[Openvas-commits] r5777 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Mon Nov 2 14:39:34 CET 2009
Author: chandra
Date: 2009-11-02 14:39:30 +0100 (Mon, 02 Nov 2009)
New Revision: 5777
Added:
trunk/openvas-plugins/scripts/gb_firefox_dos_vuln_nov09_lin.nasl
trunk/openvas-plugins/scripts/gb_firefox_dos_vuln_nov09_win.nasl
trunk/openvas-plugins/scripts/gb_firefox_mult_mem_crptn_vuln_nov09_lin.nasl
trunk/openvas-plugins/scripts/gb_firefox_mult_mem_crptn_vuln_nov09_win.nasl
trunk/openvas-plugins/scripts/gb_firefox_mult_vuln_nov09_lin.nasl
trunk/openvas-plugins/scripts/gb_firefox_mult_vuln_nov09_win.nasl
trunk/openvas-plugins/scripts/gb_gpg4win_detect.nasl
trunk/openvas-plugins/scripts/gb_gpg4win_dos_vuln.nasl
trunk/openvas-plugins/scripts/gb_snort_detect_lin.nasl
trunk/openvas-plugins/scripts/gb_snort_ipv6_dos_vuln_lin.nasl
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/cve_current.txt
Log:
Added new plugins
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2009-11-02 12:02:45 UTC (rev 5776)
+++ trunk/openvas-plugins/ChangeLog 2009-11-02 13:39:30 UTC (rev 5777)
@@ -1,3 +1,17 @@
+2009-11-02 Chandrashekhar B <bchandra at secpod.com>
+
+ * scripts/gb_firefox_mult_vuln_nov09_lin.nasl,
+ scripts/gb_gpg4win_detect.nasl,
+ scripts/gb_snort_ipv6_dos_vuln_lin.nasl,
+ scripts/gb_firefox_mult_mem_crptn_vuln_nov09_lin.nasl,
+ scripts/gb_snort_detect_lin.nasl,
+ scripts/gb_firefox_dos_vuln_nov09_win.nasl,
+ scripts/gb_firefox_mult_vuln_nov09_win.nasl,
+ scripts/gb_gpg4win_dos_vuln.nasl,
+ scripts/gb_firefox_mult_mem_crptn_vuln_nov09_win.nasl,
+ scripts/gb_firefox_dos_vuln_nov09_lin.nasl:
+ Added new plugins.
+
2009-11-02 Michael Meyer <michael.meyer at intevation.de>
* scripts/ping_host.nasl:
Modified: trunk/openvas-plugins/cve_current.txt
===================================================================
--- trunk/openvas-plugins/cve_current.txt 2009-11-02 12:02:45 UTC (rev 5776)
+++ trunk/openvas-plugins/cve_current.txt 2009-11-02 13:39:30 UTC (rev 5777)
@@ -183,16 +183,10 @@
CVE-2009-2999 SecPod
CVE-2009-3639 Greenbone svn R
CVE-2009-2281 Greenbone svn R
-CVE-2009-2942 SecPod
-CVE-2009-2943 SecPod
CVE-2009-2940 SecPod
CVE-2009-2281 SecPod
-CVE-2009-3767 SecPod
CVE-2009-3622 SecPod svn R
CVE-2009-3616 SecPod svn L
-CVE-2009-3753 SecPod
-CVE-2009-3752 SecPod
-CVE-2009-3751 SecPod
CVE-2009-3789 SecPod svn R
CVE-2009-3788 SecPod svn R
CVE-2009-3801 SecPod svn R
@@ -234,3 +228,9 @@
CVE-2009-3832
CVE-2009-3831
CVE-2009-3627
+CVE-2009-3664 SecPod svn R
+CVE-2009-3665 SecPod svn R
+CVE-2009-3666 SecPod svn R
+CVE-2009-3805 SecPod svn L
+CVE-2009-3641 SecPod svn L
+
Added: trunk/openvas-plugins/scripts/gb_firefox_dos_vuln_nov09_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_firefox_dos_vuln_nov09_lin.nasl 2009-11-02 12:02:45 UTC (rev 5776)
+++ trunk/openvas-plugins/scripts/gb_firefox_dos_vuln_nov09_lin.nasl 2009-11-02 13:39:30 UTC (rev 5777)
@@ -0,0 +1,84 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_firefox_dos_vuln_nov09_lin.nasl 5567 2009-11-02 14:15:33Z nov $
+#
+# Mozilla Firefox Denial Of Service Vulnerability Nov-09 (Linux)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801135);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-3382");
+ script_bugtraq_id(36866);
+ script_name("Mozilla Firefox Denial Of Service Vulnerability Nov-09 (Linux)");
+ desc = "
+ Overview: This host is installed with Mozilla Firefox and is prone to Denial
+ of Service vulnerability.
