[Openvas-commits] r5379 - in trunk/openvas-plugins: . scripts

Tue Oct 6 07:21:20 CEST 2009

Author: chandra
Date: 2009-10-06 07:21:15 +0200 (Tue, 06 Oct 2009)
New Revision: 5379

Added:
   trunk/openvas-plugins/scripts/gb_adobe_acrobat_pdf_dos_vuln.nasl
   trunk/openvas-plugins/scripts/gb_cpcreator_detect.nasl
   trunk/openvas-plugins/scripts/gb_cpcreator_sql_inj_vuln.nasl
   trunk/openvas-plugins/scripts/gb_google_chrome_sec_bypass_vuln_oct09.nasl
   trunk/openvas-plugins/scripts/gb_ibm_db2_mult_vuln_lin_oct09.nasl
   trunk/openvas-plugins/scripts/gb_ibm_db2_mult_vuln_win_oct09.nasl
   trunk/openvas-plugins/scripts/gb_ibm_db2_unspesified_vuln_lin.nasl
   trunk/openvas-plugins/scripts/gb_ibm_db2_unspesified_vuln_win.nasl
   trunk/openvas-plugins/scripts/gb_ms_ie_ssl_certi_sec_bypass_vuln_oct09.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/cve_current.txt
Log:
Added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================

--- trunk/openvas-plugins/ChangeLog	2009-10-06 00:49:40 UTC (rev 5378)
+++ trunk/openvas-plugins/ChangeLog	2009-10-06 05:21:15 UTC (rev 5379)
@@ -1,3 +1,16 @@
+2009-10-06  Chandrashekhar B <bchandra at secpod.com>
+
+	* scripts/gb_ibm_db2_unspesified_vuln_win.nasl,
+	scripts/gb_google_chrome_sec_bypass_vuln_oct09.nasl,
+	scripts/gb_cpcreator_detect.nasl,
+	scripts/gb_cpcreator_sql_inj_vuln.nasl,
+	scripts/gb_ibm_db2_unspesified_vuln_lin.nasl,
+	scripts/gb_ms_ie_ssl_certi_sec_bypass_vuln_oct09.nasl,
+	scripts/gb_ibm_db2_mult_vuln_win_oct09.nasl,
+	scripts/gb_ibm_db2_mult_vuln_lin_oct09.nasl,
+	scripts/gb_adobe_acrobat_pdf_dos_vuln.nasl:
+	Added new plugins.
+
 2009-10-05  Thomas Reinke <reinke at securityspace.com>
 
 	*scripts/deb_1896_1.nasl,

Modified: trunk/openvas-plugins/cve_current.txt
===================================================================
--- trunk/openvas-plugins/cve_current.txt	2009-10-06 00:49:40 UTC (rev 5378)
+++ trunk/openvas-plugins/cve_current.txt	2009-10-06 05:21:15 UTC (rev 5379)
@@ -72,22 +72,22 @@
 CVE-2009-3293			SecPod		svn		R
 CVE-2009-3328			SecPod
 CVE-2009-3327			SecPod
-CVE-2009-3330			SecPod
-CVE-2009-3369 			SecPod
-CVE-2009-2817 			SecPod		svn		L
+CVE-2009-3330			SecPod		svn		R
+CVE-2009-3369			SecPod
+CVE-2009-2817			SecPod		svn		L
 CVE-2009-3366			SecPod		svn		R
-CVE-2009-3367 			Secpod		svn		R
-CVE-2009-3364 			SecPod		svn		L
-CVE-2009-3340 			SecPod		svn		L
-CVE-2009-3431 			SecPod
-CVE-2009-3444 			SecPod
-CVE-2009-3455 			SecPod
-CVE-2009-3454 			SecPod
-CVE-2009-3456 			SecPod
+CVE-2009-3367			Secpod		svn		R
+CVE-2009-3364			SecPod		svn		L
+CVE-2009-3340			SecPod		svn		L
+CVE-2009-3431			SecPod		svn		L
+CVE-2009-3444			SecPod
+CVE-2009-3455			SecPod
+CVE-2009-3454			SecPod		svn		L
+CVE-2009-3456			SecPod		svn		L
 CVE-2009-3471			SecPod
 CVE-2009-3473			SecPod
-CVE-2009-3472 			SecPod
-CVE-2009-3478 			SecPod
+CVE-2009-3472			SecPod
+CVE-2009-3478			SecPod
 36407                           Greenbone       svn             R
 CVE-2006-5789                   Greenbone       svn             R
 CVE-2009-2629                   Greenbone       svn             R

