[Openvas-commits] r5543 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Wed Oct 14 16:47:10 CEST 2009


Author: chandra
Date: 2009-10-14 16:47:08 +0200 (Wed, 14 Oct 2009)
New Revision: 5543

Added:
   trunk/openvas-plugins/scripts/secpod_ms09-051.nasl
   trunk/openvas-plugins/scripts/secpod_ms09-052.nasl
   trunk/openvas-plugins/scripts/secpod_ms09-056.nasl
   trunk/openvas-plugins/scripts/secpod_ms09-058.nasl
   trunk/openvas-plugins/scripts/secpod_ms09-059.nasl
   trunk/openvas-plugins/scripts/secpod_ms09-060.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/secpod_office_products_version_900032.nasl
Log:
Added Microsoft Bulletin - Oct09 checks

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2009-10-14 14:41:55 UTC (rev 5542)
+++ trunk/openvas-plugins/ChangeLog	2009-10-14 14:47:08 UTC (rev 5543)
@@ -1,5 +1,18 @@
 2009-10-14  Chandrashekhar B <bchandra at secpod.com>
 
+	* scripts/secpod_ms09-051.nasl
+	scripts/secpod_ms09-059.nasl
+	scripts/secpod_ms09-056.nasl
+	scripts/secpod_ms09-060.nasl
+	scripts/secpod_ms09-058.nasl
+	scripts/secpod_ms09-052.nasl:
+	Added Microsoft Bulletin - Oct 09 checks.
+
+	* scripts/secpod_office_products_version_900032.nasl:
+	Updated to set KB for Microsoft Outlook.
+
+2009-10-14  Chandrashekhar B <bchandra at secpod.com>
+
 	* scripts/gb_hp_ux_HPSBUX02457.nasl:
 	Added HP-UX Local security check.
 

Added: trunk/openvas-plugins/scripts/secpod_ms09-051.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms09-051.nasl	2009-10-14 14:41:55 UTC (rev 5542)
+++ trunk/openvas-plugins/scripts/secpod_ms09-051.nasl	2009-10-14 14:47:08 UTC (rev 5543)
@@ -0,0 +1,173 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_ms09-051.nasl 3940 2009-10-14 09:14:35Z oct $
+#
+# Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682)
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(901039);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-0555", "CVE-2009-2525");
+  script_bugtraq_id(36614, 36602);
+  script_name("Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682)");
+  desc = "
+  Overview: This host has critical security update missing according to
+  Microsoft Bulletin MS09-051.
+
+  Vulnerability Insight:
+  Multiple flaws are caused due to,
+  - Memory corruption error when processing specially crafted ASF files that
+    make use of the Window Media Speech codec.
+  - Error in Windows Media Runtime due to improper initialization of certain
+    functions in compressed audio files.
+
+  Impact:
+  Successful exploitation could allow remote attackers to execute arbitrary
+  code with SYSTEM privileges and can cause Denial of Service.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  Microsoft Windows 2k Service Pack 2 and prior
+  Microsoft Windows XP Service Pack 3 and prior
+  Microsoft Windows 2k3 Service Pack 2 and prior
+
+  Fix:
+  Run Windows Update and update the listed hotfixes or download and
+  update mentioned hotfixes in the advisory from the below link,
+  http://www.microsoft.com/technet/security/bulletin/ms09-051.mspx
+
+  References:
+  http://www.vupen.com/english/advisories/2009/2887
+  http://www.securitytracker.com/alerts/2009/Oct/1023005.html
+  http://www.microsoft.com/technet/security/bulletin/ms09-051.mspx
+
+  Risk factor : Critical";
+
+  script_description(desc);
+  script_summary("Check for the vulnerable DLL file version");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 SecPod");
+  script_family("Windows : Microsoft Bulletins");
+  script_dependencies("secpod_reg_enum.nasl");
+  script_require_ports(139, 445);
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_reg.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+if(hotfix_check_sp(win2k:5, xp:4, win2003:3) <= 0){
+  exit(0);
+}
+
+if((hotfix_missing(name:"954155") == 0)||(hotfix_missing(name:"975025") == 0)){
+  exit(0);
+}
+
