[Openvas-commits] r5658 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Wed Oct 21 10:12:13 CEST 2009


Author: chandra
Date: 2009-10-21 10:12:07 +0200 (Wed, 21 Oct 2009)
New Revision: 5658

Added:
   trunk/openvas-plugins/scripts/gb_xerver_http_server_code_disclosure_vuln.nasl
   trunk/openvas-plugins/scripts/gb_xerver_http_server_detect.nasl
   trunk/openvas-plugins/scripts/gb_xerver_http_server_dir_traversal_vuln.nasl
   trunk/openvas-plugins/scripts/gb_xerver_http_server_xss_vuln.nasl
   trunk/openvas-plugins/scripts/secpod_ms09-062.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/cve_current.txt
   trunk/openvas-plugins/scripts/secpod_office_products_version_900032.nasl
Log:
Added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2009-10-20 20:38:31 UTC (rev 5657)
+++ trunk/openvas-plugins/ChangeLog	2009-10-21 08:12:07 UTC (rev 5658)
@@ -1,3 +1,15 @@
+2009-10-21  Chandrashekhar B <bchandra at secpod.com>
+
+	* scripts/gb_xerver_http_server_code_disclosure_vuln.nasl,
+	scripts/secpod_ms09-062.nasl,
+	scripts/gb_xerver_http_server_xss_vuln.nasl,
+	scripts/gb_xerver_http_server_detect.nasl,
+	scripts/gb_xerver_http_server_dir_traversal_vuln.nasl:
+	Added new plugins.
+
+	* scripts/secpod_office_products_version_900032.nasl:
+	Updated to detect MS Groove and PowerPoint Converter.
+
 2009-10-20  Vlatko Kosturjak <kost at linux.hr>
 
 	* scripts/remote-web-w3af.nasl: better filename generation

Modified: trunk/openvas-plugins/cve_current.txt
===================================================================
--- trunk/openvas-plugins/cve_current.txt	2009-10-20 20:38:31 UTC (rev 5657)
+++ trunk/openvas-plugins/cve_current.txt	2009-10-21 08:12:07 UTC (rev 5658)
@@ -141,3 +141,32 @@
 36605				Greenbone	svn		R
 36710				Greenbone	svn		R
 36700				Greenbone	svn		R
+CVE-2009-3282			SecPod
+CVE-2009-3281			SecPod
+CVE-2009-3707			SecPod
+CVE-2009-3663			SecPod
+CVE-2009-3711			SecPod
+CVE-2009-2981			SecPod
+CVE-2009-2980			SecPod
+CVE-2009-2979			SecPod
+CVE-2009-2984			SecPod
+CVE-2009-2983			SecPod
+CVE-2009-2982			SecPod
+CVE-2009-2987			SecPod
+CVE-2009-2986			SecPod
+CVE-2009-2985			SecPod
+CVE-2009-2990			SecPod
+CVE-2009-2989			SecPod
+CVE-2009-2988			SecPod
+CVE-2009-2994			SecPod
+CVE-2009-2993			SecPod
+CVE-2009-2992			SecPod
+CVE-2009-2998			SecPod
+CVE-2009-2997			SecPod
+CVE-2009-2996			SecPod
+CVE-2009-2995			SecPod
+CVE-2009-3461			SecPod
+CVE-2009-3460			SecPod
+CVE-2009-3458			SecPod
+CVE-2009-3462			SecPod
+CVE-2009-3546			SecPod

Added: trunk/openvas-plugins/scripts/gb_xerver_http_server_code_disclosure_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_xerver_http_server_code_disclosure_vuln.nasl	2009-10-20 20:38:31 UTC (rev 5657)
+++ trunk/openvas-plugins/scripts/gb_xerver_http_server_code_disclosure_vuln.nasl	2009-10-21 08:12:07 UTC (rev 5658)
@@ -0,0 +1,91 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_xerver_http_server_code_disclosure_vuln.nasl 5185 2009-10-20 20:18:34Z oct $
+#
+# Xerver HTTP Server Source Code Disclosure Vulnerability
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801019);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-3544");
+  script_bugtraq_id(36454);
+  script_name("Xerver HTTP Server Source Code Disclosure Vulnerability");
+  desc = "
+  Overview:
+  This host is running Xerver HTTP Server and is prone to the Source Code
+  Disclosure Vulnerability.
