[Openvas-commits] r5800 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Thu Nov 5 12:25:53 CET 2009
Author: chandra
Date: 2009-11-05 12:25:48 +0100 (Thu, 05 Nov 2009)
New Revision: 5800
Added:
trunk/openvas-plugins/scripts/gb_eureka_email_bof_vuln.nasl
trunk/openvas-plugins/scripts/gb_eureka_email_detect.nasl
trunk/openvas-plugins/scripts/gb_ms_sharepoint_info_disc_vuln.nasl
trunk/openvas-plugins/scripts/gb_pegasus_mail_detect.nasl
trunk/openvas-plugins/scripts/gb_pegasus_mail_pop3_bof_vuln.nasl
trunk/openvas-plugins/scripts/gb_perl_detect_win.nasl
trunk/openvas-plugins/scripts/gb_perl_utf8_regex_dos_vuln_win.nasl
trunk/openvas-plugins/scripts/gb_vmware_prdts_priv_esc_vuln_nov09_lin.nasl
trunk/openvas-plugins/scripts/gb_vmware_prdts_priv_esc_vuln_nov09_win.nasl
trunk/openvas-plugins/scripts/gb_vmware_serv_dir_trav_vuln_nov09_lin.nasl
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/cve_current.txt
trunk/openvas-plugins/scripts/secpod_ms09-054.nasl
trunk/openvas-plugins/scripts/secpod_ms09-062.nasl
trunk/openvas-plugins/scripts/secpod_office_products_version_900032.nasl
Log:
Added new plugins
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2009-11-05 11:10:03 UTC (rev 5799)
+++ trunk/openvas-plugins/ChangeLog 2009-11-05 11:25:48 UTC (rev 5800)
@@ -1,3 +1,24 @@
+2009-11-05 Chandrashekhar B <bchandra at secpod.com>
+
+ * scripts/gb_eureka_email_detect.nasl,
+ scripts/gb_vmware_prdts_priv_esc_vuln_nov09_lin.nasl,
+ scripts/gb_pegasus_mail_pop3_bof_vuln.nasl,
+ scripts/gb_perl_utf8_regex_dos_vuln_win.nasl,
+ scripts/gb_pegasus_mail_detect.nasl,
+ scripts/gb_perl_detect_win.nasl,
+ scripts/gb_vmware_prdts_priv_esc_vuln_nov09_win.nasl,
+ scripts/gb_eureka_email_bof_vuln.nasl,
+ scripts/gb_vmware_serv_dir_trav_vuln_nov09_lin.nasl,
+ scripts/gb_ms_sharepoint_info_disc_vuln.nasl:
+ Added new plugins
+
+ * scripts/secpod_ms09-062.nasl,
+ scripts/secpod_office_products_version_900032.nasl:
+ Added VisoViewer check.
+
+ * scripts/secpod_ms09-054.nasl:
+ Included an additional related KB item check.
+
2009-11-04 Michael Meyer <michael.meyer at intevation.de>
* scripts/serv_u_36585.nasl,
Modified: trunk/openvas-plugins/cve_current.txt
===================================================================
--- trunk/openvas-plugins/cve_current.txt 2009-11-05 11:10:03 UTC (rev 5799)
+++ trunk/openvas-plugins/cve_current.txt 2009-11-05 11:25:48 UTC (rev 5800)
@@ -204,7 +204,7 @@
36833 Greenbone svn R
36874 Greenbone svn R
CVE-2009-3790 SecPod svn L
-CVE-2009-3830 SecPod
+CVE-2009-3830 SecPod svn R
CVE-2009-3549 SecPod svn L
CVE-2009-3550 SecPod svn L
CVE-2009-3551 SecPod svn L
@@ -224,7 +224,7 @@
CVE-2009-3383 SecPod svn L
CVE-2009-3382 SecPod svn L
CVE-2009-3381 SecPod svn L
-CVE-2009-3626
+CVE-2009-3626 SecPod svn L
CVE-2009-3832 SecPod svn L
CVE-2009-3831 SecPod svn L
CVE-2009-3627
@@ -242,4 +242,10 @@
CVE-2009-3625 Greenbone svn R
36585 Greenbone svn R
32494 Greenbone svn R
-
+CVE-2009-2267 SecPod svn L
+CVE-2009-3733 SecPod svn L
+CVE-2009-3862 SecPod
+CVE-2009-3860 SecPod
+CVE-2009-3838 SecPod svn L
+CVE-2009-3863 SecPod
+CVE-2009-3837 SecPod svn L
Added: trunk/openvas-plugins/scripts/gb_eureka_email_bof_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_eureka_email_bof_vuln.nasl 2009-11-05 11:10:03 UTC (rev 5799)
+++ trunk/openvas-plugins/scripts/gb_eureka_email_bof_vuln.nasl 2009-11-05 11:25:48 UTC (rev 5800)
@@ -0,0 +1,87 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_eureka_email_bof_vuln.nasl 5593 2009-11-05 14:45:29Z nov $
+#
+# Eureka Email Stack-Based Buffer Overflow Vulnerability
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801041);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-3837");
+ script_name("Eureka Email Stack-Based Buffer Overflow Vulnerability");
+ desc = "
+ Overview: This host is installed with Eureka Email and is prone to stack-based
+ buffer overflow vulnerability.
+
+ Vulnerability Insight:
+ The flaw is caused due to a boundary error in the processing POP3 responses.
+ This can be exploited to cause a stack-based buffer overflow via an overly long
+ error response.
+
+ Impact:
+ Successful exploitation allows remote attackers to crash an affected client
+ or execute arbitrary code by tricking a user into connecting to a malicious
+ POP3 server.
+
+ Impact level: Application.
+
+ Affected Software/OS:
+ Eureka Email version 2.2q and prior.
+
+ Fix: No solution or patch is available as on 05th November, 2009. Information
+ regarding this issue will update once the solution details are available.
+ For updates refer, http://www.eureka-email.com/
+
+ References:
+ http://xforce.iss.net/xforce/xfdb/53940
+ http://secunia.com/advisories/product/27632/
+ http://www.vupen.com/english/advisories/2009/3025
+ http://www.packetstormsecurity.org/0910-exploits/eurekamc-dos.txt
+
+ CVSS Score:
+ CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 9.0
+ Risk factor: Critical";
+
+ script_description(desc);
+ script_summary("Check for the version of Eureka Email");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("Buffer overflow");
+ script_dependencies("gb_eureka_email_detect.nasl");
+ script_require_keys("EurekaEmail/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+eeVer = get_kb_item("EurekaEmail/Ver");
+if(eeVer != NULL)
+{
+ # Eureka Email 2.2q (2.2.0.1)
+ if(version_is_less_equal(version:eeVer, test_version:"2.2.0.1")){
+ security_hole(0);
+ }
+}
Added: trunk/openvas-plugins/scripts/gb_eureka_email_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_eureka_email_detect.nasl 2009-11-05 11:10:03 UTC (rev 5799)
+++ trunk/openvas-plugins/scripts/gb_eureka_email_detect.nasl 2009-11-05 11:25:48 UTC (rev 5800)
@@ -0,0 +1,76 @@
+##############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_eureka_email_detect.nasl 5593 2009-11-05 14:30:24Z nov $
+#
+# Eureka Email Version Detection
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801040);
+ script_version("$Revision: 1.0 $");
+ script_name("Eureka Email Version Detection");
+ desc = "
+ Overview: This script detects the installed version of Eureka Email and
+ sets the result in KB.
