[Openvas-commits] r5915 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Fri Nov 20 12:35:42 CET 2009 

Author: mime
Date: 2009-11-20 12:35:38 +0100 (Fri, 20 Nov 2009)
New Revision: 5915

Added:
   trunk/openvas-plugins/scripts/bugzilla_37062.nasl
   trunk/openvas-plugins/scripts/cisco_vpn_client_win_37077.nasl
   trunk/openvas-plugins/scripts/cpe_policy.nasl
   trunk/openvas-plugins/scripts/mysql_multiple_vuln.nasl
   trunk/openvas-plugins/scripts/xerver_37064.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/cve_current.txt
Log:
Added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2009-11-20 10:53:06 UTC (rev 5914)
+++ trunk/openvas-plugins/ChangeLog	2009-11-20 11:35:38 UTC (rev 5915)
@@ -1,3 +1,12 @@
+2009-11-20 Michael Meyer <michael.meyer at intevation.de>
+
+	* scripts/cpe_policy.nasl,
+	scripts/cisco_vpn_client_win_37077.nasl,
+	scripts/bugzilla_37062.nasl,
+	scripts/mysql_multiple_vuln.nasl,
+	scripts/xerver_37064.nasl:
+	Added new plugins.
+
 2009-11-20  Chandrashekhar B <bchandra at secpod.com>
 	* scripts/secpod_cowon_jetaudio_detect.nasl,
 	scripts/secpod_ms_ie_dos_vuln_nov09.nasl,

Modified: trunk/openvas-plugins/cve_current.txt
===================================================================
--- trunk/openvas-plugins/cve_current.txt	2009-11-20 10:53:06 UTC (rev 5914)
+++ trunk/openvas-plugins/cve_current.txt	2009-11-20 11:35:38 UTC (rev 5915)
@@ -282,3 +282,8 @@
 CVE-2009-3948                   SecPod          svn             L
 CVE-2009-3978                   SecPod          svn             L
 CVE-2009-3963                   SecPod          svn             R
+37075				Greenbone	svn		R
+37076				Greenbone	svn		R
+37062				Greenbone	svn		R
+37064				Greenbone	svn		R
+37077				Greenbone	svn		L

Added: trunk/openvas-plugins/scripts/bugzilla_37062.nasl
===================================================================
--- trunk/openvas-plugins/scripts/bugzilla_37062.nasl	2009-11-20 10:53:06 UTC (rev 5914)
+++ trunk/openvas-plugins/scripts/bugzilla_37062.nasl	2009-11-20 11:35:38 UTC (rev 5915)
@@ -0,0 +1,92 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Bugzilla Bug Alias Information Disclosure Vulnerability
+#
+# Authors:
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100358);
+ script_bugtraq_id(37062);
+ script_version ("1.0-$Revision$");
+
+ script_name("Bugzilla Bug Alias Information Disclosure Vulnerability");
+
+desc = "Overview:
+Bugzilla is prone to an information-disclosure vulnerability.
+
+The issue may allow attackers to obtain potentially sensitive
+information that may aid in other attacks.
+
+The issue affects the following:
+
+Bugzilla 3.3.2 through 3.4.3 Bugzilla 3.5 through 3.5.1
+
+Solution:
+Updates are available. Please see the references for details.
+
+References:
+http://www.securityfocus.com/bid/37062
+http://www.bugzilla.org
+http://www.bugzilla.org/security/3.4.3/
+
+Risk factor : Low";
+
+ script_description(desc);
+ script_summary("Determine if Bugzilla is prone to an information-disclosure vulnerability");
+ script_category(ACT_GATHER_INFO);
+ script_family("Web application abuses");
+ script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH");
+ script_dependencies("bugzilla_detect.nasl");
+ script_require_ports("Services/www", 80);
+ script_exclude_keys("Settings/disable_cgi_scanning");
+ exit(0);
+}
+
+include("http_func.inc");
+include("version_func.inc");
+
+port = get_http_port(default:80);
+if(!get_port_state(port))exit(0);
+
+if (!can_host_php(port:port)) exit(0);
+
+if(!version = get_kb_item(string("www/", port, "/bugzilla/version")))exit(0);
+
+if(!isnull(version) && version >!< "unknown") {
+
+  if(version =~ "3\.5") {
+    if(version_is_less(version: version, test_version: "3.5.2 ")) {
+     security_warning(port:port);
+     exit(0);
+    }  
+  }
+  else if(version =~ "3\.(3|4)") { 
+    if(version_in_range(version: version, test_version: "3.3.2", test_version2: "3.4.3")) {
+     security_warning(port:port);
+     exit(0);
+    }  
+  }  
+}
+
+exit(0);