+
+  Vulnerability Insight:
+  An error exists when processing HTTP requests containing '::$DATA' after
+  the HTML file name which can be exploited to disclose the source code.
+
+  Impact:
+  Successful exploitation will allow attackers to gain sensitive information
+  about the application.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Xerver version 4.32 and prior on all platforms.
+
+  Fix:
+  No solution or patch is available as on 20th October, 2009. Information
+  regarding this issue will be updated once the solution details are available.
+  For more info refer, http://www.javascript.nu/xerver/
+
+  References:
+  http://secunia.com/advisories/36681
+  http://www.milw0rm.com/exploits/9649
+
+  CVSS Score:
+   CVSS Base Score      : 5.0 (AV:N/AC:L/Au:NR/C:P/I:N/A:N)
+   CVSS Temporal Score  : 4.5
+  Risk factor : Medium";
+
+  script_description(desc);
+  script_summary("Check for the version of Xerver");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Intevation GmbH");
+  script_family("Web application abuses");
+  script_dependencies("gb_xerver_http_server_detect.nasl");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+xerPort = get_http_port(default:80);
+if(!xerPort){
+  exit(0);
+}
+
+xerVer = get_kb_item("www/" + xerPort + "/Xerver");
+if(xerVer != NULL)
+{
+  if(version_is_less_equal(version:xerVer, test_version:"4.32")){
+    security_warning(xerPort);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_xerver_http_server_code_disclosure_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_xerver_http_server_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_xerver_http_server_detect.nasl	2009-10-20 20:38:31 UTC (rev 5657)
+++ trunk/openvas-plugins/scripts/gb_xerver_http_server_detect.nasl	2009-10-21 08:12:07 UTC (rev 5658)
@@ -0,0 +1,64 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_xerver_detect.nasl 5185 2009-10-20 12:25:24Z oct $
+#
+# Xerver Version Detection
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801017);
+  script_version("Revision: 1.0 ");
+  script_name("Xerver Version Detection");
+  desc = "
+  Overview : This script finds the running Xerver Version and saves the
+  result in KB.
+
+  Risk factor : Informational";
+
+  script_description(desc);
+  script_family("Service detection");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Intevation GmbH");
+  script_summary("Set version of Xerver in KB");
+  script_dependencies("find_service.nes");
+  script_require_ports("Services/www", 80, 32123);
+  exit(0);
+}
+
+
+include("http_func.inc");
+
+foreach port(make_list(32123, 80))
+{
+  if(get_port_state(port))
+  {
+    banner = get_http_banner(port:port);
+    if(banner)
+    {
+      xerVer = eregmatch(pattern:"Server: Xerver/([0-9.]+)",string:banner);
+      if(xerVer[1] != NULL){
+        set_kb_item(name:"www/" + port + "/Xerver", value:xerVer[1]);
+      }
+    }
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_xerver_http_server_detect.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_xerver_http_server_dir_traversal_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_xerver_http_server_dir_traversal_vuln.nasl	2009-10-20 20:38:31 UTC (rev 5657)
+++ trunk/openvas-plugins/scripts/gb_xerver_http_server_dir_traversal_vuln.nasl	2009-10-21 08:12:07 UTC (rev 5658)
@@ -0,0 +1,119 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_xerver_http_server_dir_traversal_vuln.nasl 5185 2009-20- 18:18:34Z oct $
+#
+# Xerver HTTP Server Directory Traversal Vulnerability
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801018);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-3561");
+  script_name("Xerver HTTP Server Directory Traversal Vulnerability");
+  desc = "
+  Overview:
+  This host is running Xerver HTTP Server and is prone to the Directory
+  Traversal Vulnerability
+
+  Vulnerability Insight:
+  The flaw is due to improper sanitization of user supplied input passed via
+  'currentPath' parameter (when 'action' is set to 'chooseDirectory') to the
+  administrative interface.