Added: trunk/openvas-plugins/scripts/gb_adobe_acrobat_pdf_dos_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_adobe_acrobat_pdf_dos_vuln.nasl	2009-10-06 00:49:40 UTC (rev 5378)
+++ trunk/openvas-plugins/scripts/gb_adobe_acrobat_pdf_dos_vuln.nasl	2009-10-06 05:21:15 UTC (rev 5379)
@@ -0,0 +1,84 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_adobe_acrobat_pdf_dos_vuln.nasl 5056 2009-10-05 18:14:26Z oct $
+#
+# Adobe Acrobat PDF File Denial Of Service Vulnerability
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801104);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-3431");
+  script_bugtraq_id(35148);
+  script_name("Adobe Acrobat PDF File Denial Of Service Vulnerability");
+  desc = "
+  Overview: This host has Adobe Acrobat or Adobe Acrobat Reader installed and
+  is prone to Denial of Service vulnerability.
+
+  Vulnerability Insight:
+  A Stack consumption error exists when handling a PDF file containing a large
+  number of '[' characters to the alert method.
+
+  Impact:
+  Successful attacks results in Denial of Service.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Adobe Acrobat version 9.1.1 and prior on Windows.
+
+  Fix: No solution or patch is available as on 05th October, 2009. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://www.adobe.com/products/acrobat/?promoid=BPDDU
+
+  References:
+  http://www.security-database.com/detail.php?alert=CVE-2009-3431
+
+  CVSS Score:
+    CVSS Base Score     : 5.0 (AV:N/AC:L/Au:NR/C:N/I:N/A:P)
+    CVSS Temporal Score : 4.5
+  Risk factor: Medium";
+
+  script_description(desc);
+  script_summary("Check for the version of Adobe Acrobat");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Intevation GmbH");
+  script_family("Denial of Service");
+  script_dependencies("secpod_adobe_prdts_detect_win.nasl");
+  script_require_keys("Adobe/Acrobat/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+# Check for Adobe Acrobat version <= 9.1.1
+acrobatVer = get_kb_item("Adobe/Acrobat/Win/Ver");
+if(acrobatVer)
+{
+  if(version_is_less_equal(version:acrobatVer, test_version:"9.1.1"))
+  {
+    security_warning(0);
+    exit(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_adobe_acrobat_pdf_dos_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_cpcreator_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_cpcreator_detect.nasl	2009-10-06 00:49:40 UTC (rev 5378)
+++ trunk/openvas-plugins/scripts/gb_cpcreator_detect.nasl	2009-10-06 05:21:15 UTC (rev 5379)
@@ -0,0 +1,68 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_cpcreator_detect.nasl 4962 2009-10-05 16:25:36Z oct $
+#
+# cP Creator Version Detection
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801005);
+  script_version("$Revision: 1.0$");
+  script_name("cP Creator Version Detection");
+  desc = "
+  Overview: This script finds the installed cP Creator version and saves
+  the result in KB.
+
+  Risk factor: Informational";
+
+  script_description(desc);
+  script_summary("Set the version of cP Creator in KB");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Intevation GmbH");
+  script_family("Service detection");
+  script_dependencies("find_service.nes");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("http_func.inc");
+
+cpcreatPort = get_http_port(default:80);
+if(!cpcreatPort){
+  exit(0);
+}
+
+foreach path (make_list("/", "/cPcreator", "/cp", cgi_dirs()))
+{
+  sndReq = http_get(item:string(path, "/index.php"), port:cpcreatPort);
+  rcvRes = http_send_recv(port:cpcreatPort, data:sndReq);
+  if("cP Creator" >< rcvRes)
+  {
+    cpcreatVer = eregmatch(pattern:"[V|v]([0-9.]+)", string:rcvRes);
+    if(cpcreatVer[1] != NULL){
+      set_kb_item(name:"www/" + cpcreatPort + "/cPCreator",
+                  value:cpcreatVer[1] + " under " + path);
+    }
+  }
+}

