugins/scripts/fcore_2009_10822.nasl trunk/openvas-plugins/scripts/fcore_2009_10823.nasl trunk/openvas-plugins/scripts/fcore_2009_10845.nasl trunk/openvas-plugins/scripts/fcore_2009_10849.nasl trunk/openvas-plugins/scripts/fcore_2009_10878.nasl trunk/openvas-plugins/scripts/fcore_2009_10949.nasl trunk/openvas-plugins/scripts/fcore_2009_10956.nasl trunk/openvas-plugins/scripts/fcore_2009_10972.nasl trunk/openvas-plugins/scripts/fcore_2009_10981.nasl trunk/openvas-plugins/scripts/fcore_2009_10987.nasl trunk/openvas-plugins/scripts/fcore_2009_11029.nasl trunk/openvas-plugins/scripts/fcore_2009_11030.nasl trunk/openvas-plugins/scripts/fcore_2009_11032.nasl trunk/openvas-plugins/scripts/fcore_2009_11034.nasl trunk/openvas-plugins/scripts/fcore_2009_11038.nasl trunk/openvas-plugins/scripts/fcore_2009_11066.nasl trunk/openvas-plugins/scripts/fcore_2009_9837.nasl trunk/openvas-plugins/scripts/fcore_2009_9973.nasl trunk/openvas-plugins/scripts/fcore_2009_9982.nasl trunk/openvas-plugins/scripts/freebsd_ctorrent.nasl trunk/openvas-plugins/scripts/freebsd_firefox42.nasl trunk/openvas-plugins/scripts/freebsd_gd1.nasl trunk/openvas-plugins/scripts/freebsd_kdebase4-runtime.nasl trunk/openvas-plugins/scripts/freebsd_opera18.nasl trunk/openvas-plugins/scripts/freebsd_p5-HTML-Parser.nasl trunk/openvas-plugins/scripts/freebsd_typo32.nasl trunk/openvas-plugins/scripts/freebsd_vlc1.nasl trunk/openvas-plugins/scripts/glsa_200911_01.nasl trunk/openvas-plugins/scripts/mdksa_2009_289.nasl trunk/openvas-plugins/scripts/mdksa_2009_290.nasl trunk/openvas-plugins/scripts/mdksa_2009_291.nasl trunk/openvas-plugins/scripts/mdksa_2009_292.nasl trunk/openvas-plugins/scripts/mdksa_2009_293.nasl trunk/openvas-plugins/scripts/ovcesa2009_1451.nasl trunk/openvas-plugins/scripts/ovcesa2009_1455.nasl trunk/openvas-plugins/scripts/ovcesa2009_1465.nasl trunk/openvas-plugins/scripts/ovcesa2009_1470.nasl trunk/openvas-plugins/scripts/ovcesa2009_1472.nasl trunk/openvas-plugins/scripts/ovcesa2009_1502.nasl trunk/openvas-plugins/scripts/ovcesa2009_1504.nasl trunk/openvas-plugins/scripts/ovcesa2009_1513.nasl trunk/openvas-plugins/scripts/ovcesa2009_1528.nasl trunk/openvas-plugins/scripts/ovcesa2009_1529.nasl trunk/openvas-plugins/scripts/ovcesa2009_1530.nasl trunk/openvas-plugins/scripts/ovcesa2009_1531.nasl trunk/openvas-plugins/scripts/ovcesa2009_1535.nasl trunk/openvas-plugins/scripts/ovcesa2009_1536.nasl trunk/openvas-plugins/scripts/ovcesa2009_1541.nasl trunk/openvas-plugins/scripts/ovcesa2009_1548.nasl trunk/openvas-plugins/scripts/ovcesa2009_1549.nasl trunk/openvas-plugins/scripts/ovcesa2009_1550.nasl trunk/openvas-plugins/scripts/ovcesa2009_1561.nasl trunk/openvas-plugins/scripts/sles10_MozillaFirefox7.nasl trunk/openvas-plugins/scripts/sles10_cyrus-imapd0.nasl trunk/openvas-plugins/scripts/sles10_mozilla-nspr0.nasl trunk/openvas-plugins/scripts/sles10_mozilla-xulrunn0.nasl trunk/openvas-plugins/scripts/sles10_neon.nasl trunk/openvas-plugins/scripts/sles10_xpdf2.nasl trunk/openvas-plugins/scripts/sles11_MozillaFirefox7.nasl trunk/openvas-plugins/scripts/sles11_cyrus-imapd0.nasl trunk/openvas-plugins/scripts/sles11_ext4dev-kmp-def3.nasl trunk/openvas-plugins/scripts/sles11_java-1_6_0-ibm1.nasl trunk/openvas-plugins/scripts/sles11_libneon27.nasl trunk/openvas-plugins/scripts/sles11_mozilla-nspr.nasl trunk/openvas-plugins/scripts/sles11_mozilla-xulrunn1.nasl trunk/openvas-plugins/scripts/sles9p5061160.nasl trunk/openvas-plugins/scripts/sles9p5061735.nasl trunk/openvas-plugins/scripts/sles9p5061983.nasl trunk/openvas-plugins/scripts/suse_sa_2009_051.nasl trunk/openvas-plugins/scripts/suse_sa_2009_052.nasl trunk/openvas-plugins/scripts/suse_sr_2009_018.nasl trunk/openvas-plugins/scripts/ubuntu_857_1.nasl Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/ovcesa2009_1427.nasl trunk/openvas-plugins/scripts/ovcesa2009_1428.nasl trunk/openvas-plugins/scripts/ovcesa2009_1452.nasl trunk/openvas-plugins/scripts/ovcesa2009_1453.nasl trunk/openvas-plugins/scripts/ovcesa2009_1459.nasl trunk/openvas-plugins/scripts/ovcesa2009_1463.nasl trunk/openvas-plugins/scripts/ovcesa2009_1471.nasl trunk/openvas-plugins/scripts/ovcesa2009_1484.nasl Log: New scripts added Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/ChangeLog 2009-11-11 14:56:44 UTC (rev 5841) @@ -1,3 +1,130 @@ +2009-11-11 Thomas Reinke + * scripts/deb_1921_1.nasl, + scripts/deb_1922_1.nasl, + scripts/deb_1923_1.nasl, + scripts/deb_1924_1.nasl, + scripts/deb_1925_1.nasl, + scripts/deb_1926_1.nasl, + scripts/deb_1927_1.nasl, + scripts/deb_1928_1.nasl, + scripts/deb_1929_1.nasl, + scripts/deb_1930_1.nasl, + scripts/deb_1931_1.nasl, + scripts/deb_1932_1.nasl, + scripts/freebsd_ctorrent.nasl, + scripts/freebsd_firefox42.nasl, + scripts/freebsd_gd1.nasl, + scripts/freebsd_kdebase4-runtime.nasl, + scripts/freebsd_opera18.nasl, + scripts/freebsd_p5-HTML-Parser.nasl, + scripts/freebsd_typo32.nasl, + scripts/freebsd_vlc1.nasl, + scripts/glsa_200911_01.nasl, + scripts/suse_sa_2009_051.nasl, + scripts/suse_sa_2009_052.nasl, + scripts/suse_sr_2009_018.nasl, + scripts/ubuntu_857_1.nasl, + scripts/mdksa_2009_289.nasl, + scripts/mdksa_2009_290.nasl, + scripts/mdksa_2009_291.nasl, + scripts/mdksa_2009_292.nasl, + scripts/mdksa_2009_293.nasl, + scripts/RHSA_2009_1528.nasl, + scripts/RHSA_2009_1529.nasl, + scripts/RHSA_2009_1530.nasl, + scripts/RHSA_2009_1531.nasl, + scripts/RHSA_2009_1535.nasl, + scripts/RHSA_2009_1536.nasl, + scripts/RHSA_2009_1540.nasl, + scripts/RHSA_2009_1541.nasl, + scripts/RHSA_2009_1548.nasl, + scripts/RHSA_2009_1549.nasl, + scripts/RHSA_2009_1550.nasl, + scripts/RHSA_2009_1560.nasl, + scripts/RHSA_2009_1561.nasl, + scripts/RHSA_2009_1562.nasl, + scripts/RHSA_2009_1563.nasl, + scripts/fcore_2009_10170.nasl, + scripts/fcore_2009_10225.nasl, + scripts/fcore_2009_10329.nasl, + scripts/fcore_2009_10377.nasl, + scripts/fcore_2009_10426.nasl, + scripts/fcore_2009_10461.nasl, + scripts/fcore_2009_10475.nasl, + scripts/fcore_2009_10498.nasl, + scripts/fcore_2009_10639.nasl, + scripts/fcore_2009_10718.nasl, + scripts/fcore_2009_10719.nasl, + scripts/fcore_2009_10737.nasl, + scripts/fcore_2009_10743.nasl, + scripts/fcore_2009_10761.nasl, + scripts/fcore_2009_10780.nasl, + scripts/fcore_2009_10793.nasl, + scripts/fcore_2009_10795.nasl, + scripts/fcore_2009_10822.nasl, + scripts/fcore_2009_10823.nasl, + scripts/fcore_2009_10845.nasl, + scripts/fcore_2009_10849.nasl, + scripts/fcore_2009_10878.nasl, + scripts/fcore_2009_10949.nasl, + scripts/fcore_2009_10956.nasl, + scripts/fcore_2009_10972.nasl, + scripts/fcore_2009_10981.nasl, + scripts/fcore_2009_10987.nasl, + scripts/fcore_2009_11029.nasl, + scripts/fcore_2009_11030.nasl, + scripts/fcore_2009_11032.nasl, + scripts/fcore_2009_11034.nasl, + scripts/fcore_2009_11038.nasl, + scripts/fcore_2009_11066.nasl, + scripts/fcore_2009_9837.nasl, + scripts/fcore_2009_9973.nasl, + scripts/fcore_2009_9982.nasl, + scripts/ovcesa2009_1427.nasl, + scripts/ovcesa2009_1428.nasl, + scripts/ovcesa2009_1451.nasl, + scripts/ovcesa2009_1452.nasl, + scripts/ovcesa2009_1453.nasl, + scripts/ovcesa2009_1455.nasl, + scripts/ovcesa2009_1459.nasl, + scripts/ovcesa2009_1463.nasl, + scripts/ovcesa2009_1465.nasl, + scripts/ovcesa2009_1470.nasl, + scripts/ovcesa2009_1471.nasl, + scripts/ovcesa2009_1472.nasl, + scripts/ovcesa2009_1484.nasl, + scripts/ovcesa2009_1502.nasl, + scripts/ovcesa2009_1504.nasl, + scripts/ovcesa2009_1513.nasl, + scripts/ovcesa2009_1528.nasl, + scripts/ovcesa2009_1529.nasl, + scripts/ovcesa2009_1530.nasl, + scripts/ovcesa2009_1531.nasl, + scripts/ovcesa2009_1535.nasl, + scripts/ovcesa2009_1536.nasl, + scripts/ovcesa2009_1541.nasl, + scripts/ovcesa2009_1548.nasl, + scripts/ovcesa2009_1549.nasl, + scripts/ovcesa2009_1550.nasl, + scripts/ovcesa2009_1561.nasl, + scripts/sles9p5061160.nasl, + scripts/sles9p5061735.nasl, + scripts/sles9p5061983.nasl, + scripts/sles10_MozillaFirefox7.nasl, + scripts/sles10_cyrus-imapd0.nasl, + scripts/sles10_mozilla-nspr0.nasl, + scripts/sles10_mozilla-xulrunn0.nasl, + scripts/sles10_neon.nasl, + scripts/sles10_xpdf2.nasl, + scripts/sles11_MozillaFirefox7.nasl, + scripts/sles11_cyrus-imapd0.nasl, + scripts/sles11_ext4dev-kmp-def3.nasl, + scripts/sles11_java-1_6_0-ibm1.nasl, + scripts/sles11_libneon27.nasl, + scripts/sles11_mozilla-nspr.nasl, + scripts/sles11_mozilla-xulrunn1.nasl: + Added new scripts + 2009-11-11 Michael Meyer * scripts/secpod_ms_wpp_enterprise_library_detect.nasl, Added: trunk/openvas-plugins/scripts/RHSA_2009_1528.nasl =================================================================== --- trunk/openvas-plugins/scripts/RHSA_2009_1528.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/RHSA_2009_1528.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,108 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory RHSA-2009:1528 () +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66118); + script_cve_id("CVE-2009-2906"); + script_version ("$Revision$"); + script_name("RedHat Security Advisory RHSA-2009:1528"); + + desc = " +The remote host is missing updates announced in +advisory RHSA-2009:1528. + +Samba is a suite of programs used by machines to share files, printers, and +other information. + +A denial of service flaw was found in the Samba smbd daemon. An +authenticated, remote user could send a specially-crafted response that +would cause an smbd child process to enter an infinite loop. An +authenticated, remote user could use this flaw to exhaust system resources +by opening multiple CIFS sessions. (CVE-2009-2906) + +This update also fixes the following bug: + +* the RHSA-2007:0354 update added code to escape input passed to scripts +that are run by Samba. This code was missing c from the list of valid +characters, causing it to be escaped. With this update, the previous patch +has been updated to include c in the list of valid characters. +(BZ#242754) + +Users of Samba should upgrade to these updated packages, which contain a +backported patch to correct this issue. After installing this update, +the smb service will be restarted automatically. + +Solution: +Please note that this update is available via +Red Hat Network. To use Red Hat Network, launch the Red +Hat Update Agent with the following command: up2date + +http://rhn.redhat.com/errata/RHSA-2009-1528.html +http://www.redhat.com/security/updates/classification/#moderate + +Risk factor : Medium"; + + script_description(desc); + + script_summary("Redhat Security Advisory RHSA-2009:1528"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"samba", rpm:"samba~3.0.9~1.3E.16", rls:"RHENT_3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"samba-client", rpm:"samba-client~3.0.9~1.3E.16", rls:"RHENT_3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"samba-common", rpm:"samba-common~3.0.9~1.3E.16", rls:"RHENT_3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"samba-debuginfo", rpm:"samba-debuginfo~3.0.9~1.3E.16", rls:"RHENT_3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"samba-swat", rpm:"samba-swat~3.0.9~1.3E.16", rls:"RHENT_3")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/RHSA_2009_1529.nasl =================================================================== --- trunk/openvas-plugins/scripts/RHSA_2009_1529.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/RHSA_2009_1529.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,136 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory RHSA-2009:1529 () +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66119); + script_cve_id("CVE-2009-1888", "CVE-2009-2813", "CVE-2009-2906", "CVE-2009-2948"); + script_version ("$Revision$"); + script_name("RedHat Security Advisory RHSA-2009:1529"); + + desc = " +The remote host is missing updates announced in +advisory RHSA-2009:1529. + +Samba is a suite of programs used by machines to share files, printers, and +other information. + +A denial of service flaw was found in the Samba smbd daemon. An +authenticated, remote user could send a specially-crafted response that +would cause an smbd child process to enter an infinite loop. An +authenticated, remote user could use this flaw to exhaust system resources +by opening multiple CIFS sessions. (CVE-2009-2906) + +An uninitialized data access flaw was discovered in the smbd daemon when +using the non-default dos filemode configuration option in smb.conf. An +authenticated, remote user with write access to a file could possibly use +this flaw to change an access control list for that file, even when such +access should have been denied. (CVE-2009-1888) + +A flaw was discovered in the way Samba handled users without a home +directory set in the back-end password database (e.g. /etc/passwd). If a +share for the home directory of such a user was created (e.g. using the +automated [homes] share), any user able to access that share could see +the whole file system, possibly bypassing intended access restrictions. +(CVE-2009-2813) + +The mount.cifs program printed CIFS passwords as part of its debug output +when running in verbose mode. When mount.cifs had the setuid bit set, a +local, unprivileged user could use this flaw to disclose passwords from a +file that would otherwise be inaccessible to that user. Note: mount.cifs +from the samba packages distributed by Red Hat does not have the setuid bit +set. This flaw only affected systems where the setuid bit was manually set +by an administrator. (CVE-2009-2948) + +Users of Samba should upgrade to these updated packages, which contain +backported patches to correct these issues. After installing this update, +the smb service will be restarted automatically. + +Solution: +Please note that this update is available via +Red Hat Network. To use Red Hat Network, launch the Red +Hat Update Agent with the following command: up2date + +http://rhn.redhat.com/errata/RHSA-2009-1529.html +http://www.redhat.com/security/updates/classification/#moderate + +Risk factor : Medium"; + + script_description(desc); + + script_summary("Redhat Security Advisory RHSA-2009:1529"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"samba", rpm:"samba~3.0.33~0.18.el4_8", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"samba-client", rpm:"samba-client~3.0.33~0.18.el4_8", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"samba-common", rpm:"samba-common~3.0.33~0.18.el4_8", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"samba-debuginfo", rpm:"samba-debuginfo~3.0.33~0.18.el4_8", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"samba-swat", rpm:"samba-swat~3.0.33~0.18.el4_8", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"samba", rpm:"samba~3.0.33~3.15.el5_4", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"samba-client", rpm:"samba-client~3.0.33~3.15.el5_4", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"samba-common", rpm:"samba-common~3.0.33~3.15.el5_4", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"samba-debuginfo", rpm:"samba-debuginfo~3.0.33~3.15.el5_4", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"samba-swat", rpm:"samba-swat~3.0.33~3.15.el5_4", rls:"RHENT_5")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/RHSA_2009_1530.nasl =================================================================== --- trunk/openvas-plugins/scripts/RHSA_2009_1530.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/RHSA_2009_1530.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,169 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory RHSA-2009:1530 () +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66120); + script_cve_id("CVE-2009-1563", "CVE-2009-3274", "CVE-2009-3370", "CVE-2009-3372", "CVE-2009-3373", "CVE-2009-3374", "CVE-2009-3375", "CVE-2009-3376", "CVE-2009-3380", "CVE-2009-3382"); + script_version ("$Revision$"); + script_name("RedHat Security Advisory RHSA-2009:1530"); + + desc = " +The remote host is missing updates announced in +advisory RHSA-2009:1530. + +Mozilla Firefox is an open source Web browser. XULRunner provides the XUL +Runtime environment for Mozilla Firefox. nspr provides the Netscape +Portable Runtime (NSPR). + +A flaw was found in the way Firefox handles form history. A malicious web +page could steal saved form data by synthesizing input events, causing the +browser to auto-fill form fields (which could then be read by an attacker). +(CVE-2009-3370) + +A flaw was found in the way Firefox creates temporary file names for +downloaded files. If a local attacker knows the name of a file Firefox is +going to download, they can replace the contents of that file with +arbitrary contents. (CVE-2009-3274) + +A flaw was found in the Firefox Proxy Auto-Configuration (PAC) file +processor. If Firefox loads a malicious PAC file, it could crash Firefox +or, potentially, execute arbitrary code with the privileges of the user +running Firefox. (CVE-2009-3372) + +A heap-based buffer overflow flaw was found in the Firefox GIF image +processor. A malicious GIF image could crash Firefox or, potentially, +execute arbitrary code with the privileges of the user running Firefox. +(CVE-2009-3373) + +A heap-based buffer overflow flaw was found in the Firefox string to +floating point conversion routines. A web page containing malicious +JavaScript could crash Firefox or, potentially, execute arbitrary code with +the privileges of the user running Firefox. (CVE-2009-1563) + +A flaw was found in the way Firefox handles text selection. A malicious +website may be able to read highlighted text in a different domain (e.g. +another website the user is viewing), bypassing the same-origin policy. +(CVE-2009-3375) + +A flaw was found in the way Firefox displays a right-to-left override +character when downloading a file. In these cases, the name displayed in +the title bar differs from the name displayed in the dialog body. An +attacker could use this flaw to trick a user into downloading a file that +has a file name or extension that differs from what the user expected. +(CVE-2009-3376) + +Several flaws were found in the processing of malformed web content. A web +page containing malicious content could cause Firefox to crash or, +potentially, execute arbitrary code with the privileges of the user running +Firefox. (CVE-2009-3374, CVE-2009-3380, CVE-2009-3382) + +For technical details regarding these flaws, refer to the Mozilla security +advisories for Firefox 3.0.15. You can find a link to the Mozilla +advisories in the References section of this errata. + +All Firefox users should upgrade to these updated packages, which contain +Firefox version 3.0.15, which corrects these issues. After installing the +update, Firefox must be restarted for the changes to take effect. + +Solution: +Please note that this update is available via +Red Hat Network. To use Red Hat Network, launch the Red +Hat Update Agent with the following command: up2date + +http://rhn.redhat.com/errata/RHSA-2009-1530.html +http://www.redhat.com/security/updates/classification/#critical +http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.15 + +Risk factor : High"; + + script_description(desc); + + script_summary("Redhat Security Advisory RHSA-2009:1530"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"firefox", rpm:"firefox~3.0.15~3.el4", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"firefox-debuginfo", rpm:"firefox-debuginfo~3.0.15~3.el4", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"nspr", rpm:"nspr~4.7.6~1.el4_8", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"nspr-debuginfo", rpm:"nspr-debuginfo~4.7.6~1.el4_8", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"nspr-devel", rpm:"nspr-devel~4.7.6~1.el4_8", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"firefox", rpm:"firefox~3.0.15~3.el5_4", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"firefox-debuginfo", rpm:"firefox-debuginfo~3.0.15~3.el5_4", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"nspr", rpm:"nspr~4.7.6~1.el5_4", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"nspr-debuginfo", rpm:"nspr-debuginfo~4.7.6~1.el5_4", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"xulrunner", rpm:"xulrunner~1.9.0.15~3.el5_4", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"xulrunner-debuginfo", rpm:"xulrunner-debuginfo~1.9.0.15~3.el5_4", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"nspr-devel", rpm:"nspr-devel~4.7.6~1.el5_4", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"xulrunner-devel", rpm:"xulrunner-devel~1.9.0.15~3.el5_4", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"xulrunner-devel-unstable", rpm:"xulrunner-devel-unstable~1.9.0.15~3.el5_4", rls:"RHENT_5")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/RHSA_2009_1531.nasl =================================================================== --- trunk/openvas-plugins/scripts/RHSA_2009_1531.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/RHSA_2009_1531.