+
+  Impact:
+  Successful exploitation will allow attackers to execute arbitrary HTML
+  and script code in a user's browser session in context of an affected site.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Xerver version 4.32 and prior on all platforms.
+
+  Fix:
+  No solution or patch is available as on 20th October, 2009. Information
+  regarding this issue will be updated once the solution details are available.
+  For more info refer, http://www.javascript.nu/xerver/
+
+  References:
+  http://www.milw0rm.com/exploits/9718
+
+  CVSS Score:
+   CVSS Base Score      : 5.0 (AV:N/AC:L/Au:NR/C:P/I:N/A:N)
+   CVSS Temporal Score  : 4.5
+  Risk factor : Medium";
+
+  script_description(desc);
+  script_summary("Check for Directory Treversal attack in Xerver");
+  script_category(ACT_MIXED_ATTACK);
+  script_copyright("Copyright (C) 2009 Intevation GmbH");
+  script_family("Web application abuses");
+  script_dependencies("gb_xerver_http_server_detect.nasl");
+  script_require_ports("Services/www", 80, 32123);
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+foreach xerPort(make_list(32123, 80))
+{
+  if(get_port_state(xerPort))
+  {
+    xerVer = get_kb_item("www/" + xerPort + "/Xerver");
+    if(!isnull(xerVer)){
+      break;
+    }
+  }
+}
+
+if(isnull(xerVer)){
+  exit(0);
+}
+
+xerPort = 32123;
+
+if(!safe_checks())
+{
+  request = http_get(item:"/action=chooseDirectory&currentPath=C:/",
+                                                      port:xerPort);
+  response = http_send_recv(port:xerPort, data:request);
+  if("WINDOWS" >< response && "Program Files" >< response)
+  {
+    security_warning(xerPort);
+    exit(0);
+  }
+
+  request = http_get(item:"/action=chooseDirectory&currentPath=/",
+                                                    port:xerPort);
+  response = http_send_recv(port:xerPort, data:request);
+  if("root" >< response && "etc" >< response)
+  {
+    security_warning(xerPort);
+    exit(0);
+  }
+}
+
+if(version_is_less_equal(version:xerVer, test_version:"4.32")){
+  security_warning(xerPort);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_xerver_http_server_dir_traversal_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_xerver_http_server_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_xerver_http_server_xss_vuln.nasl	2009-10-20 20:38:31 UTC (rev 5657)
+++ trunk/openvas-plugins/scripts/gb_xerver_http_server_xss_vuln.nasl	2009-10-21 08:12:07 UTC (rev 5658)
@@ -0,0 +1,113 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_xerver_http_server_xss_vuln.nasl 5185 2009-10-20 16:18:34Z oct $
+#
+# Xerver HTTP Server Cross Site Scripting Vulnerability
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801015);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-3562");
+  script_bugtraq_id(36457);
+  script_name("Xerver HTTP Server Cross Site Scripting Vulnerability");
+  desc = "
+  Overview:
+  This host is running Xerver HTTP Server and is prone to Cross Site Scripting
+  vulnerability
+
+  Vulnerability Insight:
+  The flaw is due to improper sanitization of user supplied input passed via
+  'currentPath' parameter (when 'action' is set to 'chooseDirectory') to the
+  administrative interface.
+
+  Impact:
+  Successful exploitation will allow attackers to execute arbitrary HTML
+  and script code in a user's browser session in context of an affected site.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Xerver version 4.32 and prior on all platforms.
+
+  Fix:
+  No solution or patch is available as on 20th October, 2009. Information
+  regarding this issue will be updated once the solution details are available.