Property changes on: trunk/openvas-plugins/scripts/bugzilla_37062.nasl
___________________________________________________________________
Name: svn:keywords
   + Id Revision

Added: trunk/openvas-plugins/scripts/cisco_vpn_client_win_37077.nasl
===================================================================
--- trunk/openvas-plugins/scripts/cisco_vpn_client_win_37077.nasl	2009-11-20 10:53:06 UTC (rev 5914)
+++ trunk/openvas-plugins/scripts/cisco_vpn_client_win_37077.nasl	2009-11-20 11:35:38 UTC (rev 5915)
@@ -0,0 +1,77 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Cisco VPN Client for Windows 'StartServiceCtrlDispatche' Local Denial of Service Vulnerability
+#
+# Authors:
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100357);
+ script_bugtraq_id(37077);
+ script_version ("1.0-$Revision$");
+
+ script_name("Cisco VPN Client for Windows 'StartServiceCtrlDispatche' Local Denial of Service Vulnerability");
+
+desc = "Overview:
+Cisco VPN Client for Windows is prone to a local denial-of-service
+vulnerability.
+
+A local attacker can exploit this issue to crash the application,
+resulting in a denial-of-service condition.
+
+This issue affects Cisco VPN Client for Windows versions prior
+5.0.06.0100.
+
+Solution:
+Vendor updates are available. Please see the references for more
+information.
+
+References:
+http://www.securityfocus.com/bid/37077
+http://www.cisco.com/warp/public/cc/pd/sqsw/vpncl/index.shtml
+http://tools.cisco.com/security/center/viewAlert.x?alertId=19445
+
+Risk factor : Medium";
+
+ script_description(desc);
+ script_summary("Determine if Cisco VPN Client version is < 5.0.06.0100");
+ script_category(ACT_GATHER_INFO);
+ script_family("Denial of Service");
+ script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH");
+ script_dependencies("cisco_vpn_client_detect.nasl");
+ script_require_ports(139, 445);
+ script_require_keys("SMB/login", "SMB/password", "SMB/name", "SMB/transport");
+ exit(0);
+}
+
+include("version_func.inc");
+
+if(!version = get_kb_item("SMB/CiscoVPNClient/Version"))exit(0);
+
+if(version_is_less(version:version, test_version:"5.0.06.0100")){
+  security_warning(0);
+  exit(0);
+}  
+
+exit(0);
+


Property changes on: trunk/openvas-plugins/scripts/cisco_vpn_client_win_37077.nasl
___________________________________________________________________
Name: svn:keywords
   + Id Revision

