[Openvas-commits] r5825 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Mon Nov 9 14:01:47 CET 2009
Author: chandra
Date: 2009-11-09 14:01:44 +0100 (Mon, 09 Nov 2009)
New Revision: 5825
Added:
trunk/openvas-plugins/scripts/gb_adobe_shockwave_player_mult_code_exe_vuln.nasl
trunk/openvas-plugins/scripts/gb_html_parser_detect_lin.nasl
trunk/openvas-plugins/scripts/gb_html_parser_dos_vuln_nov09_lin.nasl
trunk/openvas-plugins/scripts/gb_ibm_java_jre_xml4j_unspecified_vuln.nasl
trunk/openvas-plugins/scripts/gb_novell_groupwise_client_activex_bof_vuln.nasl
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/cve_current.txt
trunk/openvas-plugins/scripts/secpod_adobe_shockwave_player_bof_vuln.nasl
trunk/openvas-plugins/scripts/secpod_novell_prdts_detect_win.nasl
Log:
Added new plugins
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2009-11-09 11:58:52 UTC (rev 5824)
+++ trunk/openvas-plugins/ChangeLog 2009-11-09 13:01:44 UTC (rev 5825)
@@ -1,3 +1,18 @@
+2009-11-09 Chandrashekhar B <bchandra at secpod.com>
+
+ * scripts/gb_html_parser_detect_lin.nasl,
+ scripts/gb_novell_groupwise_client_activex_bof_vuln.nasl,
+ scripts/gb_adobe_shockwave_player_mult_code_exe_vuln.nasl,
+ scripts/gb_html_parser_dos_vuln_nov09_lin.nasl,
+ scripts/gb_ibm_java_jre_xml4j_unspecified_vuln.nasl:
+ Added new plugins
+
+ * scripts/secpod_novell_prdts_detect_win.nasl:
+ Added check for Novell Groupwise client.
+
+ * scripts/secpod_adobe_shockwave_player_bof_vuln.nasl:
+ Updated the solution.
+
2009-11-09 Michael Meyer <michael.meyer at intevation.de>
* scripts/cherokee_36874.nasl:
Modified: trunk/openvas-plugins/cve_current.txt
===================================================================
--- trunk/openvas-plugins/cve_current.txt 2009-11-09 11:58:52 UTC (rev 5824)
+++ trunk/openvas-plugins/cve_current.txt 2009-11-09 13:01:44 UTC (rev 5825)
@@ -227,7 +227,7 @@
CVE-2009-3626 SecPod svn L
CVE-2009-3832 SecPod svn L
CVE-2009-3831 SecPod svn L
-CVE-2009-3627
+CVE-2009-3627 SecPod svn L
CVE-2009-3664 SecPod svn R
CVE-2009-3665 SecPod svn R
CVE-2009-3666 SecPod svn R
@@ -245,8 +245,14 @@
CVE-2009-2267 SecPod svn L
CVE-2009-3733 SecPod svn L
CVE-2009-3862 SecPod
-CVE-2009-3860 SecPod
+CVE-2009-3860 SecPod
CVE-2009-3838 SecPod svn L
-CVE-2009-3863 SecPod
+CVE-2009-3863 SecPod svn L
CVE-2009-3837 SecPod svn L
36902 Greenbone svn R
+CVE-2009-3463 SecPod svn L
+CVE-2009-3464 SecPod svn L
+CVE-2009-3465 SecPod svn L
+CVE-2009-3466 SecPod svn L
+CVE-2009-3852 SecPod svn L
+
Added: trunk/openvas-plugins/scripts/gb_adobe_shockwave_player_mult_code_exe_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_adobe_shockwave_player_mult_code_exe_vuln.nasl 2009-11-09 11:58:52 UTC (rev 5824)
+++ trunk/openvas-plugins/scripts/gb_adobe_shockwave_player_mult_code_exe_vuln.nasl 2009-11-09 13:01:44 UTC (rev 5825)
@@ -0,0 +1,89 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_adobe_shockwave_player_mult_code_exe_vuln.nasl 937 2009-11-06 12:24:24Z nov $
+#
+# Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800971);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-3463", "CVE-2009-3464", "CVE-2009-3465",
+ "CVE-2009-3466");
+ script_bugtraq_id(36905);
+ script_name("Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities");
+ desc = "
+ Overview: This host is installed with Adobe Shockwave Player and is prone
+ to Multiple Remote Code Execution Vulnerabilities.