+  For more info refer, http://www.javascript.nu/xerver/
+
+  References:
+  http://secunia.com/advisories/36681
+  http://www.milw0rm.com/exploits/9718
+
+  CVSS Score:
+    CVSS Base Score       : 2.6 (AV:N/AC:H/Au:NR/C:N/I:P/A:N)
+    CVSS Temporal Score   : 2.3
+  Risk factor: Medium";
+
+  script_description(desc);
+  script_summary("Check for XSS attack in Xerver");
+  script_category(ACT_MIXED_ATTACK);
+  script_copyright("Copyright (C) 2009 Intevation GmbH");
+  script_family("Web application abuses");
+  script_dependencies("gb_xerver_http_server_detect.nasl");
+  script_require_ports("Services/www", 32123);
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+foreach xerPort (make_list(32123, 80))
+{
+  if(get_port_state(xerPort))
+  {
+    xerVer = get_kb_item("www/" + xerPort + "/Xerver");
+    if(!isnull(xerVer)){
+     break;
+    }
+  }
+}
+
+if(isnull(xerVer)){
+  exit(0);
+}
+
+xerPort = 32123;
+
+if(!safe_checks())
+{
+  # XSS attempts
+  request = http_get(item:string("/action=chooseDirectory&currentPath=''>><script>" +
+                                 "alert('XSS-By-Stack')</script>"), port:xerPort);
+  response = http_send_recv(port:xerPort, data:request);
+  if("XSS-By-Stack" >< response)
+  {
+    security_warning(xerPort);
+    exit(0);
+  }
+}
+
+if(version_is_less_equal(version:xerVer, test_version:"4.32")){
+  security_warning(xerPort);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_xerver_http_server_xss_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/secpod_ms09-062.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms09-062.nasl	2009-10-20 20:38:31 UTC (rev 5657)
+++ trunk/openvas-plugins/scripts/secpod_ms09-062.nasl	2009-10-21 08:12:07 UTC (rev 5658)
@@ -0,0 +1,303 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_ms09-062.nasl 5269 2009-10-20 04:46:09Z oct $
+#
+# Microsoft Products GDI Plus Code Execution Vulnerabilities (957488)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900878);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-2500", "CVE-2009-2501", "CVE-2009-2502", "CVE-2009-2503",
+                "CVE-2009-2504", "CVE-2009-2518", "CVE-2009-2528", "CVE-2009-3126");
+  script_bugtraq_id(36619, 36645, 36646, 36647, 36648, 36651, 36650, 36649);
+  script_name("Microsoft Products GDI Plus Code Execution Vulnerabilities (957488)");
+  desc = "
+  Overview: This host has critical security update missing according to
+  Microsoft Bulletin MS09-062.
+
+  Vulnerability Insight:
+  These issues are caused by memory corruptions, integer, heap and buffer
+  overflows, and input validation errors in GDI+ when rendering malformed WMF,
+  PNG, TIFF and BMP images, or when processing Office Art Property Tables in
+  Office documents.
+
+  Impact:
+  Successful exploitation could allow attackers to crash an affected application
+  or execute arbitrary code.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Microsoft SQL Server 2005 SP 2/3
+  Microsoft Office XP/2003 SP 3 and prior
+  Microsoft Office Visio 2002 SP 2 and prior
+  Microsoft Office Groove 2007 SP1 and prior
+  Microsoft Office 2007 System SP 1/2 and prior
+  Microsoft Office Word Viewer 2003 SP 3 and prior
+  Microsoft Excel Viewer 2003 SP 3 and prior
+  Microsoft Office Excel Viewer 2007
+  Microsoft Office PowerPoint Viewer 2007 SP2 and prior
+  Microsoft Visual Studio .NET 2003 SP 1 and prior
+  Microsoft Visual Studio 2008 SP 1 and prior
+  Microsoft Windows 2k SP4 with Internet Explorer 6 SP 1
+  Microsoft Office Compatibility Pack for Word/Excel/PowerPoint 2007 File Formats SP 1/2
+
+  Fix:
+  Run Windows Update and update the listed hotfixes or download and
+  update mentioned hotfixes in the advisory from the below link.
