[Openvas-commits] r5384 - trunk/openvas-plugins/scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Tue Oct 6 08:02:08 CEST 2009


Author: timb
Date: 2009-10-06 08:02:06 +0200 (Tue, 06 Oct 2009)
New Revision: 5384

Modified:
   trunk/openvas-plugins/scripts/checkpoint-vpn1-pat-information-disclosure.nasl
   trunk/openvas-plugins/scripts/ike-scan.nasl
Log:
Tidied up plugins


Modified: trunk/openvas-plugins/scripts/checkpoint-vpn1-pat-information-disclosure.nasl
===================================================================
--- trunk/openvas-plugins/scripts/checkpoint-vpn1-pat-information-disclosure.nasl	2009-10-06 05:51:06 UTC (rev 5383)
+++ trunk/openvas-plugins/scripts/checkpoint-vpn1-pat-information-disclosure.nasl	2009-10-06 06:02:06 UTC (rev 5384)
@@ -26,7 +26,13 @@
 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 
-desc = "Checkpoint VPN-1 PAT information disclosure
+if (description)
+{
+	script_id(80096);
+	script_cve_id("CVE-2008-5849");
+	name = "Checkpoint VPN-1 PAT information disclosure";
+	script_name(name);
+	desc = "Checkpoint VPN-1 PAT information disclosure
 
 By sending crafted packets to ports on the firewall which are mapped by port address translation (PAT) to ports on internal devices, information about the internal network may be disclosed in the resulting ICMP error packets. Port 18264/tcp on the firewall is typically configured in such a manner, with packets to this port being rewritten to reach the firewall management server.  For example, the firewall fails to correctly sanitise the encapsulated IP headers in ICMP time-to-live exceeded packets resulting in internal IP addresses being disclosed.
 
@@ -49,13 +55,6 @@
 where this vulnerability is reported.
 
 Risk factor: Low";
-
-if (description)
-{
-	script_id(80096);
-	script_cve_id("CVE-2008-5849");
-	name = "Checkpoint VPN-1 PAT information disclosure";
-	script_name(name);
 	script_description(desc);
 	summary = "Determines whether Checkpoint VPN-1 is disclosing information about the internal network via PAT";
 	script_summary(summary);

Modified: trunk/openvas-plugins/scripts/ike-scan.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ike-scan.nasl	2009-10-06 05:51:06 UTC (rev 5383)
+++ trunk/openvas-plugins/scripts/ike-scan.nasl	2009-10-06 06:02:06 UTC (rev 5384)
@@ -49,9 +49,9 @@
 	script_name(name);
 	desc = "ike-scan (NASL wrapper)
 
-	This plugin runs ike-scan to identify IPSEC VPN endpoints.  It will attempt to enumerate supported cipher suites, bruteforce valid groupnames and fingerprint any endpoint identified.
+This plugin runs ike-scan to identify IPSEC VPN endpoints.  It will attempt to enumerate supported cipher suites, bruteforce valid groupnames and fingerprint any endpoint identified.
 
-	See the section 'plugins options' to configure it";
+See the section 'plugins options' to configure it";
 	script_description(desc);
 	summary = "Identifies IPSEC VPN endpoints";
 	script_summary(summary);



More information about the Openvas-commits mailing list