[Openvas-commits] r5647 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Tue Oct 20 14:27:00 CEST 2009


Author: chandra
Date: 2009-10-20 14:26:56 +0200 (Tue, 20 Oct 2009)
New Revision: 5647

Added:
   trunk/openvas-plugins/scripts/gb_blob_blog_system_detect.nasl
   trunk/openvas-plugins/scripts/gb_blob_blog_system_postid_xss_vuln.nasl
   trunk/openvas-plugins/scripts/gb_cuteftp_bof_vuln.nasl
   trunk/openvas-plugins/scripts/gb_cuteftp_detect.nasl
   trunk/openvas-plugins/scripts/gb_jetty_cookiedump_xss_vuln.nasl
   trunk/openvas-plugins/scripts/gb_jetty_detect.nasl
   trunk/openvas-plugins/scripts/gb_rhinosoft_serv-u_detect.nasl
   trunk/openvas-plugins/scripts/gb_rhinosoft_serv-u_site_set_dos_vuln.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/cve_current.txt
Log:
Added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2009-10-20 11:58:53 UTC (rev 5646)
+++ trunk/openvas-plugins/ChangeLog	2009-10-20 12:26:56 UTC (rev 5647)
@@ -1,3 +1,15 @@
+2009-10-20  Chandrashekhar B <bchandra at secpod.com>
+
+	* scripts/gb_jetty_detect.nasl,
+	scripts/gb_blob_blog_system_detect.nasl,
+	scripts/gb_cuteftp_detect.nasl,
+	scripts/gb_blob_blog_system_postid_xss_vuln.nasl,
+	scripts/gb_cuteftp_bof_vuln.nasl,
+	scripts/gb_rhinosoft_serv-u_site_set_dos_vuln.nasl,
+	scripts/gb_jetty_cookiedump_xss_vuln.nasl,
+	scripts/gb_rhinosoft_serv-u_detect.nasl:
+	Added new plugins.
+
 2009-10-19  Thomas Reinke <reinke at securityspace.com>
 
 	scripts/deb_1895_2.nasl,

Modified: trunk/openvas-plugins/cve_current.txt
===================================================================
--- trunk/openvas-plugins/cve_current.txt	2009-10-20 11:58:53 UTC (rev 5646)
+++ trunk/openvas-plugins/cve_current.txt	2009-10-20 12:26:56 UTC (rev 5647)
@@ -37,7 +37,6 @@
 CVE-2009-3201			SecPod		svn		L
 CVE-2008-7227			SecPod		svn		R
 CVE-2009-3111			SecPod		svn		L
-CVE-2009-2945			SecPod
 CVE-2009-3199			SecPod		svn		R
 CVE-2009-2521			SecPod		svn		R
 CVE-2009-3230			SecPod
@@ -125,11 +124,8 @@
 CVE-2009-3532			SecPod		svn		R
 CVE-2009-3533			SecPod		svn		R
 CVE-2009-3643			SecPod
-CVE-2009-3655			SecPod
-CVE-2009-3590			SecPod
-CVE-2009-3595			SecPod
-CVE-2009-3594			SecPod
-CVE-2009-3591			SecPod
+CVE-2009-3655			SecPod		svn		R
+CVE-2009-3594			SecPod		svn		R
 CVE-2009-3658			SecPod
 CVE-2009-3528			SecPod		svn		R
 CVE-2009-3475			SecPod		svn		L
@@ -138,3 +134,5 @@
 CVE-2009-2813			Greenbone	svn		R
 CVE-2009-2948			Greenbone	svn		R
 CVE-2009-2906			Greenbone	svn		R
+CVE-2009-3483			SecPod		svn		L
+CVE-2009-3579			SecPod		svn		R

Added: trunk/openvas-plugins/scripts/gb_blob_blog_system_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_blob_blog_system_detect.nasl	2009-10-20 11:58:53 UTC (rev 5646)
+++ trunk/openvas-plugins/scripts/gb_blob_blog_system_detect.nasl	2009-10-20 12:26:56 UTC (rev 5647)
@@ -0,0 +1,75 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_blob_blog_system_detect.nasl 5241 2009-10-20 12:38:31Z oct $
+#
+# BLOB Blog System Version Detection
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800955);
+  script_version("Revision: 1.0");
+  script_name("BLOB Blog System Version Detection");
+  desc = "
+  Overview: This script detects the installed version of BLOB Blog System
+  and sets the result in KB.