Added: trunk/openvas-plugins/scripts/gb_cpcreator_sql_inj_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_cpcreator_sql_inj_vuln.nasl	2009-10-06 00:49:40 UTC (rev 5378)
+++ trunk/openvas-plugins/scripts/gb_cpcreator_sql_inj_vuln.nasl	2009-10-06 05:21:15 UTC (rev 5379)
@@ -0,0 +1,95 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_cpcreator_sql_inj_vuln.nasl 4962 2009-10-05 15:11:27Z oct $
+#
+# cP Creator 'tickets' Cookie SQL Injection Vulnerability
+#
+# Authors:
+# Antu Sanadi<santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801006);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-3330");
+  script_name("cP Creator 'tickets' Cookie SQL Injection Vulnerability");
+  desc ="
+  Overview: The host is running cP Creator and is prone to SQL Injection
+  Vulnerability
+
+  Vulnerability Insight:
+  Input passed to the 'tickets' cookie in index.php (if 'page' is set to
+  'support' and 'task' is set to 'ticket') is not properly sanitised before
+  being used in SQL queries.
+
+  Impact:
+  Successful exploitation could allow remote attackers to conduct SQL injection
+  attacks.
+
+  Impact Level: Application.
+
+  Affected Software/OS:
+  cP Creator Version 2.7.1 and prior.
+
+  Fix:
+  No solution or patch is available as on 05th October, 2009. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://www.cpcreator.com/download.php
+
+  References:
+  http://secunia.com/advisories/36815
+  http://www.milw0rm.com/exploits/9726
+
+  CVSS Score:
+   CVSS Base Score      : 6.8 (AV:N/AC:M/Au:NR/C:P/I:P/A:P)
+   CVSS Temporal Score  : 6.1
+  Risk factor: High";
+
+  script_description(desc);
+  script_summary("Check for the version cP Creator");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) Intevation GmbH");
+  script_dependencies("gb_cpcreator_detect.nasl");
+  script_family("Web application abuses");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+cpcreatPort = get_http_port(default:80);
+if(!cpcreatPort){
+  exit(0);
+}
+
+cpcreatVer = get_kb_item("www/" + cpcreatPort + "/cPCreator");
+if(!cpcreatVer){
+  exit(0);
+}
+
+cpcreatVer = eregmatch(pattern:"^(.+) under (/.*)$", string:cpcreatVer);
+if(cpcreatVer[1] != NULL)
+{
+  if(version_is_less_equal(version:cpcreatVer[1], test_version:"2.7.1")){
+    security_hole(cpcreatPort);
+  }
+}

