[Openvas-commits] r5647 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Tue Oct 20 14:27:00 CEST 2009
Author: chandra
Date: 2009-10-20 14:26:56 +0200 (Tue, 20 Oct 2009)
New Revision: 5647
Added:
trunk/openvas-plugins/scripts/gb_blob_blog_system_detect.nasl
trunk/openvas-plugins/scripts/gb_blob_blog_system_postid_xss_vuln.nasl
trunk/openvas-plugins/scripts/gb_cuteftp_bof_vuln.nasl
trunk/openvas-plugins/scripts/gb_cuteftp_detect.nasl
trunk/openvas-plugins/scripts/gb_jetty_cookiedump_xss_vuln.nasl
trunk/openvas-plugins/scripts/gb_jetty_detect.nasl
trunk/openvas-plugins/scripts/gb_rhinosoft_serv-u_detect.nasl
trunk/openvas-plugins/scripts/gb_rhinosoft_serv-u_site_set_dos_vuln.nasl
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/cve_current.txt
Log:
Added new plugins
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2009-10-20 11:58:53 UTC (rev 5646)
+++ trunk/openvas-plugins/ChangeLog 2009-10-20 12:26:56 UTC (rev 5647)
@@ -1,3 +1,15 @@
+2009-10-20 Chandrashekhar B <bchandra at secpod.com>
+
+ * scripts/gb_jetty_detect.nasl,
+ scripts/gb_blob_blog_system_detect.nasl,
+ scripts/gb_cuteftp_detect.nasl,
+ scripts/gb_blob_blog_system_postid_xss_vuln.nasl,
+ scripts/gb_cuteftp_bof_vuln.nasl,
+ scripts/gb_rhinosoft_serv-u_site_set_dos_vuln.nasl,
+ scripts/gb_jetty_cookiedump_xss_vuln.nasl,
+ scripts/gb_rhinosoft_serv-u_detect.nasl:
+ Added new plugins.
+
2009-10-19 Thomas Reinke <reinke at securityspace.com>
scripts/deb_1895_2.nasl,
Modified: trunk/openvas-plugins/cve_current.txt
===================================================================
--- trunk/openvas-plugins/cve_current.txt 2009-10-20 11:58:53 UTC (rev 5646)
+++ trunk/openvas-plugins/cve_current.txt 2009-10-20 12:26:56 UTC (rev 5647)
@@ -37,7 +37,6 @@
CVE-2009-3201 SecPod svn L
CVE-2008-7227 SecPod svn R
CVE-2009-3111 SecPod svn L
-CVE-2009-2945 SecPod
CVE-2009-3199 SecPod svn R
CVE-2009-2521 SecPod svn R
CVE-2009-3230 SecPod
@@ -125,11 +124,8 @@
CVE-2009-3532 SecPod svn R
CVE-2009-3533 SecPod svn R
CVE-2009-3643 SecPod
-CVE-2009-3655 SecPod
-CVE-2009-3590 SecPod
-CVE-2009-3595 SecPod
-CVE-2009-3594 SecPod
-CVE-2009-3591 SecPod
+CVE-2009-3655 SecPod svn R
+CVE-2009-3594 SecPod svn R
CVE-2009-3658 SecPod
CVE-2009-3528 SecPod svn R
CVE-2009-3475 SecPod svn L
@@ -138,3 +134,5 @@
CVE-2009-2813 Greenbone svn R
CVE-2009-2948 Greenbone svn R
CVE-2009-2906 Greenbone svn R
+CVE-2009-3483 SecPod svn L
+CVE-2009-3579 SecPod svn R
Added: trunk/openvas-plugins/scripts/gb_blob_blog_system_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_blob_blog_system_detect.nasl 2009-10-20 11:58:53 UTC (rev 5646)
+++ trunk/openvas-plugins/scripts/gb_blob_blog_system_detect.nasl 2009-10-20 12:26:56 UTC (rev 5647)
@@ -0,0 +1,75 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_blob_blog_system_detect.nasl 5241 2009-10-20 12:38:31Z oct $
+#
+# BLOB Blog System Version Detection
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800955);
+ script_version("Revision: 1.0");
+ script_name("BLOB Blog System Version Detection");
+ desc = "
+ Overview: This script detects the installed version of BLOB Blog System
+ and sets the result in KB.