Added: trunk/openvas-plugins/scripts/cpe_policy.nasl
===================================================================
--- trunk/openvas-plugins/scripts/cpe_policy.nasl	2009-11-20 10:53:06 UTC (rev 5914)
+++ trunk/openvas-plugins/scripts/cpe_policy.nasl	2009-11-20 11:35:38 UTC (rev 5915)
@@ -0,0 +1,176 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# CPE-based Policy Check
+#
+# Authors:
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+# need desc here to modify it later in script.
+desc = "Overview:
+This NVT is running CPE-based Policy Checks.
+
+Risk factor : None";
+
+if (description)
+{
+ script_id(100353);
+ script_version ("1.0-$Revision$");
+
+ script_name("CPE-based Policy Check");
+ script_description(desc);
+ script_summary("CPE-based Policy Check");
+ script_category(ACT_END);
+ script_family("General");
+
+ script_add_preference(name: "Single CPE", value: "cpe:/", type: "entry");
+ script_add_preference(name: "CPE List", value: "", type: "file");
+ script_add_preference(name: "Severity", type:"radio", value:"High;Medium;Low");
+ script_add_preference(name: "Severity upon", type:"radio", value:"present;missing");
+
+ script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH");
+ script_dependencies("cpe_inventory.nasl");
+ exit(0);
+}
+
+cpes = get_kb_list("cpe:/*");
+if(isnull(cpes))exit(0);
+
+severity      = script_get_preference("Severity");
+severity_upon = script_get_preference("Severity upon");
+single_cpe    = script_get_preference("Single CPE");
+
+if(!single_cpe || strlen(single_cpe) < 6) {
+ cpes_list = script_get_preference_file_content("CPE List");
+ if(!cpes_list)exit(0);
+ 
+ mycpes_split = split(cpes_list, sep:'\n', keep:0); # expecting entrys seperated by \n
+ mycpes = make_list();
+
+ i = 0;
+ foreach mcpe (mycpes_split) {
+   if(ereg(pattern:"^cpe:/.*", string: mcpe)) {
+      mycpes[i] = mcpe;
+      i++;
+   }
+ }
+} 
+else
+{
+    mycpes = make_list(single_cpe);
+}
+
+if(!mycpes)exit(0);
+
+running = TRUE;
+
+if(severity_upon == "present") {
+  foreach cpe (keys(cpes)) {
+    foreach mycpe (mycpes) { 
+      if(strlen(cpe) >= strlen(mycpe)) {
+        if(ereg(pattern: mycpe, string: cpe)) { 
+          matches += string(mycpe,"|",cpe,"\n"); 
+          reporting = TRUE;
+        }
+      } 
+      else
+      {
+        if(ereg(pattern: cpe, string: mycpe)) {
+          pmatches += string(mycpe,"|",cpe,"\n");
+          reporting = TRUE;
+        }
+      }  
+    } 
+  }  
+} 
+else if(severity_upon == "missing") {
+  foreach mycpe (mycpes) {
+    found = FALSE;
+      foreach cpe (keys(cpes)) {
+        if(!ereg(pattern: "^"+mycpe, string: cpe) && found == FALSE) { 
+          found = FALSE;
+        } else {
+          found = TRUE;
+       }
+      }
+     if(!found) { 
+       matches += string(mycpe,"\n");
+       reporting = TRUE;
+     }
+  } 
+}  
+
+if(reporting) {
+
+  if(severity_upon == "present") {
+    if(matches) {
+      report += string("The following CPEs have been detected on the remote Host\n\nPolicy-CPE|Detected-CPE\n");
+      report += matches;
+    } 
+
+    if(pmatches) {
+      report += string("\nThe following CPEs *may* have been detected on the remote Host\n\nPolicy-CPE|Detected-CPE\n");
+      report += pmatches;
+    }
+  }
+
+  if(severity_upon == "missing") {
+    if(matches) {
+      report = string("The following CPEs are missing on the remote Host\n\n");
+      report += matches;
+    }
+  }
+
+ report += string("\nFor further information see http://cpe.mitre.org/\n\nRisk factor : ",severity,"\n"); 
+ # port 0 == general/tcp in Client. Maybe port 445 is bettter?
+ port = 0;
+
+ if(severity == "Low") {
+   security_note(port:port,data:report);
+   exit(0);
+ } 
+ else if(severity == "Medium") {
+   security_warning(port:port,data:report);
+   exit(0); 
+ }
+ else if(severity == "High") {
+   security_hole(port:port,data:report);
+   exit(0);
+ }
+} else {
+
+  if(running) {
+
+    if(severity_upon == "present") {
+      message = string("None of the requested CPEs was found on the remote host\n");
+    }  
+    else if(severity_upon == "missing") {
+      message = string("None of the requested CPEs are missing on the remote host\n"); 
+    }  
+
+    if(message)log_message(port:port,data:message);
+
+  }  
+}  
+
+exit(0);
+
+


Property changes on: trunk/openvas-plugins/scripts/cpe_policy.nasl
___________________________________________________________________
Name: svn:keywords
   + Id Revision