Added: trunk/openvas-plugins/scripts/gb_google_chrome_sec_bypass_vuln_oct09.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_google_chrome_sec_bypass_vuln_oct09.nasl	2009-10-06 00:49:40 UTC (rev 5378)
+++ trunk/openvas-plugins/scripts/gb_google_chrome_sec_bypass_vuln_oct09.nasl	2009-10-06 05:21:15 UTC (rev 5379)
@@ -0,0 +1,86 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_google_chrome_sec_bypass_vuln_oct09.nasl 5092 2009-10-05 21:33:26Z oct $
+#
+# Google Chrome CA SSL Certificate Security Bypass Vulnerability - Oct09
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801108);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-3456");
+  script_bugtraq_id(36479);
+  script_name("Google Chrome CA SSL Certificate Security Bypass Vulnerability - Oct09");
+  desc = "
+  Overview: This host is installed with Google Chrome Web Browser and is prone
+  to Security Bypass vulnerability.
+
+  Vulnerability Insight:
+  Google Chrome fails to properly validate '\0' character in the domain name
+  in a signed CA certificate, allowing attackers to substitute malicious SSL
+  certificates for trusted ones.
+
+  Impact:
+  Successfully exploitation will let the attackers to perform man-in-the-middle
+  attacks or impersonate trusted servers, which will aid in further attack.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Google Chrome version 3.0.193.21 and prior on Windows.
+
+  Fix:
+  No solution or patch is available as on  05th October, 2009. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://www.google.com/chrome
+
+  References:
+  http://en.securitylab.ru/nvd/386075.php
+
+  CVSS Score:
+    CVSS Base Score     : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P)
+    CVSS Temporal Score : 6.4
+  Risk factor: High";
+
+  script_description(desc);
+  script_summary("Check for the version of Google Chrome");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Intevation GmbH");
+  script_family("General");
+  script_dependencies("gb_google_chrome_detect_win.nasl");
+  script_require_keys("GoogleChrome/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+chromeVer = get_kb_item("GoogleChrome/Win/Ver");
+if(isnull(chromeVer)){
+  exit(0);
+}
+
+# Check for Google Chrome Version <= 3.0.195.21
+if(version_is_less_equal(version:chromeVer, test_version:"3.0.195.21")){
+  security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_google_chrome_sec_bypass_vuln_oct09.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_ibm_db2_mult_vuln_lin_oct09.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ibm_db2_mult_vuln_lin_oct09.nasl	2009-10-06 00:49:40 UTC (rev 5378)
+++ trunk/openvas-plugins/scripts/gb_ibm_db2_mult_vuln_lin_oct09.nasl	2009-10-06 05:21:15 UTC (rev 5379)
@@ -0,0 +1,91 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_ibm_db2_mult_vuln_lin_oct09.nasl 5093 2009-10-05 16:03:51Z oct $
+#
+# IBM DB2 Multiple Vulnerabilities - Oct09 (Linux)
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801001);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-3471", "CVE-2009-3472");
+  script_bugtraq_id(36540);
+  script_name("IBM DB2 Multiple Vulnerabilities - Oct09 (Linux)");
+
+  desc = "
+  Overview: The host is installed with IBM DB2 and is prone to multiple
+  vulnerabilities.
+
+  Vulnerability Insight:
+  - An unspecified error exists related to a table function when the definer
+    loses required privileges.
+  - An unspecified error can be exploited to insert, update, or delete rows in
+    a table without having required privileges.
+
+  Impact: Unknow impact.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  IBM DB2 version 8 prior to Fixpak 18
+  IBM DB2 version 9.1 prior to Fixpak 8
+  IBM DB2 version 9.5 prior to Fixpak 4
+
+  Fix:Update DB2 8 Fixpak 18 or 9.1 Fixpak 8 or 9.5 Fixpak 4 or later.
+  http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg27007053
+
+  References:
+  http://secunia.com/advisories/36890
+  http://www-01.ibm.com/support/docview.wss?uid=swg21403619
+  http://www-01.ibm.com/support/docview.wss?uid=swg21386689
+
+  CVSS Score:
+    CVSS Base Score      : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P)
+    CVSS Temporal Score  : 5.5
+  Risk factor: High";
+
+  script_description(desc);
+  script_summary("Check for the version of IBM DB2");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Intevation GmbH");
+  script_family("General");
+  script_dependencies("secpod_ibm_db2_detect_linux_900217.nasl");
+  script_require_keys("Linux/IBM-db2/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+ibmVer = get_kb_item("Linux/IBM-db2/Ver");
+if(!ibmVer){
+  exit(0);
+}
+
+# Check for IBM DB2 version 8 before FP18, 9.1 before FP8, 9.5 before FP4
+# 9.1 FP8 =>9.1.0.8, 9.5 FP4 =>9.5.0.4, 8 FP18 =>8.1.18
+if(version_in_range(version:ibmVer, test_version:"8.0", test_version2:"8.1.17")||
+   version_in_range(version:ibmVer, test_version:"9.1", test_version2:"9.1.0.7")||
+   version_in_range(version:ibmVer, test_version:"9.5", test_version2:"9.5.0.3")){
+  security_hole(0);
+}