+dllPath = registry_get_sz(key:"SOFTWARE\Microsoft\COM3\Setup",
+                          item:"Install Path");
+if(!dllPath){
+  exit(0);
+}
+
+share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:dllPath);
+file = ereg_replace(pattern:"[A-Z]:(.*)",  replace:"\1",  string:dllPath +
+                                                         "\wmspdmod.dll");
+dllVer = GetVer(share:share, file:file);
+
+if(dllVer)
+{
+  # Windows 2000
+  if(hotfix_check_sp(win2k:5) > 0)
+  {
+    # Check for wmspdmod.dll version  <  9.0.0.3269 ,10.0.0.4070
+    if(version_in_range(version:dllVer, test_version:"9.0",
+                                       test_version2:"9.0.0.3268")||
+       version_in_range(version:dllVer, test_version:"10.0",
+                                       test_version2:"10.0.0.4069")){
+      security_hole(0);
+    }
+  }
+
+  # Windows XP
+  else if(hotfix_check_sp(xp:4) > 0)
+  {
+    SP = get_kb_item("SMB/WinXP/ServicePack");
+    if("Service Pack 2" >< SP || "Service Pack 3" >< SP)
+    {
+      # Windows Media Audio Voice Decoder
+      # Grep for wmspdmod.dll < 9.0.0.3269, 9.0.0.4505, 10.0.0.4364,
+      # 10.0.0.4070, 10.0.0.3704, 11.0.5721.5262
+      if(version_in_range(version:dllVer, test_version:"9.0.0.3",
+                                         test_version2:"9.0.0.3268")||
+         version_in_range(version:dllVer, test_version:"9.0.0.4",
+                                         test_version2:"9.0.0.4504")||
+         version_in_range(version:dllVer, test_version:"10.0.0.3",
+                                         test_version2:"10.0.0.3703")||
+         version_in_range(version:dllVer, test_version:"10.0.0.40",
+                                         test_version2:"10.0.0.4069")||
+         version_in_range(version:dllVer, test_version:"10.0.0.43",
+                                         test_version2:"10.0.0.4364")||
+         version_in_range(version:dllVer, test_version:"11.0.0.0",
+                                         test_version2:"11.0.5721.5262")){
+         security_hole(0);
+      }
+      exit(0);
+    }
+    security_hole(0);
+  }
+
+  # Windows 2003
+  else if(hotfix_check_sp(win2003:3) > 0)
+  {
+    SP = get_kb_item("SMB/Win2003/ServicePack");
+    if(("Service Pack 1" >< SP)||("Service Pack 2" >< SP))
+    {
+      # Check for wmspdmod.dll  version < 10.0.0.3712 ,10.0.0.4004
+      if(version_in_range(version:dllVer, test_version:"10.0.0.3",
+                                         test_version2:"10.0.0.3711") ||
+         version_in_range(version:dllVer, test_version:"10.0.0.4",
+                                         test_version2:"10.0.0.4003")){
+        security_hole(0);
+      }
+      exit(0);
+    }
+    security_hole(0);
+  }
+}
+
+#Audio Compression Manager
+file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:dllPath +
+                                                        "\msaud32.acm");
+dllVer = GetVer(share:share, file:file);
+if(dllVer)
+{
+  if(version_is_less(version:dllVer, test_version:"8.0.0.4502")){
+    security_hole(0);
+  }
+}

Added: trunk/openvas-plugins/scripts/secpod_ms09-052.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms09-052.nasl	2009-10-14 14:41:55 UTC (rev 5542)
+++ trunk/openvas-plugins/scripts/secpod_ms09-052.nasl	2009-10-14 14:47:08 UTC (rev 5543)
@@ -0,0 +1,112 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_ms09-052.nasl 5259 2009-10-14 07:14:09Z oct $
+#
+# Microsoft Windows Media Player ASF Heap Overflow Vulnerability (974112)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900879);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-2527");
+  script_bugtraq_id(36644);
+  script_name("Microsoft Windows Media Player ASF Heap Overflow Vulnerability (974112)");
+  desc = "
+  Overview: This host has critical security update missing according to
+  Microsoft Bulletin MS09-052.