+
+ Vulnerability Insight:
+ A memory corruption error in layout/base/nsCSSFrameConstructor.cpp in the
+ browser engine can be exploited to potentially execute arbitrary code or
+ crash the browser.
+
+ Impact:
+ Denial of Service or arbitrary code execution.
+
+ Impact Level: Application/System
+
+ Affected Software/OS:
+ Firefox version 3.0 before 3.0.15 on Linux.
+
+ Fix: Upgrade to Firefox version 3.0.15
+ http://www.mozilla.com/en-US/firefox/all.html
+
+ References:
+ https://bugzilla.mozilla.org/show_bug.cgi?id=514960
+ http://www.mozilla.org/security/announce/2009/mfsa2009-64.html
+
+ CVSS Score:
+ CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 7.8
+ Risk factor: High";
+
+ script_description(desc);
+ script_summary("Check for the version of Firefox");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("Denial of Service");
+ script_dependencies("gb_firefox_detect_lin.nasl");
+ script_require_keys("Firefox/Linux/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+ffVer = get_kb_item("Firefox/Linux/Ver");
+if(!ffVer){
+ exit(0);
+}
+
+# Check for Firefox version 3.0 < 3.0.15
+if(version_in_range(version:ffVer, test_version:"3.0", test_version2:"3.0.14")) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/gb_firefox_dos_vuln_nov09_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_firefox_dos_vuln_nov09_win.nasl 2009-11-02 12:02:45 UTC (rev 5776)
+++ trunk/openvas-plugins/scripts/gb_firefox_dos_vuln_nov09_win.nasl 2009-11-02 13:39:30 UTC (rev 5777)
@@ -0,0 +1,84 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_firefox_dos_vuln_nov09_win.nasl 5567 2009-11-02 13:45:33Z nov $
+#
+# Mozilla Firefox Denial Of Service Vulnerability Nov-09 (Win)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801134);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-3382");
+ script_bugtraq_id(36866);
+ script_name("Mozilla Firefox Denial Of Service Vulnerability Nov-09 (Win)");
+ desc = "
+ Overview: This host is installed with Mozilla Firefox and is pront to Denial
+ of Service vulnerability.
+
+ Vulnerability Insight:
+ A memory corruption error in layout/base/nsCSSFrameConstructor.cpp in the
+ browser engine can be exploited to potentially execute arbitrary code or
+ crash the browser.
+
+ Impact:
+ Denial of Service or arbitrary code execution.
+
+ Impact Level: Application/System
+
+ Affected Software/OS:
+ Firefox version 3.0 before 3.0.15 on Windows.
+
+ Fix: Upgrade to Firefox version 3.0.15
+ http://www.mozilla.com/en-US/firefox/all.html
+
+ References:
+ https://bugzilla.mozilla.org/show_bug.cgi?id=514960
+ http://www.mozilla.org/security/announce/2009/mfsa2009-64.html
+
+ CVSS Score:
+ CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 7.8
+ Risk factor: High";
+
+ script_description(desc);
+ script_summary("Check for the version of Firefox");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("Denial of Service");
+ script_dependencies("gb_firefox_detect_win.nasl");
+ script_require_keys("Firefox/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+ffVer = get_kb_item("Firefox/Win/Ver");
+if(!ffVer){
+ exit(0);
+}
+
+# Check for Firefox version 3.0 < 3.0.15
+if(version_in_range(version:ffVer, test_version:"3.0", test_version2:"3.0.14")) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/gb_firefox_mult_mem_crptn_vuln_nov09_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_firefox_mult_mem_crptn_vuln_nov09_lin.nasl 2009-11-02 12:02:45 UTC (rev 5776)
+++ trunk/openvas-plugins/scripts/gb_firefox_mult_mem_crptn_vuln_nov09_lin.nasl 2009-11-02 13:39:30 UTC (rev 5777)
@@ -0,0 +1,91 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_firefox_mult_mem_crptn_vuln_nov09_lin.nasl 5567 2009-11-02 13:30:33Z nov $
+#
+# Mozilla Firefox Multiple Memory Corruption Vulnerabilities Nov-09 (Linux)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801133);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-3371", "CVE-2009-3377", "CVE-2009-3378",
+ "CVE-2009-3379", "CVE-2009-3381", "CVE-2009-3383");
+ script_bugtraq_id(36854, 36872, 36873, 36875, 36870, 36869);
+ script_name("Mozilla Firefox Multiple Memory Corruption Vulnerabilities Nov-09 (Linux)");
+ desc = "
+ Overview: This host is installed with Mozilla Firefox and is prone to multiple
+ memory vorruption vulnerabilities.