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,160 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory RHSA-2009:1531 () +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66121); + script_cve_id("CVE-2009-1563", "CVE-2009-3274", "CVE-2009-3375", "CVE-2009-3376", "CVE-2009-3380"); + script_version ("$Revision$"); + script_name("RedHat Security Advisory RHSA-2009:1531"); + + desc = " +The remote host is missing updates announced in +advisory RHSA-2009:1531. + +SeaMonkey is an open source Web browser, email and newsgroup client, IRC +chat client, and HTML editor. + +A flaw was found in the way SeaMonkey creates temporary file names for +downloaded files. If a local attacker knows the name of a file SeaMonkey is +going to download, they can replace the contents of that file with +arbitrary contents. (CVE-2009-3274) + +A heap-based buffer overflow flaw was found in the SeaMonkey string to +floating point conversion routines. A web page containing malicious +JavaScript could crash SeaMonkey or, potentially, execute arbitrary code +with the privileges of the user running SeaMonkey. (CVE-2009-1563) + +A flaw was found in the way SeaMonkey handles text selection. A malicious +website may be able to read highlighted text in a different domain (e.g. +another website the user is viewing), bypassing the same-origin policy. +(CVE-2009-3375) + +A flaw was found in the way SeaMonkey displays a right-to-left override +character when downloading a file. In these cases, the name displayed in +the title bar differs from the name displayed in the dialog body. An +attacker could use this flaw to trick a user into downloading a file that +has a file name or extension that differs from what the user expected. +(CVE-2009-3376) + +Several flaws were found in the processing of malformed web content. A web +page containing malicious content could cause SeaMonkey to crash or, +potentially, execute arbitrary code with the privileges of the user running +SeaMonkey. (CVE-2009-3380) + +All SeaMonkey users should upgrade to these updated packages, which correct +these issues. After installing the update, SeaMonkey must be restarted for +the changes to take effect. + +Solution: +Please note that this update is available via +Red Hat Network. To use Red Hat Network, launch the Red +Hat Update Agent with the following command: up2date + +http://rhn.redhat.com/errata/RHSA-2009-1531.html +http://www.redhat.com/security/updates/classification/#critical + +Risk factor : High"; + + script_description(desc); + + script_summary("Redhat Security Advisory RHSA-2009:1531"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"seamonkey", rpm:"seamonkey~1.0.9~0.47.el3", rls:"RHENT_3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"seamonkey-chat", rpm:"seamonkey-chat~1.0.9~0.47.el3", rls:"RHENT_3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"seamonkey-debuginfo", rpm:"seamonkey-debuginfo~1.0.9~0.47.el3", rls:"RHENT_3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"seamonkey-devel", rpm:"seamonkey-devel~1.0.9~0.47.el3", rls:"RHENT_3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"seamonkey-dom-inspector", rpm:"seamonkey-dom-inspector~1.0.9~0.47.el3", rls:"RHENT_3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"seamonkey-js-debugger", rpm:"seamonkey-js-debugger~1.0.9~0.47.el3", rls:"RHENT_3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"seamonkey-mail", rpm:"seamonkey-mail~1.0.9~0.47.el3", rls:"RHENT_3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"seamonkey-nspr", rpm:"seamonkey-nspr~1.0.9~0.47.el3", rls:"RHENT_3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"seamonkey-nspr-devel", rpm:"seamonkey-nspr-devel~1.0.9~0.47.el3", rls:"RHENT_3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"seamonkey-nss", rpm:"seamonkey-nss~1.0.9~0.47.el3", rls:"RHENT_3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"seamonkey-nss-devel", rpm:"seamonkey-nss-devel~1.0.9~0.47.el3", rls:"RHENT_3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"seamonkey", rpm:"seamonkey~1.0.9~50.el4_8", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"seamonkey-chat", rpm:"seamonkey-chat~1.0.9~50.el4_8", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"seamonkey-debuginfo", rpm:"seamonkey-debuginfo~1.0.9~50.el4_8", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"seamonkey-devel", rpm:"seamonkey-devel~1.0.9~50.el4_8", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"seamonkey-dom-inspector", rpm:"seamonkey-dom-inspector~1.0.9~50.el4_8", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"seamonkey-js-debugger", rpm:"seamonkey-js-debugger~1.0.9~50.el4_8", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"seamonkey-mail", rpm:"seamonkey-mail~1.0.9~50.el4_8", rls:"RHENT_4")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/RHSA_2009_1535.nasl =================================================================== --- trunk/openvas-plugins/scripts/RHSA_2009_1535.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/RHSA_2009_1535.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,101 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory RHSA-2009:1535 () +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66122); + script_cve_id("CVE-2009-2703", "CVE-2009-3083", "CVE-2009-3615"); + script_version ("$Revision$"); + script_name("RedHat Security Advisory RHSA-2009:1535"); + + desc = " +The remote host is missing updates announced in +advisory RHSA-2009:1535. + +Pidgin is an instant messaging program which can log in to multiple +accounts on multiple instant messaging networks simultaneously. + +An invalid pointer dereference bug was found in the way the Pidgin OSCAR +protocol implementation processed lists of contacts. A remote attacker +could send a specially-crafted contact list to a user running Pidgin, +causing Pidgin to crash. (CVE-2009-3615) + +A NULL pointer dereference flaw was found in the way the Pidgin IRC +protocol plug-in handles IRC topics. A malicious IRC server could send a +specially-crafted IRC TOPIC message, which once received by Pidgin, would +lead to a denial of service (Pidgin crash). (CVE-2009-2703) + +A NULL pointer dereference flaw was found in the way the Pidgin MSN +protocol plug-in handles improper MSNSLP invitations. A remote attacker +could send a specially-crafted MSNSLP invitation request, which once +accepted by a valid Pidgin user, would lead to a denial of service (Pidgin +crash). (CVE-2009-3083) + +All Pidgin users should upgrade to this updated package, which contains +backported patches to resolve these issues. Pidgin must be restarted for +this update to take effect. + +Solution: +Please note that this update is available via +Red Hat Network. To use Red Hat Network, launch the Red +Hat Update Agent with the following command: up2date + +http://rhn.redhat.com/errata/RHSA-2009-1535.html +http://www.redhat.com/security/updates/classification/#moderate + +Risk factor : Medium"; + + script_description(desc); + + script_summary("Redhat Security Advisory RHSA-2009:1535"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"pidgin", rpm:"pidgin~1.5.1~6.el3", rls:"RHENT_3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"pidgin-debuginfo", rpm:"pidgin-debuginfo~1.5.1~6.el3", rls:"RHENT_3")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/RHSA_2009_1536.nasl =================================================================== --- trunk/openvas-plugins/scripts/RHSA_2009_1536.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/RHSA_2009_1536.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,148 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory RHSA-2009:1536 () +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66123); + script_cve_id("CVE-2009-3615"); + script_version ("$Revision$"); + script_name("RedHat Security Advisory RHSA-2009:1536"); + + desc = " +The remote host is missing updates announced in +advisory RHSA-2009:1536. + +Pidgin is an instant messaging program which can log in to multiple +accounts on multiple instant messaging networks simultaneously. The AOL +Open System for Communication in Realtime (OSCAR) protocol is used by the +AOL ICQ and AIM instant messaging systems. + +An invalid pointer dereference bug was found in the way the Pidgin OSCAR +protocol implementation processed lists of contacts. A remote attacker +could send a specially-crafted contact list to a user running Pidgin, +causing Pidgin to crash. (CVE-2009-3615) + +These packages upgrade Pidgin to version 2.6.3. Refer to the Pidgin release +notes for a full list of changes: http://developer.pidgin.im/wiki/ChangeLog + +All Pidgin users should upgrade to these updated packages, which correct +this issue. Pidgin must be restarted for this update to take effect. + +Solution: +Please note that this update is available via +Red Hat Network. To use Red Hat Network, launch the Red +Hat Update Agent with the following command: up2date + +http://rhn.redhat.com/errata/RHSA-2009-1536.html +http://www.redhat.com/security/updates/classification/#moderate + +Risk factor : Medium"; + + script_description(desc); + + script_summary("Redhat Security Advisory RHSA-2009:1536"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"finch", rpm:"finch~2.6.3~2.el4", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"finch-devel", rpm:"finch-devel~2.6.3~2.el4", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libpurple", rpm:"libpurple~2.6.3~2.el4", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libpurple-devel", rpm:"libpurple-devel~2.6.3~2.el4", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libpurple-perl", rpm:"libpurple-perl~2.6.3~2.el4", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libpurple-tcl", rpm:"libpurple-tcl~2.6.3~2.el4", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"pidgin", rpm:"pidgin~2.6.3~2.el4", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"pidgin-debuginfo", rpm:"pidgin-debuginfo~2.6.3~2.el4", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"pidgin-devel", rpm:"pidgin-devel~2.6.3~2.el4", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"pidgin-perl", rpm:"pidgin-perl~2.6.3~2.el4", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"finch", rpm:"finch~2.6.3~2.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libpurple", rpm:"libpurple~2.6.3~2.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libpurple-perl", rpm:"libpurple-perl~2.6.3~2.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libpurple-tcl", rpm:"libpurple-tcl~2.6.3~2.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"pidgin", rpm:"pidgin~2.6.3~2.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"pidgin-debuginfo", rpm:"pidgin-debuginfo~2.6.3~2.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"pidgin-perl", rpm:"pidgin-perl~2.6.3~2.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"finch-devel", rpm:"finch-devel~2.6.3~2.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libpurple-devel", rpm:"libpurple-devel~2.6.3~2.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"pidgin-devel", rpm:"pidgin-devel~2.6.3~2.el5", rls:"RHENT_5")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/RHSA_2009_1540.nasl =================================================================== --- trunk/openvas-plugins/scripts/RHSA_2009_1540.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/RHSA_2009_1540.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,130 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory RHSA-2009:1540 () +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66174); + script_cve_id("CVE-2009-1895", "CVE-2009-2691", "CVE-2009-2695", "CVE-2009-2849", "CVE-2009-2910", "CVE-2009-3002", "CVE-2009-3228", "CVE-2009-3547", "CVE-2009-3612", "CVE-2009-3613", "CVE-2009-3620", "CVE-2009-3621", "CVE-2009-3001"); + script_version ("$Revision$"); + script_name("RedHat Security Advisory RHSA-2009:1540"); + + desc = " +The remote host is missing updates to kernel-rt packages announced in +advisory RHSA-2009:1540. + +For details on the issues addressed in this update, please visit +the referenced security advisories. + +These updated packages also include bug fixes and enhancements. Users are +directed to the Realtime Security Update Release Notes for version 1.1 for +information on these changes, which will be available shortly from: + +http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/ + +Users should upgrade to these updated packages, which contain backported +patches to correct these issues and add enhancements. The system must be +rebooted for this update to take effect. + +Solution: +Please note that this update is available via +Red Hat Network. To use Red Hat Network, launch the Red +Hat Update Agent with the following command: up2date + +http://rhn.redhat.com/errata/RHSA-2009-1540.html +http://www.redhat.com/security/updates/classification/#important +http://kbase.redhat.com/faq/docs/DOC-18042 +http://kbase.redhat.com/faq/docs/DOC-17866 +http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/ + +Risk factor : High"; + + script_description(desc); + + script_summary("Redhat Security Advisory RHSA-2009:1540"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"kernel-rt", rpm:"kernel-rt~2.6.24.7~137.el5rt", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-rt-debug", rpm:"kernel-rt-debug~2.6.24.7~137.el5rt", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-rt-debug-debuginfo", rpm:"kernel-rt-debug-debuginfo~2.6.24.7~137.el5rt", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-rt-debug-devel", rpm:"kernel-rt-debug-devel~2.6.24.7~137.el5rt", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-rt-debuginfo", rpm:"kernel-rt-debuginfo~2.6.24.7~137.el5rt", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-rt-debuginfo-common", rpm:"kernel-rt-debuginfo-common~2.6.24.7~137.el5rt", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-rt-devel", rpm:"kernel-rt-devel~2.6.24.7~137.el5rt", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-rt-trace", rpm:"kernel-rt-trace~2.6.24.7~137.el5rt", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-rt-trace-debuginfo", rpm:"kernel-rt-trace-debuginfo~2.6.24.7~137.el5rt", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-rt-trace-devel", rpm:"kernel-rt-trace-devel~2.6.24.7~137.el5rt", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-rt-vanilla", rpm:"kernel-rt-vanilla~2.6.24.7~137.el5rt", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-rt-vanilla-debuginfo", rpm:"kernel-rt-vanilla-debuginfo~2.6.24.7~137.el5rt", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-rt-vanilla-devel", rpm:"kernel-rt-vanilla-devel~2.6.24.7~137.el5rt", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-rt-doc", rpm:"kernel-rt-doc~2.6.24.7~137.el5rt", rls:"RHENT_5")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/RHSA_2009_1541.nasl =================================================================== --- trunk/openvas-plugins/scripts/RHSA_2009_1541.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/RHSA_2009_1541.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,124 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory RHSA-2009:1541 () +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66175); + script_cve_id("CVE-2009-3547"); + script_version ("$Revision$"); + script_name("RedHat Security Advisory RHSA-2009:1541"); + + desc = " +The remote host is missing updates announced in +advisory RHSA-2009:1541. + +The kernel packages contain the Linux kernel, the core of any Linux +operating system. + +This update fixes the following security issues: + +* a NULL pointer dereference flaw was found in each of the following +functions in the Linux kernel: pipe_read_open(), pipe_write_open(), and +pipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could +be released by other processes before it is used to update the pipe's +reader and writer counters. This could lead to a local denial of service or +privilege escalation. (CVE-2009-3547, Important) + +Users should upgrade to these updated packages, which contain a backported +patch to correct these issues. The system must be rebooted for this update +to take effect. + +Solution: +Please note that this update is available via +Red Hat Network. To use Red Hat Network, launch the Red +Hat Update Agent with the following command: up2date + +http://rhn.redhat.com/errata/RHSA-2009-1541.html +http://www.redhat.com/security/updates/classification/#important + +Risk factor : High"; + + script_description(desc); + + script_summary("Redhat Security Advisory RHSA-2009:1541"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"kernel", rpm:"kernel~2.6.9~89.0.16.EL", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debuginfo", rpm:"kernel-debuginfo~2.6.9~89.0.16.EL", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-devel", rpm:"kernel-devel~2.6.9~89.0.16.EL", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-hugemem", rpm:"kernel-hugemem~2.6.9~89.0.16.EL", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-hugemem-devel", rpm:"kernel-hugemem-devel~2.6.9~89.0.16.EL", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-smp", rpm:"kernel-smp~2.6.9~89.0.16.EL", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-smp-devel", rpm:"kernel-smp-devel~2.6.9~89.0.16.EL", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-xenU", rpm:"kernel-xenU~2.6.9~89.0.16.EL", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-xenU-devel", rpm:"kernel-xenU-devel~2.6.9~89.0.16.EL", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-largesmp", rpm:"kernel-largesmp~2.6.9~89.0.16.EL", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-largesmp-devel", rpm:"kernel-largesmp-devel~2.6.9~89.0.16.EL", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-doc", rpm:"kernel-doc~2.6.9~89.0.16.EL", rls:"RHENT_4")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/RHSA_2009_1548.nasl =================================================================== --- trunk/openvas-plugins/scripts/RHSA_2009_1548.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/RHSA_2009_1548.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,134 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory RHSA-2009:1548 () +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66176); + script_cve_id("CVE-2009-2695", "CVE-2009-2908", "CVE-2009-3228", "CVE-2009-3286", "CVE-2009-3547", "CVE-2009-3613"); + script_version ("$Revision$"); + script_name("RedHat Security Advisory RHSA-2009:1548"); + + desc = " +The remote host is missing updates to the kernel announced in +advisory RHSA-2009:1548. + +For details on the issues addressed in this update, please visit +the referenced security advisories. + +Users should upgrade to these updated packages, which contain backported +patches to correct these issues. The system must be rebooted for this +update to take effect. + +Solution: +Please note that this update is available via +Red Hat Network. To use Red Hat Network, launch the Red +Hat Update Agent with the following command: up2date + +http://rhn.redhat.com/errata/RHSA-2009-1548.html +http://www.redhat.com/security/updates/classification/#important +http://kbase.redhat.com/faq/docs/DOC-18042 + +Risk factor : High"; + + script_description(desc); + + script_summary("Redhat Security Advisory RHSA-2009:1548"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"kernel", rpm:"kernel~2.6.18~164.6.1.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAE", rpm:"kernel-PAE~2.6.18~164.6.1.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAE-debuginfo", rpm:"kernel-PAE-debuginfo~2.6.18~164.6.1.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAE-devel", rpm:"kernel-PAE-devel~2.6.18~164.6.1.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debug", rpm:"kernel-debug~2.6.18~164.6.1.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debug-debuginfo", rpm:"kernel-debug-debuginfo~2.6.18~164.6.1.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debug-devel", rpm:"kernel-debug-devel~2.6.18~164.6.1.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debuginfo", rpm:"kernel-debuginfo~2.6.18~164.6.1.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debuginfo-common", rpm:"kernel-debuginfo-common~2.6.18~164.6.1.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-devel", rpm:"kernel-devel~2.6.18~164.6.1.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-headers", rpm:"kernel-headers~2.6.18~164.6.1.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-xen", rpm:"kernel-xen~2.6.18~164.6.1.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-xen-debuginfo", rpm:"kernel-xen-debuginfo~2.6.18~164.6.1.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-xen-devel", rpm:"kernel-xen-devel~2.6.18~164.6.1.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-doc", rpm:"kernel-doc~2.6.18~164.6.1.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-kdump", rpm:"kernel-kdump~2.6.18~164.6.1.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-kdump-debuginfo", rpm:"kernel-kdump-debuginfo~2.6.18~164.6.1.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-kdump-devel", rpm:"kernel-kdump-devel~2.6.18~164.6.1.el5", rls:"RHENT_5")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/RHSA_2009_1549.nasl =================================================================== --- trunk/openvas-plugins/scripts/RHSA_2009_1549.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/RHSA_2009_1549.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,102 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory RHSA-2009:1549 () +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66177); + script_cve_id("CVE-2009-3490"); + script_version ("$Revision$"); + script_name("RedHat Security Advisory RHSA-2009:1549"); + + desc = " +The remote host is missing updates announced in +advisory RHSA-2009:1549. + +GNU Wget is a file retrieval utility that can use HTTP, HTTPS, and FTP. + +Daniel Stenberg reported that Wget is affected by the previously published +null prefix attack, caused by incorrect handling of NULL characters in +X.509 certificates. If an attacker is able to get a carefully-crafted +certificate signed by a trusted Certificate Authority, the attacker could +use the certificate during a man-in-the-middle attack and potentially +confuse Wget into accepting it by mistake. (CVE-2009-3490) + +Wget users should upgrade to this updated package, which contains a +backported patch to correct this issue. + +Solution: +Please note that this update is available via +Red Hat Network. To use Red Hat Network, launch the Red +Hat Update Agent with the following command: up2date + +http://rhn.redhat.com/errata/RHSA-2009-1549.html +http://www.redhat.com/security/updates/classification/#moderate + +Risk factor : Medium"; + + script_description(desc); + + script_summary("Redhat Security Advisory RHSA-2009:1549"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"wget", rpm:"wget~1.10.2~0.30E.1", rls:"RHENT_3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"wget-debuginfo", rpm:"wget-debuginfo~1.10.2~0.30E.1", rls:"RHENT_3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"wget", rpm:"wget~1.10.2~1.el4_8.1", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"wget-debuginfo", rpm:"wget-debuginfo~1.10.2~1.el4_8.1", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"wget", rpm:"wget~1.11.4~2.el5_4.1", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"wget-debuginfo", rpm:"wget-debuginfo~1.11.4~2.el5_4.1", rls:"RHENT_5")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/RHSA_2009_1550.nasl =================================================================== --- trunk/openvas-plugins/scripts/RHSA_2009_1550.