+
+ Vulnerability Insight:
+ - Multiple errors ocur due to the use of invalid index and invalid pointer
+ while processing specially crafted Shockwave content.
+ - An error while processing invalid string lenghts can result in memory
+ corruption.
+
+ Impact:
+ Successful exploitation will let the attacker execute arbitrary code in the
+ context of the affected application by tricking a user into visiting a
+ specially crafted web page.
+
+ Impact Level: Application.
+
+ Affected Software/OS:
+ Adobe Shockwave Player prior to 11.5.2.602 on Windows.
+
+ Fix: Upgrade to Adobe Shockwave Player 11.5.2.602
+ http://get.adobe.com/shockwave/otherversions/
+
+ References:
+ http://www.vupen.com/english/advisories/2009/3134
+ http://securitytracker.com/alerts/2009/Nov/1023123.html
+ http://www.adobe.com/support/security/bulletins/apsb09-16.html
+
+ CVSS Score:
+ CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 7.8
+ Risk factor: High";
+
+ script_description(desc);
+ script_summary("Check for the version of Adobe Shockwave Player");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
+ script_family("General");
+ script_dependencies("secpod_adobe_shockwave_player_detect.nasl");
+ script_require_keys("Adobe/ShockwavePlayer/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+shockVer = get_kb_item("Adobe/ShockwavePlayer/Ver");
+if(!shockVer){
+ exit(0);
+}
+
+# Check for versions prior to 11.5.2.602
+if(version_is_less(version:shockVer, test_version:"11.5.2.602")){
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/gb_html_parser_detect_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_html_parser_detect_lin.nasl 2009-11-09 11:58:52 UTC (rev 5824)
+++ trunk/openvas-plugins/scripts/gb_html_parser_detect_lin.nasl 2009-11-09 13:01:44 UTC (rev 5825)
@@ -0,0 +1,95 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_html_parser_detect_lin.nasl 5568 2009-11-05 14:40:29Z nov $
+#
+# HTML Parser Version Detection (Linux)
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801038);
+ script_version("$Revision: 1.0 $");
+ script_name("HTML Parser Version Detection (Linux)");
+ desc = "
+ Overview: The script detects the installed version of HTML Parser and sets the
+ reuslt into KB.
+
+ Risk Factor: Informational";
+
+ script_description(desc);
+ script_summary("Check HTML Parser version");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
+ script_family("Service detection");
+ exit(0);
+}
+
+
+include("ssh_func.inc");
+include("version_func.inc");
+
+parserSock = ssh_login_or_reuse_connection();
+if(!parserSock){
+ exit(0);
+}
+
+grep = find_bin(prog_name:"grep", sock:parserSock);
+grep = chomp(grep[0]);
+garg[0] = "-o";
+garg[1] = "-m1";
+garg[2] = "-a";
+garg[3] = string("XS_VERSION.*");
+
+parserName = find_file(file_name:"Parser.so", file_path:"/", useregex:TRUE,
+ regexpar:"$", sock:parserSock);
+
+foreach binaryName (parserName)
+{
+ binaryName = chomp(binaryName);
+ if(islocalhost())
+ {
+ garg[4] = binaryName;
+ arg = garg;
+ }
+ else
+ {
+ arg = garg[0] + " " + garg[1] + " " + garg[2] + " " + raw_string(0x22) +
+ garg[3] + raw_string(0x22) + " " + binaryName;
+ }
+
+ parserVer = get_bin_version(full_prog_name:grep, version_argv:arg,
+ ver_pattern:"XS_VERSION.*", sock:parserSock);
+ if(parserVer[1] != NULL)
+ {
+ parserVer = chomp(parserVer[1]);
+ parserVer = str_replace(find:raw_string(0x00), replace:"",string:parserVer);
+
+ if("HTML::Parser" >< parserVer || ("bootstrap parameter" >< parserVer))
+ {
+ parserVer = eregmatch(pattern:"([0-9.]+)", string:parserVer);
+ if(parserVer[1]){
+ set_kb_item(name:"HTML-Parser/Linux/Ver", value:parserVer[1]);
+ }
+ }
+ }
+}
+ssh_close_connection();
Added: trunk/openvas-plugins/scripts/gb_html_parser_dos_vuln_nov09_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_html_parser_dos_vuln_nov09_lin.nasl 2009-11-09 11:58:52 UTC (rev 5824)
+++ trunk/openvas-plugins/scripts/gb_html_parser_dos_vuln_nov09_lin.nasl 2009-11-09 13:01:44 UTC (rev 5825)
@@ -0,0 +1,93 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_html_parser_dos_vuln_nov09_lin.nasl 5568 2009-11-05 17:15:12Z nov $
+#
+# HTML-Parser 'decode_entities()' Denial of Service Vulnerability
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801039);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-3627");
+ script_bugtraq_id(36807);
+ script_name("HTML-Parser 'decode_entities()' Denial of Service Vulnerability");
+ desc = "
+ Overview: This host is installed with HTML-Parser and is prone to Denial of
+ Service Vulnerability.