+  http://www.microsoft.com/technet/security/bulletin/ms09-062.mspx
+
+  References:
+  http://support.microsoft.com/kb/957488
+  http://www.vupen.com/english/advisories/2009/2897
+  http://www.microsoft.com/technet/security/bulletin/MS09-062.mspx
+
+  Risk factor: Critical";
+
+  script_description(desc);
+  script_summary("Check for the version of Msv1_0.dll file");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 SecPod");
+  script_family("Windows : Microsoft Bulletins");
+  script_dependencies("secpod_ms_visual_prdts_detect.nasl",
+                      "secpod_office_products_version_900032.nasl",
+                      "secpod_reg_enum.nasl", "gb_ms_ie_detect.nasl");
+  script_require_ports(139, 445);
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_reg.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+function FileVer (file, path)
+{
+  share = ereg_replace(pattern:"([A-Za-z]):.*", replace:"\1$", string:path);
+  if(share =~ "[a-z]\$")
+    share = toupper(share);
+  file = ereg_replace(pattern:"[A-Za-z]:(.*)", replace:"\1", string:path + file);
+  ver = GetVer(file:file, share:share);
+  return ver;
+}
+
+
+if(hotfix_check_sp(xp:4, win2k:5, win2003:3) <= 0){
+  exit(0);
+}
+
+# MS09-062 Hotfix check
+if((hotfix_missing(name:"958869") == 0) || (hotfix_missing(name:"974811") == 0)||
+   (hotfix_missing(name:"972580") == 0) || (hotfix_missing(name:"972581") == 0)||
+   (hotfix_missing(name:"975365") == 0) || (hotfix_missing(name:"970895") == 0)||
+   (hotfix_missing(name:"970896") == 0) || (hotfix_missing(name:"970892") == 0)||
+   (hotfix_missing(name:"970894") == 0) || (hotfix_missing(name:"971022") == 0)||
+   (hotfix_missing(name:"971023") == 0) || (hotfix_missing(name:"972221") == 0)||
+   (hotfix_missing(name:"972222") == 0)){
+  exit(0);
+}
+
+# Visio 2002
+visiokey = "SOFTWARE\Microsoft\Visio\Installer";
+if(registry_key_exists(key:visiokey))
+{
+  visiopath = registry_get_sz(key:visiokey, item:"Visio10InstallLocation");
+  if(visiopath)
+  {
+    visiopath += "\Visio10";
+    visioVer = FileVer (file:"\Visio.exe", path:visiopath);
+    if(visioVer)
+    {
+      # Check for Visio version 10.0 < 10.0.6885.4
+      if(version_in_range(version:visioVer, test_version:"10.0", test_version2:"10.0.6885.3"))
+      {
+        security_hole(0);
+        exit(0);
+      }
+    }
+  }
+}
+
+# Office XP Check
+if(get_kb_item("MS/Office/Ver") =~ "^10\..*")
+{
+  offPath = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion",
+                           item:"CommonFilesDir");
+  if(offPath)
+  {
+    offPath += "\Microsoft Shared\OFFICE10";
+    offVer = FileVer(file:"\Mso.dll", path:offPath);
+    if(offVer)
+    {
+      # Grep for Mso.dll version 10.0 < 10.0.6856.0
+      if(version_in_range(version:offVer, test_version:"10.0", test_version2:"10.0.6855.9"))
+      {
+        security_hole(0);
+        exit(0);
+      }
+    }
+  }
+}
+
+# Office 2003 Check
+if((get_kb_item("MS/Office/Ver") =~ "^11\..*") ||
+   (get_kb_item("SMB/Office/XLView/Version") =~ "^11\..*") ||
+   (get_kb_item("SMB/Office/WordView/Version") =~ "^11\..*"))
+{
+  offPath = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion",
+                           item:"ProgramFilesDir");
+  if(offPath)
+  {
+    offPath += "\Microsoft Office\OFFICE11" +
+    offVer = FileVer(file:"\Gdiplus.dll", path:offPath);
+    if(offVer)
+    {
+      # Grep for Gdiplus.dll version 11.0 < 11.0.8312.0
+      if(version_in_range(version:offVer, test_version:"11.0", test_version2:"11.0.8311.9"))
+      {
+        security_hole(0);
+        exit(0);
+      }
+    }
+  }
+}
+
+# Office 2007 or Groove 2007 or Excel Viewer or PowerPoint Viewer or
+# Office Compatibility Pack 2007
+if(((get_kb_item("MS/Office/Ver") =~ "^12\..*") ||
+    (get_kb_item("SMB/Office/Groove/Version") =~ "^12\..*") ||