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/RHSA_2009_1550.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,110 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory RHSA-2009:1550 () +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66178); + script_cve_id("CVE-2008-5029", "CVE-2008-5300", "CVE-2009-1337", "CVE-2009-1385", "CVE-2009-1895", "CVE-2009-2848", "CVE-2009-3002", "CVE-2009-3547", "CVE-2009-3001"); + script_version ("$Revision$"); + script_name("RedHat Security Advisory RHSA-2009:1550"); + + desc = " +The remote host is missing updates announced in +advisory RHSA-2009:1550. + +For details on the issues addressed in this update, please visit +the referenced security advisories. + +Users should upgrade to these updated packages, which contain backported +patches to correct these issues. The system must be rebooted for this +update to take effect. + +Solution: +Please note that this update is available via +Red Hat Network. To use Red Hat Network, launch the Red +Hat Update Agent with the following command: up2date + +http://rhn.redhat.com/errata/RHSA-2009-1550.html +http://www.redhat.com/security/updates/classification/#important +http://kbase.redhat.com/faq/docs/DOC-17866 + +Risk factor : High"; + + script_description(desc); + + script_summary("Redhat Security Advisory RHSA-2009:1550"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"kernel", rpm:"kernel~2.4.21~63.EL", rls:"RHENT_3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-BOOT", rpm:"kernel-BOOT~2.4.21~63.EL", rls:"RHENT_3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debuginfo", rpm:"kernel-debuginfo~2.4.21~63.EL", rls:"RHENT_3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-doc", rpm:"kernel-doc~2.4.21~63.EL", rls:"RHENT_3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-hugemem", rpm:"kernel-hugemem~2.4.21~63.EL", rls:"RHENT_3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-hugemem-unsupported", rpm:"kernel-hugemem-unsupported~2.4.21~63.EL", rls:"RHENT_3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-smp", rpm:"kernel-smp~2.4.21~63.EL", rls:"RHENT_3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-smp-unsupported", rpm:"kernel-smp-unsupported~2.4.21~63.EL", rls:"RHENT_3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-source", rpm:"kernel-source~2.4.21~63.EL", rls:"RHENT_3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-unsupported", rpm:"kernel-unsupported~2.4.21~63.EL", rls:"RHENT_3")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/RHSA_2009_1560.nasl =================================================================== --- trunk/openvas-plugins/scripts/RHSA_2009_1560.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/RHSA_2009_1560.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,126 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory RHSA-2009:1560 () +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66180); + script_cve_id("CVE-2009-2409", "CVE-2009-3728", "CVE-2009-3729", "CVE-2009-3865", "CVE-2009-3866", "CVE-2009-3867", "CVE-2009-3868", "CVE-2009-3869", "CVE-2009-3871", "CVE-2009-3872", "CVE-2009-3873", "CVE-2009-3874", "CVE-2009-3875", "CVE-2009-3876", "CVE-2009-3877", "CVE-2009-3879", "CVE-2009-3880", "CVE-2009-3881", "CVE-2009-3882", "CVE-2009-3883", "CVE-2009-3884", "CVE-2009-3886"); + script_version ("$Revision$"); + script_name("RedHat Security Advisory RHSA-2009:1560"); + + desc = " +The remote host is missing updates announced in +advisory RHSA-2009:1560. + +The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and +the Sun Java 6 Software Development Kit. + +This update fixes several vulnerabilities in the Sun Java 6 Runtime +Environment and the Sun Java 6 Software Development Kit. These +vulnerabilities are summarized on the Advance notification of Security +Updates for Java SE page from Sun Microsystems, listed in the References +section. (CVE-2009-2409, CVE-2009-3728, CVE-2009-3729, CVE-2009-3865, +CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, +CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, +CVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882, +CVE-2009-3883, CVE-2009-3884, CVE-2009-3886) + +Users of java-1.6.0-sun should upgrade to these updated packages, which +correct these issues. All running instances of Sun Java must be restarted +for the update to take effect. + +Solution: +Please note that this update is available via +Red Hat Network. To use Red Hat Network, launch the Red +Hat Update Agent with the following command: up2date + +http://rhn.redhat.com/errata/RHSA-2009-1560.html +http://www.redhat.com/security/updates/classification/#critical +http://blogs.sun.com/security/entry/advance_notification_of_security_updates6 + +Risk factor : High"; + + script_description(desc); + + script_summary("Redhat Security Advisory RHSA-2009:1560"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"java-1.6.0-sun", rpm:"java-1.6.0-sun~1.6.0.17~1jpp.1.el4", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"java-1.6.0-sun-demo", rpm:"java-1.6.0-sun-demo~1.6.0.17~1jpp.1.el4", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"java-1.6.0-sun-devel", rpm:"java-1.6.0-sun-devel~1.6.0.17~1jpp.1.el4", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"java-1.6.0-sun-jdbc", rpm:"java-1.6.0-sun-jdbc~1.6.0.17~1jpp.1.el4", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"java-1.6.0-sun-plugin", rpm:"java-1.6.0-sun-plugin~1.6.0.17~1jpp.1.el4", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"java-1.6.0-sun-src", rpm:"java-1.6.0-sun-src~1.6.0.17~1jpp.1.el4", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"java-1.6.0-sun", rpm:"java-1.6.0-sun~1.6.0.17~1jpp.2.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"java-1.6.0-sun-demo", rpm:"java-1.6.0-sun-demo~1.6.0.17~1jpp.2.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"java-1.6.0-sun-devel", rpm:"java-1.6.0-sun-devel~1.6.0.17~1jpp.2.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"java-1.6.0-sun-jdbc", rpm:"java-1.6.0-sun-jdbc~1.6.0.17~1jpp.2.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"java-1.6.0-sun-plugin", rpm:"java-1.6.0-sun-plugin~1.6.0.17~1jpp.2.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"java-1.6.0-sun-src", rpm:"java-1.6.0-sun-src~1.6.0.17~1jpp.2.el5", rls:"RHENT_5")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/RHSA_2009_1561.nasl =================================================================== --- trunk/openvas-plugins/scripts/RHSA_2009_1561.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/RHSA_2009_1561.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,111 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory RHSA-2009:1561 () +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66181); + script_cve_id("CVE-2009-3379"); + script_version ("$Revision$"); + script_name("RedHat Security Advisory RHSA-2009:1561"); + + desc = " +The remote host is missing updates announced in +advisory RHSA-2009:1561. + +The libvorbis packages contain runtime libraries for use in programs that +support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and +royalty-free, general-purpose compressed audio format. + +Multiple flaws were found in the libvorbis library. A specially-crafted Ogg +Vorbis media format file (Ogg) could cause an application using libvorbis +to crash or, possibly, execute arbitrary code when opened. (CVE-2009-3379) + +Users of libvorbis should upgrade to these updated packages, which contain +backported patches to correct these issues. The desktop must be restarted +(log out, then log back in) for this update to take effect. + +Solution: +Please note that this update is available via +Red Hat Network. To use Red Hat Network, launch the Red +Hat Update Agent with the following command: up2date + +http://rhn.redhat.com/errata/RHSA-2009-1561.html +http://www.redhat.com/security/updates/classification/#important + +Risk factor : High"; + + script_description(desc); + + script_summary("Redhat Security Advisory RHSA-2009:1561"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"libvorbis", rpm:"libvorbis~1.0~12.el3", rls:"RHENT_3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libvorbis-debuginfo", rpm:"libvorbis-debuginfo~1.0~12.el3", rls:"RHENT_3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libvorbis-devel", rpm:"libvorbis-devel~1.0~12.el3", rls:"RHENT_3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libvorbis", rpm:"libvorbis~1.1.0~3.el4_8.3", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libvorbis-debuginfo", rpm:"libvorbis-debuginfo~1.1.0~3.el4_8.3", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libvorbis-devel", rpm:"libvorbis-devel~1.1.0~3.el4_8.3", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libvorbis", rpm:"libvorbis~1.1.2~3.el5_4.4", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libvorbis-debuginfo", rpm:"libvorbis-debuginfo~1.1.2~3.el5_4.4", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libvorbis-devel", rpm:"libvorbis-devel~1.1.2~3.el5_4.4", rls:"RHENT_5")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/RHSA_2009_1562.nasl =================================================================== --- trunk/openvas-plugins/scripts/RHSA_2009_1562.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/RHSA_2009_1562.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,154 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory RHSA-2009:1562 () +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66182); + script_cve_id("CVE-2007-5333", "CVE-2008-5515", "CVE-2009-0033", "CVE-2009-0580", "CVE-2009-0781", "CVE-2009-0783"); + script_version ("$Revision$"); + script_name("RedHat Security Advisory RHSA-2009:1562"); + + desc = " +The remote host is missing updates announced in +advisory RHSA-2009:1562. + +Apache Tomcat is a servlet container for the Java Servlet and JavaServer +Pages (JSP) technologies. + +It was discovered that the Red Hat Security Advisory RHSA-2007:0876 did not +address all possible flaws in the way Tomcat handles certain characters and +character sequences in cookie values. A remote attacker could use this flaw +to obtain sensitive information, such as session IDs, and then use this +information for session hijacking attacks. (CVE-2007-5333) + +Note: The fix for the CVE-2007-5333 flaw changes the default cookie +processing behavior: With this update, version 0 cookies that contain +values that must be quoted to be valid are automatically changed to version +1 cookies. To reactivate the previous, but insecure behavior, add the +following entry to the /etc/tomcat5/catalina.properties file: + +org.apache.tomcat.util.http.ServerCookie.VERSION_SWITCH=false + +It was discovered that request dispatchers did not properly normalize user +requests that have trailing query strings, allowing remote attackers to +send specially-crafted requests that would cause an information leak. +(CVE-2008-5515) + +A flaw was found in the way the Tomcat AJP (Apache JServ Protocol) +connector processes AJP connections. An attacker could use this flaw to +send specially-crafted requests that would cause a temporary denial of +service. (CVE-2009-0033) + +It was discovered that the error checking methods of certain authentication +classes did not have sufficient error checking, allowing remote attackers +to enumerate (via brute force methods) usernames registered with +applications running on Tomcat when FORM-based authentication was used. +(CVE-2009-0580) + +A cross-site scripting (XSS) flaw was found in the examples calendar +application. With some web browsers, remote attackers could use this flaw +to inject arbitrary web script or HTML via the time parameter. +(CVE-2009-0781) + +It was discovered that web applications containing their own XML parsers +could replace the XML parser Tomcat uses to parse configuration files. A +malicious web application running on a Tomcat instance could read or, +potentially, modify the configuration and XML-based data of other web +applications deployed on the same Tomcat instance. (CVE-2009-0783) + +Users of Tomcat should upgrade to these updated packages, which contain +backported patches to resolve these issues. Tomcat must be restarted for +this update to take effect. + +Solution: +Please note that this update is available via +Red Hat Network. To use Red Hat Network, launch the Red +Hat Update Agent with the following command: up2date + +http://rhn.redhat.com/errata/RHSA-2009-1562.html +http://tomcat.apache.org/security-5.html +http://www.redhat.com/security/updates/classification/#important + +Risk factor : High"; + + script_description(desc); + + script_summary("Redhat Security Advisory RHSA-2009:1562"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"tomcat5", rpm:"tomcat5~5.5.23~0jpp_4rh.16", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"tomcat5-admin-webapps", rpm:"tomcat5-admin-webapps~5.5.23~0jpp_4rh.16", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"tomcat5-common-lib", rpm:"tomcat5-common-lib~5.5.23~0jpp_4rh.16", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"tomcat5-jasper", rpm:"tomcat5-jasper~5.5.23~0jpp_4rh.16", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"tomcat5-jasper-javadoc", rpm:"tomcat5-jasper-javadoc~5.5.23~0jpp_4rh.16", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"tomcat5-jsp-2.0-api", rpm:"tomcat5-jsp-2.0-api~5.5.23~0jpp_4rh.16", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"tomcat5-jsp-2.0-api-javadoc", rpm:"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp_4rh.16", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"tomcat5-server-lib", rpm:"tomcat5-server-lib~5.5.23~0jpp_4rh.16", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"tomcat5-servlet-2.4-api", rpm:"tomcat5-servlet-2.4-api~5.5.23~0jpp_4rh.16", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"tomcat5-servlet-2.4-api-javadoc", rpm:"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp_4rh.16", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"tomcat5-webapps", rpm:"tomcat5-webapps~5.5.23~0jpp_4rh.16", rls:"RHENT_4")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/RHSA_2009_1563.nasl =================================================================== --- trunk/openvas-plugins/scripts/RHSA_2009_1563.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/RHSA_2009_1563.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,134 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory RHSA-2009:1563 () +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66183); + script_cve_id("CVE-2007-5333", "CVE-2008-5515", "CVE-2009-0033", "CVE-2009-0580", "CVE-2009-0783"); + script_version ("$Revision$"); + script_name("RedHat Security Advisory RHSA-2009:1563"); + + desc = " +The remote host is missing updates announced in +advisory RHSA-2009:1563. + +Apache Tomcat is a servlet container for the Java Servlet and JavaServer +Pages (JSP) technologies. + +It was discovered that the Red Hat Security Advisory RHSA-2008:0195 did not +address all possible flaws in the way Tomcat handles certain characters and +character sequences in cookie values. A remote attacker could use this flaw +to obtain sensitive information, such as session IDs, and then use this +information for session hijacking attacks. (CVE-2007-5333) + +Note: The fix for the CVE-2007-5333 flaw changes the default cookie +processing behavior: With this update, version 0 cookies that contain +values that must be quoted to be valid are automatically changed to version +1 cookies. To reactivate the previous, but insecure behavior, add the +following entry to the /etc/tomcat5/catalina.properties file: + +org.apache.tomcat.util.http.ServerCookie.VERSION_SWITCH=false + +It was discovered that request dispatchers did not properly normalize user +requests that have trailing query strings, allowing remote attackers to +send specially-crafted requests that would cause an information leak. +(CVE-2008-5515) + +A flaw was found in the way the Tomcat AJP (Apache JServ Protocol) +connector processes AJP connections. An attacker could use this flaw to +send specially-crafted requests that would cause a temporary denial of +service. (CVE-2009-0033) + +It was discovered that the error checking methods of certain authentication +classes did not have sufficient error checking, allowing remote attackers +to enumerate (via brute force methods) usernames registered with +applications running on Tomcat when FORM-based authentication was used. +(CVE-2009-0580) + +It was discovered that web applications containing their own XML parsers +could replace the XML parser Tomcat uses to parse configuration files. A +malicious web application running on a Tomcat instance could read or, +potentially, modify the configuration and XML-based data of other web +applications deployed on the same Tomcat instance. (CVE-2009-0783) + +Users of Tomcat should upgrade to these updated packages, which contain +backported patches to resolve these issues. Tomcat must be restarted for +this update to take effect. + +Solution: +Please note that this update is available via +Red Hat Network. To use Red Hat Network, launch the Red +Hat Update Agent with the following command: up2date + +http://rhn.redhat.com/errata/RHSA-2009-1563.html +http://tomcat.apache.org/security-5.html +http://www.redhat.com/security/updates/classification/#important + +Risk factor : High"; + + script_description(desc); + + script_summary("Redhat Security Advisory RHSA-2009:1563"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"tomcat5", rpm:"tomcat5~5.5.23~0jpp_18rh", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"tomcat5-common-lib", rpm:"tomcat5-common-lib~5.5.23~0jpp_18rh", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"tomcat5-jasper", rpm:"tomcat5-jasper~5.5.23~0jpp_18rh", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"tomcat5-jsp-2.0-api", rpm:"tomcat5-jsp-2.0-api~5.5.23~0jpp_18rh", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"tomcat5-server-lib", rpm:"tomcat5-server-lib~5.5.23~0jpp_18rh", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"tomcat5-servlet-2.4-api", rpm:"tomcat5-servlet-2.4-api~5.5.23~0jpp_18rh", rls:"RHENT_4")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1921_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1921_1.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/deb_1921_1.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,108 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1921-1 (expat) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66145); + script_cve_id("CVE-2009-2625"); + script_version ("$Revision$"); + script_name("Debian Security Advisory DSA 1921-1 (expat)"); + + desc = " +The remote host is missing an update to expat +announced via advisory DSA 1921-1. + + +Peter Valchev discovered an error in expat, an XML parsing C library, +when parsing certain UTF-8 sequences, which can be exploited to crash an +application using the library. + +For the old stable distribution (etch), this problem has been fixed in +version 1.95.8-3.4+etch1. + +For the stable distribution (lenny), this problem has been fixed in +version 2.0.1-4+lenny1. + +For the testing distribution (squeeze) and the unstable distribution +(sid), this problem will be fixed soon. + + +We recommend that you upgrade your expat packages. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201921-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Debian Security Advisory DSA 1921-1 (expat)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Debian Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"libexpat1-dev", ver:"1.95.8-3.4+etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libexpat1", ver:"1.95.8-3.4+etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"expat", ver:"1.95.8-3.4+etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"expat", ver:"2.0.1-4+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libexpat1", ver:"2.0.1-4+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libexpat1-dev", ver:"2.0.1-4+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"lib64expat1", ver:"2.0.1-4+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"lib64expat1-dev", ver:"2.0.1-4+lenny1", rls:"DEB5.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1922_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1922_1.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/deb_1922_1.