+
+ Risk factor: Informational";
+
+ script_description(desc);
+ script_summary("Set version of Eureka Email in KB");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("Service detection");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_keys("SMB/WindowsVersion");
+ script_require_ports(139, 445);
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+ exit(0);
+}
+
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
+foreach item (registry_enum_keys(key:key))
+{
+ eeName = registry_get_sz(key:key + item, item:"DisplayName");
+ if("Eureka Email" >< eeName)
+ {
+ eePath = registry_get_sz(key:key + item, item:"Inno Setup: App Path");
+ if(eePath)
+ {
+ eePath += "\Eureka Email.EXE";
+ share = ereg_replace(pattern:"([A-Za-z]):.*", replace:"\1$", string:eePath);
+ file = ereg_replace(pattern:"[A-Za-z]:(.*)", replace:"\1", string:eePath);
+
+ eeVer = GetVer(file:file, share:share);
+ if(eeVer != NULL){
+ set_kb_item(name:"EurekaEmail/Ver", value:eeVer);
+ }
+ }
+ }
+}
Added: trunk/openvas-plugins/scripts/gb_ms_sharepoint_info_disc_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ms_sharepoint_info_disc_vuln.nasl 2009-11-05 11:10:03 UTC (rev 5799)
+++ trunk/openvas-plugins/scripts/gb_ms_sharepoint_info_disc_vuln.nasl 2009-11-05 11:25:48 UTC (rev 5800)
@@ -0,0 +1,84 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_ms_sharepoint_info_disc_vuln.nasl 5565 2009-11-04 15:47:24Z nov $
+#
+# Microsoft SharePoint Team Services Information Disclosure Vulnerability
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800968);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-3830");
+ script_bugtraq_id(36817);
+ script_name("Microsoft SharePoint Team Services Information Disclosure Vulnerability");
+ desc = "
+ Overview: This host is installed with Microsoft SharePoint Server and is
+ prone to Information Disclosure Vulnerability.
+
+ Vulnerability Insight:
+ This flaw is caused due to insufficient validation of user supplied data
+ passed into 'SourceUrl' and 'Source' parameters in the download.aspx in
+ SharePoint Team Services.
+
+ Impact:
+ Attackers can exploit this issue via specially-crafted HTTP requests to
+ obtain the source code of arbitrary ASP.NET files from the backend database.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Microsoft Office SharePoint Server 2007 12.0.0.6219 and prior.
+
+ Fix:
+ No solution or patch is available as on 04th November, 2009. Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://sharepoint.microsoft.com/Pages/Default.aspx
+
+ References:
+ http://support.microsoft.com/kb/976829
+ http://xforce.iss.net/xforce/xfdb/53955
+ http://www.securityfocus.com/archive/1/archive/1/507419/100/0/threaded
+
+ Risk factor: Informational";
+
+ script_description(desc);
+ script_summary("Check for the version of MS SharePoint Team Services");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("Web application abuses");
+ script_dependencies("remote-detect-WindowsSharepointServices.nasl");
+ script_require_keys("MicrosoftSharePointTeamServices/version");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+stsVer = get_kb_item("MicrosoftSharePointTeamServices/version");
+if(isnull(stsVer)){
+ exit(0);
+}
+
+if(version_in_range(version:stsVer, test_version:"12.0", test_version2:"12.0.0.6219")){
+ security_warning(0);
+}
Added: trunk/openvas-plugins/scripts/gb_pegasus_mail_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_pegasus_mail_detect.nasl 2009-11-05 11:10:03 UTC (rev 5799)
+++ trunk/openvas-plugins/scripts/gb_pegasus_mail_detect.nasl 2009-11-05 11:25:48 UTC (rev 5800)
@@ -0,0 +1,77 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_pegasus_mail_detect.nasl 5592 2009-11-05 13:25:37Z nov $
+#
+# Pegasus Mail Version Detection
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800969);
+ script_version("$Revision: 1.0 $");
+ script_name("Pegasus Mail Version Detection");
+ desc = "
+ Overview: This script retrieves the installed version of Pegasus Mail and
+ saves the result in KB.
+
+ Risk factor : Informational";
+
+ script_description(desc);
+ script_family("Service detection");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
+ script_summary("Set the version of Pegasus Mail in KB");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_keys("SMB/WindowsVersion");
+ script_require_ports(139, 445);
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+ exit(0);
+}
+
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pegasus Mail";
+pmailName = registry_get_sz(key:key, item:"DisplayName");
+if("Pegasus Mail" >< pmailName)
+{
+ pmailPath = registry_get_sz(key:key, item:"UninstallString");
+ if(pmailPath)
+ {
+ pmailPath = eregmatch(pattern:"^(.+(exe|EXE))(.*)?$", string:pmailPath);
+ if(pmailPath[1] != NULL)
+ {
+ pmailPath = pmailPath[1] - "DESETUP.EXE" - "DeSetup.exe" + "winpm-32.exe";
+ share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:pmailPath);
+ file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:pmailPath);
+
+ pmailVer = GetVer(file:file, share:share);
+ if(!isnull(pmailVer)){
+ set_kb_item(name:"Pegasus/Mail/Ver", value:pmailVer);
+ }
+ }
+ }
+}
Added: trunk/openvas-plugins/scripts/gb_pegasus_mail_pop3_bof_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_pegasus_mail_pop3_bof_vuln.nasl 2009-11-05 11:10:03 UTC (rev 5799)
+++ trunk/openvas-plugins/scripts/gb_pegasus_mail_pop3_bof_vuln.nasl 2009-11-05 11:25:48 UTC (rev 5800)
@@ -0,0 +1,88 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_pegasus_mail_pop3_bof_vuln.nasl 5592 2009-11-05 14:00:02Z nov $
+#
+# Pegasus Mail POP3 Response Buffer Overflow Vulnerability
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800970);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-3838");
+ script_bugtraq_id(36797);
+ script_name("Pegasus Mail POP3 Response Buffer Overflow Vulnerability");
+ desc = "
+ Overview: This host is running Pegasus Mail which is prone to stack-based
+ Buffer Overflow vulnerability.