+
+ Vulnerability Insight:
+ - An error exists when creating JavaScript web-workers recursively that can
+ be exploited to trigger the use of freed memory.
+ - An error in the embedded 'liboggz' or 'libvorbis' library that can be
+ exploited to cause a crash.
+ - An error exists in the 'oggplay_data_handle_theora_frame' function in
+ media/liboggplay/src/liboggplay/oggplay_data.c in 'liboggplay' library that
+ can be exploited to cause a crash.
+
+ Impact:
+ Successful exploitation will let attacker to cause Denial of Service or
+ memory corrption on the user's system.
+
+ Impact Level: Application/System
+
+ Affected Software/OS:
+ Firefox version 3.5 before 3.5.4 on Linux.
+
+ Fix: Upgrade to Firefox version 3.5.4
+ http://www.mozilla.com/en-US/firefox/all.html
+
+ References:
+ http://www.mozilla.org/security/announce/2009/mfsa2009-54.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-63.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-64.html
+
+ CVSS Score:
+ CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 7.8
+ Risk factor: High";
+
+ script_description(desc);
+ script_summary("Check for the version of Firefox");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("Denial of Service");
+ script_dependencies("gb_firefox_detect_lin.nasl");
+ script_require_keys("Firefox/Linux/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+ffVer = get_kb_item("Firefox/Linux/Ver");
+if(!ffVer){
+ exit(0);
+}
+
+# Check for Firefox version 3.5 < 3.5.4
+if(version_in_range(version:ffVer, test_version:"3.5", test_version2:"3.5.3")) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/gb_firefox_mult_mem_crptn_vuln_nov09_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_firefox_mult_mem_crptn_vuln_nov09_win.nasl 2009-11-02 12:02:45 UTC (rev 5776)
+++ trunk/openvas-plugins/scripts/gb_firefox_mult_mem_crptn_vuln_nov09_win.nasl 2009-11-02 13:39:30 UTC (rev 5777)
@@ -0,0 +1,91 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_firefox_mult_mem_crptn_vuln_nov09_win.nasl 5567 2009-11-02 13:00:33Z nov $
+#
+# Mozilla Firefox Multiple Memory Corruption Vulnerabilities Nov-09 (Win)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801132);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-3371", "CVE-2009-3377", "CVE-2009-3378",
+ "CVE-2009-3379", "CVE-2009-3381", "CVE-2009-3383");
+ script_bugtraq_id(36854, 36872, 36873, 36875, 36870, 36869);
+ script_name("Mozilla Firefox Multiple Memory Corruption Vulnerabilities Nov-09 (Win)");
+ desc = "
+ Overview: This host is installed with Mozilla Firefox and is prone to multiple
+ Memory Corruption vulnerabilities.
+
+ Vulnerability Insight:
+ - An error exists when creating JavaScript web-workers recursively that can
+ be exploited to trigger the use of freed memory.
+ - An error in the embedded 'liboggz' or 'libvorbis' library that can be
+ exploited to cause a crash.
+ - An error exists in the 'oggplay_data_handle_theora_frame' function in
+ media/liboggplay/src/liboggplay/oggplay_data.c in 'liboggplay' library that
+ can be exploited to cause a crash.
+
+ Impact:
+ Successful exploitation will let attacker to cause Denial of Service or
+ memory corrption on the user's system.
+
+ Impact Level: Application/System
+
+ Affected Software/OS:
+ Firefox version 3.5 before 3.5.4 on Windows.
