[Openvas-commits] r5658 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Wed Oct 21 10:12:13 CEST 2009
Author: chandra
Date: 2009-10-21 10:12:07 +0200 (Wed, 21 Oct 2009)
New Revision: 5658
Added:
trunk/openvas-plugins/scripts/gb_xerver_http_server_code_disclosure_vuln.nasl
trunk/openvas-plugins/scripts/gb_xerver_http_server_detect.nasl
trunk/openvas-plugins/scripts/gb_xerver_http_server_dir_traversal_vuln.nasl
trunk/openvas-plugins/scripts/gb_xerver_http_server_xss_vuln.nasl
trunk/openvas-plugins/scripts/secpod_ms09-062.nasl
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/cve_current.txt
trunk/openvas-plugins/scripts/secpod_office_products_version_900032.nasl
Log:
Added new plugins
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2009-10-20 20:38:31 UTC (rev 5657)
+++ trunk/openvas-plugins/ChangeLog 2009-10-21 08:12:07 UTC (rev 5658)
@@ -1,3 +1,15 @@
+2009-10-21 Chandrashekhar B <bchandra at secpod.com>
+
+ * scripts/gb_xerver_http_server_code_disclosure_vuln.nasl,
+ scripts/secpod_ms09-062.nasl,
+ scripts/gb_xerver_http_server_xss_vuln.nasl,
+ scripts/gb_xerver_http_server_detect.nasl,
+ scripts/gb_xerver_http_server_dir_traversal_vuln.nasl:
+ Added new plugins.
+
+ * scripts/secpod_office_products_version_900032.nasl:
+ Updated to detect MS Groove and PowerPoint Converter.
+
2009-10-20 Vlatko Kosturjak <kost at linux.hr>
* scripts/remote-web-w3af.nasl: better filename generation
Modified: trunk/openvas-plugins/cve_current.txt
===================================================================
--- trunk/openvas-plugins/cve_current.txt 2009-10-20 20:38:31 UTC (rev 5657)
+++ trunk/openvas-plugins/cve_current.txt 2009-10-21 08:12:07 UTC (rev 5658)
@@ -141,3 +141,32 @@
36605 Greenbone svn R
36710 Greenbone svn R
36700 Greenbone svn R
+CVE-2009-3282 SecPod
+CVE-2009-3281 SecPod
+CVE-2009-3707 SecPod
+CVE-2009-3663 SecPod
+CVE-2009-3711 SecPod
+CVE-2009-2981 SecPod
+CVE-2009-2980 SecPod
+CVE-2009-2979 SecPod
+CVE-2009-2984 SecPod
+CVE-2009-2983 SecPod
+CVE-2009-2982 SecPod
+CVE-2009-2987 SecPod
+CVE-2009-2986 SecPod
+CVE-2009-2985 SecPod
+CVE-2009-2990 SecPod
+CVE-2009-2989 SecPod
+CVE-2009-2988 SecPod
+CVE-2009-2994 SecPod
+CVE-2009-2993 SecPod
+CVE-2009-2992 SecPod
+CVE-2009-2998 SecPod
+CVE-2009-2997 SecPod
+CVE-2009-2996 SecPod
+CVE-2009-2995 SecPod
+CVE-2009-3461 SecPod
+CVE-2009-3460 SecPod
+CVE-2009-3458 SecPod
+CVE-2009-3462 SecPod
+CVE-2009-3546 SecPod
Added: trunk/openvas-plugins/scripts/gb_xerver_http_server_code_disclosure_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_xerver_http_server_code_disclosure_vuln.nasl 2009-10-20 20:38:31 UTC (rev 5657)
+++ trunk/openvas-plugins/scripts/gb_xerver_http_server_code_disclosure_vuln.nasl 2009-10-21 08:12:07 UTC (rev 5658)
@@ -0,0 +1,91 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_xerver_http_server_code_disclosure_vuln.nasl 5185 2009-10-20 20:18:34Z oct $
+#
+# Xerver HTTP Server Source Code Disclosure Vulnerability
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801019);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-3544");
+ script_bugtraq_id(36454);
+ script_name("Xerver HTTP Server Source Code Disclosure Vulnerability");
+ desc = "
+ Overview:
+ This host is running Xerver HTTP Server and is prone to the Source Code
+ Disclosure Vulnerability.