+
+  Vulnerability Insight:
+  A heap-based overflow error occurs while processing malformed ASF files,
+  which can be exploited by tricking a user into opening a malformed ASF file
+  or visiting a malicious web page.
+
+  Impact:
+  Successful exploitation could allow attackers to crash an affected player
+  or execute arbitrary code on the affected application.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Microsoft Windows Media Player 6.4
+  Microsoft Windows 2K  Service Pack 4 and prior.
+  Microsoft Windows XP  Service Pack 3 and prior.
+  Microsoft Windows 2K3 Service Pack 2 and prior.
+
+  Fix:
+  Run Windows Update and update the listed hotfixes or download and
+  update mentioned hotfixes in the advisory from the below link.
+  http://www.microsoft.com/technet/security/bulletin/ms09-052.mspx
+
+  References:
+  http://support.microsoft.com/kb/974112
+  http://www.vupen.com/english/advisories/2009/2888
+  http://www.microsoft.com/technet/security/bulletin/MS09-052.mspx
+
+  Risk factor: Critical";
+
+  script_description(desc);
+  script_summary("Check for the version of strmdll.dll file");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 SecPod");
+  script_family("Windows : Microsoft Bulletins");
+  script_dependencies("secpod_reg_enum.nasl");
+  script_require_ports(139, 445);
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_reg.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+if(hotfix_check_sp(xp:4, win2k:5, win2003:3) <= 0){
+  exit(0);
+}
+
+# MS09-052 Hotfix check
+if(hotfix_missing(name:"974112") == 0){
+  exit(0);
+}
+
+dllPath = registry_get_sz(key:"SOFTWARE\Microsoft\COM3\Setup",
+                          item:"Install Path");
+if(!dllPath){
+  exit(0);
+}
+
+share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:dllPath);
+file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1",
+                    string:dllPath + "\strmdll.dll");
+dllVer = GetVer(file:file, share:share);
+if(!dllVer){
+  exit(0);
+}
+
+if(!isnull(dllVer))
+{
+  # Grep for strmdll.dll version < 4.1.0.3938
+  if(version_is_less(version:dllVer, test_version:"4.1.0.3938")){
+    security_hole(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_ms09-052.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/secpod_ms09-056.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms09-056.nasl	2009-10-14 14:41:55 UTC (rev 5542)
+++ trunk/openvas-plugins/scripts/secpod_ms09-056.nasl	2009-10-14 14:47:08 UTC (rev 5543)
@@ -0,0 +1,154 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_ms09-056.nasl 5263 2009-10-14 03:48:09Z oct $
+#
+# Microsoft Windows CryptoAPI X.509 Spoofing Vulnerabilities (974571)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900876);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-2510", "CVE-2009-2511");
+  script_bugtraq_id(36475, 36577);
+  script_name("Microsoft Windows CryptoAPI X.509 Spoofing Vulnerabilities (974571)");
+  desc = "
+  Overview: This host has critical security update missing according to
+  Microsoft Bulletin MS09-056.
+
+  Vulnerability Insight:
+  - The issue is caused due to the Windows CryptoAPI incorrectly parsing a null
+    terminator as the end of any values identified by an Object Identifier (OID)
+    when processing ASN.1 information from X.509 certificates.
+  - An integer overflow error in the Windows CryptoAPI when parsing ASN.1 object
+    identifiers from X.509 certificates, which could allow an attacker to
+    generate a malicious certificate that would be parsed incorrectly by the
+    Windows CryptoAPI.
+
+  Impact:
+  Successful exploitation will let the attacker to conduct spoofing attacks on
+  the affected system.
+
+  Impact Level: System
+
+  Affected Software/OS:
+  Microsoft Windows 2K  Service Pack 4 and prior.
+  Microsoft Windows XP  Service Pack 3 and prior.
+  Microsoft Windows 2K3 Service Pack 2 and prior.
+
+  Fix:
+  Run Windows Update and update the listed hotfixes or download and
+  update mentioned hotfixes in the advisory from the below link.