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,166 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1922-1 (xulrunner) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66146); + script_cve_id("CVE-2009-3274", "CVE-2009-3370", "CVE-2009-3372", "CVE-2009-3373", "CVE-2009-3374", "CVE-2009-3375", "CVE-2009-3376", "CVE-2009-3380", "CVE-2009-3382"); + script_version ("$Revision$"); + script_name("Debian Security Advisory DSA 1922-1 (xulrunner)"); + + desc = " +The remote host is missing an update to xulrunner +announced via advisory DSA 1922-1. + +Several remote vulnerabilities have been discovered in Xulrunner, a +runtime environment for XUL applications, such as the Iceweasel web +browser. The Common Vulnerabilities and Exposures project identifies +the following problems: + +CVE-2009-3380 + +Vladimir Vukicevic, Jesse Ruderman, Martijn Wargers, Daniel +Banchero, David Keeler and Boris Zbarsky reported crashes in +layout engine, which might allow the execution of arbitrary code. + +CVE-2009-3382 + +Carsten Book reported a crash in the layout engine, which might +allow the execution of arbitrary code. + +CVE-2009-3376 + +Jesse Ruderman and Sid Stamm discovered spoofing vulnerability +in the file download dialog. + +CVE-2009-3375 + +Gregory Fleischer discovered a bypass of the same-origin policy +using the document.getSelection() function. + +CVE-2009-3374 + +moz_bug_r_a4 discovered a privilege escalation to Chrome status +in the XPCOM utility XPCVariant::VariantDataToJS. + +CVE-2009-3373 + +regenrecht discovered a buffer overflow in the GIF parser, which +might lead to the execution of arbitrary code. + +CVE-2009-3372 + +Marco C. discovered that a programming error in the proxy auto +configuration code might lead to denial of service or the +execution of arbitrary code. + +CVE-2009-3274 + +Jeremy Brown discovered that the filename of a downloaded file +which is opened by the user is predictable, which might lead to +tricking the user into a malicious file if the attacker has local +access to the system. + +CVE-2009-3370 + +Paul Stone discovered that history information from web forms +could be stolen. + + +For the stable distribution (lenny), these problems have been fixed +in version 1.9.0.15-0lenny1. + +As indicated in the Etch release notes, security support for the +Mozilla products in the oldstable distribution needed to be stopped +before the end of the regular Etch security maintenance life cycle. +You are strongly encouraged to upgrade to stable or switch to a still +supported browser. + +For the unstable distribution (sid), these problems have been fixed in +version 1.9.1.4-1. + +We recommend that you upgrade your xulrunner packages. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201922-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Debian Security Advisory DSA 1922-1 (xulrunner)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Debian Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"libmozillainterfaces-java", ver:"1.9.0.15-0lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"xulrunner-1.9", ver:"1.9.0.15-0lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libmozjs1d-dbg", ver:"1.9.0.15-0lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libmozjs-dev", ver:"1.9.0.15-0lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libmozjs1d", ver:"1.9.0.15-0lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"xulrunner-dev", ver:"1.9.0.15-0lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"xulrunner-1.9-dbg", ver:"1.9.0.15-0lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"python-xpcom", ver:"1.9.0.15-0lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"xulrunner-1.9-gnome-support", ver:"1.9.0.15-0lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"spidermonkey-bin", ver:"1.9.0.15-0lenny1", rls:"DEB5.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1923_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1923_1.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/deb_1923_1.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,95 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1923-1 (libhtml-parser-perl) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66147); + script_cve_id("CVE-2009-3627"); + script_version ("$Revision$"); + script_name("Debian Security Advisory DSA 1923-1 (libhtml-parser-perl)"); + + desc = " +The remote host is missing an update to libhtml-parser-perl +announced via advisory DSA 1923-1. + +A denial of service vulnerability has been found in libhtml-parser-perl, +a collection of modules to parse HTML in text documents which is used by +several other projects like e.g. SpamAssassin. + +Mark Martinec discovered that the decode_entities() function will get stuck +in an infinite loop when parsing certain HTML entities with invalid UTF-8 +characters. An attacker can use this to perform denial of service attacks +by submitting crafted HTML to an application using this functionality. + + +For the oldstable distribution (etch), this problem has been fixed in +version 3.55-1+etch1. + +For the stable distribution (lenny), this problem has been fixed in +version 3.56-1+lenny1. + +For the testing (squeeze) and unstable (sid) distribution, this problem +will be fixed soon. + + +We recommend that you upgrade your libhtml-parser-perl packages. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201923-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Debian Security Advisory DSA 1923-1 (libhtml-parser-perl)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Debian Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"libhtml-parser-perl", ver:"3.55-1+etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libhtml-parser-perl", ver:"3.56-1+lenny1", rls:"DEB5.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1924_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1924_1.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/deb_1924_1.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,100 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1924-1 (mahara) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66204); + script_cve_id("CVE-2009-3298", "CVE-2009-3299"); + script_version ("$Revision$"); + script_name("Debian Security Advisory DSA 1924-1 (mahara)"); + + desc = " +The remote host is missing an update to mahara +announced via advisory DSA 1924-1. + +Two vulnerabilities have been discovered in, an electronic portfolio, +weblog, and resume builder. The Common Vulnerabilities and Exposures +project identifies the following problems: + +CVE-2009-3298 + +Ruslan Kabalin discovered a issue with resetting passwords, which could +lead to a privilege escalation of an institutional administrator +account. + +CVE-2009-3299 + +Sven Vetsch discovered a cross-site scripting vulnerability via the +resume fields. + + +For the stable distribution (lenny), these problems have been fixed in +version 1.0.4-4+lenny4. + +The oldstable distribution (etch) does not contain mahara. + +For the testing distribution (squeeze) and the unstable distribution +(sid), this problem will be fixed soon. + + +We recommend that you upgrade your mahara packages. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201924-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Debian Security Advisory DSA 1924-1 (mahara)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Debian Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"mahara-apache2", ver:"1.0.4-4+lenny4", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"mahara", ver:"1.0.4-4+lenny4", rls:"DEB5.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1925_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1925_1.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/deb_1925_1.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,115 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1925-1 (proftpd-dfsg) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66205); + script_cve_id("CVE-2009-3639"); + script_version ("$Revision$"); + script_name("Debian Security Advisory DSA 1925-1 (proftpd-dfsg)"); + + desc = " +The remote host is missing an update to proftpd-dfsg +announced via advisory DSA 1925-1. + +It has been discovered that proftpd-dfsg, a virtual-hosting FTP daemon, +does not properly handle a '\0' character in a domain name in the +Subject Alternative Name field of an X.509 client certificate, when the +dNSNameRequired TLS option is enabled. + + +For the stable distribution (lenny), this problem has been fixed in +version 1.3.1-17lenny4. + +For the oldstable distribution (etch), this problem has been fixed in +version 1.3.0-19etch3. + +Binaries for the amd64 architecture will be released once they are +available. + +For the testing distribution (squeeze) and the unstable distribution +(sid), this problem has been fixed in version 1.3.2a-2. + + +We recommend that you upgrade your proftpd-dfsg packages. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201925-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Debian Security Advisory DSA 1925-1 (proftpd-dfsg)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Debian Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"proftpd-mysql", ver:"1.3.0-19etch3", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"proftpd-ldap", ver:"1.3.0-19etch3", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"proftpd-pgsql", ver:"1.3.0-19etch3", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"proftpd-doc", ver:"1.3.1-17lenny4", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"proftpd", ver:"1.3.1-17lenny4", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"proftpd-mod-ldap", ver:"1.3.1-17lenny4", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"proftpd-basic", ver:"1.3.1-17lenny4", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"proftpd-mod-mysql", ver:"1.3.1-17lenny4", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"proftpd-mod-pgsql", ver:"1.3.1-17lenny4", rls:"DEB5.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1926_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1926_1.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/deb_1926_1.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,145 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1926-1 (typo3-src) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66206); + script_cve_id("CVE-2009-3628", "CVE-2009-3629", "CVE-2009-3630", "CVE-2009-3631", "CVE-2009-3632", "CVE-2009-3633", "CVE-2009-3634", "CVE-2009-3635", "CVE-2009-3636"); + script_version ("$Revision$"); + script_name("Debian Security Advisory DSA 1926-1 (typo3-src)"); + + desc = " +The remote host is missing an update to typo3-src +announced via advisory DSA 1926-1. + +Several remote vulnerabilities have been discovered in the TYPO3 web +content management framework. The Common Vulnerabilities and Exposures +project identifies the following problems: + +CVE-2009-3628 + +The Backend subcomponent allows remote authenticated users to +determine an encryption key via crafted input to a form field. + +CVE-2009-3629 + +Multiple cross-site scripting (XSS) vulnerabilities in the +Backend subcomponent allow remote authenticated users to inject +arbitrary web script or HTML. + +CVE-2009-3630 + +The Backend subcomponent allows remote authenticated users to +place arbitrary web sites in TYPO3 backend framesets via +crafted parameters. + +CVE-2009-3631 + +The Backend subcomponent, when the DAM extension or ftp upload +is enabled, allows remote authenticated users to execute +arbitrary commands via shell metacharacters in a filename. + +CVE-2009-3632 + +SQL injection vulnerability in the traditional frontend editing +feature in the Frontend Editing subcomponent allows remote +authenticated users to execute arbitrary SQL commands. + +CVE-2009-3633 + +Cross-site scripting (XSS) vulnerability in allows remote +attackers to inject arbitrary web script. + +CVE-2009-3634 + +Cross-site scripting (XSS) vulnerability in the Frontend Login Box +(aka felogin) subcomponent allows remote attackers to inject +arbitrary web script or HTML. + +CVE-2009-3635 + +The Install Tool subcomponent allows remote attackers to gain access +by using only the password's md5 hash as a credential. + +CVE-2009-3636 + +Cross-site scripting (XSS) vulnerability in the Install Tool +subcomponen allows remote attackers to inject arbitrary web script +or HTML. + +For the old stable distribution (etch), these problems have been fixed +in version 4.0.2+debian-9. + +For the stable distribution (lenny), these problems have been fixed in +version 4.2.5-1+lenny2. + +For the unstable distribution (sid), these problems have been fixed in +version 4.2.10-1. + +We recommend that you upgrade your typo3-src package. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201926-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Debian Security Advisory DSA 1926-1 (typo3-src)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Debian Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"typo3-src-4.0", ver:"4.0.2+debian-9", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"typo3", ver:"4.0.2+debian-9", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"typo3-src-4.2", ver:"4.2.5-1+lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"typo3", ver:"4.2.5-1+lenny2", rls:"DEB5.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1927_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1927_1.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/deb_1927_1.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,388 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1927-1 (linux-2.6) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66207); + script_cve_id("CVE-2009-3228", "CVE-2009-3238", "CVE-2009-3547", "CVE-2009-3612", "CVE-2009-3620", "CVE-2009-3621", "CVE-2009-3638"); + script_version ("$Revision$"); + script_name("Debian Security Advisory DSA 1927-1 (linux-2.6)"); + + desc = " +The remote host is missing an update to linux-2.6 +announced via advisory DSA 1927-1. + +Notice: Debian 5.0.4, the next point release of Debian 'lenny', will +include a new default value for the mmap_min_addr tunable. This +change will add an additional safeguard against a class of security +vulnerabilities known as NULL pointer dereference vulnerabilities, +but it will need to be overridden when using certain applications. +Additional information about this change, including instructions for +making this change locally in advance of 5.0.4 (recommended), can be +found at: +http://wiki.debian.org/mmap_min_addr + +Several vulnerabilities have been discovered in the Linux kernel that +may lead to a denial of service, sensitive memory leak or privilege +escalation. The Common Vulnerabilities and Exposures project +identifies the following problems: + +CVE-2009-3228 + +Eric Dumazet reported an instance of uninitialized kernel memory +in the network packet scheduler. Local users may be able to +exploit this issue to read the contents of sensitive kernel +memory. + +CVE-2009-3238 + +Linus Torvalds provided a change to the get_random_int() function +to increase its randomness. + +CVE-2009-3547 + +Earl Chew discovered a NULL pointer dereference issue in the +pipe_rdwr_open function which can be used by local users to gain +elevated privileges. + +CVE-2009-3612 + +Jiri Pirko discovered a typo in the initialization of a structure +in the netlink subsystem that may allow local users to gain access +to sensitive kernel memory. + +CVE-2009-3620 + +Ben Hutchings discovered an issue in the DRM manager for ATI Rage +128 graphics adapters. Local users may be able to exploit this +vulnerability to cause a denial of service (NULL pointer +dereference). + +CVE-2009-3621 + +Tomoki Sekiyama discovered a deadlock condition in the UNIX domain +socket implementation. Local users can exploit this vulnerability +to cause a denial of service (system hang). + +CVE-2009-3638 + +David Wagner reported an overflow in the KVM subsystem on i386 +systems. This issue is exploitable by local users with access to +the /dev/kvm device file. + +For the stable distribution (lenny), this problem has been fixed in +version 2.6.26-19lenny2. + +For the oldstable distribution (etch), these problems, where +applicable, will be fixed in updates to linux-2.6 and linux-2.6.24. + +We recommend that you upgrade your linux-2.6 and user-mode-linux + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201927-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Debian Security Advisory DSA 1927-1 (linux-2.6)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Debian Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"linux-tree-2.6.26", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-doc-2.6.26", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-patch-debian-2.6.26", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-source-2.6.26", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-manual-2.6.26", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-support-2.6.26-2", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-all-alpha", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-alpha-generic", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.26-2-alpha-generic", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-all", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-libc-dev", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.26-2-alpha-legacy", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-alpha-smp", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-alpha-legacy", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.26-2-alpha-smp", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-common", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-amd64", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-vserver-amd64", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-openvz-amd64", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-all-amd64", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-modules-2.6.26-2-xen-amd64", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.26-2-openvz-amd64", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-common-xen", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.26-2-vserver-amd64", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-common-vserver", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.26-2-xen-amd64", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"xen-linux-system-2.6.26-2-xen-amd64", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-common-openvz", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.26-2-amd64", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-xen-amd64", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-iop32x", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.26-2-iop32x", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-versatile", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.26-2-ixp4xx", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.26-2-versatile", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.26-2-orion5x", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-ixp4xx", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-all-armel", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-orion5x", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.26-2-parisc64", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-parisc", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.26-2-parisc-smp", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-parisc64", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-all-hppa", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.26-2-parisc", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.26-2-parisc64-smp", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-parisc64-smp", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-parisc-smp", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-486", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.26-2-openvz-686", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.26-2-vserver-686", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.26-2-686-bigmem", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.26-2-686", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-686", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.26-2-486", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.26-2-vserver-686-bigmem", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-686-bigmem", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-vserver-686-bigmem", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"xen-linux-system-2.6.26-2-xen-686", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-vserver-686", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-openvz-686", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.26-2-xen-686", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-xen-686", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-all-i386", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-modules-2.6.26-2-xen-686", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-vserver-itanium", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-itanium", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-mckinley", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.26-2-vserver-mckinley", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.26-2-itanium", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-vserver-mckinley", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.26-2-mckinley", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-all-ia64", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.26-2-vserver-itanium", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-powerpc64", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.26-2-vserver-powerpc", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.26-2-vserver-powerpc64", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.26-2-powerpc64", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.26-2-powerpc-smp", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-powerpc-smp", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-vserver-powerpc64", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-vserver-powerpc", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-all-powerpc", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-powerpc", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.26-2-powerpc", ver:"2.6.26-19lenny2", rls:"DEB5.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1928_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1928_1.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/deb_1928_1.