+
+ Vulnerability Insight:
+ An error exists when processing HTTP requests containing '::$DATA' after
+ the HTML file name which can be exploited to disclose the source code.
+
+ Impact:
+ Successful exploitation will allow attackers to gain sensitive information
+ about the application.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Xerver version 4.32 and prior on all platforms.
+
+ Fix:
+ No solution or patch is available as on 20th October, 2009. Information
+ regarding this issue will be updated once the solution details are available.
+ For more info refer, http://www.javascript.nu/xerver/
+
+ References:
+ http://secunia.com/advisories/36681
+ http://www.milw0rm.com/exploits/9649
+
+ CVSS Score:
+ CVSS Base Score : 5.0 (AV:N/AC:L/Au:NR/C:P/I:N/A:N)
+ CVSS Temporal Score : 4.5
+ Risk factor : Medium";
+
+ script_description(desc);
+ script_summary("Check for the version of Xerver");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("Web application abuses");
+ script_dependencies("gb_xerver_http_server_detect.nasl");
+ script_require_ports("Services/www", 80);
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+xerPort = get_http_port(default:80);
+if(!xerPort){
+ exit(0);
+}
+
+xerVer = get_kb_item("www/" + xerPort + "/Xerver");
+if(xerVer != NULL)
+{
+ if(version_is_less_equal(version:xerVer, test_version:"4.32")){
+ security_warning(xerPort);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_xerver_http_server_code_disclosure_vuln.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_xerver_http_server_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_xerver_http_server_detect.nasl 2009-10-20 20:38:31 UTC (rev 5657)
+++ trunk/openvas-plugins/scripts/gb_xerver_http_server_detect.nasl 2009-10-21 08:12:07 UTC (rev 5658)
@@ -0,0 +1,64 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_xerver_detect.nasl 5185 2009-10-20 12:25:24Z oct $
+#
+# Xerver Version Detection
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801017);
+ script_version("Revision: 1.0 ");
+ script_name("Xerver Version Detection");
+ desc = "
+ Overview : This script finds the running Xerver Version and saves the
+ result in KB.
+
+ Risk factor : Informational";
+
+ script_description(desc);
+ script_family("Service detection");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_summary("Set version of Xerver in KB");
+ script_dependencies("find_service.nes");
+ script_require_ports("Services/www", 80, 32123);
+ exit(0);
+}
+
+
+include("http_func.inc");
+
+foreach port(make_list(32123, 80))
+{
+ if(get_port_state(port))
+ {
+ banner = get_http_banner(port:port);
+ if(banner)
+ {
+ xerVer = eregmatch(pattern:"Server: Xerver/([0-9.]+)",string:banner);
+ if(xerVer[1] != NULL){
+ set_kb_item(name:"www/" + port + "/Xerver", value:xerVer[1]);
+ }
+ }
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_xerver_http_server_detect.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_xerver_http_server_dir_traversal_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_xerver_http_server_dir_traversal_vuln.nasl 2009-10-20 20:38:31 UTC (rev 5657)
+++ trunk/openvas-plugins/scripts/gb_xerver_http_server_dir_traversal_vuln.nasl 2009-10-21 08:12:07 UTC (rev 5658)
@@ -0,0 +1,119 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_xerver_http_server_dir_traversal_vuln.nasl 5185 2009-20- 18:18:34Z oct $
+#
+# Xerver HTTP Server Directory Traversal Vulnerability
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801018);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-3561");
+ script_name("Xerver HTTP Server Directory Traversal Vulnerability");
+ desc = "
+ Overview:
+ This host is running Xerver HTTP Server and is prone to the Directory
+ Traversal Vulnerability
+
+ Vulnerability Insight:
+ The flaw is due to improper sanitization of user supplied input passed via
+ 'currentPath' parameter (when 'action' is set to 'chooseDirectory') to the
+ administrative interface.
