[Openvas-commits] r5543 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Wed Oct 14 16:47:10 CEST 2009
Author: chandra
Date: 2009-10-14 16:47:08 +0200 (Wed, 14 Oct 2009)
New Revision: 5543
Added:
trunk/openvas-plugins/scripts/secpod_ms09-051.nasl
trunk/openvas-plugins/scripts/secpod_ms09-052.nasl
trunk/openvas-plugins/scripts/secpod_ms09-056.nasl
trunk/openvas-plugins/scripts/secpod_ms09-058.nasl
trunk/openvas-plugins/scripts/secpod_ms09-059.nasl
trunk/openvas-plugins/scripts/secpod_ms09-060.nasl
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/scripts/secpod_office_products_version_900032.nasl
Log:
Added Microsoft Bulletin - Oct09 checks
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2009-10-14 14:41:55 UTC (rev 5542)
+++ trunk/openvas-plugins/ChangeLog 2009-10-14 14:47:08 UTC (rev 5543)
@@ -1,5 +1,18 @@
2009-10-14 Chandrashekhar B <bchandra at secpod.com>
+ * scripts/secpod_ms09-051.nasl
+ scripts/secpod_ms09-059.nasl
+ scripts/secpod_ms09-056.nasl
+ scripts/secpod_ms09-060.nasl
+ scripts/secpod_ms09-058.nasl
+ scripts/secpod_ms09-052.nasl:
+ Added Microsoft Bulletin - Oct 09 checks.
+
+ * scripts/secpod_office_products_version_900032.nasl:
+ Updated to set KB for Microsoft Outlook.
+
+2009-10-14 Chandrashekhar B <bchandra at secpod.com>
+
* scripts/gb_hp_ux_HPSBUX02457.nasl:
Added HP-UX Local security check.
Added: trunk/openvas-plugins/scripts/secpod_ms09-051.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms09-051.nasl 2009-10-14 14:41:55 UTC (rev 5542)
+++ trunk/openvas-plugins/scripts/secpod_ms09-051.nasl 2009-10-14 14:47:08 UTC (rev 5543)
@@ -0,0 +1,173 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_ms09-051.nasl 3940 2009-10-14 09:14:35Z oct $
+#
+# Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682)
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(901039);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-0555", "CVE-2009-2525");
+ script_bugtraq_id(36614, 36602);
+ script_name("Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682)");
+ desc = "
+ Overview: This host has critical security update missing according to
+ Microsoft Bulletin MS09-051.
+
+ Vulnerability Insight:
+ Multiple flaws are caused due to,
+ - Memory corruption error when processing specially crafted ASF files that
+ make use of the Window Media Speech codec.
+ - Error in Windows Media Runtime due to improper initialization of certain
+ functions in compressed audio files.
+
+ Impact:
+ Successful exploitation could allow remote attackers to execute arbitrary
+ code with SYSTEM privileges and can cause Denial of Service.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Microsoft Windows 2k Service Pack 2 and prior
+ Microsoft Windows XP Service Pack 3 and prior
+ Microsoft Windows 2k3 Service Pack 2 and prior
+
+ Fix:
+ Run Windows Update and update the listed hotfixes or download and
+ update mentioned hotfixes in the advisory from the below link,
+ http://www.microsoft.com/technet/security/bulletin/ms09-051.mspx
+
+ References:
+ http://www.vupen.com/english/advisories/2009/2887
+ http://www.securitytracker.com/alerts/2009/Oct/1023005.html
+ http://www.microsoft.com/technet/security/bulletin/ms09-051.mspx
+
+ Risk factor : Critical";
+
+ script_description(desc);
+ script_summary("Check for the vulnerable DLL file version");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 SecPod");
+ script_family("Windows : Microsoft Bulletins");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_ports(139, 445);