+
+ Fix: Upgrade to Firefox version 3.5.4
+ http://www.mozilla.com/en-US/firefox/all.html
+
+ References:
+ http://www.mozilla.org/security/announce/2009/mfsa2009-54.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-63.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-64.html
+
+ CVSS Score:
+ CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 7.8
+ Risk factor: High";
+
+ script_description(desc);
+ script_summary("Check for the version of Firefox");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("Denial of Service");
+ script_dependencies("gb_firefox_detect_win.nasl");
+ script_require_keys("Firefox/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+ffVer = get_kb_item("Firefox/Win/Ver");
+if(!ffVer){
+ exit(0);
+}
+
+# Check for Firefox version 3.5 < 3.5.4
+if(version_in_range(version:ffVer, test_version:"3.5", test_version2:"3.5.3")) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/gb_firefox_mult_vuln_nov09_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_firefox_mult_vuln_nov09_lin.nasl 2009-11-02 12:02:45 UTC (rev 5776)
+++ trunk/openvas-plugins/scripts/gb_firefox_mult_vuln_nov09_lin.nasl 2009-11-02 13:39:30 UTC (rev 5777)
@@ -0,0 +1,112 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_firefox_mult_vuln_nov09_lin.nasl 5567 2009-11-02 11:46:33Z nov $
+#
+# Mozilla Firefox Multiple Vulnerabilities Nov-09 (Linux)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801131);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-1563", "CVE-2009-3370", "CVE-2009-3372", "CVE-2009-3373",
+ "CVE-2009-3374", "CVE-2009-3375", "CVE-2009-3376", "CVE-2009-3380");
+ script_bugtraq_id(36851, 36853, 36856, 36855, 36857, 36858, 36867, 36871);
+ script_name("Mozilla Firefox Multiple Vulnerabilities Nov-09 (Linux)");
+ desc = "
+ Overview: This host is installed with Mozilla Firefox browser and is prone to
+ multiple vulnerabilities.
+
+ Vulnerability Insight:
+ Muliple flaw are due to following errors,
+ - An array indexing error exists when allocating space for floating point
+ numbers. This can be exploited to trigger a memory corruption when a
+ specially crafted floating point number is processed.
+ - An error in the form history functionality can be exploited to disclose
+ history entries via a specially crafted web page that triggers the automatic
+ filling of form fields.
+ - When parsing regular expressions used in Proxy Auto-configuration. This can
+ be exploited to cause a crash or potentially execute arbitrary code via
+ specially crafted configured PAC files.
+ - When processing GIF, color maps can be exploited to cause a heap based
+ buffer overflow and potentially execute arbitrary code via a specially
+ crafted GIF file.
+ - An error in the 'XPCVariant::VariantDataToJS()' XPCOM utility, which can be
+ exploited to execute arbitrary JavaScript code with chrome privileges.
+ - An error in the implementation of the JavaScript 'document.getSelection()'
+ can be exploited to read text selected on a web page in a different domain.
+ - An error when downloading files can be exploited to display different file
+ names in the download dialog title bar and download dialog body. This can
+ be exploited to obfuscate file names via a right-to-left override character
+ and potentially trick a user into running an executable file.
+
+ Impact:
+ Successful exploitation will let attacker to disclose sensitive information,
+ bypass certain security restrictions, manipulate certain data, or compromise
+ a user's system.
+
+ Impact Level: Application/System
+
+ Affected Software/OS:
+ Firefox version 3.0 before 3.0.15 and 3.5 before 3.5.4 on Linux.