+
+ Risk factor: Informational";
+
+ script_description(desc);
+ script_summary("Sets the KB for the version of BLOB Blog System");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("Service detection");
+ script_dependencies("http_version.nasl");
+ script_require_ports("Services/www", 80);
+ exit(0);
+}
+
+
+include("http_func.inc");
+
+bbsPort = get_http_port(default:80);
+if(!bbsPort){
+ bbsPort = 80;
+}
+
+if(!get_port_state(bbsPort)){
+ exit(0);
+}
+
+foreach dir (make_list("/", "/blob", "/blog", cgi_dirs()))
+{
+ sndReq = http_get(item:string(dir, "/blob.php"), port:bbsPort);
+ rcvRes = http_send_recv(port:bbsPort, data:sndReq);
+
+ if("The BLOB Blog System" >< rcvRes &&
+ (egrep(pattern:"^HTTP/.* 200 OK", string:rcvRes)))
+ {
+ bbsVer = eregmatch(pattern:"Version ([0-9.]+)", string:rcvRes);
+ if(!isnull(bbsVer[1]))
+ {
+ set_kb_item(name:"www/" + bbsPort + "/BLOB-Blog-System",
+ value:bbsVer[1] + " under " + dir);
+ }
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_blob_blog_system_detect.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_blob_blog_system_postid_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_blob_blog_system_postid_xss_vuln.nasl 2009-10-20 11:58:53 UTC (rev 5646)
+++ trunk/openvas-plugins/scripts/gb_blob_blog_system_postid_xss_vuln.nasl 2009-10-20 12:26:56 UTC (rev 5647)
@@ -0,0 +1,90 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_blob_blog_system_postid_xss_vuln.nasl 5241 2009-10-20 13:46:09Z oct $
+#
+# BLOB Blog System 'postid' Parameter XSS Vulnerability
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800956);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-3594");
+ script_name("BLOB Blog System 'postid' Parameter XSS Vulnerability");
+ desc = "
+ Overview: This host is running BLOB Blog System and is prone to Cross-Site
+ Scripting vulnerability.
+
+ Vulnerability Insight:
+ This flaw is caused due to improper validation of user supplied data passed
+ into the 'postid' parameter in the bpost.php.
+
+ Impact:
+ Successful exploitation will allow remote attackers to execute arbitrary HTML
+ and script code in a user's browser session in the context of an affected
+ site.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ BLOB Blog System prior to 1.2 on all platforms.
+
+ Fix: Upgrade to BLOB Blog System 1.2 or later.
+ http://sourceforge.net/projects/blobblogsystem/files/
+
+ References:
+ http://secunia.com/advisories/35938/
+ http://xforce.iss.net/xforce/xfdb/51959
+
+ CVSS Score:
+ CVSS Base Score : 4.3 (AV:N/AC:M/Au:NR/C:N/I:P/A:N)
+ CVSS Temporal Score : 3.4
+ Risk factor: Medium";
+
+ script_description(desc);
+ script_summary("Check for the version of BLOB Blog System");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("Web application abuses");
+ script_dependencies("gb_blob_blog_system_detect.nasl");
+ script_require_ports("Services/www", 80);
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+bbsPort = get_http_port(default:80);
+if(!bbsPort){
+ exit(0);
+}
+
+bbsVer = get_kb_item("www/" + bbsPort + "/BLOB-Blog-System");
+bbsVer = eregmatch(pattern:"^(.+) under (/.*)$", string:bbsVer);
+
+if(bbsVer[1] != NULL)
+{
+ if(version_is_less(version:bbsVer[1], test_version:"1.2")){
+ security_warning(bbsPort);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_blob_blog_system_postid_xss_vuln.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_cuteftp_bof_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_cuteftp_bof_vuln.nasl 2009-10-20 11:58:53 UTC (rev 5646)
+++ trunk/openvas-plugins/scripts/gb_cuteftp_bof_vuln.nasl 2009-10-20 12:26:56 UTC (rev 5647)
@@ -0,0 +1,104 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_cuteftp_bof_vuln.nasl 5124 2009-10-16 15:27:05Z oct $
+#
+# CuteFTP Heap Based Buffer Overflow Vulnerability
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800948);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-3483");
+ script_name("CuteFTP Heap Based Buffer Overflow Vulnerability");
+ desc = "
+ Overview: The host is installed with CuteFTP and is prone to buffer overflow
+ vulnerability.