+    (get_kb_item("SMB/Office/XLView/Version") =~ "^12\..*") ||
+    (get_kb_item("SMB/Office/PPView/Version")) =~ "^12\..*")||
+    (get_kb_item("SMB/Office/ComptPack/Version") =~ "^12\..*"))
+{
+  offPath = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion",
+                            item:"CommonFilesDir");
+  if(offPath)
+  {
+    offPath += "\Microsoft Shared\OFFICE12";
+    offVer = FileVer(file:"\Ogl.dll", path:offPath);
+    if(offVer)
+    {
+      # Grep for Ogl.dll version 12.0 < 12.0.6509.5000
+      if(version_in_range(version:offVer, test_version:"12.0", test_version2:"12.0.6509.4999"))
+      {
+        security_hole(0);
+        exit(0);
+      }
+    }
+  }
+}
+
+# Microsoft Visual Studio .Net 2003
+if(egrep(pattern:"^7\..*", string:get_kb_item("Microsoft/VisualStudio.Net/Ver")))
+{
+  vsPath = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion",
+                           item:"CommonFilesDir");
+  if(vsPath)
+  {
+    vsPath = vsPath + "\Microsoft Shared\Office10";
+    vsVer = FileVer(file:"\MSO.DLL", path:vsPath);
+    # Check for MSO.dll version 10.0 < 10.0.6855.0
+    if(vsVer)
+    {
+      if(version_in_range(version:vsVer, test_version:"10.0", test_version2:"10.0.6854.9"))
+      {
+        security_hole(0);
+        exit(0);
+      }
+    }
+  }
+}
+
+# Visual Studio 2008 Check
+if(egrep(pattern:"^9\..*", string:get_kb_item("Microsoft/VisualStudio/Ver")))
+{
+  vsPath = registry_get_sz(key:"SOFTWARE\Microsoft\Microsoft SDKs\Windows",
+                           item:"CurrentInstallFolder");
+  if(vsPath)
+  {
+    vsPath = vsPath + "\Bootstrapper\Packages\ReportViewer";
+    rvVer = FileVer(file:"\ReportViewer.exe", path:vsPath);
+    # Check for ReportViewer.exe 9.0 < 9.0.21022.227, 9.0.30000 < 9.0.30729.4402
+    if(rvVer)
+    {
+      if(version_in_range(version:rvVer, test_version:"9.0", test_version2:"9.0.21022.226")||
+         version_in_range(version:rvVer, test_version:"9.0.30000", test_version2:"9.0.30729.4401"))
+      {
+        security_hole(0);
+        exit(0);
+      }
+    }
+  }
+}
+
+# Windows 2K with IE 6 SP1
+if(hotfix_check_sp(win2k:5) > 0)
+{
+  ieVer = get_kb_item("MS/IE/EXE/Ver");
+  if(ieVer =~ "^6\.0\.2800")
+  {
+    dllPath = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion",
+                              item:"CommonFilesDir");
+    if(dllPath)
+    {
+      dllPath += "\Microsoft Shared\VGX";
+      dllVer = FileVer(file:"\vgx.dll", path:dllPath);
+      if(dllVer)
+      {
+        # Grep for vgx.dll version < 6.0.2800.1637
+        if(version_is_less(version:dllVer, test_version:"6.0.2800.1637"))
+        {
+          security_hole(0);
+          exit(0);
+        }
+      }
+    }
+  }
+}
+
+# Microsoft SQL Server 2005
+key = "SOFTWARE\Microsoft\Microsoft SQL Server\";
+if(registry_key_exists(key:key))
+{
+  foreach item (registry_enum_keys(key:key))
+  {
+    sqlpath = registry_get_sz(key:key + item + "\Setup", item:"SQLBinRoot");
+    sqlVer = FileVer (file:"\sqlservr.exe", path:sqlpath);
+    # Check for SQL Server 2005 version 2005.90.3000 < 2005.90.3080.0, 2005.90.3300.0 < 2005.90.3353.0,
+    # 2005.90.4000 < 2005.90.4053.0 and 2005.90.4200 < 2005.90.4262.0
+    if(sqlVer)
+    {
+      if(version_in_range(version:sqlVer, test_version:"2005.90.3000", test_version2:"2005.90.3079.9")||
+         version_in_range(version:sqlVer, test_version:"2005.90.3300", test_version2:"2005.90.3352.9")||
+         version_in_range(version:sqlVer, test_version:"2005.90.4000", test_version2:"2005.90.4052.9")||
+         version_in_range(version:sqlVer, test_version:"2005.90.4200", test_version2:"2005.90.4261.9"))
+      {
+        security_hole(0);
+        exit(0);
+      }
+    }
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_ms09-062.nasl