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,229 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1928-1 (linux-2.6.24) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66208); + script_cve_id("CVE-2009-2846", "CVE-2009-2847", "CVE-2009-2848", "CVE-2009-2849", "CVE-2009-2903", "CVE-2009-2908", "CVE-2009-2909", "CVE-2009-2910", "CVE-2009-3001", "CVE-2009-3002", "CVE-2009-3228", "CVE-2009-3238", "CVE-2009-3286", "CVE-2009-3547", "CVE-2009-3612", "CVE-2009-3613", "CVE-2009-3620", "CVE-2009-3621"); + script_version ("$Revision$"); + script_name("Debian Security Advisory DSA 1928-1 (linux-2.6.24)"); + + desc = " +The remote host is missing an update to linux-2.6.24 +announced via advisory DSA 1928-1. + +Several vulnerabilities have been discovered in the Linux kernel that +may lead to a denial of service, sensitive memory leak or privilege +escalation. + +For details on the issues addressed in this update, please visit +the referenced security advisories. + +For the oldstable distribution (etch), this problem has been fixed in +version 2.6.24-6~etchnhalf.9etch1. + +We recommend that you upgrade your linux-2.6.24 packages. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201928-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Debian Security Advisory DSA 1928-1 (linux-2.6.24)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Debian Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"linux-doc-2.6.24", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-tree-2.6.24", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-manual-2.6.24", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-source-2.6.24", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-support-2.6.24-etchnhalf.1", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-patch-debian-2.6.24", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-all-alpha", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-alpha-legacy", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-alpha-generic", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-alpha-legacy", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-common", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-alpha-generic", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-alpha-smp", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-all", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-alpha-smp", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-amd64", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-amd64", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-all-amd64", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-parisc", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-parisc64", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-parisc-smp", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-parisc64-smp", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-parisc64-smp", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-all-hppa", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-parisc-smp", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-parisc64", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-parisc", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-486", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-686-bigmem", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-686", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-all-i386", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-686", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-686-bigmem", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-486", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-mckinley", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-all-ia64", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-mckinley", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-itanium", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-itanium", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-r5k-cobalt", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-5kc-malta", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-4kc-malta", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-4kc-malta", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-r5k-cobalt", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-all-mipsel", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-5kc-malta", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1929_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1929_1.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/deb_1929_1.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,350 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1929-1 (linux-2.6) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66209); + script_cve_id("CVE-2009-1883", "CVE-2009-2909", "CVE-2009-3001", "CVE-2009-3002", "CVE-2009-3228", "CVE-2009-3238", "CVE-2009-3286", "CVE-2009-3547", "CVE-2009-3612", "CVE-2009-3621"); + script_version ("$Revision$"); + script_name("Debian Security Advisory DSA 1929-1 (linux-2.6)"); + + desc = " +The remote host is missing an update to linux-2.6 +announced via advisory DSA 1929-1. + +Several vulnerabilities have been discovered in the Linux kernel that +may lead to a denial of service, sensitive memory leak or privilege +escalation. + +For details on the issues addressed in this update, please visit +the referenced security advisories. + +For the oldstable distribution (etch), this problem has been fixed in +version 2.6.18.dfsg.1-26etch1. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201929-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Debian Security Advisory DSA 1929-1 (linux-2.6)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Debian Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"linux-support-2.6.18-6", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-source-2.6.18", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-patch-debian-2.6.18", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-tree-2.6.18", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-doc-2.6.18", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-manual-2.6.18", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-all-alpha", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-all", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.18-6-alpha-legacy", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-alpha-generic", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-vserver-alpha", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.18-6-vserver-alpha", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-alpha-smp", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.18-6", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-alpha-legacy", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.18-6-alpha-generic", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.18-6-alpha-smp", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-vserver", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-xen", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-modules-2.6.18-6-xen-vserver-amd64", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-xen-vserver", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.18-6-amd64", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-xen-vserver-amd64", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-modules-2.6.18-6-xen-amd64", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.18-6-xen-vserver-amd64", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-xen-amd64", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-amd64", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.18-6-vserver-amd64", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-all-amd64", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.18-6-xen-amd64", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-vserver-amd64", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"xen-linux-system-2.6.18-6-xen-vserver-amd64", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"xen-linux-system-2.6.18-6-xen-amd64", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.18-6-parisc", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.18-6-parisc64-smp", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-parisc-smp", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.18-6-parisc64", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.18-6-parisc-smp", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-parisc64-smp", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-parisc", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-all-hppa", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-parisc64", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-686-bigmem", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-xen-vserver-686", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-vserver-686", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.18-6-686-bigmem", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-modules-2.6.18-6-xen-vserver-686", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-all-i386", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"xen-linux-system-2.6.18-6-xen-686", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.18-6-486", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-k7", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.18-6-vserver-k7", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.18-6-vserver-686", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-686", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-modules-2.6.18-6-xen-686", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-vserver-k7", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"xen-linux-system-2.6.18-6-xen-vserver-686", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.18-6-686", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-486", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.18-6-xen-686", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.18-6-xen-vserver-686", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.18-6-k7", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-xen-686", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-all-ia64", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-mckinley", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-itanium", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.18-6-itanium", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.18-6-mckinley", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-powerpc", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-vserver-powerpc", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-vserver-powerpc64", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.18-6-powerpc-miboot", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.18-6-vserver-powerpc", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.18-6-powerpc", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.18-6-prep", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.18-6-powerpc-smp", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-powerpc64", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.18-6-vserver-powerpc64", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-powerpc-miboot", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-all-powerpc", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.18-6-powerpc64", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-prep", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-powerpc-smp", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-s390", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-vserver-s390x", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-s390x", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-all-s390", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.18-6-s390", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.18-6-s390x", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.18-6-vserver-s390x", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.18-6-s390-tape", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1930_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1930_1.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/deb_1930_1.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,111 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1930-1 (drupal6) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66210); + script_cve_id("CVE-2009-2372", "CVE-2009-2373", "CVE-2009-2374"); + script_version ("$Revision$"); + script_name("Debian Security Advisory DSA 1930-1 (drupal6)"); + + desc = " +The remote host is missing an update to drupal6 +announced via advisory DSA 1930-1. + + +Several vulnerabilities have been found in drupal6, a fully-featured +content management framework. The Common Vulnerabilities and Exposures +project identifies the following problems: + +CVE-2009-2372 + +Gerhard Killesreiter discovered a flaw in the way user signatures are +handled. It is possible for a user to inject arbitrary code via a +crafted user signature. (SA-CORE-2009-007) + +CVE-2009-2373 + +Mark Piper, Sven Herrmann and Brandon Knight discovered a cross-site +scripting issue in the forum module, which could be exploited via the +tid parameter. (SA-CORE-2009-007) + +CVE-2009-2374 + +Sumit Datta discovered that certain drupal6 pages leak sensible +information such as user credentials. (SA-CORE-2009-007) + + +Several design flaws in the OpenID module have been fixed, which could +lead to cross-site request forgeries or privilege escalations. Also, the +file upload function does not process all extensions properly leading +to the possible execution of arbitrary code. +(SA-CORE-2009-008) + + +For the stable distribution (lenny), these problems have been fixed in +version 6.6-3lenny3. + +The oldstable distribution (etch) does not contain drupal6. + +For the testing distribution (squeeze) and the unstable distribution +(sid), these problems have been fixed in version 6.14-1. + + +We recommend that you upgrade your drupal6 packages. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201930-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Debian Security Advisory DSA 1930-1 (drupal6)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Debian Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"drupal6", ver:"6.6-3lenny3", rls:"DEB5.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1931_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1931_1.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/deb_1931_1.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,101 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1931-1 (nspr) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66211); + script_cve_id("CVE-2009-1563", "CVE-2009-2463"); + script_version ("$Revision$"); + script_name("Debian Security Advisory DSA 1931-1 (nspr)"); + + desc = " +The remote host is missing an update to nspr +announced via advisory DSA 1931-1. + +Several vulnerabilities have been discovered in the NetScape Portable +Runtime Library, which may lead to the execution of arbitrary code. The +Common Vulnerabilities and Exposures project identifies the following +problems: + +CVE-2009-1563 + +A programming error in the string handling code may lead to the +execution of arbitrary code. + +CVE-2009-2463 + +An integer overflow in the Base64 decoding functions may lead to +the execution of arbitrary code. + +The old stable distribution (etch) doesn't contain nspr. + +For the stable distribution (lenny), these problems have been fixed in +version 4.7.1-5. + +For the unstable distribution (sid) these problems have been fixed in +version 4.8.2-1. + +We recommend that you upgrade your NSPR packages. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201931-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Debian Security Advisory DSA 1931-1 (nspr)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Debian Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"libnspr4-0d", ver:"4.7.1-5", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libnspr4-0d-dbg", ver:"4.7.1-5", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libnspr4-dev", ver:"4.7.1-5", rls:"DEB5.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1932_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1932_1.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/deb_1932_1.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,107 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1932-1 (pidgin) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66212); + script_cve_id("CVE-2009-3615"); + script_version ("$Revision$"); + script_name("Debian Security Advisory DSA 1932-1 (pidgin)"); + + desc = " +The remote host is missing an update to pidgin +announced via advisory DSA 1932-1. + +It was discovered that incorrect pointer handling in the purple library, +an internal component of the multi-protocol instant messaging client +Pidgin, could lead to denial of service or the execution of arbitrary +code through malformed contact requests. + +For the stable distribution (lenny), this problem has been fixed in +version 2.4.3-4lenny5. + +For the unstable distribution (sid), this problem has been fixed in +version 2.6.3-1. + +We recommend that you upgrade your pidgin package. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201932-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Debian Security Advisory DSA 1932-1 (pidgin)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Debian Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"finch-dev", ver:"2.4.3-4lenny5", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"pidgin-data", ver:"2.4.3-4lenny5", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"pidgin-dev", ver:"2.4.3-4lenny5", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libpurple-dev", ver:"2.4.3-4lenny5", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libpurple-bin", ver:"2.4.3-4lenny5", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libpurple0", ver:"2.4.3-4lenny5", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"finch", ver:"2.4.3-4lenny5", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"pidgin-dbg", ver:"2.4.3-4lenny5", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"pidgin", ver:"2.4.3-4lenny5", rls:"DEB5.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_10170.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_10170.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/fcore_2009_10170.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,93 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-10170 (mimetex) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66196); + script_cve_id("CVE-2009-1382", "CVE-2009-2459"); + script_version ("$Revision$"); + script_name("Fedora Core 11 FEDORA-2009-10170 (mimetex)"); + + desc = " +The remote host is missing an update to mimetex +announced via advisory FEDORA-2009-10170. + +Update Information: + +- Fixes a buffer-overflow as detailed in #511049. - Updates to 1.7. + +ChangeLog: + +* Thu Oct 1 2009 Jorge Torres - 1.71-1 +- Update to 1.71 + +References: + +[ 1 ] Bug #511049 - CVE-2009-1382 CVE-2009-2459 mimeTeX: various flaws +https://bugzilla.redhat.com/show_bug.cgi?id=511049 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update mimetex' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10170 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 11 FEDORA-2009-10170 (mimetex)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"mimetex", rpm:"mimetex~1.71~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"mimetex-debuginfo", rpm:"mimetex-debuginfo~1.71~1.fc11", rls:"FC11")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_10225.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_10225.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/fcore_2009_10225.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,93 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-10225 (mimetex) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66192); + script_cve_id("CVE-2009-1382", "CVE-2009-2459"); + script_version ("$Revision$"); + script_name("Fedora Core 10 FEDORA-2009-10225 (mimetex)"); + + desc = " +The remote host is missing an update to mimetex +announced via advisory FEDORA-2009-10225. + +Update Information: + +- Fixes a buffer-overflow as detailed in #511049. - Updates to 1.7. + +ChangeLog: + +* Thu Oct 1 2009 Jorge Torres - 1.71-1 +- Update to 1.71 + +References: + +[ 1 ] Bug #511049 - CVE-2009-1382 CVE-2009-2459 mimeTeX: various flaws +https://bugzilla.redhat.com/show_bug.cgi?id=511049 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update mimetex' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10225 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 10 FEDORA-2009-10225 (mimetex)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"mimetex", rpm:"mimetex~1.71~1.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"mimetex-debuginfo", rpm:"mimetex-debuginfo~1.71~1.fc10", rls:"FC10")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_10329.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_10329.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/fcore_2009_10329.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,92 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-10329 (python-markdown2) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66143); + script_version ("$Revision$"); + script_name("Fedora Core 11 FEDORA-2009-10329 (python-markdown2)"); + + desc = " +The remote host is missing an update to python-markdown2 +announced via advisory FEDORA-2009-10329. + +Update Information: + +Update from 1.0.1.11 to 1.0.1.15, which fixes some issues, including these two +security-related bugs: +- [Issue 30] Fix a possible XSS via JavaScript injection in a carefully + crafted image reference (usage of double-quotes in the URL). +- [Issue 29] Fix security hole in the md5-hashing scheme for handling HTML + chunks during processing. + +See http://code.google.com/p/python-markdown2/source/browse/trunk/CHANGES.txt +for the full changelog. + +ChangeLog: + +* Thu Oct 8 2009 Thomas Moschny - 1.0.1.15-1 +- Update to 1.0.1.15. Fixes three issues, two of them being security-related. + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update python-markdown2' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10329 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 11 FEDORA-2009-10329 (python-markdown2)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"python-markdown2", rpm:"python-markdown2~1.0.1.15~1.fc11", rls:"FC11")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_10377.