+
+ Vulnerability Insight:
+ The flaw is caused due to error in 'Create New Site' feature when connecting
+ to sites having an overly long label. This can be exploited to corrupt heap
+ memory by tricking a user into importing a malicious site list and connecting
+ to a site having an overly long label.
+
+ Impact:
+ Successful exploitation will allow remote attackers to execute arbitrary code
+ and potentially compromise a user's system.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ CuteFTP Home/Pro/Lite 8.3.3, 8.3.3.54 on Windows.
+
+ Fix:
+ No solution or patch is available as on 15th October, 2009. Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://www.cuteftp.com/downloads/
+
+ References:
+ http://secunia.com/advisories/36874
+ http://xforce.iss.net/xforce/xfdb/53487
+ http://www.packetstormsecurity.org/0909-exploits/Dr_IDE-CuteFTP_FTP_8.3.3-PoC.py.txt
+
+ CVSS Score:
+ CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 8.4
+ Risk factor: Critical";
+
+ script_description(desc);
+ script_summary("Check for the version of CuteFTP");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("Buffer overflow");
+ script_dependencies("gb_cuteftp_detect.nasl");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+cVer = make_list();
+
+chVer = get_kb_item("CuteFTP/Home/Ver");
+if(!isnull(chVer)){
+ cVer = make_list(cVer, chVer);
+}
+
+clVer = get_kb_item("CuteFTP/Lite/Ver");
+if(!isnull(clVer)){
+ cVer = make_list(cVer,clVer);
+}
+
+cpVer = get_kb_item("CuteFTP/Professional/Ver");
+if(!isnull(cpVer)){
+ cVer = make_list(cVer,cpVer);
+}
+
+foreach ver (cVer)
+{
+ if(version_is_equal(version:ver, test_version:"8.3.3") ||
+ version_is_equal(version:ver, test_version:"8.3.3.54"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_cuteftp_bof_vuln.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_cuteftp_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_cuteftp_detect.nasl 2009-10-20 11:58:53 UTC (rev 5646)
+++ trunk/openvas-plugins/scripts/gb_cuteftp_detect.nasl 2009-10-20 12:26:56 UTC (rev 5647)
@@ -0,0 +1,82 @@
+##############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_cuteftp_detect.nasl 5124 2009-10-16 10:05:35Z oct $
+#
+# CuteFTP Version Detection
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800947);
+ script_version("$Revision: 1.0 $");
+ script_name("CuteFTP Version Detection");
+ desc = "
+ Overview : This script finds the installed CuteFTP version and saves the
+ result in KB item.
+
+ Risk factor : Informational";
+
+ script_description(desc);
+ script_summary("Set version of CuteFTP in KB");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("Service detection");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_keys("SMB/WindowsVersion");
+ script_require_ports(139, 445);
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+ exit(0);
+}
+
+if(!(registry_key_exists(key:"SOFTWARE\GlobalSCAPE Inc.")||
+ registry_key_exists(key:"SOFTWARE\GlobalSCAPE"))){
+ exit(0);
+}
+
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
+foreach item (registry_enum_keys(key:key))
+{
+ cName = registry_get_sz(key:key + item, item:"DisplayName");
+ cftpName = eregmatch(pattern:"CuteFTP [0-9.?]+ ([a-zA-Z]+)",string:cName);
+ if(cftpName[1] != NULL)
+ {
+ cPath = registry_get_sz(key:key + item, item:"DisplayIcon");
+ if(cPath == NULL){
+ exit(0);
+ }
+
+ cPath = cPath - ",-0";
+ share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:cPath);
+ file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:cPath);
+ cftpVer = GetVer(share:share, file:file);
+ if(!isnull(cftpVer)){
+ set_kb_item(name:"CuteFTP/"+string(cftpName[1])+"/Ver", value:cftpVer);
+ }
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_cuteftp_detect.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_jetty_cookiedump_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_jetty_cookiedump_xss_vuln.nasl 2009-10-20 11:58:53 UTC (rev 5646)
+++ trunk/openvas-plugins/scripts/gb_jetty_cookiedump_xss_vuln.nasl 2009-10-20 12:26:56 UTC (rev 5647)
@@ -0,0 +1,90 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_jetty_cookiedump_xss_vuln.nasl 5206 2009-10-20 12:57:41Z oct $
+#
+# Jetty 'CookieDump.java' Cross-Site Scripting Vulnerability
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800954);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-3579");
+ script_name("Jetty 'CookieDump.java' Cross-Site Scripting Vulnerability");
+ desc = "
+ Overview: This host is running Jetty WebServer and is prone to Cross-Site
+ Scripting vulnerability.