+
+ Impact:
+ Successful exploitation will allow attackers to execute arbitrary HTML
+ and script code in a user's browser session in context of an affected site.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Xerver version 4.32 and prior on all platforms.
+
+ Fix:
+ No solution or patch is available as on 20th October, 2009. Information
+ regarding this issue will be updated once the solution details are available.
+ For more info refer, http://www.javascript.nu/xerver/
+
+ References:
+ http://www.milw0rm.com/exploits/9718
+
+ CVSS Score:
+ CVSS Base Score : 5.0 (AV:N/AC:L/Au:NR/C:P/I:N/A:N)
+ CVSS Temporal Score : 4.5
+ Risk factor : Medium";
+
+ script_description(desc);
+ script_summary("Check for Directory Treversal attack in Xerver");
+ script_category(ACT_MIXED_ATTACK);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("Web application abuses");
+ script_dependencies("gb_xerver_http_server_detect.nasl");
+ script_require_ports("Services/www", 80, 32123);
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+foreach xerPort(make_list(32123, 80))
+{
+ if(get_port_state(xerPort))
+ {
+ xerVer = get_kb_item("www/" + xerPort + "/Xerver");
+ if(!isnull(xerVer)){
+ break;
+ }
+ }
+}
+
+if(isnull(xerVer)){
+ exit(0);
+}
+
+xerPort = 32123;
+
+if(!safe_checks())
+{
+ request = http_get(item:"/action=chooseDirectory¤tPath=C:/",
+ port:xerPort);
+ response = http_send_recv(port:xerPort, data:request);
+ if("WINDOWS" >< response && "Program Files" >< response)
+ {
+ security_warning(xerPort);
+ exit(0);
+ }
+
+ request = http_get(item:"/action=chooseDirectory¤tPath=/",
+ port:xerPort);
+ response = http_send_recv(port:xerPort, data:request);
+ if("root" >< response && "etc" >< response)
+ {
+ security_warning(xerPort);
+ exit(0);
+ }
+}
+
+if(version_is_less_equal(version:xerVer, test_version:"4.32")){
+ security_warning(xerPort);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_xerver_http_server_dir_traversal_vuln.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_xerver_http_server_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_xerver_http_server_xss_vuln.nasl 2009-10-20 20:38:31 UTC (rev 5657)
+++ trunk/openvas-plugins/scripts/gb_xerver_http_server_xss_vuln.nasl 2009-10-21 08:12:07 UTC (rev 5658)
@@ -0,0 +1,113 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_xerver_http_server_xss_vuln.nasl 5185 2009-10-20 16:18:34Z oct $
+#
+# Xerver HTTP Server Cross Site Scripting Vulnerability
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801015);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-3562");
+ script_bugtraq_id(36457);
+ script_name("Xerver HTTP Server Cross Site Scripting Vulnerability");
+ desc = "
+ Overview:
+ This host is running Xerver HTTP Server and is prone to Cross Site Scripting
+ vulnerability
+
+ Vulnerability Insight:
+ The flaw is due to improper sanitization of user supplied input passed via
+ 'currentPath' parameter (when 'action' is set to 'chooseDirectory') to the
+ administrative interface.
+
+ Impact:
+ Successful exploitation will allow attackers to execute arbitrary HTML
+ and script code in a user's browser session in context of an affected site.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Xerver version 4.32 and prior on all platforms.
+
+ Fix:
+ No solution or patch is available as on 20th October, 2009. Information
+ regarding this issue will be updated once the solution details are available.