___________________________________________________________________
Name: svn:executable
   + *

Modified: trunk/openvas-plugins/scripts/secpod_office_products_version_900032.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_office_products_version_900032.nasl	2009-10-20 20:38:31 UTC (rev 5657)
+++ trunk/openvas-plugins/scripts/secpod_office_products_version_900032.nasl	2009-10-21 08:12:07 UTC (rev 5658)
@@ -25,6 +25,10 @@
 #
 #  Updated to include detect mechanism for Office Outlook
 #   -By Antu Sanadi 2009/10/14
+#
+#  Updated to include detect mechanism for Office Groove and Office Compatibility Pack
+#    - By Sharath S <sharaths at secpod.com> On 2009-10-20
+#
 #  ------------------------------------------------------------------------
 #  This program was written by SecPod and is licensed under the GNU GPL
 #  license. Please refer to the below link for details,
@@ -41,11 +45,11 @@
 if(description)
 {
   script_id(900032);
-  script_version("$Revision: 1.6 $");
+  script_version("$Revision: 1.7 $");
   script_category(ACT_GATHER_INFO);
   script_family("Windows");
   script_name("MS Office Products Version Detection");
-  script_summary("Determines the version of WinWord, Excel, and Access");
+  script_summary("Determines the version of Microsoft Office products");
   desc = "
   Overview : Retrieve the version of MS Office products from file and
   sets KB.
@@ -85,7 +89,7 @@
   }
 }
 
-# Excel Viewer
+# Excel Viewer (or) PowerPoint Viewer (or) Office Compatibility Pack
 key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
 foreach item (registry_enum_keys(key:key))
 {
@@ -93,79 +97,90 @@
      registry_get_sz(key:key + item, item:"DisplayName"))
   {
     xlviewVer = registry_get_sz(key:key + item, item:"DisplayVersion");
-    if(xlviewVer == NULL){
-      break;
-    }
-
-    xlviewFile = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion",
-                                 item:"ProgramFilesDir");
-    if(xlviewVer =~ "^11(\..*)")
-      xlviewFile += "\Microsoft Office\Office11\XLVIEW.EXE";
-    else if(xlviewVer =~ "^12(\..*)")
-      xlviewFile += "\Microsoft Office\Office12\XLVIEW.EXE";
-
-    if(xlviewFile == NULL){
-      break;
-    }
-
-    share  = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:xlviewFile);
-    xlview =  ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:xlviewFile);
-    xlviewVer = GetVer(file:xlview, share:share);
     if(xlviewVer != NULL)
     {
-      set_kb_item(name:"SMB/Office/XLView/Version", value:xlviewVer);
-      break;
+      xlviewFile = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion",
+                                   item:"ProgramFilesDir");
+      if(xlviewVer =~ "^11(\..*)")
+        xlviewFile += "\Microsoft Office\Office11\XLVIEW.EXE";
+      else if(xlviewVer =~ "^12(\..*)")
+        xlviewFile += "\Microsoft Office\Office12\XLVIEW.EXE";
+
+      if(xlviewFile != NULL)
+      {
+        share  = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:xlviewFile);
+        xlview = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:xlviewFile);
+        xlviewVer = GetVer(file:xlview, share:share);
+        if(xlviewVer != NULL){
+          set_kb_item(name:"SMB/Office/XLView/Version", value:xlviewVer);
+        }
+      }
     }
   }
-}
-
-# PowerPoint Viewer
-key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
-foreach item (registry_enum_keys(key:key))
-{
-  if("Microsoft Office PowerPoint Viewer" ><
+  else if("Microsoft Office PowerPoint Viewer" ><
      registry_get_sz(key:key + item, item:"DisplayName"))
   {
     pptviewVer = registry_get_sz(key:key + item, item:"DisplayVersion");
-    if(pptviewVer == NULL){
-      break;
-    }
-
-    ppviewFile = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion",
-                                 item:"ProgramFilesDir");