+
+ Vulnerability Insight:
+ The user supplied data passed into the 'Value' parameter in the Sample
+ Cookies aka 'CookieDump.java' application is not adequately sanitised
+ before being returned to the user.
+
+ Impact:
+ Successful exploitation will allow remote attackers to execute arbitrary
+ code and conduct XSS attacks via a direct GET request to cookie/.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Jetty version 6.1.19 and 6.1.20.
+
+ Fix: Upgrade to version 6.1.21 or 7.0.0 or later.
+ http://jetty.mortbay.org/jetty/
+
+ References:
+ http://www.coresecurity.com/content/jetty-persistent-xss
+ http://www.securityfocus.com/archive/1/archive/1/507013/100/0/threaded
+
+ CVSS Score:
+ CVSS Base Score : 4.3 (AV:N/AC:M/Au:NR/C:N/I:P/A:N)
+ CVSS Temporal Score : 3.4
+ Risk factor: Medium";
+
+ script_description(desc);
+ script_summary("Check for version of Jetty");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("Web application abuses");
+ script_dependencies("gb_jetty_detect.nasl");
+ script_require_ports("Services/www", 8080);
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+jettyPort = get_http_port(default:8080);
+if(!jettyPort){
+ exit(0);
+}
+
+jettyVer = get_kb_item("www/" + jettyPort + "/Jetty");
+
+if(!isnull(jettyVer))
+{
+ if(version_is_equal(version:jettyVer, test_version:"6.1.19")||
+ version_is_equal(version:jettyVer, test_version:"6.1.20")){
+ security_warning(jettyPort);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_jetty_cookiedump_xss_vuln.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_jetty_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_jetty_detect.nasl 2009-10-20 11:58:53 UTC (rev 5646)
+++ trunk/openvas-plugins/scripts/gb_jetty_detect.nasl 2009-10-20 12:26:56 UTC (rev 5647)
@@ -0,0 +1,76 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_jetty_detect.nasl 5206 2009-10-12 11:33:54Z oct $
+#
+# Jetty Version Detection
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800953);
+ script_version("$Revision: 1.0 $");
+ script_name("Jetty Version Detection");
+ desc = "
+ Overview: This script detects the installed version of Jetty WebServer
+ and sets the result in KB.
+
+ Risk factor: Informational";
+
+ script_description(desc);
+ script_summary("Sets the KB for the version of Jetty");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("Service detection");
+ script_dependencies("http_version.nasl");
+ script_require_ports("Services/www", 8080);
+ exit(0);
+}
+
+
+include("http_func.inc");
+
+jettyPort = get_http_port(default:8080);
+if(!jettyPort){
+ jettyPort = 8080;
+}
+
+if(!get_port_state(jettyPort)){
+ exit(0);
+}
+
+banner = get_http_banner(port:jettyPort);
+
+if("Server: Jetty" >< banner)
+{
+ jettyVer = eregmatch(pattern:"Jetty.([0-9.]+)([a-zA-Z]+[0-9]+)?",
+ string:banner);
+ if(jettyVer[1] != NULL)
+ {
+ if(jettyVer[2] != NULL){
+ jettyVer = jettyVer[1] + "." + jettyVer[2];
+ }
+ else
+ jettyVer = jettyVer[1];
+
+ set_kb_item(name:"www/" + jettyPort + "/Jetty", value:jettyVer);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_jetty_detect.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_rhinosoft_serv-u_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_rhinosoft_serv-u_detect.nasl 2009-10-20 11:58:53 UTC (rev 5646)
+++ trunk/openvas-plugins/scripts/gb_rhinosoft_serv-u_detect.nasl 2009-10-20 12:26:56 UTC (rev 5647)
@@ -0,0 +1,91 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_rhinosoft_serv-u_detect.nasl 5238 2009-10-20 22:02:29Z oct $
+#
+# Rhino Software Serv-U Version Detection
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801117);
+ script_version("$Revision: 1.0 $");
+ script_name("Rhino Software Serv-U Version Detection");
+ desc = "
+ Overview: This script detects the installed version of Rhino Software
+ Serv-U and sets the result in KB.