+
+ Vulnerability Insight:
+ The flaw is due to an error within the 'decode_entities()' function in 'utils.c',
+ which can be exploited to cause an infinite loop by tricking an application into
+ processing a specially crafted string using this library.
+
+ Impact:
+ Successful exploitation could result in Denial of Serivce condition.
+
+ Impact Level: Application.
+
+ Affected Software/OS:
+ HTML-Parser versions prior to 3.63 on Linux.
+
+ Fix: Upgrade to HTML-Parser version 3.63 or later
+ http://search.cpan.org/CPAN/authors/id/G/GA/GAAS/HTML-Parser-3.63.tar.gz
+ (or)
+ Apply the patch,
+ http://github.com/gisle/html-parser/commit/b9aae1e43eb2c8e989510187cff0ba3e996f9a4c
+
+ *****
+ NOTE: Please ignore this warning if the patch is already applied.
+ *****
+
+ References:
+ http://secunia.com/advisories/37155
+ http://xforce.iss.net/xforce/xfdb/53941
+ http://www.openwall.com/lists/oss-security/2009/10/23/9
+ https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225
+
+ CVSS Score:
+ CVSS Base Score : 4.3 (AV:N/AC:M/Au:NR/C:N/I:N/A:P)
+ CVSS Temporal Score : 3.2
+ Risk factor: Medium";
+
+ script_description(desc);
+ script_summary("Check for the version of HTML Parser");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("Denial of Service");
+ script_dependencies("gb_html_parser_detect_lin.nasl");
+ script_require_keys("HTML-Parser/Linux/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+parserVer = get_kb_item("HTML-Parser/Linux/Ver");
+if(!parserVer){
+ exit(0);
+}
+
+# Grep for HTML Parser version < 3.63
+if(version_is_less(version:parserVer, test_version:"3.63")){
+ security_warning(0);
+}
Added: trunk/openvas-plugins/scripts/gb_ibm_java_jre_xml4j_unspecified_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ibm_java_jre_xml4j_unspecified_vuln.nasl 2009-11-09 11:58:52 UTC (rev 5824)
+++ trunk/openvas-plugins/scripts/gb_ibm_java_jre_xml4j_unspecified_vuln.nasl 2009-11-09 13:01:44 UTC (rev 5825)
@@ -0,0 +1,89 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_ibm_java_jre_xml4j_unspecified_vuln.nasl 5601 2009-11-09 15:03:20Z nov $
+#
+# IBM Runtimes for Java Technology XML4J Unspecified Vulnerability
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800974);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-3852");
+ script_bugtraq_id(36894);
+ script_name("IBM Runtimes for Java Technology XML4J Unspecified Vulnerability");
+ desc = "
+ Overview: This host is installed with IBM Runtime for Java Technology and
+ is prone to unspecified vulnerability.
+
+ Vulnerability Insight:
+ An unspecified error occurs in the 'XML4J' component while parsing XML
+ code.
+
+ Impact: Unknown impact.
+
+ Affected Software/OS:
+ IBM Runtimes for Java Technology 5.0.0 before SR10 on Linux.
+
+ Fix: Apply the following patch.
+ http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg1IZ63920
+
+ *****
+ NOTE: Ignore this warning if above mentioned patch is already applied.