Added: trunk/openvas-plugins/scripts/gb_ibm_db2_mult_vuln_win_oct09.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ibm_db2_mult_vuln_win_oct09.nasl	2009-10-06 00:49:40 UTC (rev 5378)
+++ trunk/openvas-plugins/scripts/gb_ibm_db2_mult_vuln_win_oct09.nasl	2009-10-06 05:21:15 UTC (rev 5379)
@@ -0,0 +1,91 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_ibm_db2_mult_vuln_win_oct09.nasl 5093 2009-10-05 15:11:27Z oct $
+#
+# IBM DB2 Multiple Vulnerabilities - Oct09 (Win)
+#
+# Authors:
+# Antu Sanadi<santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801009);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-3471", "CVE-2009-3472");
+  script_bugtraq_id(36540);
+  script_name("IBM DB2 Multiple Vulnerabilities - Oct09 (Win)");
+
+  desc = "
+  Overview: The host is installed with IBM DB2 and is prone to multiple
+  vulnerabilities.
+
+  Vulnerability Insight:
+  - An unspecified error exists related to a table function when the definer
+    loses required privileges.
+  - An unspecified error can be exploited to insert, update, or delete rows in
+    a table without having required privileges.
+
+  Impact: Unknow impact.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  IBM DB2 version 8 prior to Fixpak 18
+  IBM DB2 version 9.1 prior to Fixpak 8
+  IBM DB2 version 9.5 prior to Fixpak 4
+
+  Fix:Update DB2 8 Fixpak 18 or 9.1 Fixpak 8 or 9.5 Fixpak 4 or later.
+  http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg27007053
+
+  References:
+  http://secunia.com/advisories/36890
+  http://www-01.ibm.com/support/docview.wss?uid=swg21403619
+  http://www-01.ibm.com/support/docview.wss?uid=swg21386689
+
+  CVSS Score:
+    CVSS Base Score      : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P)
+    CVSS Temporal Score  : 5.5
+  Risk factor: High";
+
+  script_description(desc);
+  script_summary("Check for the version of IBM DB2");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Intevation GmbH");
+  script_family("General");
+  script_dependencies("secpod_ibm_db2_detect_win_900218.nasl");
+  script_require_keys("Win/IBM-db2/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+ibmVer = get_kb_item("Win/IBM-db2/Ver");
+if(!ibmVer){
+  exit(0);
+}
+
+# Check for IBM DB2 version 8 before FP18, 9.1 before FP8, 9.5 before FP4
+# 9.1 FP8 => 9.1.800.1023, 9.5 FP4 => 9.5.400.576, 8 FP18 =>8.1.18
+if(version_in_range(version:ibmVer, test_version:"8.0", test_version2:"8.1.17")||
+   version_in_range(version:ibmVer, test_version:"9.1", test_version2:"9.1.800.1022")||
+   version_in_range(version:ibmVer, test_version:"9.5", test_version2:"9.5.400.575")){
+  security_hole(0);
+}