+
+ Risk Factor: Informational";
+
+ script_description(desc);
+ script_summary("Set KB for the version of Rhino Software Serv-U");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("Service detection");
+ script_dependencies("find_service.nes", "ssh_detect.nasl");
+ script_require_ports("Services/ftp", 21, "Services/ssh", 22);
+ exit(0);
+}
+
+
+include("ftp_func.inc");
+
+function ServuGetVer(su_port, pat)
+{
+ if(get_port_state(su_port))
+ {
+ banner = get_ftp_banner(port:su_port);
+ if("Serv-U" >< banner)
+ {
+ ver = eregmatch(pattern:pat, string:banner);
+ return ver;
+ }
+ else
+ return NULL;
+ }
+}
+
+
+servuPort = get_kb_item("Services/ssh");
+
+if(!servuPort){
+ servuPort = 22;
+}
+
+pattern1 = "Serv-U_([0-9.]+)";
+pattern2 = "Serv-U FTP Server v([0-9.]+)";
+
+servuVer = ServuGetVer(su_port:servuPort, pat:pattern1);
+if(!isnull(servuVer[1])){
+ set_kb_item(name:"Serv-U/FTP/Ver", value:servuVer[1]);
+}
+else
+{
+ servuPort = get_kb_item("Services/ftp");
+ if(!servuPort){
+ servuPort = 21;
+ }
+
+ servuVer = ServuGetVer(su_port:servuPort, pat:pattern2);
+ if(!isnull(servuVer[1])){
+ set_kb_item(name:"Serv-U/FTP/Ver", value:servuVer[1]);
+ }
+}
Added: trunk/openvas-plugins/scripts/gb_rhinosoft_serv-u_site_set_dos_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_rhinosoft_serv-u_site_set_dos_vuln.nasl 2009-10-20 11:58:53 UTC (rev 5646)
+++ trunk/openvas-plugins/scripts/gb_rhinosoft_serv-u_site_set_dos_vuln.nasl 2009-10-20 12:26:56 UTC (rev 5647)
@@ -0,0 +1,90 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_rhinosoft_serv-u_site_set_dos_vuln.nasl 5238 2009-10-20 22:48:26Z oct $
+#
+# Rhino Software Serv-U 'SITE SET' Command Denial Of Service vulnerability
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801118);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-3655");
+ script_name("Rhino Software Serv-U 'SITE SET' Command Denial Of Service vulnerability");
+ desc = "
+ Overview: This host is installed with Rhino Software Serv-U and is prone to
+ Denial of Service vulnerability.
+
+ Vulnerability Insight:
+ An error occurs when application handles the 'SITE SET TRANSFERPROGRESS ON'
+ command.
+
+ Impact:
+ Successful exploitation will let the local attackers to cause a Denial of
+ Service in the affected application.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Rhino Software Serv-U version prior to 9.0.0.1
+
+ Fix: Upgrade to Rhino Software Serv-U version 9.0.0.1 or later.
+ For Updates Refer, http://www.serv-u.com/dn.asp
+
+ References:
+ http://www.serv-u.com/releasenotes/
+ http://secunia.com/advisories/36873/
+
+ CVSS Score:
+ CVSS Base Score : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P)
+ CVSS Temporal Score : 5.5
+ Risk factor: High";
+
+ script_description(desc);
+ script_summary("Check the version of Rhino Software Serv-U");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("Denial of Service");
+ script_dependencies("gb_rhinosoft_serv-u_detect.nasl", "find_service.nes",
+ "ssh_detect.nasl");
+ script_require_keys("Serv-U/FTP/Ver");
+ script_require_ports("Services/ftp", 21, "Services/ssh", 22);
+ exit(0);
+}
+
+
+include("ftp_func.inc");
+include("version_func.inc");
+
+servuPort = get_kb_item("Services/ssh");
+if(!servuPort)
+{
+ servuPort = get_kb_item("Services/ftp");
+ if(!servuPort)
+ exit(0);
+}
+
+servuVer = get_kb_item("Serv-U/FTP/Ver");
+# Check for Rhino Software Serv-U versions < 9.0.0.1
+if(servuVer =~ "^(7|8)\..*"){
+ security_hole(servuPort);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_rhinosoft_serv-u_site_set_dos_vuln.nasl
___________________________________________________________________
Name: svn:executable
+ *
More information about the Openvas-commits
mailing list