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_reg.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+if(hotfix_check_sp(win2k:5, xp:4, win2003:3) <= 0){
+ exit(0);
+}
+
+if((hotfix_missing(name:"954155") == 0)||(hotfix_missing(name:"975025") == 0)){
+ exit(0);
+}
+
+dllPath = registry_get_sz(key:"SOFTWARE\Microsoft\COM3\Setup",
+ item:"Install Path");
+if(!dllPath){
+ exit(0);
+}
+
+share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:dllPath);
+file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:dllPath +
+ "\wmspdmod.dll");
+dllVer = GetVer(share:share, file:file);
+
+if(dllVer)
+{
+ # Windows 2000
+ if(hotfix_check_sp(win2k:5) > 0)
+ {
+ # Check for wmspdmod.dll version < 9.0.0.3269 ,10.0.0.4070
+ if(version_in_range(version:dllVer, test_version:"9.0",
+ test_version2:"9.0.0.3268")||
+ version_in_range(version:dllVer, test_version:"10.0",
+ test_version2:"10.0.0.4069")){
+ security_hole(0);
+ }
+ }
+
+ # Windows XP
+ else if(hotfix_check_sp(xp:4) > 0)
+ {
+ SP = get_kb_item("SMB/WinXP/ServicePack");
+ if("Service Pack 2" >< SP || "Service Pack 3" >< SP)
+ {
+ # Windows Media Audio Voice Decoder
+ # Grep for wmspdmod.dll < 9.0.0.3269, 9.0.0.4505, 10.0.0.4364,
+ # 10.0.0.4070, 10.0.0.3704, 11.0.5721.5262
+ if(version_in_range(version:dllVer, test_version:"9.0.0.3",
+ test_version2:"9.0.0.3268")||
+ version_in_range(version:dllVer, test_version:"9.0.0.4",
+ test_version2:"9.0.0.4504")||
+ version_in_range(version:dllVer, test_version:"10.0.0.3",
+ test_version2:"10.0.0.3703")||
+ version_in_range(version:dllVer, test_version:"10.0.0.40",
+ test_version2:"10.0.0.4069")||
+ version_in_range(version:dllVer, test_version:"10.0.0.43",
+ test_version2:"10.0.0.4364")||
+ version_in_range(version:dllVer, test_version:"11.0.0.0",
+ test_version2:"11.0.5721.5262")){
+ security_hole(0);
+ }
+ exit(0);
+ }
+ security_hole(0);
+ }
+
+ # Windows 2003
+ else if(hotfix_check_sp(win2003:3) > 0)
+ {
+ SP = get_kb_item("SMB/Win2003/ServicePack");
+ if(("Service Pack 1" >< SP)||("Service Pack 2" >< SP))
+ {
+ # Check for wmspdmod.dll version < 10.0.0.3712 ,10.0.0.4004
+ if(version_in_range(version:dllVer, test_version:"10.0.0.3",
+ test_version2:"10.0.0.3711") ||
+ version_in_range(version:dllVer, test_version:"10.0.0.4",
+ test_version2:"10.0.0.4003")){
+ security_hole(0);
+ }
+ exit(0);
+ }
+ security_hole(0);
+ }
+}
+
+#Audio Compression Manager
+file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:dllPath +
+ "\msaud32.acm");
+dllVer = GetVer(share:share, file:file);
+if(dllVer)
+{
+ if(version_is_less(version:dllVer, test_version:"8.0.0.4502")){
+ security_hole(0);
+ }
+}
Added: trunk/openvas-plugins/scripts/secpod_ms09-052.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms09-052.nasl 2009-10-14 14:41:55 UTC (rev 5542)
+++ trunk/openvas-plugins/scripts/secpod_ms09-052.nasl 2009-10-14 14:47:08 UTC (rev 5543)
@@ -0,0 +1,112 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_ms09-052.nasl 5259 2009-10-14 07:14:09Z oct $
+#
+# Microsoft Windows Media Player ASF Heap Overflow Vulnerability (974112)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900879);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-2527");
+ script_bugtraq_id(36644);
+ script_name("Microsoft Windows Media Player ASF Heap Overflow Vulnerability (974112)");
+ desc = "
+ Overview: This host has critical security update missing according to
+ Microsoft Bulletin MS09-052.
+
+ Vulnerability Insight:
+ A heap-based overflow error occurs while processing malformed ASF files,
+ which can be exploited by tricking a user into opening a malformed ASF file
+ or visiting a malicious web page.