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_10377.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/fcore_2009_10377.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,97 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-10377 (python-markdown2) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66130); + script_version ("$Revision$"); + script_name("Fedora Core 10 FEDORA-2009-10377 (python-markdown2)"); + + desc = " +The remote host is missing an update to python-markdown2 +announced via advisory FEDORA-2009-10377. + +This is a fast and complete Python implementation of the Markdown +spec. + +For information about markdown itself, see +http://daringfireball.net/projects/markdown/ + +Update Information: + +Update from 1.0.1.11 to 1.0.1.15, which fixes some issues, including these two +security-related bugs: +- [Issue 30] Fix a possible XSS via JavaScript injection in a carefully + crafted image reference (usage of double-quotes in the URL). +- [Issue 29] Fix security hole in the md5-hashing scheme for handling + HTML chunks during processing. +See http://code.google.com/p/python-markdown2/source/browse/trunk/CHANGES.txt +for the full changelog. + +ChangeLog: + +* Thu Oct 8 2009 Thomas Moschny - 1.0.1.15-1 +- Update to 1.0.1.15. Fixes three issues, two of them being security-related. + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update python-markdown2' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10377 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 10 FEDORA-2009-10377 (python-markdown2)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"python-markdown2", rpm:"python-markdown2~1.0.1.15~1.fc10", rls:"FC10")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_10426.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_10426.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/fcore_2009_10426.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,93 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-10426 (rt3) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66188); + script_version ("$Revision$"); + script_name("Fedora Core 10 FEDORA-2009-10426 (rt3)"); + + desc = " +The remote host is missing an update to rt3 +announced via advisory FEDORA-2009-10426. + +ChangeLog: + +* Tue Oct 13 2009 Ralf Cors?pius - 3.8.2-11 +- Update rt-3.8.2-rh-bz526870.diff. +* Mon Oct 12 2009 Ralf Cors?pius - 3.8.2-10 +- Add rt-3.8.2-rh-bz526870.diff (BZ #526870). + +References: + +[ 1 ] Bug #526870 - Update to rt 3.8.5 +https://bugzilla.redhat.com/show_bug.cgi?id=526870 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update rt3' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10426 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 10 FEDORA-2009-10426 (rt3)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"perl-RT-Test", rpm:"perl-RT-Test~3.8.2~11.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"rt3", rpm:"rt3~3.8.2~11.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"rt3-mailgate", rpm:"rt3-mailgate~3.8.2~11.fc10", rls:"FC10")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_10461.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_10461.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/fcore_2009_10461.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,93 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-10461 (slim) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66141); + script_version ("$Revision$"); + script_name("Fedora Core 10 FEDORA-2009-10461 (slim)"); + + desc = " +The remote host is missing an update to slim +announced via advisory FEDORA-2009-10461. + +Update Information: + +Here is where you give an explanation of your update. +ChangeLog: + +* Sat Oct 10 2009 Lorenzo Villani - 1.3.1-9 +- rebuilt +* Sat Oct 10 2009 Lorenzo Villani - 1.3.1-8 +- Fix BZ #518068 + +References: + +[ 1 ] Bug #505359 - Current directory included in default path +https://bugzilla.redhat.com/show_bug.cgi?id=505359 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update slim' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10461 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 10 FEDORA-2009-10461 (slim)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"slim", rpm:"slim~1.3.1~9.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"slim-debuginfo", rpm:"slim-debuginfo~1.3.1~9.fc10", rls:"FC10")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_10475.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_10475.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/fcore_2009_10475.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,88 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-10475 (slim) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66131); + script_version ("$Revision$"); + script_name("Fedora Core 11 FEDORA-2009-10475 (slim)"); + + desc = " +The remote host is missing an update to slim +announced via advisory FEDORA-2009-10475. + +ChangeLog: + +* Sat Oct 10 2009 Lorenzo Villani - 1.3.1-8 +- Fix BZ #518068 + +References: + +[ 1 ] Bug #505359 - Current directory included in default path +https://bugzilla.redhat.com/show_bug.cgi?id=505359 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update slim' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10475 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 11 FEDORA-2009-10475 (slim)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"slim", rpm:"slim~1.3.1~8.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"slim-debuginfo", rpm:"slim-debuginfo~1.3.1~8.fc11", rls:"FC11")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_10498.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_10498.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/fcore_2009_10498.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,93 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-10498 (rt3) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66187); + script_version ("$Revision$"); + script_name("Fedora Core 11 FEDORA-2009-10498 (rt3)"); + + desc = " +The remote host is missing an update to rt3 +announced via advisory FEDORA-2009-10498. + +ChangeLog: + +* Tue Oct 13 2009 Ralf Cors?pius - 3.8.2-11 +- Update rt-3.8.2-rh-bz526870.diff. +* Mon Oct 12 2009 Ralf Cors?pius - 3.8.2-10 +- Add rt-3.8.2-rh-bz526870.diff (BZ #526870). + +References: + +[ 1 ] Bug #526870 - Update to rt 3.8.5 +https://bugzilla.redhat.com/show_bug.cgi?id=526870 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update rt3' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10498 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 11 FEDORA-2009-10498 (rt3)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"perl-RT-Test", rpm:"perl-RT-Test~3.8.2~11.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"rt3", rpm:"rt3~3.8.2~11.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"rt3-mailgate", rpm:"rt3-mailgate~3.8.2~11.fc11", rls:"FC11")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_10639.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_10639.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/fcore_2009_10639.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,169 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-10639 (kernel) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66133); + script_cve_id("CVE-2009-3612", "CVE-2009-2909", "CVE-2009-2908", "CVE-2009-2903", "CVE-2009-3290", "CVE-2009-2847", "CVE-2009-2910"); + script_version ("$Revision$"); + script_name("Fedora Core 11 FEDORA-2009-10639 (kernel)"); + + desc = " +The remote host is missing an update to kernel +announced via advisory FEDORA-2009-10639. + +Update to kernel 2.6.30.9. Upstream change logs: +http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.9 +Also fixes: +- Kernel stack randomization bug +- NULL dereference in r128 driver +- ftrace memory corruption on module unload +- boot hanging on some systems +- some latency problems caused by scheduler bugs + +References: + +[ 1 ] Bug #524124 - CVE-2009-3290 kernel: KVM: x86: Disallow hypercalls for guest callers in rings > 0 +https://bugzilla.redhat.com/show_bug.cgi?id=524124 +[ 2 ] Bug #528868 - CVE-2009-3612 kernel: tcf_fill_node() infoleak due to typo in 9ef1d4c7 +https://bugzilla.redhat.com/show_bug.cgi?id=528868 +[ 3 ] Bug #522331 - CVE-2009-2903 kernel: appletalk: denial of service when handling IP tunnelled over DDP datagrams +https://bugzilla.redhat.com/show_bug.cgi?id=522331 +[ 4 ] Bug #527534 - CVE-2009-2908 kernel ecryptfs NULL pointer dereference +https://bugzilla.redhat.com/show_bug.cgi?id=527534 +[ 5 ] Bug #528887 - CVE-2009-2909 kernel: ax25 stack overflow +https://bugzilla.redhat.com/show_bug.cgi?id=528887 +[ 6 ] Bug #526788 - CVE-2009-2910 kernel: x86_64 32 bit process register leak +https://bugzilla.redhat.com/show_bug.cgi?id=526788 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update kernel' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10639 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 11 FEDORA-2009-10639 (kernel)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"kernel", rpm:"kernel~2.6.30.9~90.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debuginfo-common", rpm:"kernel-debuginfo-common~i586~2.6.30.9", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-devel", rpm:"kernel-devel~2.6.30.9~90.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-headers", rpm:"kernel-headers~2.6.30.9~90.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debuginfo", rpm:"kernel-debuginfo~2.6.30.9~90.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAE", rpm:"kernel-PAE~2.6.30.9~90.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAE-devel", rpm:"kernel-PAE-devel~2.6.30.9~90.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAEdebug", rpm:"kernel-PAEdebug~2.6.30.9~90.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAEdebug-devel", rpm:"kernel-PAEdebug-devel~2.6.30.9~90.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debuginfo-common", rpm:"kernel-debuginfo-common~i686~2.6.30.9", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAE-debuginfo", rpm:"kernel-PAE-debuginfo~2.6.30.9~90.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAEdebug-debuginfo", rpm:"kernel-PAEdebug-debuginfo~2.6.30.9~90.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-doc", rpm:"kernel-doc~2.6.30.9~90.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-firmware", rpm:"kernel-firmware~2.6.30.9~90.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-bootwrapper", rpm:"kernel-bootwrapper~2.6.30.9~90.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debuginfo-common", rpm:"kernel-debuginfo-common~ppc~2.6.30.9", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-smp", rpm:"kernel-smp~2.6.30.9~90.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-smp-devel", rpm:"kernel-smp-devel~2.6.30.9~90.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-smp-debuginfo", rpm:"kernel-smp-debuginfo~2.6.30.9~90.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debuginfo-common", rpm:"kernel-debuginfo-common~ppc64~2.6.30.9", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debug", rpm:"kernel-debug~2.6.30.9~90.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debug-devel", rpm:"kernel-debug-devel~2.6.30.9~90.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debuginfo-common", rpm:"kernel-debuginfo-common~x86_64~2.6.30.9", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debug-debuginfo", rpm:"kernel-debug-debuginfo~2.6.30.9~90.fc11", rls:"FC11")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_10718.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_10718.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/fcore_2009_10718.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,85 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-10718 (sahana) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66127); + script_version ("$Revision$"); + script_name("Fedora Core 11 FEDORA-2009-10718 (sahana)"); + + desc = " +The remote host is missing an update to sahana +announced via advisory FEDORA-2009-10718. + +ChangeLog: + +* Wed Oct 21 2009 David Nalley 0.6.2.2-6 +- fixed security issue noted in bz 530255 + +References: + +[ 1 ] Bug #530255 - Sahana security hole exposes any file on system +https://bugzilla.redhat.com/show_bug.cgi?id=530255 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update sahana' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10718 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 11 FEDORA-2009-10718 (sahana)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"sahana", rpm:"sahana~0.6.2.2~6.fc11", rls:"FC11")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_10719.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_10719.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/fcore_2009_10719.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,113 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-10719 (systemtap) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66128); + script_cve_id("CVE-2009-2911"); + script_version ("$Revision$"); + script_name("Fedora Core 11 FEDORA-2009-10719 (systemtap)"); + + desc = " +The remote host is missing an update to systemtap +announced via advisory FEDORA-2009-10719. + +Update Information: + +Fixes three DOS issues in --unprivileged mode. (CVE-2009-2911) +ChangeLog: + +* Wed Oct 21 2009 Josh Stone - 1.0-2 +- Fix three --unprivileged DOS issues (CVE-2009-2911) + +References: + +[ 1 ] Bug #529175 - CVE-2009-2911 SystemTap 1.0: Multiple denial of service flaws once --unprivileged mode is activated +https://bugzilla.redhat.com/show_bug.cgi?id=529175 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update systemtap' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10719 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 11 FEDORA-2009-10719 (systemtap)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"systemtap", rpm:"systemtap~1.0~2.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"systemtap-client", rpm:"systemtap-client~1.0~2.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"systemtap-grapher", rpm:"systemtap-grapher~1.0~2.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"systemtap-initscript", rpm:"systemtap-initscript~1.0~2.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"systemtap-runtime", rpm:"systemtap-runtime~1.0~2.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"systemtap-sdt-devel", rpm:"systemtap-sdt-devel~1.0~2.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"systemtap-server", rpm:"systemtap-server~1.0~2.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"systemtap-testsuite", rpm:"systemtap-testsuite~1.0~2.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"systemtap-debuginfo", rpm:"systemtap-debuginfo~1.0~2.fc11", rls:"FC11")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_10737.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_10737.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/fcore_2009_10737.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,102 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-10737 (jasper) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66129); + script_cve_id("CVE-2008-3520", "CVE-2008-3522"); + script_version ("$Revision$"); + script_name("Fedora Core 10 FEDORA-2009-10737 (jasper)"); + + desc = " +The remote host is missing an update to jasper +announced via advisory FEDORA-2009-10737. + +ChangeLog: + +* Tue Oct 13 2009 Rex Dieter - 1.900.1-13 +- CVE-2008-3520 jasper: multiple integer overflows in jas_alloc calls (#461476) +- CVE-2008-3522 jasper: possible buffer overflow in + jas_stream_printf() (#461478) + +References: + +[ 1 ] Bug #461476 - CVE-2008-3520 jasper: multiple integer overflows in jas_alloc calls +https://bugzilla.redhat.com/show_bug.cgi?id=461476 +[ 2 ] Bug #461478 - CVE-2008-3522 jasper: possible buffer overflow in jas_stream_printf() +https://bugzilla.redhat.com/show_bug.cgi?id=461478 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update jasper' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10737 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 10 FEDORA-2009-10737 (jasper)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"jasper", rpm:"jasper~1.900.1~13.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"jasper-devel", rpm:"jasper-devel~1.900.1~13.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"jasper-libs", rpm:"jasper-libs~1.900.1~13.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"jasper-utils", rpm:"jasper-utils~1.900.1~13.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"jasper-debuginfo", rpm:"jasper-debuginfo~1.900.1~13.fc10", rls:"FC10")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_10743.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_10743.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/fcore_2009_10743.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,92 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-10743 (squidGuard) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66197); + script_cve_id("CVE-2009-3700"); + script_version ("$Revision$"); + script_name("Fedora Core 10 FEDORA-2009-10743 (squidGuard)"); + + desc = " +The remote host is missing an update to squidGuard +announced via advisory FEDORA-2009-10743. + +For details on the issues addressed in this update, please +visit the referenced security advisories. + +ChangeLog: + +* Mon Oct 26 2009 Jon Ciesla - 1.4-8 +- Applying upstream patches for CVE-2009-3700, BZ 530862. + +References: + +[ 1 ] Bug #530862 - CVE-2009-3700 squidGuard: buffer overflow in sgLog.c and two URL filter bypass issues +https://bugzilla.redhat.com/show_bug.cgi?id=530862 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update squidGuard' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10743 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 10 FEDORA-2009-10743 (squidGuard)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"squidGuard", rpm:"squidGuard~1.4~8.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squidGuard-debuginfo", rpm:"squidGuard-debuginfo~1.4~8.fc10", rls:"FC10")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_10761.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_10761.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/fcore_2009_10761.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,102 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-10761 (jasper) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66132); + script_cve_id("CVE-2008-3520", "CVE-2008-3522"); + script_version ("$Revision$"); + script_name("Fedora Core 11 FEDORA-2009-10761 (jasper)"); + + desc = " +The remote host is missing an update to jasper +announced via advisory FEDORA-2009-10761. + +ChangeLog: + +* Tue Oct 13 2009 Rex Dieter - 1.900.1-13 +- CVE-2008-3520 jasper: multiple integer overflows in jas_alloc calls (#461476) +- CVE-2008-3522 jasper: possible buffer overflow in + jas_stream_printf() (#461478) + +References: + +[ 1 ] Bug #461476 - CVE-2008-3520 jasper: multiple integer overflows in jas_alloc calls +https://bugzilla.redhat.com/show_bug.cgi?id=461476 +[ 2 ] Bug #461478 - CVE-2008-3522 jasper: possible buffer overflow in jas_stream_printf() +https://bugzilla.redhat.com/show_bug.cgi?id=461478 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update jasper' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10761 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 11 FEDORA-2009-10761 (jasper)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"jasper", rpm:"jasper~1.900.1~13.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"jasper-devel", rpm:"jasper-devel~1.900.1~13.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"jasper-libs", rpm:"jasper-libs~1.900.1~13.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"jasper-utils", rpm:"jasper-utils~1.900.1~13.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"jasper-debuginfo", rpm:"jasper-debuginfo~1.900.1~13.fc11", rls:"FC11")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_10780.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_10780.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/fcore_2009_10780.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,91 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-10780 (squidGuard) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66191); + script_cve_id("CVE-2009-3700"); + script_version ("$Revision$"); + script_name("Fedora Core 11 FEDORA-2009-10780 (squidGuard)"); + + desc = " +The remote host is missing an update to squidGuard +announced via advisory FEDORA-2009-10780. + +For details, please visit the referenced security advisories. + +ChangeLog: + +* Mon Oct 26 2009 Jon Ciesla - 1.4-8 +- Applying upstream patches for CVE-2009-3700, BZ 530862. + +References: + +[ 1 ] Bug #530862 - CVE-2009-3700 squidGuard: buffer overflow in sgLog.c and two URL filter bypass issues +https://bugzilla.redhat.com/show_bug.cgi?id=530862 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update squidGuard' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10780 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 11 FEDORA-2009-10780 (squidGuard)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"squidGuard", rpm:"squidGuard~1.4~8.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squidGuard-debuginfo", rpm:"squidGuard-debuginfo~1.4~8.fc11", rls:"FC11")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_10793.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_10793.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/fcore_2009_10793.