+  http://www.microsoft.com/technet/security/bulletin/ms09-056.mspx
+
+  References:
+  http://support.microsoft.com/kb/974571
+  http://www.vupen.com/english/advisories/2009/2891
+  http://www.microsoft.com/technet/security/bulletin/MS09-056.mspx
+
+  Risk factor: Medium";
+
+  script_description(desc);
+  script_summary("Check for the version of msasn1.dll file");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 SecPod");
+  script_family("Windows : Microsoft Bulletins");
+  script_dependencies("secpod_reg_enum.nasl");
+  script_require_ports(139, 445);
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_reg.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+if(hotfix_check_sp(xp:4, win2k:5, win2003:3) <= 0){
+  exit(0);
+}
+
+# MS09-056 Hotfix check
+if(hotfix_missing(name:"974571") == 0){
+  exit(0);
+}
+
+dllPath = registry_get_sz(key:"SOFTWARE\Microsoft\COM3\Setup",
+                          item:"Install Path");
+if(!dllPath){
+  exit(0);
+}
+
+share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:dllPath);
+file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1",
+                    string:dllPath + "\msasn1.dll");
+
+dllVer = GetVer(file:file, share:share);
+if(!dllVer){
+  exit(0);
+}
+
+# Windows 2K
+if(hotfix_check_sp(win2k:5) > 0)
+{
+  # Grep for msasn1.dll version < 5.0.2195.7334
+  if(version_is_less(version:dllVer, test_version:"5.0.2195.7334")){
+    security_hole(0);
+  }
+}
+
+#  Windows XP
+else if(hotfix_check_sp(xp:4) > 0)
+{
+  SP = get_kb_item("SMB/WinXP/ServicePack");
+  if("Service Pack 2" >< SP)
+  {
+    # Grep for msasn1.dll < 5.1.2600.3624
+    if(version_is_less(version:dllVer, test_version:"5.1.2600.3624")){
+      security_hole(0);
+    }
+    exit(0);
+  }
+  else if("Service Pack 3" >< SP)
+  {
+    # Grep for msasn1.dll < 5.1.2600.5875
+    if(version_is_less(version:dllVer, test_version:"5.1.2600.5875")){
+      security_hole(0);
+    }
+    exit(0);
+  }
+  security_hole(0);
+}
+# Windows 2003
+else if(hotfix_check_sp(win2003:3) > 0)
+{
+  SP = get_kb_item("SMB/Win2003/ServicePack");
+  if("Service Pack 2" >< SP)
+  {
+    # Grep for msasn1.dll version < 5.2.3790.4584
+    if(version_is_less(version:dllVer, test_version:"5.2.3790.4584")){
+      security_hole(0);
+    }
+    exit(0);
+  }
+  security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_ms09-056.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/secpod_ms09-058.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms09-058.nasl	2009-10-14 14:41:55 UTC (rev 5542)
+++ trunk/openvas-plugins/scripts/secpod_ms09-058.nasl	2009-10-14 14:47:08 UTC (rev 5543)
@@ -0,0 +1,152 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_ms09-058.nasl 5265 2009-10-14 09:16:45Z oct $
+#
+# Microsoft Windows Kernel Privilege Escalation Vulnerability (971486)
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900963);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-2515", "CVE-2009-2516", "CVE-2009-2517");
+  script_bugtraq_id(36623, 36624, 36625);
+  script_name("Microsoft Windows Kernel Privilege Escalation Vulnerability (971486)");
+  desc = "
+  Overview: This host has critical security update missing according to
+  Microsoft Bulletin MS09-058.
+
+  Vulnerability Insight:
+  Several flaws arise in the Windows kernel due to,
+  - incorrect truncation of a 64-bit value to a 32-bit value.
+  - insufficient validation of certain data/pointers passed from user mode.
+  - improper handling of certain exceptions.
+
+  Impact:
+  Successful exploitation could allow attackers to execute arbitrary code with
+  elevated privileges or system may stop responding.
+
+  Impact Level: System
+
+  Affected Software/OS:
+  Microsoft Windows 2K  Service Pack 4 and prior.
+  Microsoft Windows XP  Service Pack 3 and prior.
+  Microsoft Windows 2K3 Service Pack 2 and prior.
+
+  Fix:
+  Run Windows Update and update the listed hotfixes or download and
+  update mentioned hotfixes in the advisory from the below link.