+
+ Impact:
+ Successful exploitation could allow attackers to crash an affected player
+ or execute arbitrary code on the affected application.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Microsoft Windows Media Player 6.4
+ Microsoft Windows 2K Service Pack 4 and prior.
+ Microsoft Windows XP Service Pack 3 and prior.
+ Microsoft Windows 2K3 Service Pack 2 and prior.
+
+ Fix:
+ Run Windows Update and update the listed hotfixes or download and
+ update mentioned hotfixes in the advisory from the below link.
+ http://www.microsoft.com/technet/security/bulletin/ms09-052.mspx
+
+ References:
+ http://support.microsoft.com/kb/974112
+ http://www.vupen.com/english/advisories/2009/2888
+ http://www.microsoft.com/technet/security/bulletin/MS09-052.mspx
+
+ Risk factor: Critical";
+
+ script_description(desc);
+ script_summary("Check for the version of strmdll.dll file");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 SecPod");
+ script_family("Windows : Microsoft Bulletins");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_ports(139, 445);
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_reg.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+if(hotfix_check_sp(xp:4, win2k:5, win2003:3) <= 0){
+ exit(0);
+}
+
+# MS09-052 Hotfix check
+if(hotfix_missing(name:"974112") == 0){
+ exit(0);
+}
+
+dllPath = registry_get_sz(key:"SOFTWARE\Microsoft\COM3\Setup",
+ item:"Install Path");
+if(!dllPath){
+ exit(0);
+}
+
+share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:dllPath);
+file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1",
+ string:dllPath + "\strmdll.dll");
+dllVer = GetVer(file:file, share:share);
+if(!dllVer){
+ exit(0);
+}
+
+if(!isnull(dllVer))
+{
+ # Grep for strmdll.dll version < 4.1.0.3938
+ if(version_is_less(version:dllVer, test_version:"4.1.0.3938")){
+ security_hole(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_ms09-052.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_ms09-056.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms09-056.nasl 2009-10-14 14:41:55 UTC (rev 5542)
+++ trunk/openvas-plugins/scripts/secpod_ms09-056.nasl 2009-10-14 14:47:08 UTC (rev 5543)
@@ -0,0 +1,154 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_ms09-056.nasl 5263 2009-10-14 03:48:09Z oct $
+#
+# Microsoft Windows CryptoAPI X.509 Spoofing Vulnerabilities (974571)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900876);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-2510", "CVE-2009-2511");
+ script_bugtraq_id(36475, 36577);
+ script_name("Microsoft Windows CryptoAPI X.509 Spoofing Vulnerabilities (974571)");
+ desc = "
+ Overview: This host has critical security update missing according to
+ Microsoft Bulletin MS09-056.
+
+ Vulnerability Insight:
+ - The issue is caused due to the Windows CryptoAPI incorrectly parsing a null
+ terminator as the end of any values identified by an Object Identifier (OID)
+ when processing ASN.1 information from X.509 certificates.
+ - An integer overflow error in the Windows CryptoAPI when parsing ASN.1 object
+ identifiers from X.509 certificates, which could allow an attacker to
+ generate a malicious certificate that would be parsed incorrectly by the
+ Windows CryptoAPI.
+
+ Impact:
+ Successful exploitation will let the attacker to conduct spoofing attacks on
+ the affected system.
+
+ Impact Level: System
+
+ Affected Software/OS:
+ Microsoft Windows 2K Service Pack 4 and prior.
+ Microsoft Windows XP Service Pack 3 and prior.
+ Microsoft Windows 2K3 Service Pack 2 and prior.
+
+ Fix:
+ Run Windows Update and update the listed hotfixes or download and
+ update mentioned hotfixes in the advisory from the below link.