-    if(pptviewVer =~ "^11(\..*)")
-      ppviewFile += "\Microsoft Office\PowerPoint Viewer\PPTVIEW.exe";
-    else if(pptviewVer =~ "^12(\..*)")
-      ppviewFile += "\Microsoft Office\Office12\PPTVIEW.exe";
-    if(ppviewFile == NULL){
-      break;
-    }
-
-    share  = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:ppviewFile);
-    pptview =  ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:ppviewFile);
-    pptviewVer = GetVer(file:pptview, share:share);
     if(pptviewVer != NULL)
     {
-      set_kb_item(name:"SMB/Office/PPView/Version", value:pptviewVer);
-      break;
+      ppviewFile = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion",
+                                   item:"ProgramFilesDir");
+      if(pptviewVer =~ "^11(\..*)")
+        ppviewFile += "\Microsoft Office\PowerPoint Viewer\PPTVIEW.exe";
+      else if(pptviewVer =~ "^12(\..*)")
+        ppviewFile += "\Microsoft Office\Office12\PPTVIEW.exe";
+      if(ppviewFile != NULL)
+      {
+        share  = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:ppviewFile);
+        pptview = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:ppviewFile);
+        pptviewVer = GetVer(file:pptview, share:share);
+        if(pptviewVer != NULL){
+          set_kb_item(name:"SMB/Office/PPView/Version", value:pptviewVer);
+        }
+      }
     }
   }
+  else if("Compatibility Pack" ><
+     registry_get_sz(key:key + item, item:"DisplayName"))
+  {
+    cPackVer = registry_get_sz(key:key + item, item:"DisplayVersion");
+    if(cPackVer != NULL){
+      set_kb_item(name:"SMB/Office/ComptPack/Version", value:cPackVer);
+    }
+  }
 }
 
-# Office Power Point Converter
-ppcnvFile = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion",
-                            item:"ProgramFilesDir");
-if(ppcnvFile)
+# Office Groove
+groovePath = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion" +
+                                 "\App Paths\GROOVE.EXE", item:"Path");
+if(groovePath != NULL)
 {
-  ppcnvFile += "\Microsoft Office\Office12\PPCNVCOM.exe";
-  share  = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:ppcnvFile);
-  ppfile =  ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:ppcnvFile);
-  ppcnvVer = GetVer(file:ppfile, share:share);
-  if(ppcnvVer){
-    set_kb_item(name:"SMB/Office/PowerPntCnv/Version", value:ppcnvVer);
+  groovePath += "\GROOVE.exe";
+  share  = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:groovePath);
+  groove = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:groovePath);
+  grooveVer = GetVer(file:groove, share:share);
+  if(grooveVer != NULL){
+    set_kb_item(name:"SMB/Office/Groove/Version", value:grooveVer);
   }
 }
 
+# Office Power Point Convertes
+if(registry_key_exists(key:"SOFTWARE\Microsoft\Office"))
+{
+  ppcnvFile = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion",
+                              item:"ProgramFilesDir");
+  if(ppcnvFile)
+  {
+    ppcnvFile += "\Microsoft Office\Office12\PPCNVCOM.exe";
+    share  = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:ppcnvFile);
+    ppfile =  ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:ppcnvFile);
+    ppcnvVer = GetVer(file:ppfile, share:share);
+    if(ppcnvVer){
+      set_kb_item(name:"SMB/Office/PowerPntCnv/Version", value:ppcnvVer);
+    }
+  }
+}
+
 # To Conform Office Installation
 if(!get_kb_item("MS/Office/Ver")){
   exit(0);
@@ -269,7 +284,7 @@
   }
 }
 
-#Office outlook
+# Office outlook
 outlookFile = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion" +
                               "\App Paths\OUTLOOK.EXE", item:"Path");
 if(outlookFile)
@@ -282,7 +297,3 @@
     set_kb_item(name:"SMB/Office/Outloook/Version", value:outlookVer);
   }
 }
-
-
-
-



More information about the Openvas-commits mailing list