+
+ Fix: Upgrade to Firefox version 3.0.15 or 3.5.4
+ http://www.mozilla.com/en-US/firefox/all.html
+
+ References:
+ http://secunia.com/secunia_research/2009-35/
+ http://www.mozilla.org/security/announce/2009/mfsa2009-52.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-55.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-56.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-57.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-59.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-61.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-62.html
+
+ CVSS Score:
+ CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 7.8
+ Risk factor: High";
+
+ script_description(desc);
+ script_summary("Check for the version of Firefox");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("Buffer overflow");
+ script_dependencies("gb_firefox_detect_lin.nasl");
+ script_require_keys("Firefox/Linux/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+ffVer = get_kb_item("Firefox/Linux/Ver");
+if(!ffVer){
+ exit(0);
+}
+
+# Check for Firefox version 3.0 < 3.0.15 or 3.5 < 3.5.4
+if(version_in_range(version:ffVer, test_version:"3.0", test_version2:"3.0.14")||
+ version_in_range(version:ffVer, test_version:"3.5", test_version2:"3.5.3")) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/gb_firefox_mult_vuln_nov09_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_firefox_mult_vuln_nov09_win.nasl 2009-11-02 12:02:45 UTC (rev 5776)
+++ trunk/openvas-plugins/scripts/gb_firefox_mult_vuln_nov09_win.nasl 2009-11-02 13:39:30 UTC (rev 5777)
@@ -0,0 +1,114 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_firefox_mult_vuln_nov09_win.nasl 5567 2009-11-02 11:16:33Z nov $
+#
+# Mozilla Firefox Multiple Vulnerabilities Nov-09 (Win)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801130);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-1563", "CVE-2009-3370", "CVE-2009-3372", "CVE-2009-3373",
+ "CVE-2009-3374", "CVE-2009-3375", "CVE-2009-3376", "CVE-2009-3380");
+ script_bugtraq_id(36851, 36853, 36856, 36855, 36857, 36858, 36867, 36871);
+ script_name("Mozilla Firefox Multiple Vulnerabilities Nov-09 (Win)");
+ desc = "
+ Overview: This host is installed with Mozilla Firefox browser and is prone to
+ multiple vulnerabilities.
+
+ Vulnerability Insight:
+ Muliple flaw are due to following errors,
+ - An array indexing error exists when allocating space for floating point
+ numbers. This can be exploited to trigger a memory corruption when a
+ specially crafted floating point number is processed.
+ - An error in the form history functionality can be exploited to disclose
+ history entries via a specially crafted web page that triggers the automatic
+ filling of form fields.
+ - When parsing regular expressions used in Proxy Auto-configuration. This can
+ be exploited to cause a crash or potentially execute arbitrary code via
+ specially crafted configured PAC files.
+ - When processing GIF, color maps can be exploited to cause a heap based
+ buffer overflow and potentially execute arbitrary code via a specially
+ crafted GIF file.
+ - An error in the 'XPCVariant::VariantDataToJS()' XPCOM utility, which can be
+ exploited to execute arbitrary JavaScript code with chrome privileges.
+ - An error in the implementation of the JavaScript 'document.getSelection()'
+ can be exploited to read text selected on a web page in a different domain.
+ - An error when downloading files can be exploited to display different file
+ names in the download dialog title bar and download dialog body. This can
+ be exploited to obfuscate file names via a right-to-left override character
+ and potentially trick a user into running an executable file.
+ - Multiple unspecified errors in the browser engines can be exploited to cause
+ crash or potentially execute arbitrary code.
+
+ Impact:
+ Successful exploitation will let attacker to disclose sensitive information,
+ bypass certain security restrictions, manipulate certain data, or compromise
+ a user's system.
+
+ Impact Level: Application/System
+
+ Affected Software/OS:
+ Firefox version 3.0 before 3.0.15 and 3.5 before 3.5.4 on Windows.
+
+ Fix: Upgrade to Firefox version 3.0.15 or 3.5.4
+ http://www.mozilla.com/en-US/firefox/all.html
+
+ References:
+ http://secunia.com/secunia_research/2009-35/
+ http://www.mozilla.org/security/announce/2009/mfsa2009-52.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-55.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-56.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-57.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-59.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-61.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-62.html
+
+ CVSS Score:
+ CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 7.8
+ Risk factor: High";
+
+ script_description(desc);
+ script_summary("Check for the version of Firefox");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("Buffer overflow");
+ script_dependencies("gb_firefox_detect_win.nasl");
+ script_require_keys("Firefox/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+ffVer = get_kb_item("Firefox/Win/Ver");
+if(!ffVer){
+ exit(0);
+}
+
+# Check for Firefox version 3.0 < 3.0.15 or 3.5 < 3.5.4
+if(version_in_range(version:ffVer, test_version:"3.0", test_version2:"3.0.14")||
+ version_in_range(version:ffVer, test_version:"3.5", test_version2:"3.5.3")) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/gb_gpg4win_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_gpg4win_detect.nasl 2009-11-02 12:02:45 UTC (rev 5776)
+++ trunk/openvas-plugins/scripts/gb_gpg4win_detect.nasl 2009-11-02 13:39:30 UTC (rev 5777)
@@ -0,0 +1,91 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_gpg4win_detect.nasl 5517 2009-11-02 19:36:44Z nov $
+#
+# Gpg4win And Components Version Detection (Win)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801128);
+ script_version("$Revision: 1.0 $");
+ script_name("Gpg4win And Components Version Detection (Win)");
+ desc ="
+ Overview: This script detects the installed product version of Gpg4win and
+ its components and sets the results in KB.
