[Openvas-commits] r5482 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Mon Oct 12 07:28:04 CEST 2009


Author: chandra
Date: 2009-10-12 07:28:01 +0200 (Mon, 12 Oct 2009)
New Revision: 5482

Added:
   trunk/openvas-plugins/scripts/gb_ibm_install_manager_arg_inj_vuln_win.nasl
   trunk/openvas-plugins/scripts/gb_ibm_install_manager_detect_win.nasl
   trunk/openvas-plugins/scripts/gb_logrover_sql_inj_vuln.nasl
   trunk/openvas-plugins/scripts/gb_mrbs_detect.nasl
   trunk/openvas-plugins/scripts/gb_mrbs_sql_inj_vuln.nasl
   trunk/openvas-plugins/scripts/gb_openoffice_mult_vuln_oct09.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/cve_current.txt
Log:
Added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2009-10-11 21:12:53 UTC (rev 5481)
+++ trunk/openvas-plugins/ChangeLog	2009-10-12 05:28:01 UTC (rev 5482)
@@ -1,3 +1,13 @@
+2009-10-12  Chandrashekhar B <bchandra at secpod.com>
+
+	* scripts/gb_logrover_sql_inj_vuln.nasl,
+	scripts/gb_ibm_install_manager_detect_win.nasl,
+	scripts/gb_openoffice_mult_vuln_oct09.nasl,
+	scripts/gb_mrbs_detect.nasl,
+	scripts/gb_ibm_install_manager_arg_inj_vuln_win.nasl,
+	scripts/gb_mrbs_sql_inj_vuln.nasl:
+	Added new plugins.
+
 2009-10-11  Thomas Reinke <reinke at securityspace.com>
 
 	* scripts/sles11_MozillaFirefox.nasl,

Modified: trunk/openvas-plugins/cve_current.txt
===================================================================
--- trunk/openvas-plugins/cve_current.txt	2009-10-11 21:12:53 UTC (rev 5481)
+++ trunk/openvas-plugins/cve_current.txt	2009-10-12 05:28:01 UTC (rev 5482)
@@ -105,16 +105,16 @@
 CVE-2009-3523			SecPod		svn		L
 CVE-2009-3522			SecPod		svn		L
 CVE-2009-3524			SecPod		svn		L
-CVE-2009-3518			SecPod
+CVE-2009-3518			SecPod		svn		L
 CVE-2009-3510			SecPod
 CVE-2009-3541			SecPod		svn		R
 CVE-2009-3484			SecPod
 36543				Greenbone	svn		R
 36391				Greenbone	svn		R
 CVE-2009-3545			SecPod
-CVE-2009-3571			SecPod
-CVE-2009-3570			SecPod
-CVE-2009-3569			SecPod
+CVE-2009-3571			SecPod		svn		L
+CVE-2009-3570			SecPod		svn		L
+CVE-2009-3569			SecPod		svn		L
 CVE-2009-3544			SecPod
 CVE-2009-3562			SecPod
 CVE-2009-3561			SecPod
@@ -122,3 +122,5 @@
 36610				Greenbone	svn		R
 36608				Greenbone	svn		R
 CVE-2009-3445			Greenbone	svn		R
+CVE-2009-3532			SecPod		svn		R
+CVE-2009-3533			SecPod		svn		R