+  http://www.microsoft.com/technet/security/bulletin/ms09-058.mspx
+
+  References:
+  http://secunia.com/advisories/35372/
+  http://www.vupen.com/english/advisories/2009/2893
+  http://www.microsoft.com/technet/security/bulletin/MS09-058.mspx
+
+  Risk factor: High";
+
+  script_description(desc);
+  script_summary("Check for the version of ntoskrnl.exe");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 SecPod");
+  script_family("Windows : Microsoft Bulletins");
+  script_dependencies("secpod_reg_enum.nasl");
+  script_require_ports(139, 445);
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_reg.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+if(hotfix_check_sp(xp:4, win2k:5, win2003:3) <= 0){
+  exit(0);
+}
+
+# MS09-058 Hotfix check
+if(hotfix_missing(name:"971486") == 0){
+  exit(0);
+}
+
+exePath = registry_get_sz(key:"SOFTWARE\Microsoft\COM3\Setup",
+                          item:"Install Path");
+if(!exePath){
+  exit(0);
+}
+
+share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:exePath);
+file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1",
+                    string:exePath + "\ntoskrnl.exe");
+
+exeVer = GetVer(file:file, share:share);
+if(!exeVer){
+  exit(0);
+}
+
+# Windows 2K
+if(hotfix_check_sp(win2k:5) > 0)
+{
+  # Grep for ntoskrnl.exe version < 5.0.2195.7319
+  if(version_is_less(version:exeVer, test_version:"5.0.2195.7319")){
+    security_hole(0);
+  }
+}
+
+# Windows XP
+else if(hotfix_check_sp(xp:4) > 0)
+{
+  SP = get_kb_item("SMB/WinXP/ServicePack");
+  if("Service Pack 2" >< SP)
+  {
+    # Grep for ntoskrnl.exe < 5.1.2600.3610
+    if(version_is_less(version:exeVer, test_version:"5.1.2600.3610")){
+      security_hole(0);
+    }
+    exit(0);
+  }
+  else if("Service Pack 3" >< SP)
+  {
+    # Grep for ntoskrnl.exe < 5.1.2600.5857
+    if(version_is_less(version:exeVer, test_version:"5.1.2600.5857")){
+      security_hole(0);
+    }
+    exit(0);
+  }
+  security_hole(0);
+}
+
+# Windows 2003
+else if(hotfix_check_sp(win2003:3) > 0)
+{
+  SP = get_kb_item("SMB/Win2003/ServicePack");
+  if("Service Pack 2" >< SP)
+  {
+    # Grep for ntoskrnl.exe version < 5.2.3790.4566
+    if(version_is_less(version:exeVer, test_version:"5.2.3790.4566")){
+      security_hole(0);
+    }
+    exit(0);
+  }
+  security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_ms09-058.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/secpod_ms09-059.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms09-059.nasl	2009-10-14 14:41:55 UTC (rev 5542)
+++ trunk/openvas-plugins/scripts/secpod_ms09-059.nasl	2009-10-14 14:47:08 UTC (rev 5543)
@@ -0,0 +1,146 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_ms09-059.nasl 5266 2009-10-14 03:48:09Z oct $
+#
+# Microsoft Windows LSASS Denial of Service Vulnerability (975467)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900877);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-2524");
+  script_bugtraq_id(36593);
+  script_name("Microsoft Windows LSASS Denial of Service Vulnerability (975467)");
+  desc = "
+  Overview: This host has critical security update missing according to
+  Microsoft Bulletin MS09-059.
+
+  Vulnerability Insight:
+  This issue is caused by an integer underflow error in the Windows NTLM
+  implementation in LSASS (Local Security Authority Subsystem Service) when
+  processing malformed packets during the authentication process, which could
+  allow attackers to cause an affected system to automatically reboot.
+
+  Impact:
+  Successful exploitation will let the remote attackers to cause a Denial of
+  Service on the victim's system.
+
+  Impact Level: System
+
+  Affected Software/OS:
+  Microsoft Windows XP  Service Pack 3 and prior.
+  Microsoft Windows 2K3 Service Pack 2 and prior.
+
+  Fix:
+  Run Windows Update and update the listed hotfixes or download and
+  update mentioned hotfixes in the advisory from the below link.