+
+ Risk factor : Informational";
+
+ script_description(desc);
+ script_summary("Set KB for the version of Gpg4win");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("Service detection");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_keys("SMB/WindowsVersion");
+ script_require_ports(139, 445);
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+ exit(0);
+}
+
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GPG4Win";
+gpgName = registry_get_sz(key:key, item:"DisplayName");
+
+if("Gpg4win" >< gpgName || ("GnuPG" >< gpgName))
+{
+ gpgVer = registry_get_sz(key:key, item:"DisplayVersion");
+ gpgVer = ereg_replace(pattern:"-", replace:".", string:gpgVer);
+
+ # Set KB for Gpg4Win
+ if(gpgVer != NULL)
+ {
+ set_kb_item(name:"Gpg4win/Win/Ver", value:gpgVer);
+
+ gpgPath = registry_get_sz(key:key, item:"InstallLocation");
+ if(gpgPath)
+ {
+ gpgPath += "\share\gpg4win\README.en.txt";
+ share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:gpgPath);
+ file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:gpgPath);
+ txtRead = read_file(share:share, file:file, offset:2000, count:10000);
+
+ # Set KB for Kleopatra
+ kleoVer = eregmatch(pattern:"Kleopatra: +([0-9.]+)", string:txtRead);
+ if(kleoVer[1]){
+ set_kb_item(name:"Kleopatra/Win/Ver", value:kleoVer[1]);
+ }
+
+ # Set KB for GNU Privacy Assistant
+ gpaVer = eregmatch(pattern:"GPA: +([0-9.]+)", string:txtRead);
+ if(gpaVer[1]){
+ set_kb_item(name:"GPA/Win/Ver", value:gpaVer[1]);
+ }
+ }
+ }
+}
Added: trunk/openvas-plugins/scripts/gb_gpg4win_dos_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_gpg4win_dos_vuln.nasl 2009-11-02 12:02:45 UTC (rev 5776)
+++ trunk/openvas-plugins/scripts/gb_gpg4win_dos_vuln.nasl 2009-11-02 13:39:30 UTC (rev 5777)
@@ -0,0 +1,90 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_gpg4win_dos_vuln.nasl 5517 2009-11-02 20:17:34Z nov $
+#
+# Gpg4Win Denial Of Service Vulnerability
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801129);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-3805");
+ script_bugtraq_id(36781);
+ script_name("Gpg4Win Denial Of Service Vulnerability");
+ desc = "
+ Overview: This host is installed with Gpg4Win, as used in KDE Kleopatra and
+ is prone to Denial of Service vulnerability.
+
+ Vulnerability Insight:
+ The flaw is caused due to error in 'gpg2.exe' which can be exploited by
+ persuading a victim to import a specially-crafted certificate containing
+ an overly long signature.
+
+ Impact:
+ A remote attacker could exploit this vulnerability to cause the application
+ to crash.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Gpg4win version 2.0.1
+ KDE, Kleopatra version 2.0.11
+
+ Fix
+ No solution or patch is available as on 02nd November, 2009. Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://www.gpg4win.org/download.html
+
+ References:
+ http://xforce.iss.net/xforce/xfdb/53908
+ http://www.packetstormsecurity.com/0910-exploits/gpg2kleo-dos.txt
+
+ CVSS Score:
+ CVSS Base Score : 4.3 (AV:N/AC:M/Au:NR/C:N/I:N/A:P)
+ CVSS Temporal Score : 3.9
+ Risk factor: Medium";
+
+ script_description(desc);
+ script_summary("Check for the version of Gpg4Win and Kleopatra");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("Denial of Service");
+ script_dependencies("gb_gpg4win_detect.nasl");
+ script_require_keys("Gpg4win/Win/Ver", "Kleopatra/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+# Get KB for Gpg4win
+gpgVer = get_kb_item("Gpg4win/Win/Ver");
+
+# Get KB for Kleopatra
+kleoVer = get_kb_item("Kleopatra/Win/Ver");
+
+# Check for Gpg4win version 2.0.1 and Kleopatar version 2.0.11
+if(version_is_equal(version:gpgVer, test_version:"2.0.1") &&
+ version_is_equal(version:kleoVer,test_version:"2.0.11")){
+ security_warning(0);
+}
Added: trunk/openvas-plugins/scripts/gb_snort_detect_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_snort_detect_lin.nasl 2009-11-02 12:02:45 UTC (rev 5776)
+++ trunk/openvas-plugins/scripts/gb_snort_detect_lin.nasl 2009-11-02 13:39:30 UTC (rev 5777)
@@ -0,0 +1,72 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_snort_detect_lin.nasl 5534 2009-11-02 20:00:29Z nov $
+#
+# Snort Version Detection (Linux)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801138);
+ script_version("$Revision: 1.0 $");
+ script_name("Snort Version Detection (Linux)");
+ desc = "
+ Overview: This script detects the installed version of Snort and
+ sets the reuslt in KB.