Added: trunk/openvas-plugins/scripts/gb_ibm_install_manager_arg_inj_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ibm_install_manager_arg_inj_vuln_win.nasl	2009-10-11 21:12:53 UTC (rev 5481)
+++ trunk/openvas-plugins/scripts/gb_ibm_install_manager_arg_inj_vuln_win.nasl	2009-10-12 05:28:01 UTC (rev 5482)
@@ -0,0 +1,89 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_ibm_install_manager_arg_inj_vuln_win.nasl 5170 2009-10-08 13:24:24Z oct $
+#
+# IBM Installation Manager URI Handling Argument Injection Vulnerability (Win)
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801011);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-3518");
+  script_bugtraq_id(36549);
+  script_name("IBM Installation Manager URI Handling Argument Injection Vulnerability (Win)");
+  desc = "
+  Overview: This host has IBM Installation Manager installed and is prone to
+  Argument Injection vulnerability.
+
+  Vulnerability Insight:
+  The flaw is due to error in 'IBMIM.exe' when handling arguments received via
+  an 'iim:' URI. This can be exploited to load an arbitrary library from a
+  network share via a specially crafted '-vm' argument.
+
+  Impact:
+  Successful exploitation will let the attackers to execute arbitrary code or
+  compromise a user's system.
+
+  Impact Level: Application/System
+
+  Affected Software/OS:
+  IBM Installation Manager 1.3.2 and prior on Windows.
+
+  Fix: No solution or patch is available as on 08th October, 2009. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer,
+  http://www-01.ibm.com/software/awdtools/installmanager/support/
+
+  References:
+  http://secunia.com/advisories/36906
+  http://retrogod.altervista.org/9sg_ibm_uri.html
+  http://www.vupen.com/english/advisories/2009/2792
+
+  CVSS Score:
+    CVSS Base Score     : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 8.4
+  Risk factor: Critical";
+
+  script_description(desc);
+  script_summary("Check for the version of IBM Installation Manager");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Intevation GmbH");
+  script_family("General");
+  script_dependencies("gb_ibm_install_manager_detect_win.nasl");
+  script_require_keys("IBM/InstallMang/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+# Get IBM Installation Manager Version
+iimVer = get_kb_item("IBM/InstallMang/Win/Ver");
+
+if(iimVer != NULL)
+{
+  # Check for IBM Install Manager version <= 1.3.2
+  if(version_is_less_equal(version:iimVer, test_version:"1.3.2")){
+    security_hole(0);
+  }
+}

Added: trunk/openvas-plugins/scripts/gb_ibm_install_manager_detect_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ibm_install_manager_detect_win.nasl	2009-10-11 21:12:53 UTC (rev 5481)
+++ trunk/openvas-plugins/scripts/gb_ibm_install_manager_detect_win.nasl	2009-10-12 05:28:01 UTC (rev 5482)
@@ -0,0 +1,61 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_ibm_install_manager_detect_win.nasl 5170 2009-10-08 13:40:29Z oct $
+#
+# IBM Installation Manager Version Detection (Win)
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801010);
+  script_version("$Revision: 1.0 $");
+  script_name("IBM Installation Manager Version Detection (Win)");
+  desc = "
+  Overview: The script detects the installed IBM Installation Manager
+  version and saves the version in KB.
+
+  Risk factor: Informational";
+
+  script_description(desc);
+  script_summary("Check for the version of IBM Installation Manager");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Intevation GmbH");
+  script_family("Service detection");
+  script_dependencies("secpod_reg_enum.nasl");
+  script_require_keys("SMB/WindowsVersion");
+  script_require_ports(139, 445);
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+  exit(0);
+}
+
+iimVer= registry_get_sz(key:"SOFTWARE\IBM\Installation Manager", item:"version");
+
+if(iimVer != NULL){
+  set_kb_item(name:"IBM/InstallMang/Win/Ver", value:iimVer);
+}