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,88 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-10793 (wordpress) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66134); + script_version ("$Revision$"); + script_name("Fedora Core 11 FEDORA-2009-10793 (wordpress)"); + + desc = " +The remote host is missing an update to wordpress +announced via advisory FEDORA-2009-10793. + +Update Information: + +Updated to 2.8.5 (Hardening Release) +ChangeLog: + +* Wed Oct 21 2009 Adrian Reber - 2.8.5-1 +- updated to 2.8.5 (Hardening Release) + +References: + +[ 1 ] Bug #530056 - WordPress: Resource exhaustion (DoS) +https://bugzilla.redhat.com/show_bug.cgi?id=530056 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update wordpress' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10793 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 11 FEDORA-2009-10793 (wordpress)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"wordpress", rpm:"wordpress~2.8.5~1.fc11", rls:"FC11")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_10795.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_10795.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/fcore_2009_10795.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,89 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-10795 (wordpress) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66135); + script_version ("$Revision$"); + script_name("Fedora Core 10 FEDORA-2009-10795 (wordpress)"); + + desc = " +The remote host is missing an update to wordpress +announced via advisory FEDORA-2009-10795. + +Update Information: + +Updated to 2.8.5 (Hardening Release) + +ChangeLog: + +* Wed Oct 21 2009 Adrian Reber - 2.8.5-1 +- updated to 2.8.5 (Hardening Release) + +References: + +[ 1 ] Bug #530056 - WordPress: Resource exhaustion (DoS) +https://bugzilla.redhat.com/show_bug.cgi?id=530056 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update wordpress' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10795 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 10 FEDORA-2009-10795 (wordpress)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"wordpress", rpm:"wordpress~2.8.5~1.fc10", rls:"FC10")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_10822.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_10822.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/fcore_2009_10822.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,85 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-10822 (sahana) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66138); + script_version ("$Revision$"); + script_name("Fedora Core 10 FEDORA-2009-10822 (sahana)"); + + desc = " +The remote host is missing an update to sahana +announced via advisory FEDORA-2009-10822. + +ChangeLog: + +* Wed Oct 21 2009 David Nalley 0.6.2.2-6 +- fixed security issue noted in bz 530255 + +References: + +[ 1 ] Bug #530255 - Sahana security hole exposes any file on system +https://bugzilla.redhat.com/show_bug.cgi?id=530255 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update sahana' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10822 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 10 FEDORA-2009-10822 (sahana)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"sahana", rpm:"sahana~0.6.2.2~6.fc10", rls:"FC10")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_10823.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_10823.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/fcore_2009_10823.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,133 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-10823 (poppler) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66139); + script_cve_id("CVE-2009-3603", "CVE-2009-3604", "CVE-2009-3606", "CVE-2009-3607", "CVE-2009-3608", "CVE-2009-3609"); + script_version ("$Revision$"); + script_name("Fedora Core 10 FEDORA-2009-10823 (poppler)"); + + desc = " +The remote host is missing an update to poppler +announced via advisory FEDORA-2009-10823. + +Update Information: + +This build addresses several recent security issues. + +ChangeLog: + +* Sun Oct 25 2009 Rex Dieter - 0.8.8-7 +- CVE-2009-3603 SplashBitmap::SplashBitmap integer overflow (#526915) +- CVE-2009-3604 Splash::drawImage integer overflow and missing allocation + return value check(#526911) +- CVE-2009-3606 PSOutputDev::doImageL1Sep integer overflow (#526877) +- CVE-2009-3607 create_surface_from_thumbnail_data integer overflow (#526924) +- CVE-2009-3608 integer overflow in ObjectStream::ObjectStream (#526637) +- CVE-2009-3609 ImageStream::ImageStream integer overflow (#526893) + +References: + +[ 1 ] Bug #526915 - CVE-2009-3603 xpdf/poppler: SplashBitmap::SplashBitmap integer overflow +https://bugzilla.redhat.com/show_bug.cgi?id=526915 +[ 2 ] Bug #526911 - CVE-2009-3604 xpdf/poppler: Splash::drawImage integer overflow and missing allocation return value check +https://bugzilla.redhat.com/show_bug.cgi?id=526911 +[ 3 ] Bug #526877 - CVE-2009-3606 xpdf/poppler: PSOutputDev::doImageL1Sep integer overflow +https://bugzilla.redhat.com/show_bug.cgi?id=526877 +[ 4 ] Bug #526924 - CVE-2009-3607 poppler: create_surface_from_thumbnail_data integer overflow +https://bugzilla.redhat.com/show_bug.cgi?id=526924 +[ 5 ] Bug #526637 - CVE-2009-3608 xpdf/poppler: integer overflow in ObjectStream::ObjectStream (oCERT-2009-016) +https://bugzilla.redhat.com/show_bug.cgi?id=526637 +[ 6 ] Bug #526893 - CVE-2009-3609 xpdf/poppler: ImageStream::ImageStream integer overflow +https://bugzilla.redhat.com/show_bug.cgi?id=526893 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update poppler' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10823 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 10 FEDORA-2009-10823 (poppler)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"poppler", rpm:"poppler~0.8.7~7.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"poppler-devel", rpm:"poppler-devel~0.8.7~7.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"poppler-glib", rpm:"poppler-glib~0.8.7~7.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"poppler-glib-devel", rpm:"poppler-glib-devel~0.8.7~7.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"poppler-qt", rpm:"poppler-qt~0.8.7~7.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"poppler-qt-devel", rpm:"poppler-qt-devel~0.8.7~7.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"poppler-qt4", rpm:"poppler-qt4~0.8.7~7.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"poppler-qt4-devel", rpm:"poppler-qt4-devel~0.8.7~7.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"poppler-utils", rpm:"poppler-utils~0.8.7~7.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"poppler-debuginfo", rpm:"poppler-debuginfo~0.8.7~7.fc10", rls:"FC10")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_10845.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_10845.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/fcore_2009_10845.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,132 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-10845 (poppler) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66140); + script_cve_id("CVE-2009-3603", "CVE-2009-3604", "CVE-2009-3606", "CVE-2009-3607", "CVE-2009-3608", "CVE-2009-3609"); + script_version ("$Revision$"); + script_name("Fedora Core 11 FEDORA-2009-10845 (poppler)"); + + desc = " +The remote host is missing an update to poppler +announced via advisory FEDORA-2009-10845. + +Update Information: + +This build addresses several recent security issues. + +ChangeLog: + +* Sun Oct 25 2009 Rex Dieter - 0.10.7-3 +- CVE-2009-3603 SplashBitmap::SplashBitmap integer overflow (#526915) +- CVE-2009-3604 Splash::drawImage integer overflow and missing allocation return value check(#526911) +- CVE-2009-3606 PSOutputDev::doImageL1Sep integer overflow (#526877) +- CVE-2009-3607 poppler: create_surface_from_thumbnail_data integer overflow (#526924) +- CVE-2009-3608 integer overflow in ObjectStream::ObjectStream (#526637) +- CVE-2009-3609 ImageStream::ImageStream integer overflow (#526893) + +References: + +[ 1 ] Bug #526915 - CVE-2009-3603 xpdf/poppler: SplashBitmap::SplashBitmap integer overflow +https://bugzilla.redhat.com/show_bug.cgi?id=526915 +[ 2 ] Bug #526911 - CVE-2009-3604 xpdf/poppler: Splash::drawImage integer overflow and missing allocation return value check +https://bugzilla.redhat.com/show_bug.cgi?id=526911 +[ 3 ] Bug #526877 - CVE-2009-3606 xpdf/poppler: PSOutputDev::doImageL1Sep integer overflow +https://bugzilla.redhat.com/show_bug.cgi?id=526877 +[ 4 ] Bug #526924 - CVE-2009-3607 poppler: create_surface_from_thumbnail_data integer overflow +https://bugzilla.redhat.com/show_bug.cgi?id=526924 +[ 5 ] Bug #526637 - CVE-2009-3608 xpdf/poppler: integer overflow in ObjectStream::ObjectStream (oCERT-2009-016) +https://bugzilla.redhat.com/show_bug.cgi?id=526637 +[ 6 ] Bug #526893 - CVE-2009-3609 xpdf/poppler: ImageStream::ImageStream integer overflow +https://bugzilla.redhat.com/show_bug.cgi?id=526893 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update poppler' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10845 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 11 FEDORA-2009-10845 (poppler)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"poppler", rpm:"poppler~0.10.7~3.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"poppler-devel", rpm:"poppler-devel~0.10.7~3.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"poppler-glib", rpm:"poppler-glib~0.10.7~3.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"poppler-glib-devel", rpm:"poppler-glib-devel~0.10.7~3.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"poppler-qt", rpm:"poppler-qt~0.10.7~3.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"poppler-qt-devel", rpm:"poppler-qt-devel~0.10.7~3.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"poppler-qt4", rpm:"poppler-qt4~0.10.7~3.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"poppler-qt4-devel", rpm:"poppler-qt4-devel~0.10.7~3.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"poppler-utils", rpm:"poppler-utils~0.10.7~3.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"poppler-debuginfo", rpm:"poppler-debuginfo~0.10.7~3.fc11", rls:"FC11")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_10849.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_10849.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/fcore_2009_10849.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,114 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-10849 (systemtap) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66142); + script_cve_id("CVE-2009-2911"); + script_version ("$Revision$"); + script_name("Fedora Core 10 FEDORA-2009-10849 (systemtap)"); + + desc = " +The remote host is missing an update to systemtap +announced via advisory FEDORA-2009-10849. + +Update Information: + +Fixes three DOS issues in --unprivileged mode. (CVE-2009-2911) + +ChangeLog: + +* Wed Oct 21 2009 Josh Stone - 1.0-2 +- Fix three --unprivileged DOS issues (CVE-2009-2911) + +References: + +[ 1 ] Bug #529175 - CVE-2009-2911 SystemTap 1.0: Multiple denial of service flaws once --unprivileged mode is activated +https://bugzilla.redhat.com/show_bug.cgi?id=529175 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update systemtap' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10849 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 10 FEDORA-2009-10849 (systemtap)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"systemtap", rpm:"systemtap~1.0~2.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"systemtap-client", rpm:"systemtap-client~1.0~2.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"systemtap-grapher", rpm:"systemtap-grapher~1.0~2.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"systemtap-initscript", rpm:"systemtap-initscript~1.0~2.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"systemtap-runtime", rpm:"systemtap-runtime~1.0~2.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"systemtap-sdt-devel", rpm:"systemtap-sdt-devel~1.0~2.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"systemtap-server", rpm:"systemtap-server~1.0~2.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"systemtap-testsuite", rpm:"systemtap-testsuite~1.0~2.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"systemtap-debuginfo", rpm:"systemtap-debuginfo~1.0~2.fc10", rls:"FC10")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_10878.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_10878.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/fcore_2009_10878.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,114 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-10878 (chmsee) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66144); + script_cve_id("CVE-2009-3380", "CVE-2009-3376", "CVE-2009-3375", "CVE-2009-1563", "CVE-2009-3374", "CVE-2009-3373", "CVE-2009-3372", "CVE-2009-3274", "CVE-2009-3370"); + script_version ("$Revision$"); + script_name("Fedora Core 11 FEDORA-2009-10878 (chmsee)"); + + desc = " +The remote host is missing an update to chmsee +announced via advisory FEDORA-2009-10878. + +Update Information: + +Update to new upstream Firefox version 3.5.4, fixing multiple security issues +detailed in the upstream advisories: +http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.4 + +Update also includes all packages depending on gecko-libs rebuilt against +new version of Firefox / XULRunner. + +ChangeLog: + +* Tue Oct 27 2009 Jan Horak - 1.0.1-12 +- Rebuild against newer gecko + +References: + +[ 1 ] Bug #530567 - CVE-2009-3380 Firefox crashes with evidence of memory corruption +https://bugzilla.redhat.com/show_bug.cgi?id=530567 +[ 2 ] Bug #530168 - CVE-2009-3376 Firefox download filename spoofing with RTL override +https://bugzilla.redhat.com/show_bug.cgi?id=530168 +[ 3 ] Bug #530167 - CVE-2009-3375 Firefox cross-origin data theft through document.getSelection() +https://bugzilla.redhat.com/show_bug.cgi?id=530167 +[ 4 ] Bug #530162 - CVE-2009-1563 Firefox heap buffer overflow in string to number conversion +https://bugzilla.redhat.com/show_bug.cgi?id=530162 +[ 5 ] Bug #530157 - CVE-2009-3374 Firefox chrome privilege escalation in XPCVariant::VariantDataToJS() +https://bugzilla.redhat.com/show_bug.cgi?id=530157 +[ 6 ] Bug #530156 - CVE-2009-3373 Firefox heap buffer overflow in GIF color map parser +https://bugzilla.redhat.com/show_bug.cgi?id=530156 +[ 7 ] Bug #530155 - CVE-2009-3372 Firefox crash in proxy auto-configuration regexp parsing +https://bugzilla.redhat.com/show_bug.cgi?id=530155 +[ 8 ] Bug #524815 - CVE-2009-3274 Firefox: Predictable /tmp pathname use +https://bugzilla.redhat.com/show_bug.cgi?id=524815 +[ 9 ] Bug #530151 - CVE-2009-3370 Firefox form history vulnerable to stealing +https://bugzilla.redhat.com/show_bug.cgi?id=530151 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update chmsee' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10878 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 11 FEDORA-2009-10878 (chmsee)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"chmsee", rpm:"chmsee~1.0.1~12.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"chmsee-debuginfo", rpm:"chmsee-debuginfo~1.0.1~12.fc11", rls:"FC11")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_10949.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_10949.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/fcore_2009_10949.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,96 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-10949 (PyXML) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66189); + script_cve_id("CVE-2009-3720"); + script_version ("$Revision$"); + script_name("Fedora Core 10 FEDORA-2009-10949 (PyXML)"); + + desc = " +The remote host is missing an update to PyXML +announced via advisory FEDORA-2009-10949. + +Update Information: + +Switched to using system expat library. Updated expat packages are needed to +fully resolve this flaw. + +ChangeLog: + +* Mon Nov 2 2009 Roman Rakus - 0.8.4-12 +- Use system expat library +* Fri Oct 30 2009 Roman Rakus - 0.8.4-11 +- Fix buffer over read + +References: + +[ 1 ] Bug #531697 - CVE-2009-3720 expat: buffer over-read and crash on XML with malformed UTF-8 sequences +https://bugzilla.redhat.com/show_bug.cgi?id=531697 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update PyXML' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10949 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 10 FEDORA-2009-10949 (PyXML)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"PyXML", rpm:"PyXML~0.8.4~12.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"PyXML-debuginfo", rpm:"PyXML-debuginfo~0.8.4~12.fc10", rls:"FC10")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_10956.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_10956.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/fcore_2009_10956.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,93 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-10956 (python-4Suite-XML) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66190); + script_cve_id("CVE-2009-3720"); + script_version ("$Revision$"); + script_name("Fedora Core 10 FEDORA-2009-10956 (python-4Suite-XML)"); + + desc = " +The remote host is missing an update to python-4Suite-XML +announced via advisory FEDORA-2009-10956. + +Update Information: + +Fixes a denial of service when handling malformed XML (CVE-2009-3720) +ChangeLog: + +* Tue Nov 3 2009 Miloslav Trma? - 1.0.2-8 +- Fix an expat DoS +Related: #531697 + +References: + +[ 1 ] Bug #531697 - CVE-2009-3720 expat: buffer over-read and crash on XML with malformed UTF-8 sequences +https://bugzilla.redhat.com/show_bug.cgi?id=531697 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update python-4Suite-XML' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10956 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 10 FEDORA-2009-10956 (python-4Suite-XML)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"python-4Suite-XML", rpm:"python-4Suite-XML~1.0.2~8.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"python-4Suite-XML", rpm:"python-4Suite-XML~debuginfo~1.0.2", rls:"FC10")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_10972.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_10972.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/fcore_2009_10972.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,88 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-10972 (python-4Suite-XML) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66193); + script_cve_id("CVE-2009-3720"); + script_version ("$Revision$"); + script_name("Fedora Core 11 FEDORA-2009-10972 (python-4Suite-XML)"); + + desc = " +The remote host is missing an update to python-4Suite-XML +announced via advisory FEDORA-2009-10972. + +Update Information: + +Fixes a denial of service when handling malformed XML (CVE-2009-3720) + +References: + +[ 1 ] Bug #531697 - CVE-2009-3720 expat: buffer over-read and crash on XML with malformed UTF-8 sequences +https://bugzilla.redhat.com/show_bug.cgi?id=531697 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update python-4Suite-XML' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10972 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 11 FEDORA-2009-10972 (python-4Suite-XML)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"python-4Suite-XML", rpm:"python-4Suite-XML~1.0.2~8.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"python-4Suite-XML", rpm:"python-4Suite-XML~debuginfo~1.0.2", rls:"FC11")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_10981.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_10981.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/fcore_2009_10981.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,116 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-10981 (blam) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66194); + script_cve_id("CVE-2009-3380", "CVE-2009-3382", "CVE-2009-3376", "CVE-2009-3375", "CVE-2009-1563", "CVE-2009-3374", "CVE-2009-3373", "CVE-2009-3372", "CVE-2009-3274", "CVE-2009-3370"); + script_version ("$Revision$"); + script_name("Fedora Core 10 FEDORA-2009-10981 (blam)"); + + desc = " +The remote host is missing an update to blam +announced via advisory FEDORA-2009-10981. + +Update Information: + +Update to new upstream Firefox version 3.0.15, fixing multiple security issues +detailed in the upstream advisories: +http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.15 + +Update also includes all packages depending on gecko-libs rebuilt against +new version of Firefox / XULRunner. + +ChangeLog: + +* Tue Oct 27 2009 Jan Horak - 1.8.5-15 +- Rebuild against newer gecko + +References: + +[ 1 ] Bug #530567 - CVE-2009-3380 Firefox crashes with evidence of memory corruption +https://bugzilla.redhat.com/show_bug.cgi?id=530567 +[ 2 ] Bug #530569 - CVE-2009-3382 Firefox crashes with evidence of memory corruption +https://bugzilla.redhat.com/show_bug.cgi?id=530569 +[ 3 ] Bug #530168 - CVE-2009-3376 Firefox download filename spoofing with RTL override +https://bugzilla.redhat.com/show_bug.cgi?id=530168 +[ 4 ] Bug #530167 - CVE-2009-3375 Firefox cross-origin data theft through document.getSelection() +https://bugzilla.redhat.com/show_bug.cgi?id=530167 +[ 5 ] Bug #530162 - CVE-2009-1563 Firefox heap buffer overflow in string to number conversion +https://bugzilla.redhat.com/show_bug.cgi?id=530162 +[ 6 ] Bug #530157 - CVE-2009-3374 Firefox chrome privilege escalation in XPCVariant::VariantDataToJS() +https://bugzilla.redhat.com/show_bug.cgi?id=530157 +[ 7 ] Bug #530156 - CVE-2009-3373 Firefox heap buffer overflow in GIF color map parser +https://bugzilla.redhat.com/show_bug.cgi?id=530156 +[ 8 ] Bug #530155 - CVE-2009-3372 Firefox crash in proxy auto-configuration regexp parsing +https://bugzilla.redhat.com/show_bug.cgi?id=530155 +[ 9 ] Bug #524815 - CVE-2009-3274 Firefox: Predictable /tmp pathname use +https://bugzilla.redhat.com/show_bug.cgi?id=524815 +[ 10 ] Bug #530151 - CVE-2009-3370 Firefox form history vulnerable to stealing +https://bugzilla.redhat.com/show_bug.cgi?id=530151 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update blam' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10981 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 10 FEDORA-2009-10981 (blam)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"blam", rpm:"blam~1.8.5~15.