+
+ Vulnerability Insight:
+ A stack based buffer overflow error occus due to improper bounds checking
+ when processing POP3 responses.
+
+ Impact:
+ Successful exploitation will allow attackers to execute arbitrary code or
+ cause the application to crash by sending overly long error responses from
+ a remote POP3 server to the affected mail client.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Pegasus Mail 4.51 and prior.
+
+ Fix:
+ No solution or patch is available as on 05th November, 2009.Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://www.pmail.com/downloads_s3_t.htm
+
+ References:
+ http://secunia.com/advisories/37134
+ http://www.vupen.com/english/advisories/2009/3026
+ http://securitytracker.com/alerts/2009/Oct/1023075.html
+
+ CVSS Score:
+ CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 9.0
+ Risk factor: Critical";
+
+ script_description(desc);
+ script_summary("Check for the version of Pegasus Mail");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
+ script_family("Buffer overflow");
+ script_dependencies("gb_pegasus_mail_detect.nasl");
+ script_require_keys("Pegasus/Mail/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+pmailVer = get_kb_item("Pegasus/Mail/Ver");
+if(isnull(pmailVer)){
+ exit(0);
+}
+
+# Check for version 4.51 (4.5.1.0) and prior.
+if(version_is_less_equal(version:pmailVer, test_version:"4.5.1.0")){
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/gb_perl_detect_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_perl_detect_win.nasl 2009-11-05 11:10:03 UTC (rev 5799)
+++ trunk/openvas-plugins/scripts/gb_perl_detect_win.nasl 2009-11-05 11:25:48 UTC (rev 5800)
@@ -0,0 +1,84 @@
+##############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_perl_detect_win.nasl 5569 2009-11-04 09:52:37Z nov $
+#
+# Perl Version Detection (Windows)
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800966);
+ script_version("$Revision: 1.0 $");
+ script_name("Perl Version Detection (Windows)");
+ desc = "
+ Overview : This script retrieves the version of Perl saves the result
+ in KB.
+
+ Risk factor : Informational";
+
+ script_description(desc);
+ script_summary("Set version of Perl in KB");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("Service detection");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_keys("SMB/WindowsVersion");
+ script_require_ports(139, 445);
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+ exit(0);
+}
+
+if(!registry_key_exists(key:"SOFTWARE\Perl")){
+ exit(0);
+}
+
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
+foreach item (registry_enum_keys(key:key))
+{
+ perlName = registry_get_sz(key:key + item, item:"DisplayName");
+
+ # Check for Strawberry Perl
+ if("Strawberry Perl" >< perlName)
+ {
+ perlVer = registry_get_sz(key:key + item, item:"Comments");
+ perlVer = eregmatch(pattern:"Strawberry Perl ([0-9.]+)", string:perlVer);
+ if(!isnull(perlVer[1])){
+ set_kb_item(name:"Strawberry/Perl/Ver", value:perlVer[1]);
+ }
+ }
+
+ # Check for ActivePerl
+ if("ActivePerl" >< perlName)
+ {
+ perlVer = eregmatch(pattern:"ActivePerl ([0-9.]+)", string:perlName);
+ if(!isnull(perlVer[1])){
+ set_kb_item(name:"ActivePerl/Ver", value:perlVer[1]);
+ }
+ }
+}
Added: trunk/openvas-plugins/scripts/gb_perl_utf8_regex_dos_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_perl_utf8_regex_dos_vuln_win.nasl 2009-11-05 11:10:03 UTC (rev 5799)
+++ trunk/openvas-plugins/scripts/gb_perl_utf8_regex_dos_vuln_win.nasl 2009-11-05 11:25:48 UTC (rev 5800)
@@ -0,0 +1,91 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_perl_utf8_regex_dos_vuln_win.nasl 5569 2009-11-04 13:33:41Z nov $
+#
+# Perl UTF-8 Regular Expression Processing DoS Vulnerability (Windows)
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800967);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-3626");
+ script_bugtraq_id(36812);
+ script_name("Perl UTF-8 Regular Expression Processing DoS Vulnerability (Windows)");
+ desc = "
+ Overview: The host is installed with Perl and is prone to Denial of Service
+ Vulnerability.
+
+ Vulnerability Insight:
+ An error occurs in Perl while matching an utf-8 character with large or
+ invalid codepoint with a particular regular expression.
+
+ Impact:
+ Attackers can exploit this issue to crash an affected application via
+ specially crafted UTF-8 data leading to Denial of Service.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Perl version 5.10.1 on Windows.
+
+ Fix: Apply the patch.
+ http://perl5.git.perl.org/perl.git/commit/0abd0d78a73da1c4d13b1c700526b7e5d03b32d4
+
+ *****
+ NOTE: Ignore this warning if the above mentioned patch is already applied.
+ *****
+
+ References:
+ http://xforce.iss.net/xforce/xfdb/53939
+ http://www.openwall.com/lists/oss-security/2009/10/23/8
+ https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225
+
+ CVSS Score:
+ CVSS Base Score : 5.0 (AV:N/AC:L/Au:NR/C:N/I:N/A:P)
+ CVSS Temporal Score : 3.7
+ Risk factor: Medium";
+
+ script_description(desc);
+ script_summary("Check for the version of Perl");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("Denial of Service");
+ script_dependencies("gb_perl_detect_win.nasl");
+ script_require_keys("Strawberry/Perl/Ver", "ActivePerl/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+apVer = get_kb_item("ActivePerl/Ver");
+if(!isnull(apVer) && version_is_equal(version:apVer, test_version:"5.10.1"))
+{
+ security_warning(0);
+ exit(0);
+}
+
+spVer = get_kb_item("Strawberry/Perl/Ver");
+if(!isnull(spVer) && version_is_equal(version:spVer, test_version:"5.10.1")){
+ security_warning(0);
+}
Added: trunk/openvas-plugins/scripts/gb_vmware_prdts_priv_esc_vuln_nov09_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_vmware_prdts_priv_esc_vuln_nov09_lin.nasl 2009-11-05 11:10:03 UTC (rev 5799)
+++ trunk/openvas-plugins/scripts/gb_vmware_prdts_priv_esc_vuln_nov09_lin.nasl 2009-11-05 11:25:48 UTC (rev 5800)
@@ -0,0 +1,123 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_vmware_prdts_priv_esc_vuln_nov09_lin.nasl 5590 2009-11-04 17:12:21Z nov $
+#
+# VMware Products Guest Privilege Escalation Vulnerability - Nov09 (Linux)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801143);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-2267");
+ script_bugtraq_id(36841);
+ script_name("VMware Products Guest Privilege Escalation Vulnerability - Nov09 (Linux)");
+ desc = "
+ Overview: The host is installed with VMWare product(s) and is prone to
+ Privilege Escalation vulnerability.