Added: trunk/openvas-plugins/scripts/gb_logrover_sql_inj_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_logrover_sql_inj_vuln.nasl	2009-10-11 21:12:53 UTC (rev 5481)
+++ trunk/openvas-plugins/scripts/gb_logrover_sql_inj_vuln.nasl	2009-10-12 05:28:01 UTC (rev 5482)
@@ -0,0 +1,95 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_logrover_sql_inj_vuln.nasl 5167 2009-10-08 10:40:33Z oct $
+#
+# LogRover 'uname' and 'pword' SQL Injection Vulnerability
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801012);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-3532");
+  script_name("LogRover 'uname' and 'pword' SQL Injection Vulnerability");
+  desc = "
+  Overview: This host is installed with LogRover and is prone to SQL Injection
+  vulnerability.
+
+  Vulnerability Insight:
+  Input passed to the 'uname' and 'pword' parameters in 'login.asp' is not
+  properly sanitised before being used in SQL queries.
+
+  Impact:
+  Successful exploitation will allow remote attackers to conduct SQL injection
+  attacks.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  LogRover version 2.3.3 and prior
+
+  Fix: No solution or patch is available as on 08th October, 2009. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://logrover.com/index.cfm
+
+  References:
+  http://osvdb.org/55825
+  http://secunia.com/advisories/35821/
+  http://www.packetstormsecurity.org/0907-advisories/DDIVRT-2009-26.txt
+
+  CVSS Score:
+    CVSS Base Score     : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P)
+    CVSS Temporal Score : 6.7
+  Risk factor: High";
+
+  script_description(desc);
+  script_summary("Check for the SQL Injection Attack on LogRover");
+  script_category(ACT_ATTACK);
+  script_copyright("Copyright (C) 2009 Intevation GmbH");
+  script_family("Web application abuses");
+  script_dependencies("find_service.nes");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("http_func.inc");
+
+logroverPort = get_http_port(default:80);
+if(!logroverPort){
+  exit(0);
+}
+
+if(!get_port_state(logroverPort)){
+  exit(0);
+}
+
+sndReq = string("POST /LogRover/login.asp HTTP/1.1\r\n",
+                "Host: ", get_host_name(),"\r\n",
+                "Content-Type: application/x-www-form-urlencoded\r\n",
+                "Content-Length: 48\r\n",
+                "uname=admin%27+OR+%271%3D1&pword=%27+OR+%271%3D1\r\n\r\n");
+rcvRes = http_send_recv(port:logroverPort, data:sndReq);
+
+if("Invalid Username or Password" >!< rcvRes && ("index1.asp" >< rcvRes)){
+  security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_logrover_sql_inj_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_mrbs_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_mrbs_detect.nasl	2009-10-11 21:12:53 UTC (rev 5481)
+++ trunk/openvas-plugins/scripts/gb_mrbs_detect.nasl	2009-10-12 05:28:01 UTC (rev 5482)
@@ -0,0 +1,82 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_mrbs_detect.nasl 5166 2009-10-09 18:58:24Z oct $
+#
+# Meeting Room Booking System Version Detection
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800949);
+  script_version("Revision: 1.0");
+  script_name("Meeting Room Booking System Version Detection");
+  desc = "
+  Overview: This script detects the installed version of Meeting Room
+  Booking System and sets the result in KB.
+
+  Risk factor: Informational";
+
+  script_description(desc);
+  script_summary("Sets the KB for the version of MRBS");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Intevation GmbH");
+  script_family("Service detection");
+  script_dependencies("http_version.nasl");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("http_func.inc");
+
+mrbsPort = get_http_port(default:80);
+if(!mrbsPort){
+  mrbsPort = 80;
+}
+
+if(!get_port_state(mrbsPort)){
+  exit(0);
+}
+
+foreach dir (make_list("/", "/mrbs1261", cgi_dirs()))
+{
+  sndReq = http_get(item:string(dir, "/web/help.php"), port:mrbsPort);
+  rcvRes = http_send_recv(port:mrbsPort, data:sndReq);
+
+  if(("About MRBS" >< rcvRes || "Meeting Room Booking System" >< rcvRes) &&
+      egrep(pattern:"^HTTP/.* 200 OK", string:rcvRes))
+  {
+    mrbsVer = eregmatch(pattern:"MRBS ([0-9.]+).?([a-zA-Z]+([0-9]+)?)?",
+                                                        string:rcvRes);
+    if(mrbsVer[1] != NULL)
+    {
+      if(mrbsVer[2] != NULL)
+      {
+        mrbsVer = mrbsVer[1] + "." + mrbsVer[2];
+      }
+      else
+        mrbsVer = mrbsVer[1];
+      set_kb_item(name:"www/" + mrbsPort + "/MRBS", value:mrbsVer + " under "
+                                                                      + dir);
+    }
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_mrbs_detect.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_mrbs_sql_inj_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_mrbs_sql_inj_vuln.nasl	2009-10-11 21:12:53 UTC (rev 5481)