Added: trunk/openvas-plugins/scripts/gb_ibm_db2_unspesified_vuln_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ibm_db2_unspesified_vuln_lin.nasl	2009-10-06 00:49:40 UTC (rev 5378)
+++ trunk/openvas-plugins/scripts/gb_ibm_db2_unspesified_vuln_lin.nasl	2009-10-06 05:21:15 UTC (rev 5379)
@@ -0,0 +1,85 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_ibm_db2_unspesified_vuln_lin.nasl 5093 2009-10-05 18:11:27Z oct $
+#
+# IBM DB2 Unspecified Vulnerability (Linux)
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801003);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-3473");
+  script_name("IBM DB2 Unspecified Vulnerability (Linux)");
+  desc = "
+  Overview: The host is installed with IBM DB2 and is prone to unspecified
+  vulnerability.
+
+  Vulnerability Insight:
+  An unspecified error in the handling of 'SET SESSION AUTHORIZATION'
+  statements that can be exploited to execute the statement without having
+  the required privileges.
+
+  Impact: Unknow impact.
+
+  Impact Level: System/Application.
+
+  Affected Software/OS:
+  IBM DB2 version 9.1 prior to Fixpak 8
+
+  Fix:Update DB2 9.1 Fixpak 8 or later.
+  http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg27007053
+
+  References:
+  http://secunia.com/advisories/36890
+  http://www-01.ibm.com/support/docview.wss?uid=swg21403619
+  http://www-01.ibm.com/support/docview.wss?uid=swg21386689
+
+  CVSS Score:
+    CVSS Base Score      : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score  : 7.4
+  Risk factor: High";
+
+  script_description(desc);
+  script_summary("Check for the version of IBM DB2");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Intevation GmbH");
+  script_family("General");
+  script_dependencies("secpod_ibm_db2_detect_linux_900217.nasl");
+  script_require_keys("Linux/IBM-db2/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+ibmVer = get_kb_item("Linux/IBM-db2/Ver");
+if(!ibmVer){
+  exit(0);
+}
+
+# Check for IBM DB2 Products Version 9.1 before FP8
+# IBM DB2 9.1 FP8 =>9.1.0.8
+if(version_in_range(version:ibmVer, test_version:"9.1",
+                                    test_version2:"9.1.0.7")){
+  security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_ibm_db2_unspesified_vuln_lin.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_ibm_db2_unspesified_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ibm_db2_unspesified_vuln_win.nasl	2009-10-06 00:49:40 UTC (rev 5378)
+++ trunk/openvas-plugins/scripts/gb_ibm_db2_unspesified_vuln_win.nasl	2009-10-06 05:21:15 UTC (rev 5379)
@@ -0,0 +1,85 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_ibm_db2_unspesified_vuln_win.nasl 5093 2009-10-05 17:11:27Z oct $
+#
+# IBM DB2 Unspecified Vulnerability (Win)
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801002);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-3473");
+  script_name("IBM DB2 Unspecified Vulnerability (Win)");
+  desc = "
+  Overview: The host is installed with IBM DB2 and is prone to unspecified
+  vulnerability.
+
+  Vulnerability Insight:
+  An unspecified error in the handling of 'SET SESSION AUTHORIZATION'
+  statements that can be exploited to execute the statement without having
+  the required privileges.
+
+  Impact: Unknown impact.
+
+  Impact Level: System/Application.
+
+  Affected Software/OS:
+  IBM DB2 version 9.1 prior to Fixpak 8
+
+  Fix:Update DB2 9.1 Fixpak 8 or later.
+  http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg27007053
+
+  References:
+  http://secunia.com/advisories/36890
+  http://www-01.ibm.com/support/docview.wss?uid=swg21403619
+  http://www-01.ibm.com/support/docview.wss?uid=swg21386689
+
+  CVSS Score:
+    CVSS Base Score      : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score  : 7.4
+  Risk factor: High";
+
+  script_description(desc);
+  script_summary("Check for the version of IBM DB2");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Intevation GmbH");
+  script_family("General");
+  script_dependencies("secpod_ibm_db2_detect_win_900218.nasl");
+  script_require_keys("Win/IBM-db2/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+ibmVer = get_kb_item("Win/IBM-db2/Ver");
+if(!ibmVer){
+  exit(0);
+}
+
+# Check for IBM DB2 Products Version 9.1 before FP8
+# IBM DB2 9.1 FP8 => 9.1.800.1023
+if(version_in_range(version:ibmVer, test_version:"9.1",
+                                    test_version2:"9.1.800.1022")){
+  security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_ibm_db2_unspesified_vuln_win.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_ms_ie_ssl_certi_sec_bypass_vuln_oct09.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ms_ie_ssl_certi_sec_bypass_vuln_oct09.nasl	2009-10-06 00:49:40 UTC (rev 5378)
+++ trunk/openvas-plugins/scripts/gb_ms_ie_ssl_certi_sec_bypass_vuln_oct09.nasl	2009-10-06 05:21:15 UTC (rev 5379)
@@ -0,0 +1,87 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_ms_ie_ssl_certi_sec_bypass_vuln_oct09.nasl 5091 2009-10-05 21:51:26Z oct $
+#
+# Microsoft IE CA SSL Certificate Security Bypass Vulnerability - Oct09
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801109);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-3454");
+  script_bugtraq_id(36475);
+  script_name("Microsoft IE CA SSL Certificate Security Bypass Vulnerability - Oct09");
+  desc = "
+  Overview: This host is installed with Internet Explorer and is prone to
+  Security Bypass vulnerability.
+
+  Vulnerability Insight:
+  Microsoft Internet Explorer fails to properly validate '\0' character in the
+  domain name in a signed CA certificate, allowing attackers to substitute
+  malicious SSL certificates for trusted ones.
+
+  Impact:
+  Successful exploitation will let the attackers to perform man-in-the-middle
+  attacks or impersonate trusted servers, which will aid in further attack.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Microsoft IE version 6.x/7.x/8.x
+
+  Fix: No solution or patch is available as on 05th October, 2009. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://www.google.com/chrome
+
+  References:
+  http://www.wired.com/threatlevel/2009/07/kaminsky/
+  http://www.networkworld.com/news/2009/073009-more-holes-found-in-webs.html
+  http://www.networkworld.com/news/2009/091709-microsoft-ie-security-hole.html
+
+  CVSS Score:
+    CVSS Base Score     : 6.8 (AV:N/AC:M/Au:NR/C:P/I:P/A:P)
+    CVSS Temporal Score : 5.8
+  Risk factor: High";
+
+  script_description(desc);
+  script_summary("Check for the version of Google Chrome");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Intevation GmbH");
+  script_family("General");
+  script_dependencies("gb_ms_ie_detect.nasl");
+  script_require_keys("MS/IE/Version");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+ieVer = get_kb_item("MS/IE/Version");
+if(isnull(ieVer)){
+  exit(0);
+}
+
+# Check for IE version 6.x or 7.x or 8.x
+if(ieVer =~ "^(6|7|8)\..*"){
+  security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_ms_ie_ssl_certi_sec_bypass_vuln_oct09.nasl
___________________________________________________________________
Name: svn:executable
   + *