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"blam-debuginfo", rpm:"blam-debuginfo~1.8.5~15.fc10", rls:"FC10")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_10987.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_10987.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/fcore_2009_10987.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,99 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-10987 (expat) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66195); + script_cve_id("CVE-2009-3720"); + script_version ("$Revision$"); + script_name("Fedora Core 11 FEDORA-2009-10987 (expat)"); + + desc = " +The remote host is missing an update to expat +announced via advisory FEDORA-2009-10987. + +Update Information: + +This update fixes a security vulnerability: +A buffer over-read flaw was found in the way Expat handles malformed UTF-8 +sequences when processing XML files. A specially-crafted XML file could +cause applications using Expat to crash while parsing the file. (CVE-2009-3720) + +ChangeLog: + +* Fri Oct 30 2009 Joe Orton - 2.0.1-6.1 +- add security fix for CVE-2009-3720 + +References: + +[ 1 ] Bug #531697 - CVE-2009-3720 expat: buffer over-read and crash on XML with malformed UTF-8 sequences +https://bugzilla.redhat.com/show_bug.cgi?id=531697 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update expat' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10987 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 11 FEDORA-2009-10987 (expat)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"expat", rpm:"expat~2.0.1~6.fc11.1", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"expat-devel", rpm:"expat-devel~2.0.1~6.fc11.1", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"expat-debuginfo", rpm:"expat-debuginfo~2.0.1~6.fc11.1", rls:"FC11")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_11029.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_11029.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/fcore_2009_11029.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,99 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-11029 (expat) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66198); + script_cve_id("CVE-2009-3720"); + script_version ("$Revision$"); + script_name("Fedora Core 10 FEDORA-2009-11029 (expat)"); + + desc = " +The remote host is missing an update to expat +announced via advisory FEDORA-2009-11029. + +Update Information: + +This update fixes a security vulnerability: +A buffer over-read flaw was found in the way Expat handles malformed UTF-8 +sequences when processing XML files. A specially-crafted XML file could cause +applications using Expat to crash while parsing the file. (CVE-2009-3720) + +ChangeLog: + +* Fri Oct 30 2009 Joe Orton - 2.0.1-5.1 +- add security fix for CVE-2009-3720 + +References: + +[ 1 ] Bug #531697 - CVE-2009-3720 expat: buffer over-read and crash on XML with malformed UTF-8 sequences +https://bugzilla.redhat.com/show_bug.cgi?id=531697 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update expat' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-11029 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 10 FEDORA-2009-11029 (expat)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"expat", rpm:"expat~2.0.1~5.fc10.1", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"expat-devel", rpm:"expat-devel~2.0.1~5.fc10.1", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"expat-debuginfo", rpm:"expat-debuginfo~2.0.1~5.fc10.1", rls:"FC10")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_11030.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_11030.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/fcore_2009_11030.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,96 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-11030 (PyXML) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66199); + script_cve_id("CVE-2009-3720"); + script_version ("$Revision$"); + script_name("Fedora Core 11 FEDORA-2009-11030 (PyXML)"); + + desc = " +The remote host is missing an update to PyXML +announced via advisory FEDORA-2009-11030. + +Update Information: + +Switched to using system expat library. Updated expat packages are needed to +fully resolve this flaw. + +ChangeLog: + +* Mon Nov 2 2009 Roman Rakus - 0.8.4-16 +- Use system expat library +* Fri Oct 30 2009 Roman Rakus - 0.8.4-15 +- Fix buffer over read + +References: + +[ 1 ] Bug #531697 - CVE-2009-3720 expat: buffer over-read and crash on XML with malformed UTF-8 sequences +https://bugzilla.redhat.com/show_bug.cgi?id=531697 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update PyXML' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-11030 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 11 FEDORA-2009-11030 (PyXML)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"PyXML", rpm:"PyXML~0.8.4~16.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"PyXML-debuginfo", rpm:"PyXML-debuginfo~0.8.4~16.fc11", rls:"FC11")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_11032.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_11032.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/fcore_2009_11032.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,159 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-11032 (kernel) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66200); + script_cve_id("CVE-2009-3547", "CVE-2009-3638", "CVE-2009-3624", "CVE-2009-3621", "CVE-2009-3620", "CVE-2009-3612", "CVE-2009-2909", "CVE-2009-2908", "CVE-2009-2903", "CVE-2009-3290", "CVE-2009-2847"); + script_version ("$Revision$"); + script_name("Fedora Core 11 FEDORA-2009-11032 (kernel)"); + + desc = " +The remote host is missing an update to kernel +announced via advisory FEDORA-2009-11032. + +For details on the issues addressed in this update, please +visit the referenced security advisories. + +References: + +[ 1 ] Bug #530490 - CVE-2009-3547 kernel: fs: pipe.c null pointer dereference +https://bugzilla.redhat.com/show_bug.cgi?id=530490 +[ 2 ] Bug #530515 - CVE-2009-3638 kernel: kvm: integer overflow in kvm_dev_ioctl_get_supported_cpuid() +https://bugzilla.redhat.com/show_bug.cgi?id=530515 +[ 3 ] Bug #530283 - CVE-2009-3624 kernel: get_instantiation_keyring() should inc the keyring refcount in all cases +https://bugzilla.redhat.com/show_bug.cgi?id=530283 +[ 4 ] Bug #529626 - CVE-2009-3621 kernel: AF_UNIX: Fix deadlock on connecting to shutdown socket +https://bugzilla.redhat.com/show_bug.cgi?id=529626 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update kernel' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-11032 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 11 FEDORA-2009-11032 (kernel)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"kernel", rpm:"kernel~2.6.30.9~96.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debuginfo-common", rpm:"kernel-debuginfo-common~i586~2.6.30.9", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-devel", rpm:"kernel-devel~2.6.30.9~96.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-headers", rpm:"kernel-headers~2.6.30.9~96.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debuginfo", rpm:"kernel-debuginfo~2.6.30.9~96.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAE", rpm:"kernel-PAE~2.6.30.9~96.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAE-devel", rpm:"kernel-PAE-devel~2.6.30.9~96.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAEdebug", rpm:"kernel-PAEdebug~2.6.30.9~96.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAEdebug-devel", rpm:"kernel-PAEdebug-devel~2.6.30.9~96.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debuginfo-common", rpm:"kernel-debuginfo-common~i686~2.6.30.9", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAE-debuginfo", rpm:"kernel-PAE-debuginfo~2.6.30.9~96.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAEdebug-debuginfo", rpm:"kernel-PAEdebug-debuginfo~2.6.30.9~96.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-doc", rpm:"kernel-doc~2.6.30.9~96.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-firmware", rpm:"kernel-firmware~2.6.30.9~96.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-bootwrapper", rpm:"kernel-bootwrapper~2.6.30.9~96.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debuginfo-common", rpm:"kernel-debuginfo-common~ppc~2.6.30.9", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-smp", rpm:"kernel-smp~2.6.30.9~96.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-smp-devel", rpm:"kernel-smp-devel~2.6.30.9~96.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-smp-debuginfo", rpm:"kernel-smp-debuginfo~2.6.30.9~96.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debuginfo-common", rpm:"kernel-debuginfo-common~ppc64~2.6.30.9", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debug", rpm:"kernel-debug~2.6.30.9~96.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debug-devel", rpm:"kernel-debug-devel~2.6.30.9~96.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debuginfo-common", rpm:"kernel-debuginfo-common~x86_64~2.6.30.9", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debug-debuginfo", rpm:"kernel-debug-debuginfo~2.6.30.9~96.fc11", rls:"FC11")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_11034.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_11034.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/fcore_2009_11034.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,96 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-11034 (alienarena-data) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66201); + script_cve_id("CVE-2009-3637"); + script_version ("$Revision$"); + script_name("Fedora Core 11 FEDORA-2009-11034 (alienarena-data)"); + + desc = " +The remote host is missing an update to alienarena-data +announced via advisory FEDORA-2009-11034. + +Data files (audio, maps, etc) for Alien Arena 2009. + +Update Information: + +Update to 7.32, fixes CVE-2009-3637. + +ChangeLog: + +* Mon Nov 2 2009 Tom spot Callaway 20091102-1 +- update to 20091102 (7.32) +* Thu Jul 30 2009 Tom spot Callaway 20090730-1 +- update to 20090730 (7.30) +* Fri Jul 24 2009 Fedora Release Engineering - 20090115-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +References: + +[ 1 ] Bug #530514 - CVE-2009-3637 alienarena: Buffer overflow by processing specially-crafted UDP reply from game server (ACE) +https://bugzilla.redhat.com/show_bug.cgi?id=530514 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update alienarena-data' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-11034 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 11 FEDORA-2009-11034 (alienarena-data)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"alienarena-data", rpm:"alienarena-data~20091102~1.fc11", rls:"FC11")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_11038.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_11038.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/fcore_2009_11038.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,149 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-11038 (kernel) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66202); + script_cve_id("CVE-2009-3547", "CVE-2009-3638", "CVE-2009-3621", "CVE-2009-3620", "CVE-2009-3612", "CVE-2009-2908", "CVE-2009-2903", "CVE-2009-3290", "CVE-2009-2847", "CVE-2009-2692", "CVE-2009-2406", "CVE-2009-2407", "CVE-2009-1895", "CVE-2009-1897", "CVE-2009-0065", "CVE-2008-5079"); + script_version ("$Revision$"); + script_name("Fedora Core 10 FEDORA-2009-11038 (kernel)"); + + desc = " +The remote host is missing an update to kernel +announced via advisory FEDORA-2009-11038. + +For details on the issues addressed with this update, please +visit the referenced security advisories. + +References: + +[ 1 ] Bug #530490 - CVE-2009-3547 kernel: fs: pipe.c null pointer dereference +https://bugzilla.redhat.com/show_bug.cgi?id=530490 +[ 2 ] Bug #530515 - CVE-2009-3638 kernel: kvm: integer overflow in kvm_dev_ioctl_get_supported_cpuid() +https://bugzilla.redhat.com/show_bug.cgi?id=530515 +[ 3 ] Bug #529626 - CVE-2009-3621 kernel: AF_UNIX: Fix deadlock on connecting to shutdown socket +https://bugzilla.redhat.com/show_bug.cgi?id=529626 +[ 4 ] Bug #529597 - CVE-2009-3620 kernel: r128 IOCTL NULL pointer dereferences when CCE state is uninitialised +https://bugzilla.redhat.com/show_bug.cgi?id=529597 +[ 5 ] Bug #528868 - CVE-2009-3612 kernel: tcf_fill_node() infoleak due to typo in 9ef1d4c7 +https://bugzilla.redhat.com/show_bug.cgi?id=528868 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update kernel' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-11038 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 10 FEDORA-2009-11038 (kernel)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"kernel-headers", rpm:"kernel-headers~2.6.27.38~170.2.113.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel", rpm:"kernel~2.6.27.38~170.2.113.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-devel", rpm:"kernel-devel~2.6.27.38~170.2.113.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debuginfo", rpm:"kernel-debuginfo~2.6.27.38~170.2.113.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debuginfo-common", rpm:"kernel-debuginfo-common~2.6.27.38~170.2.113.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAE", rpm:"kernel-PAE~2.6.27.38~170.2.113.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAE-devel", rpm:"kernel-PAE-devel~2.6.27.38~170.2.113.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAEdebug", rpm:"kernel-PAEdebug~2.6.27.38~170.2.113.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAEdebug-devel", rpm:"kernel-PAEdebug-devel~2.6.27.38~170.2.113.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debug", rpm:"kernel-debug~2.6.27.38~170.2.113.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debug-devel", rpm:"kernel-debug-devel~2.6.27.38~170.2.113.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAE-debuginfo", rpm:"kernel-PAE-debuginfo~2.6.27.38~170.2.113.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAEdebug-debuginfo", rpm:"kernel-PAEdebug-debuginfo~2.6.27.38~170.2.113.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debug-debuginfo", rpm:"kernel-debug-debuginfo~2.6.27.38~170.2.113.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-doc", rpm:"kernel-doc~2.6.27.38~170.2.113.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-firmware", rpm:"kernel-firmware~2.6.27.38~170.2.113.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-bootwrapper", rpm:"kernel-bootwrapper~2.6.27.38~170.2.113.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-smp", rpm:"kernel-smp~2.6.27.38~170.2.113.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-smp-devel", rpm:"kernel-smp-devel~2.6.27.38~170.2.113.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-smp-debuginfo", rpm:"kernel-smp-debuginfo~2.6.27.38~170.2.113.fc10", rls:"FC10")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_11066.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_11066.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/fcore_2009_11066.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,97 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-11066 (alienarena) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66203); + script_cve_id("CVE-2009-3637"); + script_version ("$Revision$"); + script_name("Fedora Core 10 FEDORA-2009-11066 (alienarena)"); + + desc = " +The remote host is missing an update to alienarena +announced via advisory FEDORA-2009-11066. + +Update Information: + +Update to 7.32, fixes CVE-2009-3637. + +ChangeLog: + +* Mon Nov 2 2009 Tom spot Callaway - 7.32-1 +- update to 7.32 +- fix CVE-2009-3637 (bugzilla 530514) + +References: + +[ 1 ] Bug #530514 - CVE-2009-3637 alienarena: Buffer overflow by processing specially-crafted UDP reply from game server (ACE) +https://bugzilla.redhat.com/show_bug.cgi?id=530514 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update alienarena' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-11066 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 10 FEDORA-2009-11066 (alienarena)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"alienarena", rpm:"alienarena~7.32~1.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"alienarena-server", rpm:"alienarena-server~7.32~1.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"alienarena-debuginfo", rpm:"alienarena-debuginfo~7.32~1.fc10", rls:"FC10")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_9837.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_9837.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/fcore_2009_9837.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,113 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-9837 (wireshark) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66186); + script_cve_id("CVE-2009-2559", "CVE-2009-2560", "CVE-2009-2561", "CVE-2009-2562", "CVE-2009-2563", "CVE-2009-3241", "CVE-2009-3242"); + script_version ("$Revision$"); + script_name("Fedora Core 11 FEDORA-2009-9837 (wireshark)"); + + desc = " +The remote host is missing an update to wireshark +announced via advisory FEDORA-2009-9837. + +Update Information: + +Update to Wireshark 1.2.2 fixing multiple security issues: +http://www.wireshark.org/docs/relnotes/wireshark-1.2.2.html +http://www.wireshark.org/security/wnpa-sec-2009-06.html + +For details, please visit the referenced security advisories. + +ChangeLog: + +* Tue Sep 22 2009 Radek Vokal - 1.2.2 +- upgrade to 1.2.2 +- http://www.wireshark.org/docs/relnotes/wireshark-1.2.2.html + +References: + +[ 1 ] Bug #512953 - CVE-2009-2559 Wireshark-1.2.0: DoS (crash) due array index error in IPMI dissector +https://bugzilla.redhat.com/show_bug.cgi?id=512953 +[ 2 ] Bug #513008 - CVE-2009-2560 Wireshark: Null-ptr dereference in the RADIUS dissector +https://bugzilla.redhat.com/show_bug.cgi?id=513008 +[ 3 ] Bug #513033 - CVE-2009-2561 Wireshark: Dos (excessive CPU and memory use) via large amount of tree items in the sFlow dissector +https://bugzilla.redhat.com/show_bug.cgi?id=513033 +[ 4 ] Bug #512987 - CVE-2009-2562 Wireshark: Integer overflow in the AFS dissector +https://bugzilla.redhat.com/show_bug.cgi?id=512987 +[ 5 ] Bug #512992 - CVE-2009-2563 Wireshark: Null-ptr dereference in the InfiniBand dissector +https://bugzilla.redhat.com/show_bug.cgi?id=512992 +[ 6 ] Bug #523987 - CVE-2009-3241 Wireshark: DoS (excessive CPU use) in OPCUA dissector +https://bugzilla.redhat.com/show_bug.cgi?id=523987 +[ 7 ] Bug #524001 - CVE-2009-3242 Wireshark: DoS (crash) in GSM A RR dissector +https://bugzilla.redhat.com/show_bug.cgi?id=524001 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update wireshark' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-9837 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 11 FEDORA-2009-9837 (wireshark)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"wireshark", rpm:"wireshark~1.2.2~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"wireshark-gnome", rpm:"wireshark-gnome~1.2.2~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"wireshark-debuginfo", rpm:"wireshark-debuginfo~1.2.2~1.fc11", rls:"FC11")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_9973.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_9973.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/fcore_2009_9973.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,88 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-9973 (BackupPC) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66137); + script_cve_id("CVE-2009-3369"); + script_version ("$Revision$"); + script_name("Fedora Core 10 FEDORA-2009-9973 (BackupPC)"); + + desc = " +The remote host is missing an update to BackupPC +announced via advisory FEDORA-2009-9973. + +ChangeLog: + +* Fri Sep 25 2009 Johan Cwiklinski 3.1.0-6 +- Fix security bug (bug #518412) +* Fri Sep 18 2009 Johan Cwiklinski 3.1.0-5 +- Fix SELinux policy module for UserEmailInfo.pl file + +References: + +[ 1 ] Bug #518412 - CVE-2009-3369 BackupPC: Permission bypass via ClientNameAlias by using rsync data backup method +https://bugzilla.redhat.com/show_bug.cgi?id=518412 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update BackupPC' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-9973 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 10 FEDORA-2009-9973 (BackupPC)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"BackupPC", rpm:"BackupPC~3.1.0~6.fc10", rls:"FC10")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_9982.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_9982.nasl 2009-11-11 14:39:37 UTC (rev 5840) +++ trunk/openvas-plugins/scripts/fcore_2009_9982.nasl 2009-11-11 14:56:44 UTC (rev 5841) @@ -0,0 +1,88 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-9982 (BackupPC) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66136); + script_cve_id("CVE-2009-3369"); + script_version ("$Revision$"); + script_name("Fedora Core 11 FEDORA-2009-9982 (BackupPC)"); + + desc = " +The remote host is missing an update to BackupPC +announced via advisory FEDORA-2009-9982. + +ChangeLog: + +* Fri Sep 25 2009 Johan Cwiklinski 3.1.0-7 +- Fix security bug (bug #518412) +* Fri Sep 18 2009 Johan Cwiklinski 3.1.0-6 +- Fix SELinux policy module for UserEmailInfo.pl file + +References: + +[ 1 ] Bug #518412 - CVE-2009-3369 BackupPC: Permission bypass via ClientNameAlias by using rsync data backup method +https://bugzilla.redhat.com/show_bug.cgi?id=518412 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update BackupPC' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-9982 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 11 FEDORA-2009-9982 (BackupPC)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("s