+
+ Vulnerability Insight:
+ An error occurs while setting the exception code when a '#PF' (page fault)
+ exception arises and can be exploited to gain escalated privileges within
+ the VMware guest.
+
+ Impact:
+ Local attacker can exploit this issue to gain escalated privileges in a guest
+ virtual machine.
+
+ Impact Level: System
+
+ Affected Software/OS:
+ VMware Server version 2.0.x prior to 2.0.2 Build 203138,
+ VMware Server version 1.0.x prior to 1.0.10 Build 203137,
+ VMware Player version 2.5.x prior to 2.5.3 Build 185404,
+ VMware Workstation version 6.5.x prior to 6.5.3 Build 185404 on Linux.
+
+ Fix: Upgrade your VMWares according to the below link,
+ http://www.vmware.com/security/advisories/VMSA-2009-0015.html
+
+ References:
+ http://secunia.com/advisories/37172
+ http://www.vupen.com/english/advisories/2009/3062
+ http://securitytracker.com/alerts/2009/Oct/1023082.html
+ http://lists.vmware.com/pipermail/security-announce/2009/000069.html
+
+ CVSS Score:
+ CVSS Base Score : 6.9 (AV:L/AC:M/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 5.4
+ Risk factor: High";
+
+ script_description(desc);
+ script_summary("Check for the version of VMware Products");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("Privilege escalation");
+ script_dependencies("gb_vmware_prdts_detect_lin.nasl");
+ script_require_keys("VMware/Linux/Installed");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+if(!get_kb_item("VMware/Linux/Installed")){
+ exit(0);
+}
+
+# VMware Player
+vmplayerVer = get_kb_item("VMware/Player/Linux/Ver");
+if(vmplayerVer)
+{
+ # Check for version 2.5 < 2.5.3 (2.5.3 Build 185404)
+ if(version_in_range(version:vmplayerVer, test_version:"2.5",
+ test_version2:"2.5.2"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
+
+# VMware Workstation
+vmworkstnVer = get_kb_item("VMware/Workstation/Linux/Ver");
+if(vmworkstnVer)
+{
+ # Check for version 6.5 < 6.5.3 (6.5.3 Build 185404)
+ if(version_in_range(version:vmworkstnVer, test_version:"6.5",
+ test_version2:"6.5.2"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
+
+# Check for VMware Server
+vmserverVer = get_kb_item("VMware/Server/Linux/Ver");
+if(vmserverVer)
+{
+ # Check for version 1.0 < 1.0.10 (1.0.10 Build 203137) or 2.0 < 2.0.2 (2.0.2 Build 203138)
+ if(version_in_range(version:vmserverVer, test_version:"1.0",
+ test_version2:"1.0.9")||
+ version_in_range(version:vmserverVer, test_version:"2.0",
+ test_version2:"2.0.1")){
+ security_hole(0);
+ }
+}
Added: trunk/openvas-plugins/scripts/gb_vmware_prdts_priv_esc_vuln_nov09_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_vmware_prdts_priv_esc_vuln_nov09_win.nasl 2009-11-05 11:10:03 UTC (rev 5799)
+++ trunk/openvas-plugins/scripts/gb_vmware_prdts_priv_esc_vuln_nov09_win.nasl 2009-11-05 11:25:48 UTC (rev 5800)
@@ -0,0 +1,139 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_vmware_prdts_priv_esc_vuln_nov09_win.nasl 5590 2009-11-04 16:12:21Z nov $
+#
+# VMware Products Guest Privilege Escalation Vulnerability - Nov09 (Win)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801142);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-2267");
+ script_bugtraq_id(36841);
+ script_name("VMware Products Guest Privilege Escalation Vulnerability - Nov09 (Win)");
+ desc = "
+ Overview: The host is installed with VMWare product(s) and is prone to
+ Privilege Escalation vulnerability.
+
+ Vulnerability Insight:
+ An error occurs while setting the exception code when a '#PF' (page fault)
+ exception arises which can be exploited to gain escalated privileges within
+ VMware guest.
+
+ Impact:
+ Local attacker can exploit this issue to gain escalated privileges in a guest
+ virtual machine.
+
+ Impact Level: System
+
+ Affected Software/OS:
+ VMware ACE version 2.5.x prior to 2.5.3 Build 185404,
+ VMware Server version 2.0.x prior to 2.0.2 Build 203138,
+ VMware Server version 1.0.x prior to 1.0.10 Build 203137,
+ VMware Player version 2.5.x prior to 2.5.3 Build 185404,
+ VMware Workstation version 6.5.x prior to 6.5.3 Build 185404 on Windows.
+
+ Fix: Upgrade your VMWares according to the below link,
+ http://www.vmware.com/security/advisories/VMSA-2009-0015.html
+
+ References:
+ http://secunia.com/advisories/37172
+ http://www.vupen.com/english/advisories/2009/3062
+ http://securitytracker.com/alerts/2009/Oct/1023082.html
+ http://lists.vmware.com/pipermail/security-announce/2009/000069.html
+
+ CVSS Score:
+ CVSS Base Score : 6.9 (AV:L/AC:M/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 5.4
+ Risk factor: High";
+
+ script_description(desc);
+ script_summary("Check for the version of VMware Products");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("Privilege escalation");
+ script_dependencies("gb_vmware_prdts_detect_win.nasl");
+ script_require_keys("VMware/Win/Installed");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+if(!get_kb_item("VMware/Win/Installed")){
+ exit(0);
+}
+
+# VMware Player
+vmplayerVer = get_kb_item("VMware/Player/Win/Ver");
+if(vmplayerVer)
+{
+ # Check for version 2.5 < 2.5.3 (2.5.3 Build 185404)
+ if(version_in_range(version:vmplayerVer, test_version:"2.5",
+ test_version2:"2.5.2"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
+
+# VMware Workstation
+vmworkstnVer = get_kb_item("VMware/Workstation/Win/Ver");
+if(vmworkstnVer)
+{
+ # Check for version 6.5 < 6.5.3 (6.5.3 Build 185404)
+ if(version_in_range(version:vmworkstnVer, test_version:"6.5",
+ test_version2:"6.5.2"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
+
+# Check for VMware Server
+vmserverVer = get_kb_item("VMware/Server/Win/Ver");
+if(vmserverVer)
+{
+ # Check for version 1.0 < 1.0.10 (1.0.10 Build 203137) or 2.0 < 2.0.2 (2.0.2 Build 203138)
+ if(version_in_range(version:vmserverVer, test_version:"1.0",
+ test_version2:"1.0.9")||
+ version_in_range(version:vmserverVer, test_version:"2.0",
+ test_version2:"2.0.1")){
+ security_hole(0);
+ exit(0);
+ }
+}
+
+# VMware ACE
+aceVer = get_kb_item("VMware/ACE/Win/Ver");
+if(!aceVer){
+ aceVer = get_kb_item("VMware/ACE\Dormant/Win/Ver");
+}
+if(aceVer)
+{
+ # Check for version 2.5 < 2.5.3 (2.5.3 Build 185404)
+ if(version_is_less(version:aceVer, test_version:"2.5",
+ test_version2:"2.5.2")){
+ security_hole(0);
+ }
+}
Added: trunk/openvas-plugins/scripts/gb_vmware_serv_dir_trav_vuln_nov09_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_vmware_serv_dir_trav_vuln_nov09_lin.nasl 2009-11-05 11:10:03 UTC (rev 5799)
+++ trunk/openvas-plugins/scripts/gb_vmware_serv_dir_trav_vuln_nov09_lin.nasl 2009-11-05 11:25:48 UTC (rev 5800)
@@ -0,0 +1,94 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_vmware_serv_dir_trav_vuln_nov09_lin.nasl 5590 2009-11-04 17:45:21Z nov $
+#
+# VMware Server Directory Traversal Vulnerability - Nov09 (Linux)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801144);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-3733");
+ script_bugtraq_id(36842);
+ script_name("VMware Serve Directory Traversal Vulnerability - Nov09 (Linux)");
+ desc = "
+ Overview: The host is installed with VMWare product(s) and is prone to multiple
+ vulnerability.