+
+  Risk factor: Informational";
+
+  script_description(desc);
+  script_summary("Sets the KB for the version of BLOB Blog System");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Intevation GmbH");
+  script_family("Service detection");
+  script_dependencies("http_version.nasl");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("http_func.inc");
+
+bbsPort = get_http_port(default:80);
+if(!bbsPort){
+  bbsPort = 80;
+}
+
+if(!get_port_state(bbsPort)){
+  exit(0);
+}
+
+foreach dir (make_list("/", "/blob", "/blog", cgi_dirs()))
+{
+  sndReq = http_get(item:string(dir, "/blob.php"), port:bbsPort);
+  rcvRes = http_send_recv(port:bbsPort, data:sndReq);
+
+  if("The BLOB Blog System" >< rcvRes &&
+    (egrep(pattern:"^HTTP/.* 200 OK", string:rcvRes)))
+  {
+    bbsVer = eregmatch(pattern:"Version ([0-9.]+)", string:rcvRes);
+    if(!isnull(bbsVer[1]))
+    {
+      set_kb_item(name:"www/" + bbsPort + "/BLOB-Blog-System",
+                  value:bbsVer[1] + " under " + dir);
+    }
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_blob_blog_system_detect.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_blob_blog_system_postid_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_blob_blog_system_postid_xss_vuln.nasl	2009-10-20 11:58:53 UTC (rev 5646)
+++ trunk/openvas-plugins/scripts/gb_blob_blog_system_postid_xss_vuln.nasl	2009-10-20 12:26:56 UTC (rev 5647)
@@ -0,0 +1,90 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_blob_blog_system_postid_xss_vuln.nasl 5241 2009-10-20 13:46:09Z oct $
+#
+# BLOB Blog System 'postid' Parameter XSS Vulnerability
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800956);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-3594");
+  script_name("BLOB Blog System 'postid' Parameter XSS Vulnerability");
+  desc = "
+  Overview: This host is running BLOB Blog System and is prone to Cross-Site
+  Scripting vulnerability.
+
+  Vulnerability Insight:
+  This flaw is caused due to improper validation of user supplied data passed
+  into the 'postid' parameter in the bpost.php.
+
+  Impact:
+  Successful exploitation will allow remote attackers to execute arbitrary HTML
+  and script code in a user's browser session in the context of an affected
+  site.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  BLOB Blog System prior to 1.2 on all platforms.
+
+  Fix: Upgrade to BLOB Blog System 1.2 or later.
+  http://sourceforge.net/projects/blobblogsystem/files/
+
+  References:
+  http://secunia.com/advisories/35938/
+  http://xforce.iss.net/xforce/xfdb/51959
+
+  CVSS Score:
+    CVSS Base Score     : 4.3 (AV:N/AC:M/Au:NR/C:N/I:P/A:N)
+    CVSS Temporal Score : 3.4
+  Risk factor: Medium";
+
+  script_description(desc);
+  script_summary("Check for the version of BLOB Blog System");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Intevation GmbH");
+  script_family("Web application abuses");
+  script_dependencies("gb_blob_blog_system_detect.nasl");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+bbsPort = get_http_port(default:80);
+if(!bbsPort){
+  exit(0);
+}
+
+bbsVer = get_kb_item("www/" + bbsPort + "/BLOB-Blog-System");
+bbsVer = eregmatch(pattern:"^(.+) under (/.*)$", string:bbsVer);
+
+if(bbsVer[1] != NULL)
+{
+  if(version_is_less(version:bbsVer[1], test_version:"1.2")){
+    security_warning(bbsPort);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_blob_blog_system_postid_xss_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_cuteftp_bof_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_cuteftp_bof_vuln.nasl	2009-10-20 11:58:53 UTC (rev 5646)
+++ trunk/openvas-plugins/scripts/gb_cuteftp_bof_vuln.nasl	2009-10-20 12:26:56 UTC (rev 5647)
@@ -0,0 +1,104 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_cuteftp_bof_vuln.nasl 5124 2009-10-16 15:27:05Z oct $
+#
+# CuteFTP Heap Based Buffer Overflow Vulnerability
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800948);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-3483");
+  script_name("CuteFTP Heap Based Buffer Overflow Vulnerability");
+  desc = "
+  Overview: The host is installed with CuteFTP and is prone to buffer overflow
+  vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused due to error in 'Create New Site' feature when connecting
+  to sites having an overly long label. This can be exploited to corrupt heap
+  memory by tricking a user into importing a malicious site list and connecting
+  to a site having an overly long label.