+ http://www.microsoft.com/technet/security/bulletin/ms09-056.mspx
+
+ References:
+ http://support.microsoft.com/kb/974571
+ http://www.vupen.com/english/advisories/2009/2891
+ http://www.microsoft.com/technet/security/bulletin/MS09-056.mspx
+
+ Risk factor: Medium";
+
+ script_description(desc);
+ script_summary("Check for the version of msasn1.dll file");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 SecPod");
+ script_family("Windows : Microsoft Bulletins");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_ports(139, 445);
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_reg.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+if(hotfix_check_sp(xp:4, win2k:5, win2003:3) <= 0){
+ exit(0);
+}
+
+# MS09-056 Hotfix check
+if(hotfix_missing(name:"974571") == 0){
+ exit(0);
+}
+
+dllPath = registry_get_sz(key:"SOFTWARE\Microsoft\COM3\Setup",
+ item:"Install Path");
+if(!dllPath){
+ exit(0);
+}
+
+share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:dllPath);
+file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1",
+ string:dllPath + "\msasn1.dll");
+
+dllVer = GetVer(file:file, share:share);
+if(!dllVer){
+ exit(0);
+}
+
+# Windows 2K
+if(hotfix_check_sp(win2k:5) > 0)
+{
+ # Grep for msasn1.dll version < 5.0.2195.7334
+ if(version_is_less(version:dllVer, test_version:"5.0.2195.7334")){
+ security_hole(0);
+ }
+}
+
+# Windows XP
+else if(hotfix_check_sp(xp:4) > 0)
+{
+ SP = get_kb_item("SMB/WinXP/ServicePack");
+ if("Service Pack 2" >< SP)
+ {
+ # Grep for msasn1.dll < 5.1.2600.3624
+ if(version_is_less(version:dllVer, test_version:"5.1.2600.3624")){
+ security_hole(0);
+ }
+ exit(0);
+ }
+ else if("Service Pack 3" >< SP)
+ {
+ # Grep for msasn1.dll < 5.1.2600.5875
+ if(version_is_less(version:dllVer, test_version:"5.1.2600.5875")){
+ security_hole(0);
+ }
+ exit(0);
+ }
+ security_hole(0);
+}
+# Windows 2003
+else if(hotfix_check_sp(win2003:3) > 0)
+{
+ SP = get_kb_item("SMB/Win2003/ServicePack");
+ if("Service Pack 2" >< SP)
+ {
+ # Grep for msasn1.dll version < 5.2.3790.4584
+ if(version_is_less(version:dllVer, test_version:"5.2.3790.4584")){
+ security_hole(0);
+ }
+ exit(0);
+ }
+ security_hole(0);
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_ms09-056.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_ms09-058.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms09-058.nasl 2009-10-14 14:41:55 UTC (rev 5542)
+++ trunk/openvas-plugins/scripts/secpod_ms09-058.nasl 2009-10-14 14:47:08 UTC (rev 5543)
@@ -0,0 +1,152 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_ms09-058.nasl 5265 2009-10-14 09:16:45Z oct $
+#
+# Microsoft Windows Kernel Privilege Escalation Vulnerability (971486)
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900963);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-2515", "CVE-2009-2516", "CVE-2009-2517");
+ script_bugtraq_id(36623, 36624, 36625);
+ script_name("Microsoft Windows Kernel Privilege Escalation Vulnerability (971486)");
+ desc = "
+ Overview: This host has critical security update missing according to
+ Microsoft Bulletin MS09-058.
+
+ Vulnerability Insight:
+ Several flaws arise in the Windows kernel due to,
+ - incorrect truncation of a 64-bit value to a 32-bit value.
+ - insufficient validation of certain data/pointers passed from user mode.
+ - improper handling of certain exceptions.
+
+ Impact:
+ Successful exploitation could allow attackers to execute arbitrary code with
+ elevated privileges or system may stop responding.
+
+ Impact Level: System
+
+ Affected Software/OS:
+ Microsoft Windows 2K Service Pack 4 and prior.
+ Microsoft Windows XP Service Pack 3 and prior.
+ Microsoft Windows 2K3 Service Pack 2 and prior.
+
+ Fix:
+ Run Windows Update and update the listed hotfixes or download and
+ update mentioned hotfixes in the advisory from the below link.