+
+ Vulnerability Insight:
+ An error exists while handling certain requests can be exploited to download
+ arbitrary files from the host system via directory traversal attacks.
+
+ Impact:
+ Successful exploitation will let the remote/local attacker to disclose
+ sensitive information.
+
+ Impact Level: System
+
+ Affected Software/OS:
+ VMware Server version 2.0.x prior to 2.0.2 Build 203138,
+ VMware Server version 1.0.x prior to 1.0.10 Build 203137 on Linux.
+
+ Fix: Upgrade your VMWares according to the below link,
+ http://www.vmware.com/security/advisories/VMSA-2009-0015.html
+
+ References:
+ http://secunia.com/advisories/37186
+ http://www.vupen.com/english/advisories/2009/3062
+ http://securitytracker.com/alerts/2009/Oct/1023088.html
+ http://lists.vmware.com/pipermail/security-announce/2009/000069.html
+
+ CVSS Score:
+ CVSS Base Score : 4.3 (AV:N/AC:M/Au:NR/C:P/I:N/A:N)
+ CVSS Temporal Score : 3.4
+ Risk factor: Medium";
+
+ script_description(desc);
+ script_summary("Check for the version of VMware Server");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("General");
+ script_dependencies("gb_vmware_prdts_detect_lin.nasl");
+ script_require_keys("VMware/Linux/Installed", "VMware/Server/Linux/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+if(!get_kb_item("VMware/Linux/Installed")){
+ exit(0);
+}
+
+# Check for VMware Server
+vmserverVer = get_kb_item("VMware/Server/Linux/Ver");
+if(vmserverVer)
+{
+ # Check for version 1.0 < 1.0.10 (1.0.10 Build 203137) or 2.0 < 2.0.2 (2.0.2 Build 203138)
+ if(version_in_range(version:vmserverVer, test_version:"1.0",
+ test_version2:"1.0.9")||
+ version_in_range(version:vmserverVer, test_version:"2.0",
+ test_version2:"2.0.1")){
+ security_warning(0);
+ }
+}
Modified: trunk/openvas-plugins/scripts/secpod_ms09-054.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms09-054.nasl 2009-11-05 11:10:03 UTC (rev 5799)
+++ trunk/openvas-plugins/scripts/secpod_ms09-054.nasl 2009-11-05 11:25:48 UTC (rev 5800)
@@ -7,6 +7,9 @@
# Authors:
# Antu Sanadi <santu at secpod.com>
#
+# Updated to KB976749
+# - By Sharath S <sharaths at secpod.com> On 2009-11-04
+#
# Copyright:
# Copyright (c) 2009 SecPod, http://www.secpod.com
#
@@ -27,7 +30,7 @@
if(description)
{
script_id(901041);
- script_version("$Revision: 1.0 $");
+ script_version("$Revision: 1.1 $");
script_cve_id("CVE-2009-1547", "CVE-2009-2529", "CVE-2009-2530", "CVE-2009-2531");
script_bugtraq_id(36622, 36621, 36620, 36616);
script_name("Microsoft Internet Explorer Multiple Code Execution Vulnerabilities (974455)");
@@ -56,10 +59,15 @@
http://www.microsoft.com/technet/security/Bulletin/MS09-054.mspx
References:
+ http://support.microsoft.com/kb/974455
+ http://support.microsoft.com/kb/976749
http://www.vupen.com/english/advisories/2009/2889
http://www.microsoft.com/technet/security/Bulletin/MS09-054.mspx
- Risk factor : Critical";
+ CVSS Score:
+ CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 7.3
+ Risk factor: High";
script_description(desc);
script_summary("Check for the vulnerable mshtml.dll file version");
@@ -88,8 +96,12 @@
}
# MS09-054 Hotfix (974455)
-if(hotfix_missing(name:"974455") == 0){
- exit(0);
+if(hotfix_missing(name:"974455") == 0)
+{
+ # MS09-054 Hotfix (976749)
+ if(hotfix_missing(name:"976749") == 0){
+ exit(0);
+ }
}
dllPath = registry_get_sz(item:"Install Path",
@@ -105,9 +117,9 @@
if(hotfix_check_sp(win2k:5) > 0)
{
- # Check for mshtml.dll version < 5.0.3881.100 or 6.0 < 6.0.2800.1638
- if(version_in_range(version:vers, test_version:"5.0", test_version2:"5.0.3881.99") ||
- version_in_range(version:vers, test_version:"6.0", test_version2:"6.0.2800.1637")){
+ # Check for mshtml.dll version < 5.0.3881.1900 or 6.0 < 6.0.2800.1640
+ if(version_in_range(version:vers, test_version:"5.0", test_version2:"5.0.3881.1899") ||
+ version_in_range(version:vers, test_version:"6.0", test_version2:"6.0.2800.1639")){
security_hole(0);
}
}
@@ -116,27 +128,26 @@
SP = get_kb_item("SMB/WinXP/ServicePack");
if("Service Pack 2" >< SP)
{
- # Check for mshtml.dll version 6.0 < 6.0.2800.1638 and 6.0.2900.0000 < 6.0.2900.3627
- # 7.0 < 7.0.6000.16915, 8.0 < 8.0.6001.18828 and 8.0.6001.20000 < 8.0.6001.22878
- if(version_in_range(version:vers, test_version:"6.0", test_version2:"6.0.2800.1637") ||
- version_in_range(version:vers, test_version:"6.0.2900.0000", test_version2:"6.0.2900.3626")||
- version_in_range(version:vers, test_version:"7.0", test_version2:"7.0.6000.16914")||
- version_in_range(version:vers, test_version:"8.0", test_version2:"8.0.6001.18827")||
- version_in_range(version:vers, test_version:"8.0.6001.20000", test_version2:"8.0.6001.22877")){
+ # Check for mshtml.dll version 6.0 < 6.0.2900.3636 7.0.6000.10000 < 7.0.6000.16939,
+ # 7.0.6000.20000 < 7.0.6000.21142, 8.0.6001.10000 < 8.0.6001.18852 and 8.0.6001.20000 < 8.0.6001.22942
+ if(version_in_range(version:vers, test_version:"6.0", test_version2:"6.0.2900.3635")||
+ version_in_range(version:vers, test_version:"7.0", test_version2:"7.0.6000.16938")||
+ version_in_range(version:vers, test_version:"7.0.6000.20000", test_version2:"7.0.6000.21141")||
+ version_in_range(version:vers, test_version:"8.0", test_version2:"8.0.6001.18851")||