+ *****
+
+ References:
+ http://secunia.com/advisories/37210
+ http://xforce.iss.net/xforce/xfdb/54069
+ http://www.vupen.com/english/advisories/2009/3106
+
+ CVSS Score:
+ CVSS Base Score : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P)
+ CVSS Temporal Score : 5.5
+ Risk factor: High";
+
+ script_description(desc);
+ script_summary("Check for the version of IBM Java Runtime");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
+ script_family("General");
+ script_dependencies("gb_java_prdts_detect_lin.nasl");
+ script_require_keys("IBM/Java/JRE/Linux/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+jreVer = get_kb_item("IBM/Java/JRE/Linux/Ver");
+if(!jreVer){
+ exit(0);
+}
+
+jreVer = ereg_replace(pattern:"_", string:jreVer, replace: ".");
+if(jreVer)
+{
+ # Check for version < 5.0.0 SR10 (1.5.0.SR10)
+ if(version_in_range(version:jreVer, test_version:"1.5", test_version2:"1.5.0.SR9")){
+ security_hole(0);
+ }
+}
Added: trunk/openvas-plugins/scripts/gb_novell_groupwise_client_activex_bof_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_novell_groupwise_client_activex_bof_vuln.nasl 2009-11-09 11:58:52 UTC (rev 5824)
+++ trunk/openvas-plugins/scripts/gb_novell_groupwise_client_activex_bof_vuln.nasl 2009-11-09 13:01:44 UTC (rev 5825)
@@ -0,0 +1,109 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_novell_groupwise_client_activex_bof_vuln.nasl 5622 2009-11-09 18:45:38Z nov $
+#
+# Novell Groupwise Client ActiveX Control Buffer Overflow Vulnerability
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800973);
+ script_version("$ Revision: 1.0 $");
+ script_cve_id("CVE-2009-3863");
+ script_bugtraq_id(36398);
+ script_name("Novell Groupwise Client ActiveX Control Buffer Overflow Vulnerability");
+ desc = "
+ Overview: This host is installed with Novell Groupwise Client ActiveX Control
+ and is prone to Buffer Overflow vulnerability.
+
+ Vulnerability Insight:
+ A boundary error occurs in Novell Groupwise Client ActiveX control (gxmim1.dll)
+ while handling overly long arguments passed to the 'SetFontFace()' method.
+
+ Impact:
+ Successful expoitation will allow remote attackers to execute arbitrary
+ code on the affected system and may crash the client.
+
+ Affected Software/OS:
+ Novell GroupWise Client 7.0.3.1294 and prior on Windows.
+
+ Fix:
+ No solution or patch is available as on 09th November, 2009. Information
+ regarding this issue will be updated once the solution details are available.
+ For further updates refer, http://www.novell.com/products/groupwise/
+
+ Workaround:
+ Set the Killbit for the vulnerable CLSID
+ http://support.microsoft.com/kb/240797
+
+ References:
+ http://www.milw0rm.com/exploits/9683
+ http://en.securitylab.ru/nvd/387373.php
+
+ CVSS Score:
+ CVSS Base Score : 5.0 (AV:N/AC:L/Au:NR/C:N/I:N/A:P)
+ CVSS Temporal Score : 4.0
+ Risk factor: Medium";
+
+ script_description(desc);
+ script_summary("Check the version of Novell Groupwise Client ActiveX control");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
+ script_family("Buffer overflow");
+ script_dependencies("secpod_novell_prdts_detect_win.nasl");
+ script_require_keys("Novell/Groupwise/Client/Win/Ver");
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("version_func.inc");
+include("secpod_activex.inc");
+include("secpod_smb_func.inc");
+
+gcVer = get_kb_item("Novell/Groupwise/Client/Win/Ver");
+if(gcVer == NULL){
+ exit(0);
+}
+
+if(version_is_less_equal(version:gcVer, test_version:"7.0.3.1294"))
+{
+ dllPath = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion"+
+ "\App Paths\GrpWise.exe", item:"Path");
+ if(dllPath == NULL){
+ exit(0);
+ }
+
+ share = ereg_replace(pattern:"([A-Z]):.*",replace:"\1$", string:dllPath);
+ file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:dllPath+
+ "\gxmim1.dll");
+ dllVer = GetVer(share:share, file:file);
+
+ # Check if gxmim1.dll version is 7.0.3.1294 or prior
+ if(version_is_less_equal(version:dllVer, test_version:"7.0.3.1294"))
+ {
+ # Check if the Killbits are set
+ if(is_killbit_set(clsid:"{9796BED2-C1CF-11D2-9384-0008C7396667}") == 0){
+ security_warning(0);
+ }
+ }
+}
Modified: trunk/openvas-plugins/scripts/secpod_adobe_shockwave_player_bof_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_adobe_shockwave_player_bof_vuln.nasl 2009-11-09 11:58:52 UTC (rev 5824)
+++ trunk/openvas-plugins/scripts/secpod_adobe_shockwave_player_bof_vuln.nasl 2009-11-09 13:01:44 UTC (rev 5825)
@@ -7,6 +7,9 @@
# Authors:
# Nikita MR <rnikita at secpod.com>
#
+# Updated the Fix.