+
+  Impact:
+  Successful exploitation will allow remote attackers to execute arbitrary code
+  and potentially compromise a user's system.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  CuteFTP Home/Pro/Lite 8.3.3, 8.3.3.54 on Windows.
+
+  Fix:
+  No solution or patch is available as on 15th October, 2009. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://www.cuteftp.com/downloads/
+
+  References:
+  http://secunia.com/advisories/36874
+  http://xforce.iss.net/xforce/xfdb/53487
+  http://www.packetstormsecurity.org/0909-exploits/Dr_IDE-CuteFTP_FTP_8.3.3-PoC.py.txt
+
+  CVSS Score:
+    CVSS Base Score     : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 8.4
+  Risk factor: Critical";
+
+  script_description(desc);
+  script_summary("Check for the version of CuteFTP");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Intevation GmbH");
+  script_family("Buffer overflow");
+  script_dependencies("gb_cuteftp_detect.nasl");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+cVer = make_list();
+
+chVer = get_kb_item("CuteFTP/Home/Ver");
+if(!isnull(chVer)){
+  cVer = make_list(cVer, chVer);
+}
+
+clVer = get_kb_item("CuteFTP/Lite/Ver");
+if(!isnull(clVer)){
+  cVer = make_list(cVer,clVer);
+}
+
+cpVer = get_kb_item("CuteFTP/Professional/Ver");
+if(!isnull(cpVer)){
+  cVer = make_list(cVer,cpVer);
+}
+
+foreach ver (cVer)
+{
+  if(version_is_equal(version:ver, test_version:"8.3.3") ||
+     version_is_equal(version:ver, test_version:"8.3.3.54"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_cuteftp_bof_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_cuteftp_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_cuteftp_detect.nasl	2009-10-20 11:58:53 UTC (rev 5646)
+++ trunk/openvas-plugins/scripts/gb_cuteftp_detect.nasl	2009-10-20 12:26:56 UTC (rev 5647)
@@ -0,0 +1,82 @@
+##############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_cuteftp_detect.nasl 5124 2009-10-16 10:05:35Z oct $
+#
+# CuteFTP Version Detection
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800947);
+  script_version("$Revision: 1.0 $");
+  script_name("CuteFTP Version Detection");
+  desc = "
+  Overview : This script finds the installed CuteFTP version and saves the
+  result in KB item.
+
+  Risk factor : Informational";
+
+  script_description(desc);
+  script_summary("Set version of CuteFTP in KB");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Intevation GmbH");
+  script_family("Service detection");
+  script_dependencies("secpod_reg_enum.nasl");
+  script_require_keys("SMB/WindowsVersion");
+  script_require_ports(139, 445);
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+  exit(0);
+}
+
+if(!(registry_key_exists(key:"SOFTWARE\GlobalSCAPE Inc.")||
+     registry_key_exists(key:"SOFTWARE\GlobalSCAPE"))){
+  exit(0);
+}
+
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
+foreach item (registry_enum_keys(key:key))
+{
+  cName = registry_get_sz(key:key + item, item:"DisplayName");
+  cftpName = eregmatch(pattern:"CuteFTP [0-9.?]+ ([a-zA-Z]+)",string:cName);
+  if(cftpName[1] != NULL)
+  {
+    cPath = registry_get_sz(key:key + item, item:"DisplayIcon");
+    if(cPath == NULL){
+      exit(0);
+    }
+
+    cPath = cPath - ",-0";
+    share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:cPath);
+    file  = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:cPath);
+    cftpVer = GetVer(share:share, file:file);
+    if(!isnull(cftpVer)){
+      set_kb_item(name:"CuteFTP/"+string(cftpName[1])+"/Ver", value:cftpVer);
+    }
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_cuteftp_detect.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_jetty_cookiedump_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_jetty_cookiedump_xss_vuln.nasl	2009-10-20 11:58:53 UTC (rev 5646)
+++ trunk/openvas-plugins/scripts/gb_jetty_cookiedump_xss_vuln.nasl	2009-10-20 12:26:56 UTC (rev 5647)
@@ -0,0 +1,90 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_jetty_cookiedump_xss_vuln.nasl 5206 2009-10-20 12:57:41Z oct $
+#
+# Jetty 'CookieDump.java' Cross-Site Scripting Vulnerability
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800954);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-3579");
+  script_name("Jetty 'CookieDump.java' Cross-Site Scripting Vulnerability");
+  desc = "
+  Overview: This host is running Jetty WebServer and is prone to Cross-Site
+  Scripting vulnerability.