+ version_in_range(version:vers, test_version:"8.0.6001.20000", test_version2:"8.0.6001.22941")){
security_hole(0);
}
exit(0);
}
else if("Service Pack 3" >< SP)
{
- # Check for mshtml.dll version 6.0.2800.1638, 7 < 7.0.6000.16915, 6.0 < 6.0.2900.5880,
- # 7.0.6000.20000 < 7.0.6000.21115, 8.0 < 8.0.6001.18828 and 8.0.6001.20000 < 8.0.6001.22918
- if(version_in_range(version:vers, test_version:"6.0", test_version2:"6.0.2800.1637")||
- version_in_range(version:vers, test_version:"6.0.2900.0000", test_version2:"6.0.2900.5879")||
- version_in_range(version:vers, test_version:"7.0", test_version2:"7.0.6000.16914") ||
- version_in_range(version:vers, test_version:"7.0.6000.20000", test_version2:"7.0.6000.21114") ||
- version_in_range(version:vers, test_version:"8.0", test_version2:"8.0.6001.18827")||
- version_in_range(version:vers, test_version:"8.0.6001.20000", test_version2:"8.0.6001.22917")){
+ # Check for mshtml.dll version 6.0 < 6.0.2900.5890, 7.0.6000.10000 < 7.0.6000.16939,
+ # 7.0.6000.20000 < 7.0.6000.21142, 8.0.6001.10000 < 8.0.6001.18852 and 8.0.6001.20000 < 8.0.6001.22942
+ if(version_in_range(version:vers, test_version:"6.0", test_version2:"6.0.2900.5889")||
+ version_in_range(version:vers, test_version:"7.0", test_version2:"7.0.6000.16938") ||
+ version_in_range(version:vers, test_version:"7.0.6000.20000", test_version2:"7.0.6000.21141") ||
+ version_in_range(version:vers, test_version:"8.0", test_version2:"8.0.6001.18851")||
+ version_in_range(version:vers, test_version:"8.0.6001.20000", test_version2:"8.0.6001.22941")){
security_hole(0);
}
exit(0);
@@ -148,13 +159,13 @@
SP = get_kb_item("SMB/Win2003/ServicePack");
if("Service Pack 2" >< SP)
{
- # Check for mshtml.dll version 6.0 < 6.0.3790.4589 , 7.0 < 7.0.6000.16915,
- # 7.0.6000.20000 < 7.0.6000.21115, 8.0 < 8.0.6001.18828 and 8.0.6001.20000 < 8.0.6001.22918
- if(version_in_range(version:vers, test_version:"6.0", test_version2:"6.0.3790.4588") ||
- version_in_range(version:vers, test_version:"7.0", test_version2:"7.0.6000.16914") ||
- version_in_range(version:vers, test_version:"7.0.6000.20000", test_version2:"7.0.6000.21114")||
- version_in_range(version:vers, test_version:"8.0", test_version2:"8.0.6001.18827")||
- version_in_range(version:vers, test_version:"8.0.6001.20000", test_version2:"8.0.6001.22917")){
+ # Check for mshtml.dll version 6.0 < 6.0.3790.4605 , 7.0 < 7.0.6000.16939,
+ # 7.0.6000.20000 < 7.0.6000.21142, 8.0.6001.10000 < 8.0.6001.18852 and 8.0.6001.20000 < 8.0.6001.22942
+ if(version_in_range(version:vers, test_version:"6.0", test_version2:"6.0.3790.4604") ||
+ version_in_range(version:vers, test_version:"7.0", test_version2:"7.0.6000.16938") ||
+ version_in_range(version:vers, test_version:"7.0.6000.20000", test_version2:"7.0.6000.21141")||
+ version_in_range(version:vers, test_version:"8.0", test_version2:"8.0.6001.18851")||
+ version_in_range(version:vers, test_version:"8.0.6001.20000", test_version2:"8.0.6001.22941")){
security_hole(0);
}
exit(0);
Modified: trunk/openvas-plugins/scripts/secpod_ms09-062.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms09-062.nasl 2009-11-05 11:10:03 UTC (rev 5799)
+++ trunk/openvas-plugins/scripts/secpod_ms09-062.nasl 2009-11-05 11:25:48 UTC (rev 5800)
@@ -7,6 +7,9 @@
# Authors:
# Sharath S <sharaths at secpod.com>
#
+# Updated to Check Visio Viewer 2007
+# - By Sharath S <sharaths at secpod.com> On 2009-10-29
+#
# Copyright:
# Copyright (c) 2009 SecPod, http://www.secpod.com
#
@@ -27,7 +30,7 @@
if(description)
{
script_id(900878);
- script_version("$Revision: 1.0 $");
+ script_version("$Revision: 1.1 $");
script_cve_id("CVE-2009-2500", "CVE-2009-2501", "CVE-2009-2502", "CVE-2009-2503",
"CVE-2009-2504", "CVE-2009-2518", "CVE-2009-2528", "CVE-2009-3126");
script_bugtraq_id(36619, 36645, 36646, 36647, 36648, 36651, 36650, 36649);
@@ -50,17 +53,18 @@
Affected Software/OS:
Microsoft SQL Server 2005 SP 2/3
+ Microsoft Office Excel Viewer 2007
Microsoft Office XP/2003 SP 3 and prior
Microsoft Office Visio 2002 SP 2 and prior
Microsoft Office Groove 2007 SP1 and prior
+ Microsoft Excel Viewer 2003 SP 3 and prior
Microsoft Office 2007 System SP 1/2 and prior
Microsoft Office Word Viewer 2003 SP 3 and prior
- Microsoft Excel Viewer 2003 SP 3 and prior
- Microsoft Office Excel Viewer 2007
- Microsoft Office PowerPoint Viewer 2007 SP2 and prior
+ Microsoft Office Visio Viewer 2007 SP 2 and prior
+ Microsoft Office PowerPoint Viewer 2007 SP 2 and prior
+ Microsoft Visual Studio 2008 SP 1 and prior
Microsoft Visual Studio .NET 2003 SP 1 and prior
- Microsoft Visual Studio 2008 SP 1 and prior
- Microsoft Windows 2k SP4 with Internet Explorer 6 SP 1
+ Microsoft Windows 2000 SP4 with Internet Explorer 6 SP 1
Microsoft Office Compatibility Pack for Word/Excel/PowerPoint 2007 File Formats SP 1/2
Fix:
@@ -116,7 +120,7 @@
(hotfix_missing(name:"970894") == 0) || (hotfix_missing(name:"971022") == 0)||
(hotfix_missing(name:"971023") == 0) || (hotfix_missing(name:"972221") == 0)||
(hotfix_missing(name:"972222") == 0)){
- exit(0);
+ exit(0);
}
# Visio 2002
@@ -140,7 +144,7 @@
}
}
-# Office XP Check
+# Office XP
if(get_kb_item("MS/Office/Ver") =~ "^10\..*")
{
offPath = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion",