+ http://www.microsoft.com/technet/security/bulletin/ms09-058.mspx
+
+ References:
+ http://secunia.com/advisories/35372/
+ http://www.vupen.com/english/advisories/2009/2893
+ http://www.microsoft.com/technet/security/bulletin/MS09-058.mspx
+
+ Risk factor: High";
+
+ script_description(desc);
+ script_summary("Check for the version of ntoskrnl.exe");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 SecPod");
+ script_family("Windows : Microsoft Bulletins");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_ports(139, 445);
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_reg.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+if(hotfix_check_sp(xp:4, win2k:5, win2003:3) <= 0){
+ exit(0);
+}
+
+# MS09-058 Hotfix check
+if(hotfix_missing(name:"971486") == 0){
+ exit(0);
+}
+
+exePath = registry_get_sz(key:"SOFTWARE\Microsoft\COM3\Setup",
+ item:"Install Path");
+if(!exePath){
+ exit(0);
+}
+
+share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:exePath);
+file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1",
+ string:exePath + "\ntoskrnl.exe");
+
+exeVer = GetVer(file:file, share:share);
+if(!exeVer){
+ exit(0);
+}
+
+# Windows 2K
+if(hotfix_check_sp(win2k:5) > 0)
+{
+ # Grep for ntoskrnl.exe version < 5.0.2195.7319
+ if(version_is_less(version:exeVer, test_version:"5.0.2195.7319")){
+ security_hole(0);
+ }
+}
+
+# Windows XP
+else if(hotfix_check_sp(xp:4) > 0)
+{
+ SP = get_kb_item("SMB/WinXP/ServicePack");
+ if("Service Pack 2" >< SP)
+ {
+ # Grep for ntoskrnl.exe < 5.1.2600.3610
+ if(version_is_less(version:exeVer, test_version:"5.1.2600.3610")){
+ security_hole(0);
+ }
+ exit(0);
+ }
+ else if("Service Pack 3" >< SP)
+ {
+ # Grep for ntoskrnl.exe < 5.1.2600.5857
+ if(version_is_less(version:exeVer, test_version:"5.1.2600.5857")){
+ security_hole(0);
+ }
+ exit(0);
+ }
+ security_hole(0);
+}
+
+# Windows 2003
+else if(hotfix_check_sp(win2003:3) > 0)
+{
+ SP = get_kb_item("SMB/Win2003/ServicePack");
+ if("Service Pack 2" >< SP)
+ {
+ # Grep for ntoskrnl.exe version < 5.2.3790.4566
+ if(version_is_less(version:exeVer, test_version:"5.2.3790.4566")){
+ security_hole(0);
+ }
+ exit(0);
+ }
+ security_hole(0);
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_ms09-058.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_ms09-059.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms09-059.nasl 2009-10-14 14:41:55 UTC (rev 5542)
+++ trunk/openvas-plugins/scripts/secpod_ms09-059.nasl 2009-10-14 14:47:08 UTC (rev 5543)
@@ -0,0 +1,146 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_ms09-059.nasl 5266 2009-10-14 03:48:09Z oct $
+#
+# Microsoft Windows LSASS Denial of Service Vulnerability (975467)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900877);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-2524");
+ script_bugtraq_id(36593);
+ script_name("Microsoft Windows LSASS Denial of Service Vulnerability (975467)");
+ desc = "
+ Overview: This host has critical security update missing according to
+ Microsoft Bulletin MS09-059.
+
+ Vulnerability Insight:
+ This issue is caused by an integer underflow error in the Windows NTLM
+ implementation in LSASS (Local Security Authority Subsystem Service) when
+ processing malformed packets during the authentication process, which could
+ allow attackers to cause an affected system to automatically reboot.
+
+ Impact:
+ Successful exploitation will let the remote attackers to cause a Denial of
+ Service on the victim's system.
+
+ Impact Level: System
+
+ Affected Software/OS:
+ Microsoft Windows XP Service Pack 3 and prior.
+ Microsoft Windows 2K3 Service Pack 2 and prior.
+
+ Fix:
+ Run Windows Update and update the listed hotfixes or download and
+ update mentioned hotfixes in the advisory from the below link.