+++ trunk/openvas-plugins/scripts/gb_mrbs_sql_inj_vuln.nasl	2009-10-12 05:28:01 UTC (rev 5482)
@@ -0,0 +1,91 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_mrbs_sql_inj_vuln.nasl 5166 2009-10-09 19:57:11Z oct $
+#
+# Meeting Room Booking System SQL Injection Vulnerability
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800950);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-3533");
+  script_name("Meeting Room Booking System SQL Injection Vulnerability");
+  desc = "
+  Overview: This host is installed with Meeting Room Booking System and is
+  prone to SQL Injection vulnerability.
+
+  Vulnerability Insight:
+  The user supplied data passed into 'typematch' parameter in report.php is
+  not properly sanitised before being used in an SQL query.
+
+  Impact:
+  Attackes can exploit this issue to inject arbitrary SQL code and modify
+  information in the back-end database.
+
+  Impact Level: Application.
+
+  Affected Software/OS:
+  Meeting Room Booking System prior to 1.4.2 on all platforms.
+
+  Fix: Upgrade to Meeting Room Booking System 1.4.2 or later.
+  For Updates Refer, http://mrbs.sourceforge.net/download.php
+
+  References:
+  http://secunia.com/advisories/35469
+  http://xforce.iss.net/xforce/xfdb/51772
+  http://mrbs.sourceforge.net/view_text.php?section=NEWS&file=NEWS
+
+  CVSS Score:
+    CVSS Base Score     : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P)
+    CVSS Temporal Score : 5.5
+  Risk factor: High";
+
+  script_description(desc);
+  script_summary("Check for the version of MRBS");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Intevation GmbH");
+  script_family("Web application abuses");
+  script_dependencies("gb_mrbs_detect.nasl");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+mrbsPort = get_http_port(default:80);
+
+if(!mrbsPort){
+  exit(0);
+}
+
+mrbsVer = get_kb_item("www/" + mrbsPort + "/MRBS");
+mrbsVer = eregmatch(pattern:"^(.+) under (/.*)$", string:mrbsVer);
+
+if(mrbsVer[1] != NULL)
+{
+  if(version_is_less(version:mrbsVer[1], test_version:"1.4.2")){
+    security_hole(mrbsPort);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_mrbs_sql_inj_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_openoffice_mult_vuln_oct09.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_openoffice_mult_vuln_oct09.nasl	2009-10-11 21:12:53 UTC (rev 5481)
+++ trunk/openvas-plugins/scripts/gb_openoffice_mult_vuln_oct09.nasl	2009-10-12 05:28:01 UTC (rev 5482)
@@ -0,0 +1,85 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_openoffice_mult_vuln_oct09.nasl 5198 2009-10-08 14:22:17Z oct $
+#
+# OpenOffice.org Multiple Vulnerabilities - Oct09 (Win)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801114);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-3569", "CVE-2009-3570", "CVE-2009-3571");
+  script_bugtraq_id(36285);
+  script_name("OpenOffice.org Multiple Vulnerabilities - Oct09 (Win)");
+  desc = "
+  Overview: The host has OpenOffice.org installed and is prone to multiple
+  vulnerabilities.
+
+  Vulnerability Insight:
+  OpenOffice is prone to multiple unspecified remote security vulnerabilities,
+  including a stack-based overflow issue and two other unspecified issues.
+
+  Impact:
+  Attackers can exploit these issues to execute code within the context of
+  the affected application and can deny the service.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  OpenOffice.org version 3.1.1 and prior on Windows.
+
+  Fix: No solution or patch is available as on 08th October, 2009. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://www.openoffice.org/
+
+  References:
+  http://intevydis.com/vd-list.shtml
+  http://securitytracker.com/alerts/2009/Sep/1022832.html
+
+  CVSS Score:
+    CVSS Base Score     : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 8.4
+  Risk factor: Critical";
+
+  script_description(desc);
+  script_copyright("Copyright (C) 2009 Intevation GmbH");
+  script_summary("Check for the version of OpenOffice.org");
+  script_category(ACT_GATHER_INFO);
+  script_family("Buffer overflow");
+  script_dependencies("secpod_openoffice_detect_win.nasl");
+  script_require_keys("OpenOffice/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+openVer = get_kb_item("OpenOffice/Win/Ver");
+if(!openVer){
+  exit(0);
+}
+
+# Check for OpenOffice version 3.1.1 => (3.1.9420)
+if(version_is_less_equal(version:openVer, test_version:"3.1.9420")){
+  security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_openoffice_mult_vuln_oct09.nasl
___________________________________________________________________
Name: svn:executable
   + *



More information about the Openvas-commits mailing list