Added: trunk/openvas-plugins/scripts/mysql_multiple_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/mysql_multiple_vuln.nasl	2009-11-20 10:53:06 UTC (rev 5914)
+++ trunk/openvas-plugins/scripts/mysql_multiple_vuln.nasl	2009-11-20 11:35:38 UTC (rev 5915)
@@ -0,0 +1,88 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# MySQL multiple Vulnerabilities
+#
+# Authors:
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100356);
+ script_bugtraq_id(37075,37076);
+ script_version ("1.0-$Revision$");
+
+ script_name("MySQL multiple Vulnerabilities");
+
+desc = "Overview:
+MySQL is prone to a security-bypass vulnerability and to to a local
+privilege-escalation vulnerability.
+
+An attacker can exploit the security-bypass issue to bypass certain
+security restrictions and obtain sensitive information that may lead
+to further attacks.
+
+Local attackers can exploit the local privilege-escalation issue to
+gain elevated privileges on the affected computer.
+
+Versions prior to MySQL 5.1.41 are vulnerable.
+
+Solution:
+Updates are available. Please see the references for details.
+
+References:
+http://www.securityfocus.com/bid/37076
+http://www.securityfocus.com/bid/37075
+http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html
+http://www.mysql.com/
+
+Risk factor : Medium";
+
+ script_description(desc);
+ script_summary("Determine if MySQL is prone to multiple Vulnerabilities");
+ script_category(ACT_GATHER_INFO);
+ script_family("Databases");
+ script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH");
+ script_dependencies("mysql_version.nasl");
+ script_require_ports("Services/mysql", 3306);
+ exit(0);
+}
+
+include("version_func.inc");
+include("misc_func.inc");
+
+port = get_kb_item("Services/mysql");
+if(!port)exit(0);
+if(!get_tcp_port_state(port))exit(0);
+
+if(!ver = get_mysql_version(port:port))exit(0);
+ver = eregmatch(pattern:"[0-9.]+", string: ver);
+
+if(isnull(ver[0]))exit(0);
+
+if(ver[0] =~ "5\.") {
+  if(version_is_less(version:ver[0], test_version:"5.1.41") ) {
+    security_warning(port:port);
+    exit(0);
+  }
+}
+
+exit(0);


Property changes on: trunk/openvas-plugins/scripts/mysql_multiple_vuln.nasl
___________________________________________________________________
Name: svn:keywords
   + Id Revision

Added: trunk/openvas-plugins/scripts/xerver_37064.nasl
===================================================================
--- trunk/openvas-plugins/scripts/xerver_37064.nasl	2009-11-20 10:53:06 UTC (rev 5914)
+++ trunk/openvas-plugins/scripts/xerver_37064.nasl	2009-11-20 11:35:38 UTC (rev 5915)
@@ -0,0 +1,82 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Xerver HTTP Response Splitting Vulnerability
+#
+# Authors:
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100355);
+ script_bugtraq_id(37064);
+ script_version ("1.0-$Revision$");
+
+ script_name("Xerver HTTP Response Splitting Vulnerability");
+
+desc = "Overview:
+Xerver is prone to an HTTP response-splitting vulnerability because it
+fails to sufficiently sanitize user-supplied data.
+
+Attackers can leverage this issue to influence or misrepresent how web
+content is served, cached, or interpreted. This could aid in various
+attacks that try to entice client users into a false sense of trust.
+
+The issue affects Xerver 4.31 and 4.32; other versions may also
+be affected.
+
+References:
+http://www.securityfocus.com/bid/37064
+http://www.javascript.nu/xerver/
+
+Risk factor : Medium";
+
+ script_description(desc);
+ script_summary("Determine if Xerver version is 4.31 or 4.32");
+ script_category(ACT_GATHER_INFO);
+ script_family("Web Servers");
+ script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH");
+ script_dependencies("gb_xerver_http_server_detect.nasl");
+ script_require_ports("Services/www", 80);
+ exit(0);
+}
+
+     
+include("http_func.inc");
+include("version_func.inc");
+
+port = get_http_port(default:80);
+if(!get_port_state(port))exit(0);
+
+if(!vers = get_kb_item(string("www/", port, "/Xerver")))exit(0);
+
+if(!isnull(vers) && vers >!< "unknown") {
+
+  if(version_is_equal(version: vers, test_version: "4.31") || 
+     version_is_equal(version: vers, test_version: "4.32")) {
+      security_warning(port:port);
+      exit(0);
+  }
+
+}
+
+exit(0);
+


Property changes on: trunk/openvas-plugins/scripts/xerver_37064.nasl
___________________________________________________________________
Name: svn:keywords
   + Id Revision

More information about the Openvas-commits mailing list