+ http://www.microsoft.com/technet/security/bulletin/ms09-059.mspx
+
+ References:
+ http://support.microsoft.com/kb/975467
+ http://www.vupen.com/english/advisories/2009/2894
+ http://www.microsoft.com/technet/security/bulletin/MS09-059.mspx
+
+ Risk factor: Medium";
+
+ script_description(desc);
+ script_summary("Check for the version of Msv1_0.dll file");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 SecPod");
+ script_family("Windows : Microsoft Bulletins");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_ports(139, 445);
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_reg.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+if(hotfix_check_sp(xp:4, win2003:3) <= 0){
+ exit(0);
+}
+
+# Check KB968389 is installed, vulnerability exists only if this is installed.
+if(hotfix_missing(name:"968389") == 1){
+ exit(0);
+}
+
+# MS09-059 Hotfix check
+if(hotfix_missing(name:"975467") == 0){
+ exit(0);
+}
+
+dllPath = registry_get_sz(key:"SOFTWARE\Microsoft\COM3\Setup",
+ item:"Install Path");
+if(!dllPath){
+ exit(0);
+}
+
+share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:dllPath);
+file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1",
+ string:dllPath + "\Msv1_0.dll");
+
+dllVer = GetVer(file:file, share:share);
+if(!dllVer){
+ exit(0);
+}
+
+# Windows XP
+if(hotfix_check_sp(xp:4) > 0)
+{
+ SP = get_kb_item("SMB/WinXP/ServicePack");
+ if("Service Pack 2" >< SP)
+ {
+ # Grep for Msv1_0.dll < 5.1.2600.3625
+ if(version_is_less(version:dllVer, test_version:"5.1.2600.3625")){
+ security_hole(0);
+ }
+ exit(0);
+ }
+ else if("Service Pack 3" >< SP)
+ {
+ # Grep for Msv1_0.dll < 5.1.2600.5876
+ if(version_is_less(version:dllVer, test_version:"5.1.2600.5876")){
+ security_hole(0);
+ }
+ exit(0);
+ }
+ security_hole(0);
+}
+# Windows 2003
+else if(hotfix_check_sp(win2003:3) > 0)
+{
+ SP = get_kb_item("SMB/Win2003/ServicePack");
+ if("Service Pack 2" >< SP)
+ {
+ # Grep for Msv1_0.dll version < 5.2.3790.4587
+ if(version_is_less(version:dllVer, test_version:"5.2.3790.4587")){
+ security_hole(0);
+ }
+ exit(0);
+ }
+ security_hole(0);
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_ms09-059.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_ms09-060.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms09-060.nasl 2009-10-14 14:41:55 UTC (rev 5542)
+++ trunk/openvas-plugins/scripts/secpod_ms09-060.nasl 2009-10-14 14:47:08 UTC (rev 5543)
@@ -0,0 +1,124 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_ms09-060.nasl 5267 2009-10-14 09:14:35Z oct $
+#
+# MS ATL ActiveX Controls for MS Office Could Allow Remote Code Execution (973965)
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(901040);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-0901", "CVE-2009-2493","CVE-2009-2495");
+ script_bugtraq_id(35828, 35830, 35832);
+ script_name("MS ATL ActiveX Controls for MS Office Could Allow Remote Code Execution (973965)");
+ desc = "
+ Overview: This host has critical security update missing according to
+ Microsoft Bulletin MS09-060.
+
+ Vulnerability Insight:
+ Multiple flaws are caused due to,
+ - Error in the Microsoft Active Template Library (ATL) within the ATL headers
+ that handle instantiation of an object from data streams.
+ - Error in the ATL headers, which could allow a string to be read with no ending
+ NULL bytes, which could allow an attacker to manipulate a string to read extra
+ data beyond the end of the string and thus disclose information in memory.
+ - Error in the Microsoft Active Template Library (ATL) headers, which could allow
+ attackers to call 'VariantClear()' on a variant that has not been correctly
+ initialized, leading to arbitrary code execution.