+ For more info refer, http://www.javascript.nu/xerver/
+
+ References:
+ http://secunia.com/advisories/36681
+ http://www.milw0rm.com/exploits/9718
+
+ CVSS Score:
+ CVSS Base Score : 2.6 (AV:N/AC:H/Au:NR/C:N/I:P/A:N)
+ CVSS Temporal Score : 2.3
+ Risk factor: Medium";
+
+ script_description(desc);
+ script_summary("Check for XSS attack in Xerver");
+ script_category(ACT_MIXED_ATTACK);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("Web application abuses");
+ script_dependencies("gb_xerver_http_server_detect.nasl");
+ script_require_ports("Services/www", 32123);
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+foreach xerPort (make_list(32123, 80))
+{
+ if(get_port_state(xerPort))
+ {
+ xerVer = get_kb_item("www/" + xerPort + "/Xerver");
+ if(!isnull(xerVer)){
+ break;
+ }
+ }
+}
+
+if(isnull(xerVer)){
+ exit(0);
+}
+
+xerPort = 32123;
+
+if(!safe_checks())
+{
+ # XSS attempts
+ request = http_get(item:string("/action=chooseDirectory¤tPath=''>><script>" +
+ "alert('XSS-By-Stack')</script>"), port:xerPort);
+ response = http_send_recv(port:xerPort, data:request);
+ if("XSS-By-Stack" >< response)
+ {
+ security_warning(xerPort);
+ exit(0);
+ }
+}
+
+if(version_is_less_equal(version:xerVer, test_version:"4.32")){
+ security_warning(xerPort);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_xerver_http_server_xss_vuln.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_ms09-062.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms09-062.nasl 2009-10-20 20:38:31 UTC (rev 5657)
+++ trunk/openvas-plugins/scripts/secpod_ms09-062.nasl 2009-10-21 08:12:07 UTC (rev 5658)
@@ -0,0 +1,303 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_ms09-062.nasl 5269 2009-10-20 04:46:09Z oct $
+#
+# Microsoft Products GDI Plus Code Execution Vulnerabilities (957488)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900878);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-2500", "CVE-2009-2501", "CVE-2009-2502", "CVE-2009-2503",
+ "CVE-2009-2504", "CVE-2009-2518", "CVE-2009-2528", "CVE-2009-3126");
+ script_bugtraq_id(36619, 36645, 36646, 36647, 36648, 36651, 36650, 36649);
+ script_name("Microsoft Products GDI Plus Code Execution Vulnerabilities (957488)");
+ desc = "
+ Overview: This host has critical security update missing according to
+ Microsoft Bulletin MS09-062.
+
+ Vulnerability Insight:
+ These issues are caused by memory corruptions, integer, heap and buffer
+ overflows, and input validation errors in GDI+ when rendering malformed WMF,
+ PNG, TIFF and BMP images, or when processing Office Art Property Tables in
+ Office documents.
+
+ Impact:
+ Successful exploitation could allow attackers to crash an affected application
+ or execute arbitrary code.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Microsoft SQL Server 2005 SP 2/3
+ Microsoft Office XP/2003 SP 3 and prior
+ Microsoft Office Visio 2002 SP 2 and prior
+ Microsoft Office Groove 2007 SP1 and prior
+ Microsoft Office 2007 System SP 1/2 and prior
+ Microsoft Office Word Viewer 2003 SP 3 and prior
+ Microsoft Excel Viewer 2003 SP 3 and prior
+ Microsoft Office Excel Viewer 2007
+ Microsoft Office PowerPoint Viewer 2007 SP2 and prior
+ Microsoft Visual Studio .NET 2003 SP 1 and prior
+ Microsoft Visual Studio 2008 SP 1 and prior
+ Microsoft Windows 2k SP4 with Internet Explorer 6 SP 1
+ Microsoft Office Compatibility Pack for Word/Excel/PowerPoint 2007 File Formats SP 1/2
+
+ Fix:
+ Run Windows Update and update the listed hotfixes or download and
+ update mentioned hotfixes in the advisory from the below link.