+# - Nikita MR <rnikita at secpod.com> 2009-11-06
+#
# Copyright:
# Copyright (c) 2009 SecPod, http://www.secpod.com
#
@@ -29,7 +32,7 @@
script_id(900949);
script_version("$Revision: 1.0$");
script_cve_id("CVE-2009-3244");
- script_bugtraq_id(36434);
+ script_bugtraq_id(36434, 36905);
script_name("Adobe Shockwave Player ActiveX Control BOF Vulnerability");
desc = "
Overview: This host has Adobe Shockwave Player ActiveX Control installed
@@ -40,7 +43,7 @@
user supplied data containig a long PlayerVersion property value.
Impact:
- Successful attack could allow attackers to execute of arbitrary code and to
+ Successful attack could allow attackers to execute arbitrary code and to
cause denial of service.
Impact Level: Application
@@ -48,18 +51,16 @@
Affected Software/OS:
Adobe Shockwave Player 11.5.1.601 and prior on Windows.
- Fix:
- No solution or patch is available as on 24th September, 2009. Information
- regarding this issue will be updated once the solution details are available.
- http://get.adobe.com/shockwave
+ Fix: Upgrade to Adobe Shockwave Player 11.5.2.602
+ http://get.adobe.com/shockwave/otherversions/
References:
http://www.milw0rm.com/exploits/9682
CVSS Score:
CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
- CVSS Temporal Score : 8.4
- Risk factor: Critical";
+ CVSS Temporal Score : 7.3
+ Risk factor: High";
script_description(desc);
script_summary("Check for the version of Adobe Shockwave Player ActiveX Control");
Modified: trunk/openvas-plugins/scripts/secpod_novell_prdts_detect_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_novell_prdts_detect_win.nasl 2009-11-09 11:58:52 UTC (rev 5824)
+++ trunk/openvas-plugins/scripts/secpod_novell_prdts_detect_win.nasl 2009-11-09 13:01:44 UTC (rev 5825)
@@ -11,6 +11,10 @@
# Date: 24th July 2009
# Changes: Modified the kb name to indicate windows version.
#
+# Modified by: Nikita MR (rnikita at secpod.com)
+# Date: 09th Nov 2009
+# Changes: Added check for Novell Groupwise client.
+#
# Copyright:
# Copyright (c) 2009 SecPod, http://www.secpod.com
#
@@ -31,10 +35,9 @@
if(description)
{
script_id(900340);
- script_version("Revision: 1.0 ");
+ script_version("Revision: 1.2");
script_name("Novell Multiple Products Version Detection");
desc = "
-
Overview : This script detects the installed version of Novell Products
and sets the result in KB.
@@ -156,3 +159,20 @@
}
}
}
+
+# Set kb for Novell Groupwise Client
+if(registry_key_exists(key:"SOFTWARE\Novell\GroupWise"))
+{
+ gcPath = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion"+
+ "\App Paths\GrpWise.exe", item:"Path");
+ if(gcPath != NULL)
+ {
+ share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:gcPath);
+ file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:gcPath +
+ "\GrpWise.exe");
+ gcVer = GetVer(file:file, share:share);
+ if(gcVer != NULL){
+ set_kb_item(name:"Novell/Groupwise/Client/Win/Ver", value:gcVer);
+ }
+ }
+}
More information about the Openvas-commits
mailing list