@@ -148,11 +152,11 @@
if(offPath)
{
offPath += "\Microsoft Shared\OFFICE10";
- offVer = FileVer(file:"\Mso.dll", path:offPath);
- if(offVer)
+ dllVer = FileVer(file:"\Mso.dll", path:offPath);
+ if(dllVer)
{
# Grep for Mso.dll version 10.0 < 10.0.6856.0
- if(version_in_range(version:offVer, test_version:"10.0", test_version2:"10.0.6855.9"))
+ if(version_in_range(version:dllVer, test_version:"10.0", test_version2:"10.0.6855.9"))
{
security_hole(0);
exit(0);
@@ -161,7 +165,7 @@
}
}
-# Office 2003 Check
+# Office 2003 or Excel Viewer 2003 or Word Viewer 2003
if((get_kb_item("MS/Office/Ver") =~ "^11\..*") ||
(get_kb_item("SMB/Office/XLView/Version") =~ "^11\..*") ||
(get_kb_item("SMB/Office/WordView/Version") =~ "^11\..*"))
@@ -171,11 +175,11 @@
if(offPath)
{
offPath += "\Microsoft Office\OFFICE11" +
- offVer = FileVer(file:"\Gdiplus.dll", path:offPath);
- if(offVer)
+ dllVer = FileVer(file:"\Gdiplus.dll", path:offPath);
+ if(dllVer)
{
# Grep for Gdiplus.dll version 11.0 < 11.0.8312.0
- if(version_in_range(version:offVer, test_version:"11.0", test_version2:"11.0.8311.9"))
+ if(version_in_range(version:dllVer, test_version:"11.0", test_version2:"11.0.8311.9"))
{
security_hole(0);
exit(0);
@@ -185,8 +189,9 @@
}
# Office 2007 or Groove 2007 or Excel Viewer or PowerPoint Viewer or
-# Office Compatibility Pack 2007
+# Office Compatibility Pack 2007 or Visio Viewer 2007
if(((get_kb_item("MS/Office/Ver") =~ "^12\..*") ||
+ (get_kb_item("SMB/Office/VisioViewer/Ver") =~ "^12\..*") ||
(get_kb_item("SMB/Office/Groove/Version") =~ "^12\..*") ||
(get_kb_item("SMB/Office/XLView/Version") =~ "^12\..*") ||
(get_kb_item("SMB/Office/PPView/Version")) =~ "^12\..*")||
@@ -197,11 +202,11 @@
if(offPath)
{
offPath += "\Microsoft Shared\OFFICE12";
- offVer = FileVer(file:"\Ogl.dll", path:offPath);
- if(offVer)
+ dllVer = FileVer(file:"\Ogl.dll", path:offPath);
+ if(dllVer)
{
# Grep for Ogl.dll version 12.0 < 12.0.6509.5000
- if(version_in_range(version:offVer, test_version:"12.0", test_version2:"12.0.6509.4999"))
+ if(version_in_range(version:dllVer, test_version:"12.0", test_version2:"12.0.6509.4999"))
{
security_hole(0);
exit(0);
@@ -231,7 +236,7 @@
}
}
-# Visual Studio 2008 Check
+# Visual Studio 2008
if(egrep(pattern:"^9\..*", string:get_kb_item("Microsoft/VisualStudio/Ver")))
{
vsPath = registry_get_sz(key:"SOFTWARE\Microsoft\Microsoft SDKs\Windows",
Modified: trunk/openvas-plugins/scripts/secpod_office_products_version_900032.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_office_products_version_900032.nasl 2009-11-05 11:10:03 UTC (rev 5799)
+++ trunk/openvas-plugins/scripts/secpod_office_products_version_900032.nasl 2009-11-05 11:25:48 UTC (rev 5800)
@@ -1,62 +1,64 @@
-##############################################################################
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_office_products_version_900032.nasl 0021 2008-08-13 19:36:44Z aug $#
#
-# MS Office Products Version Detection
+# MS Office Products Version Detection
#
-# Copyright: SecPod
+# Authors:
+# Chandan S <schandan at secpod.com>
#
-# Date Written: 2008/08/13
+# Retrieving Version from file (Removed old method and updated with GetVer).
+# - By Chandan S <schandan at secpod.com> 10:46:00 2009-04-24
#
-# Revision: 1.3
+# Updated to include detect mechanism for Word Viewer and Word Converter - Sharath S
#
-# Log: Detect script for word, excel and access.
-# Issue #0021
+# Updated to include detect mechanism for Excel Viewer - Sharath S
#
-# Retrieving Version from file (Removed old method and updated with GetVer).
-# -By Chandan S 10:46:00 2009/04/24
+# Updated to include detect mechanism for Power Point Viewer - Sharath S
#
-# Updated to include detect mechanism for Word Viewer and Word Converter
-# Sharath S
+# Updated to include detect mechanism for Office Publisher - Sharath S
#
-# Updated to include detect mechanism for Excel Viewer - Sharath S
+# Updated to include detect mechanism for Office Outlook
+# - By Antu Sanadi <santu at secpod.com> On 2009/10/14
#
-# Updated to include detect mechanism for Power Point Viewer - Sharath S
+# Updated to include detect mechanism for Office Groove and Office Compatibility Pack
+# - By Sharath S <sharaths at secpod.com> On 2009-10-20 #5269
#
-# Updated to include detect mechanism for Office Publisher - Sharath S
+# Updated to include detect mechanism for Office Visio Viewer 2007
+# - By Sharath S <sharaths at secpod.com> On 2009-10-29 #5269
#
-# Updated to include detect mechanism for Office Outlook
-# -By Antu Sanadi 2009/10/14
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
#
-# Updated to include detect mechanism for Office Groove and Office Compatibility Pack
-# - By Sharath S <sharaths at secpod.com> On 2009-10-20
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
#
-# ------------------------------------------------------------------------
-# This program was written by SecPod and is licensed under the GNU GPL
-# license. Please refer to the below link for details,
-# http://www.gnu.org/licenses/gpl.tml
-# This header contains information regarding licensing terms under the GPL,
-# and information regarding obtaining source code from the Author.