+
+ Impact:
+ Successful exploitation could allow remote attackers to execute arbitrary
+ code with SYSTEM privileges, and can cause Denial of Service.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Microsoft Office Outlook 2002/2003/2007
+ Microsoft Office Visio Viewer 2007
+
+ Fix:
+ Run Windows Update and update the listed hotfixes or download and
+ update mentioned hotfixes in the advisory from the below link,
+ http://www.microsoft.com/technet/security/bulletin/ms09-060.mspx
+
+ References:
+ http://www.vupen.com/english/advisories/2009/2895
+ http://www.microsoft.com/technet/security/bulletin/ms09-060.mspx
+
+ Risk factor : Critical";
+
+ script_description(desc);
+ script_summary("Check for the vulnerable DLL file version");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 SecPod");
+ script_family("Windows : Microsoft Bulletins");
+ script_dependencies("secpod_office_products_version_900032.nasl");
+ script_require_keys("SMB/WindowsVersion", "SMB/Office/Outlook/Version");
+ script_require_ports(139, 445);
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_reg.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+if((hotfix_missing(name:"973702") == 0)||(hotfix_missing(name:"972363" == 0))||
+ (hotfix_missing(name:"973705") == 0)||(hotfix_missing(name:"973709" == 0))){
+ exit(0);
+}
+
+visVer = get_kb_item("SMB/Office/Outloook/Version");
+if(visVer)
+{
+ #Check for Office OutLook < 10.0.6856.0 ,11.0.8312.0, 12.0.6514.5000
+ if(version_in_range(version:visVer, test_version:"10.0",
+ test_version2:"10.0.6855") ||
+ version_in_range(version:visVer, test_version:"11.0",
+ test_version2:"11.0.8311") ||
+ version_in_range(version:visVer, test_version:"12.0",
+ test_version2:"12.0.6514.4999"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
+
+visPath = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion",
+ item:"ProgramFilesDir");
+if(visPath)
+{
+ visPath += "\Microsoft Office\Office12\Vviewer.dll";
+ share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:visPath);
+ visfile = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:visPath);
+ visVer = GetVer(file:visfile, share:share);
+ if(visVer != NULL)
+ {
+ #Check for Microsoft Office Visio Viewer < 12.0.6513.5000
+ if(version_in_range(version:visVer, test_version:"12.0",
+ test_version2:"12.0.6513.4999")){
+ security_hole(0);
+ }
+ }
+}
Modified: trunk/openvas-plugins/scripts/secpod_office_products_version_900032.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_office_products_version_900032.nasl 2009-10-14 14:41:55 UTC (rev 5542)
+++ trunk/openvas-plugins/scripts/secpod_office_products_version_900032.nasl 2009-10-14 14:47:08 UTC (rev 5543)
@@ -23,10 +23,12 @@
#
# Updated to include detect mechanism for Office Publisher - Sharath S
#
+# Updated to include detect mechanism for Office Outlook
+# -By Antu Sanadi 2009/10/14
# ------------------------------------------------------------------------
# This program was written by SecPod and is licensed under the GNU GPL
# license. Please refer to the below link for details,
-# http://www.gnu.org/licenses/gpl.html
+# http://www.gnu.org/licenses/gpl.tml
# This header contains information regarding licensing terms under the GPL,
# and information regarding obtaining source code from the Author.
# Consequently, pursuant to section 3(c) of the GPL, you must accompany the
@@ -39,7 +41,7 @@
if(description)
{
script_id(900032);
- script_version("$Revision: 1.5 $");
+ script_version("$Revision: 1.6 $");
script_category(ACT_GATHER_INFO);
script_family("Windows");
script_name("MS Office Products Version Detection");
@@ -267,3 +269,20 @@
}
}
+#Office outlook
+outlookFile = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion" +
+ "\App Paths\OUTLOOK.EXE", item:"Path");
+if(outlookFile)
+{
+ share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:outlookFile);
+ outlookFile = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1",
+ string:outlookFile + "\OUTLOOK.EXE");
+ outlookVer = GetVer(file:outlookFile, share:share);
+ if(outlookVer){
+ set_kb_item(name:"SMB/Office/Outloook/Version", value:outlookVer);
+ }
+}
+
+
+
+
More information about the Openvas-commits
mailing list