+  http://www.microsoft.com/technet/security/bulletin/ms09-059.mspx
+
+  References:
+  http://support.microsoft.com/kb/975467
+  http://www.vupen.com/english/advisories/2009/2894
+  http://www.microsoft.com/technet/security/bulletin/MS09-059.mspx
+
+  Risk factor: Medium";
+
+  script_description(desc);
+  script_summary("Check for the version of Msv1_0.dll file");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 SecPod");
+  script_family("Windows : Microsoft Bulletins");
+  script_dependencies("secpod_reg_enum.nasl");
+  script_require_ports(139, 445);
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_reg.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+if(hotfix_check_sp(xp:4, win2003:3) <= 0){
+  exit(0);
+}
+
+# Check KB968389 is installed, vulnerability exists only if this is installed.
+if(hotfix_missing(name:"968389") == 1){
+  exit(0);
+}
+
+# MS09-059 Hotfix check
+if(hotfix_missing(name:"975467") == 0){
+  exit(0);
+}
+
+dllPath = registry_get_sz(key:"SOFTWARE\Microsoft\COM3\Setup",
+                          item:"Install Path");
+if(!dllPath){
+  exit(0);
+}
+
+share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:dllPath);
+file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1",
+                    string:dllPath + "\Msv1_0.dll");
+
+dllVer = GetVer(file:file, share:share);
+if(!dllVer){
+  exit(0);
+}
+
+# Windows XP
+if(hotfix_check_sp(xp:4) > 0)
+{
+  SP = get_kb_item("SMB/WinXP/ServicePack");
+  if("Service Pack 2" >< SP)
+  {
+    # Grep for Msv1_0.dll < 5.1.2600.3625
+    if(version_is_less(version:dllVer, test_version:"5.1.2600.3625")){
+      security_hole(0);
+    }
+    exit(0);
+  }
+  else if("Service Pack 3" >< SP)
+  {
+    # Grep for Msv1_0.dll < 5.1.2600.5876
+    if(version_is_less(version:dllVer, test_version:"5.1.2600.5876")){
+      security_hole(0);
+    }
+    exit(0);
+  }
+  security_hole(0);
+}
+# Windows 2003
+else if(hotfix_check_sp(win2003:3) > 0)
+{
+  SP = get_kb_item("SMB/Win2003/ServicePack");
+  if("Service Pack 2" >< SP)
+  {
+    # Grep for Msv1_0.dll version < 5.2.3790.4587
+    if(version_is_less(version:dllVer, test_version:"5.2.3790.4587")){
+      security_hole(0);
+    }
+    exit(0);
+  }
+  security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_ms09-059.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/secpod_ms09-060.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms09-060.nasl	2009-10-14 14:41:55 UTC (rev 5542)
+++ trunk/openvas-plugins/scripts/secpod_ms09-060.nasl	2009-10-14 14:47:08 UTC (rev 5543)
@@ -0,0 +1,124 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_ms09-060.nasl 5267 2009-10-14 09:14:35Z oct $
+#
+# MS ATL ActiveX Controls for MS Office Could Allow Remote Code Execution (973965)
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(901040);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-0901", "CVE-2009-2493","CVE-2009-2495");
+  script_bugtraq_id(35828, 35830, 35832);
+  script_name("MS ATL ActiveX Controls for MS Office Could Allow Remote Code Execution (973965)");
+  desc = "
+  Overview: This host has critical security update missing according to
+  Microsoft Bulletin MS09-060.
+
+  Vulnerability Insight:
+  Multiple flaws are caused due to,
+  - Error in the Microsoft Active Template Library (ATL) within the ATL headers
+    that handle instantiation of an object from data streams.
+  - Error in the ATL headers, which could allow a string to be read with no ending
+    NULL bytes, which could allow an attacker to manipulate a string to read extra
+    data beyond the end of the string and thus disclose information in memory.
+  - Error in the Microsoft Active Template Library (ATL) headers, which could allow
+    attackers to call 'VariantClear()' on a variant that has not been correctly
+    initialized, leading to arbitrary code execution.