+
+  Vulnerability Insight:
+  The user supplied data passed into the 'Value' parameter in the Sample
+  Cookies aka 'CookieDump.java' application is not adequately sanitised
+  before being returned to the user.
+
+  Impact:
+  Successful exploitation will allow remote attackers to execute arbitrary
+  code and conduct XSS attacks via a direct GET request to cookie/.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Jetty version 6.1.19 and 6.1.20.
+
+  Fix: Upgrade to version 6.1.21 or 7.0.0 or later.
+  http://jetty.mortbay.org/jetty/
+
+  References:
+  http://www.coresecurity.com/content/jetty-persistent-xss
+  http://www.securityfocus.com/archive/1/archive/1/507013/100/0/threaded
+
+  CVSS Score:
+    CVSS Base Score     : 4.3 (AV:N/AC:M/Au:NR/C:N/I:P/A:N)
+    CVSS Temporal Score : 3.4
+  Risk factor: Medium";
+
+  script_description(desc);
+  script_summary("Check for version of Jetty");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Intevation GmbH");
+  script_family("Web application abuses");
+  script_dependencies("gb_jetty_detect.nasl");
+  script_require_ports("Services/www", 8080);
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+jettyPort = get_http_port(default:8080);
+if(!jettyPort){
+  exit(0);
+}
+
+jettyVer = get_kb_item("www/" + jettyPort + "/Jetty");
+
+if(!isnull(jettyVer))
+{
+  if(version_is_equal(version:jettyVer, test_version:"6.1.19")||
+     version_is_equal(version:jettyVer, test_version:"6.1.20")){
+    security_warning(jettyPort);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_jetty_cookiedump_xss_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_jetty_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_jetty_detect.nasl	2009-10-20 11:58:53 UTC (rev 5646)
+++ trunk/openvas-plugins/scripts/gb_jetty_detect.nasl	2009-10-20 12:26:56 UTC (rev 5647)
@@ -0,0 +1,76 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_jetty_detect.nasl 5206 2009-10-12 11:33:54Z oct $
+#
+# Jetty Version Detection
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800953);
+  script_version("$Revision: 1.0 $");
+  script_name("Jetty Version Detection");
+  desc = "
+  Overview: This script detects the installed version of Jetty WebServer
+  and sets the result in KB.
+
+  Risk factor: Informational";
+
+  script_description(desc);
+  script_summary("Sets the KB for the version of Jetty");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Intevation GmbH");
+  script_family("Service detection");
+  script_dependencies("http_version.nasl");
+  script_require_ports("Services/www", 8080);
+  exit(0);
+}
+
+
+include("http_func.inc");
+
+jettyPort = get_http_port(default:8080);
+if(!jettyPort){
+  jettyPort = 8080;
+}
+
+if(!get_port_state(jettyPort)){
+  exit(0);
+}
+
+banner = get_http_banner(port:jettyPort);
+
+if("Server: Jetty" >< banner)
+{
+  jettyVer = eregmatch(pattern:"Jetty.([0-9.]+)([a-zA-Z]+[0-9]+)?",
+                       string:banner);
+  if(jettyVer[1] != NULL)
+  {
+    if(jettyVer[2] != NULL){
+      jettyVer = jettyVer[1] + "." + jettyVer[2];
+    }
+    else
+      jettyVer = jettyVer[1];
+
+    set_kb_item(name:"www/" + jettyPort + "/Jetty", value:jettyVer);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_jetty_detect.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_rhinosoft_serv-u_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_rhinosoft_serv-u_detect.nasl	2009-10-20 11:58:53 UTC (rev 5646)
+++ trunk/openvas-plugins/scripts/gb_rhinosoft_serv-u_detect.nasl	2009-10-20 12:26:56 UTC (rev 5647)
@@ -0,0 +1,91 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_rhinosoft_serv-u_detect.nasl 5238 2009-10-20 22:02:29Z oct $
+#
+# Rhino Software Serv-U Version Detection
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801117);
+  script_version("$Revision: 1.0 $");
+  script_name("Rhino Software Serv-U Version Detection");
+  desc = "
+  Overview: This script detects the installed version of Rhino Software
+  Serv-U and sets the result in KB.