-# Consequently, pursuant to section 3(c) of the GPL, you must accompany the
-# information found in this header with any distribution you make of this
-# Program.
-# ------------------------------------------------------------------------
-##############################################################################
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+################################################################################
-
if(description)
{
script_id(900032);
- script_version("$Revision: 1.7 $");
- script_category(ACT_GATHER_INFO);
- script_family("Windows");
+ script_version("$Revision: 1.8 $");
script_name("MS Office Products Version Detection");
- script_summary("Determines the version of Microsoft Office products");
desc = "
Overview : Retrieve the version of MS Office products from file and
sets KB.
Risk factor : Informational";
script_description(desc);
+ script_summary("Determines the version of Microsoft Office products");
+ script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2008 SecPod");
+ script_family("Windows");
script_dependencies("secpod_reg_enum.nasl", "secpod_ms_office_detection_900025.nasl");
script_require_keys("SMB/WindowsVersion");
script_require_ports(139, 445);
@@ -81,8 +83,8 @@
if(wordviewFile)
{
wordviewFile += "\WORDVIEW.exe";
- share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:wordviewFile);
- wview = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:wordviewFile);
+ share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:wordviewFile);
+ wview = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:wordviewFile);
wordviewVer = GetVer(file:wview, share:share);
if(wordviewVer){
set_kb_item(name:"SMB/Office/WordView/Version", value:wordviewVer);
@@ -108,7 +110,7 @@
if(xlviewFile != NULL)
{
- share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:xlviewFile);
+ share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:xlviewFile);
xlview = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:xlviewFile);
xlviewVer = GetVer(file:xlview, share:share);
if(xlviewVer != NULL){
@@ -131,7 +133,7 @@
ppviewFile += "\Microsoft Office\Office12\PPTVIEW.exe";
if(ppviewFile != NULL)
{
- share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:ppviewFile);
+ share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:ppviewFile);
pptview = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:ppviewFile);
pptviewVer = GetVer(file:pptview, share:share);
if(pptviewVer != NULL){
@@ -156,7 +158,7 @@
if(groovePath != NULL)
{
groovePath += "\GROOVE.exe";
- share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:groovePath);
+ share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:groovePath);
groove = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:groovePath);
grooveVer = GetVer(file:groove, share:share);
if(grooveVer != NULL){
@@ -172,8 +174,8 @@
if(ppcnvFile)
{
ppcnvFile += "\Microsoft Office\Office12\PPCNVCOM.exe";
- share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:ppcnvFile);
- ppfile = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:ppcnvFile);
+ share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:ppcnvFile);
+ ppfile = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:ppcnvFile);
ppcnvVer = GetVer(file:ppfile, share:share);
if(ppcnvVer){
set_kb_item(name:"SMB/Office/PowerPntCnv/Version", value:ppcnvVer);
@@ -181,6 +183,23 @@
}
}
+# Office Visio Viewer
+if(registry_key_exists(key:"SOFTWARE\Microsoft\Office\Visio"))
+{
+ visioPath = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion",
+ item:"ProgramFilesDir");
+ if(visioPath)
+ {
+ visioPath += "\Microsoft Office\Office12\VPREVIEW.EXE";
+ share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:visioPath);
+ vvfile = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:visioPath);
+ visiovVer = GetVer(file:vvfile, share:share);
+ if(visiovVer){
+ set_kb_item(name:"SMB/Office/VisioViewer/Ver", value:visiovVer);
+ }
+ }
+}
+
# To Conform Office Installation
if(!get_kb_item("MS/Office/Ver")){
exit(0);
@@ -193,7 +212,7 @@
{
wordFile += "\winword.exe";
share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:wordFile);
- word = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:wordFile);
+ word = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:wordFile);
wordVer = GetVer(file:word, share:share);
if(wordVer){
set_kb_item(name:"SMB/Office/Word/Version", value:wordVer);
@@ -220,8 +239,8 @@
if(accessFile)
{
accessFile += "\msaccess.exe";
- share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:accessFile);
- access = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:accessFile);
+ share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:accessFile);
+ access = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:accessFile);
accessVer = GetVer(file:access, share:share);
if(accessVer){
set_kb_item(name:"SMB/Office/Access/Version", value:accessVer);
@@ -234,8 +253,8 @@
if(powerpointFile)
{
powerpointFile += "\powerpnt.exe";
- share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:powerpointFile);
- power = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:powerpointFile);
+ share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:powerpointFile);
+ power = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:powerpointFile);
powerPptVer = GetVer(file:power, share:share);
if(powerPptVer){
set_kb_item(name:"SMB/Office/PowerPnt/Version", value:powerPptVer);
@@ -248,8 +267,8 @@
if(wordcnvFile)
{
wordcnvFile += "\Microsoft Office\Office12\Wordconv.exe";
- share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:wordcnvFile);
- word = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:wordcnvFile);
+ share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:wordcnvFile);
+ word = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:wordcnvFile);
wordcnvVer = GetVer(file:word, share:share);
if(wordcnvVer){
set_kb_item(name:"SMB/Office/WordCnv/Version", value:wordcnvVer);
@@ -262,8 +281,8 @@
if(xlcnvFile)
{
xlcnvFile += "\Microsoft Office\Office12\excelcnv.exe";
- share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:xlcnvFile);
- xlfile = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:xlcnvFile);
+ share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:xlcnvFile);
+ xlfile = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:xlcnvFile);
xlcnvVer = GetVer(file:xlfile, share:share);
if(xlcnvVer){
set_kb_item(name:"SMB/Office/XLCnv/Version", value:xlcnvVer);
@@ -276,8 +295,8 @@
if(pubFile)
{
share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:pubFile);
- pub = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1",
- string:pubFile + "\MSPUB.exe");
+ pub = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1",
+ string:pubFile + "\MSPUB.exe");
pubVer = GetVer(file:pub, share:share);
if(pubVer){
set_kb_item(name:"SMB/Office/Publisher/Version", value:pubVer);
@@ -290,8 +309,8 @@
if(outlookFile)
{
share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:outlookFile);
- outlookFile = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1",
- string:outlookFile + "\OUTLOOK.EXE");
+ outlookFile = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1",
+ string:outlookFile + "\OUTLOOK.EXE");
outlookVer = GetVer(file:outlookFile, share:share);
if(outlookVer){
set_kb_item(name:"SMB/Office/Outloook/Version", value:outlookVer);
More information about the Openvas-commits
mailing list