+
+  Impact:
+  Successful exploitation could allow remote attackers to execute arbitrary
+  code with SYSTEM privileges, and can cause Denial of Service.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  Microsoft Office Outlook 2002/2003/2007
+  Microsoft Office Visio Viewer 2007
+
+  Fix:
+  Run Windows Update and update the listed hotfixes or download and
+  update mentioned hotfixes in the advisory from the below link,
+  http://www.microsoft.com/technet/security/bulletin/ms09-060.mspx
+
+  References:
+  http://www.vupen.com/english/advisories/2009/2895
+  http://www.microsoft.com/technet/security/bulletin/ms09-060.mspx
+
+  Risk factor : Critical";
+
+  script_description(desc);
+  script_summary("Check for the vulnerable DLL file version");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 SecPod");
+  script_family("Windows : Microsoft Bulletins");
+  script_dependencies("secpod_office_products_version_900032.nasl");
+  script_require_keys("SMB/WindowsVersion", "SMB/Office/Outlook/Version");
+  script_require_ports(139, 445);
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_reg.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+if((hotfix_missing(name:"973702") == 0)||(hotfix_missing(name:"972363" == 0))||
+   (hotfix_missing(name:"973705") == 0)||(hotfix_missing(name:"973709" == 0))){
+   exit(0);
+}
+
+visVer = get_kb_item("SMB/Office/Outloook/Version");
+if(visVer)
+{
+  #Check for Office OutLook  < 10.0.6856.0 ,11.0.8312.0, 12.0.6514.5000
+  if(version_in_range(version:visVer, test_version:"10.0",
+                                     test_version2:"10.0.6855") ||
+     version_in_range(version:visVer, test_version:"11.0",
+                                     test_version2:"11.0.8311") ||
+     version_in_range(version:visVer, test_version:"12.0",
+                                     test_version2:"12.0.6514.4999"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+}
+
+visPath = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion",
+                           item:"ProgramFilesDir");
+if(visPath)
+{
+  visPath += "\Microsoft Office\Office12\Vviewer.dll";
+  share  = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:visPath);
+  visfile =  ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:visPath);
+  visVer = GetVer(file:visfile, share:share);
+  if(visVer != NULL)
+  {
+     #Check for Microsoft Office Visio Viewer < 12.0.6513.5000
+    if(version_in_range(version:visVer, test_version:"12.0",
+                                       test_version2:"12.0.6513.4999")){
+     security_hole(0);
+    }
+  }
+}

Modified: trunk/openvas-plugins/scripts/secpod_office_products_version_900032.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_office_products_version_900032.nasl	2009-10-14 14:41:55 UTC (rev 5542)
+++ trunk/openvas-plugins/scripts/secpod_office_products_version_900032.nasl	2009-10-14 14:47:08 UTC (rev 5543)
@@ -23,10 +23,12 @@
 #
 #  Updated to include detect mechanism for Office Publisher - Sharath S
 #
+#  Updated to include detect mechanism for Office Outlook
+#   -By Antu Sanadi 2009/10/14
 #  ------------------------------------------------------------------------
 #  This program was written by SecPod and is licensed under the GNU GPL
 #  license. Please refer to the below link for details,
-#  http://www.gnu.org/licenses/gpl.html
+#  http://www.gnu.org/licenses/gpl.tml
 #  This header contains information regarding licensing terms under the GPL,
 #  and information regarding obtaining source code from the Author.
 #  Consequently, pursuant to section 3(c) of the GPL, you must accompany the
@@ -39,7 +41,7 @@
 if(description)
 {
   script_id(900032);
-  script_version("$Revision: 1.5 $");
+  script_version("$Revision: 1.6 $");
   script_category(ACT_GATHER_INFO);
   script_family("Windows");
   script_name("MS Office Products Version Detection");
@@ -267,3 +269,20 @@
   }
 }
 
+#Office outlook
+outlookFile = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion" +
+                              "\App Paths\OUTLOOK.EXE", item:"Path");
+if(outlookFile)
+{
+  share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:outlookFile);
+  outlookFile  =  ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1",
+                       string:outlookFile + "\OUTLOOK.EXE");
+  outlookVer = GetVer(file:outlookFile, share:share);
+  if(outlookVer){
+    set_kb_item(name:"SMB/Office/Outloook/Version", value:outlookVer);
+  }
+}
+
+
+
+



More information about the Openvas-commits mailing list