+
+  Risk Factor: Informational";
+
+  script_description(desc);
+  script_summary("Set KB for the version of Rhino Software Serv-U");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Intevation GmbH");
+  script_family("Service detection");
+  script_dependencies("find_service.nes", "ssh_detect.nasl");
+  script_require_ports("Services/ftp", 21, "Services/ssh", 22);
+  exit(0);
+}
+
+
+include("ftp_func.inc");
+
+function ServuGetVer(su_port, pat)
+{
+  if(get_port_state(su_port))
+  {
+    banner = get_ftp_banner(port:su_port);
+    if("Serv-U" >< banner)
+    {
+      ver = eregmatch(pattern:pat, string:banner);
+      return ver;
+    }
+    else
+      return NULL;
+  }
+}
+
+
+servuPort = get_kb_item("Services/ssh");
+
+if(!servuPort){
+  servuPort = 22;
+}
+
+pattern1 = "Serv-U_([0-9.]+)";
+pattern2 = "Serv-U FTP Server v([0-9.]+)";
+
+servuVer = ServuGetVer(su_port:servuPort, pat:pattern1);
+if(!isnull(servuVer[1])){
+  set_kb_item(name:"Serv-U/FTP/Ver", value:servuVer[1]);
+}
+else
+{
+  servuPort = get_kb_item("Services/ftp");
+  if(!servuPort){
+    servuPort = 21;
+  }
+
+  servuVer = ServuGetVer(su_port:servuPort, pat:pattern2);
+  if(!isnull(servuVer[1])){
+    set_kb_item(name:"Serv-U/FTP/Ver", value:servuVer[1]);
+  }
+}

Added: trunk/openvas-plugins/scripts/gb_rhinosoft_serv-u_site_set_dos_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_rhinosoft_serv-u_site_set_dos_vuln.nasl	2009-10-20 11:58:53 UTC (rev 5646)
+++ trunk/openvas-plugins/scripts/gb_rhinosoft_serv-u_site_set_dos_vuln.nasl	2009-10-20 12:26:56 UTC (rev 5647)
@@ -0,0 +1,90 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_rhinosoft_serv-u_site_set_dos_vuln.nasl 5238 2009-10-20 22:48:26Z oct $
+#
+# Rhino Software Serv-U 'SITE SET' Command Denial Of Service vulnerability
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801118);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-3655");
+  script_name("Rhino Software Serv-U 'SITE SET' Command Denial Of Service vulnerability");
+  desc = "
+  Overview: This host is installed with Rhino Software Serv-U and is prone to
+  Denial of Service vulnerability.
+
+  Vulnerability Insight:
+  An error occurs when application handles the 'SITE SET TRANSFERPROGRESS ON'
+  command.
+
+  Impact:
+  Successful exploitation will let the local attackers to cause a Denial of
+  Service in the affected application.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Rhino Software Serv-U version prior to 9.0.0.1
+
+  Fix: Upgrade to Rhino Software Serv-U version 9.0.0.1 or later.
+  For Updates Refer, http://www.serv-u.com/dn.asp
+
+  References:
+  http://www.serv-u.com/releasenotes/
+  http://secunia.com/advisories/36873/
+
+  CVSS Score:
+    CVSS Base Score     : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P)
+    CVSS Temporal Score : 5.5
+  Risk factor: High";
+
+  script_description(desc);
+  script_summary("Check  the version of Rhino Software Serv-U");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Intevation GmbH");
+  script_family("Denial of Service");
+  script_dependencies("gb_rhinosoft_serv-u_detect.nasl", "find_service.nes",
+                      "ssh_detect.nasl");
+  script_require_keys("Serv-U/FTP/Ver");
+  script_require_ports("Services/ftp", 21, "Services/ssh", 22);
+  exit(0);
+}
+
+
+include("ftp_func.inc");
+include("version_func.inc");
+
+servuPort = get_kb_item("Services/ssh");
+if(!servuPort)
+{
+  servuPort = get_kb_item("Services/ftp");
+  if(!servuPort)
+    exit(0);
+}
+
+servuVer = get_kb_item("Serv-U/FTP/Ver");
+# Check for Rhino Software Serv-U versions < 9.0.0.1
+if(servuVer =~ "^(7|8)\..*"){
+  security_hole(servuPort);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_rhinosoft_serv-u_site_set_dos_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *



More information about the Openvas-commits mailing list