+
+ Risk Factor: Informational";
+
+ script_description(desc);
+ script_summary("Set KB for the version of Snort");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2009 Intevation GmbH");
+ script_family("Service detection");
+ exit(0);
+}
+
+
+include("ssh_func.inc");
+include("version_func.inc");
+
+snortSock = ssh_login_or_reuse_connection();
+if(!snortSock){
+ exit(0);
+}
+
+paths = find_bin(prog_name:"snort",sock:snortSock);
+foreach binName (paths)
+{
+ snortVer = get_bin_version(full_prog_name:chomp(binName), version_argv:"-V",
+ ver_pattern:"> Snort! <", sock:snortSock);
+ snortVer = eregmatch(pattern:"Version ([0-9.]+)( \(Build.?([0-9]+)\))?",
+ string:snortVer[1], icase:1);
+ if(snortVer[1])
+ {
+ set_kb_item(name:"Snort/Linux/Ver", value:snortVer[1]);
+ if(snortVer[3])
+ {
+ snortVer = snortVer[1] + "." + snortVer[3];
+ set_kb_item(name:"Snort/Linux/Build", value:snortVer);
+ }
+ }
+}
+ssh_close_connection();
Added: trunk/openvas-plugins/scripts/gb_snort_ipv6_dos_vuln_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_snort_ipv6_dos_vuln_lin.nasl 2009-11-02 12:02:45 UTC (rev 5776)
+++ trunk/openvas-plugins/scripts/gb_snort_ipv6_dos_vuln_lin.nasl 2009-11-02 13:39:30 UTC (rev 5777)
@@ -0,0 +1,87 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_snort_ipv6_dos_vuln_lin.nasl 5534 2009-11-02 20:08:24Z nov $
+#
+# Snort 'IPv6' Packet Denial Of Service Vulnerability (Linux)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801139);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-3641");
+ script_bugtraq_id(36795);
+ script_name("Snort 'IPv6' Packet Denial Of Service Vulnerability (Linux)");
+ desc = "
+ Overview: This host has Snort installed and is prone to Denial of Service
+ vulnerability.
+
+ Vulnerability Insight:
+ This flaw is caused by an error when processing malformed IPv6 packets when
+ the application is compiled with the '--enable-ipv6' option and is running
+ in verbose mode (-v).
+
+ Impact:
+ Successful exploitation could allow attacker to crash an affected application,
+ creating a denial of service condition.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Snort version prior to 2.8.5.1 on Linux.
+
+ Fix: Upgrade to Snort version 2.8.5.1 or later
+ For updates, Refer http://www.snort.org/downloads
+
+ References:
+ http://secunia.com/advisories/37135
+ http://xforce.iss.net/xforce/xfdb/53912
+ http://www.vupen.com/english/advisories/2009/3014
+ https://bugzilla.redhat.com/show_bug.cgi?id=530863
+
+ CVSS Score:
+ CVSS Base Score : 4.3 (AV:N/AC:M/Au:NR/C:N/I:N/A:P)
+ CVSS Temporal Score : 3.4
+ Risk factor: Medium";
+
+ script_description(desc);
+ script_summary("Check for the version of Snort");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("Denial of Service");
+ script_dependencies("gb_snort_detect_lin.nasl");
+ script_require_keys("Snort/Linux/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+snortVer = get_kb_item("Snort/Linux/Ver");
+if(!snortVer ){
+ exit(0);
+}
+
+# Check for Snort version < 2.8.5.1
+if(version_is_less(version:snortVer , test_version:"2.8.5.1")){
+ security_warning(0);
+}
More information about the Openvas-commits
mailing list