+ http://www.microsoft.com/technet/security/bulletin/ms09-062.mspx
+
+ References:
+ http://support.microsoft.com/kb/957488
+ http://www.vupen.com/english/advisories/2009/2897
+ http://www.microsoft.com/technet/security/bulletin/MS09-062.mspx
+
+ Risk factor: Critical";
+
+ script_description(desc);
+ script_summary("Check for the version of Msv1_0.dll file");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 SecPod");
+ script_family("Windows : Microsoft Bulletins");
+ script_dependencies("secpod_ms_visual_prdts_detect.nasl",
+ "secpod_office_products_version_900032.nasl",
+ "secpod_reg_enum.nasl", "gb_ms_ie_detect.nasl");
+ script_require_ports(139, 445);
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_reg.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+function FileVer (file, path)
+{
+ share = ereg_replace(pattern:"([A-Za-z]):.*", replace:"\1$", string:path);
+ if(share =~ "[a-z]\$")
+ share = toupper(share);
+ file = ereg_replace(pattern:"[A-Za-z]:(.*)", replace:"\1", string:path + file);
+ ver = GetVer(file:file, share:share);
+ return ver;
+}
+
+
+if(hotfix_check_sp(xp:4, win2k:5, win2003:3) <= 0){
+ exit(0);
+}
+
+# MS09-062 Hotfix check
+if((hotfix_missing(name:"958869") == 0) || (hotfix_missing(name:"974811") == 0)||
+ (hotfix_missing(name:"972580") == 0) || (hotfix_missing(name:"972581") == 0)||
+ (hotfix_missing(name:"975365") == 0) || (hotfix_missing(name:"970895") == 0)||
+ (hotfix_missing(name:"970896") == 0) || (hotfix_missing(name:"970892") == 0)||
+ (hotfix_missing(name:"970894") == 0) || (hotfix_missing(name:"971022") == 0)||
+ (hotfix_missing(name:"971023") == 0) || (hotfix_missing(name:"972221") == 0)||
+ (hotfix_missing(name:"972222") == 0)){
+ exit(0);
+}
+
+# Visio 2002
+visiokey = "SOFTWARE\Microsoft\Visio\Installer";
+if(registry_key_exists(key:visiokey))
+{
+ visiopath = registry_get_sz(key:visiokey, item:"Visio10InstallLocation");
+ if(visiopath)
+ {
+ visiopath += "\Visio10";
+ visioVer = FileVer (file:"\Visio.exe", path:visiopath);
+ if(visioVer)
+ {
+ # Check for Visio version 10.0 < 10.0.6885.4
+ if(version_in_range(version:visioVer, test_version:"10.0", test_version2:"10.0.6885.3"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+ }
+ }
+}
+
+# Office XP Check
+if(get_kb_item("MS/Office/Ver") =~ "^10\..*")
+{
+ offPath = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion",
+ item:"CommonFilesDir");
+ if(offPath)
+ {
+ offPath += "\Microsoft Shared\OFFICE10";
+ offVer = FileVer(file:"\Mso.dll", path:offPath);
+ if(offVer)
+ {
+ # Grep for Mso.dll version 10.0 < 10.0.6856.0
+ if(version_in_range(version:offVer, test_version:"10.0", test_version2:"10.0.6855.9"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+ }
+ }
+}
+
+# Office 2003 Check
+if((get_kb_item("MS/Office/Ver") =~ "^11\..*") ||
+ (get_kb_item("SMB/Office/XLView/Version") =~ "^11\..*") ||
+ (get_kb_item("SMB/Office/WordView/Version") =~ "^11\..*"))
+{
+ offPath = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion",
+ item:"ProgramFilesDir");
+ if(offPath)
+ {
+ offPath += "\Microsoft Office\OFFICE11" +
+ offVer = FileVer(file:"\Gdiplus.dll", path:offPath);
+ if(offVer)
+ {
+ # Grep for Gdiplus.dll version 11.0 < 11.0.8312.0
+ if(version_in_range(version:offVer, test_version:"11.0", test_version2:"11.0.8311.9"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+ }
+ }
+}
+
+# Office 2007 or Groove 2007 or Excel Viewer or PowerPoint Viewer or
+# Office Compatibility Pack 2007
+if(((get_kb_item("MS/Office/Ver") =~ "^12\..*") ||
+ (get_kb_item("SMB/Office/Groove/Version") =~ "^12\..*") ||
+ (get_kb_item("SMB/Office/XLView/Version") =~ "^12\..*") ||
+ (get_kb_item("SMB/Office/PPView/Version")) =~ "^12\..*")||
+ (get_kb_item("SMB/Office/ComptPack/Version") =~ "^12\..*"))
+{
+ offPath = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion",
+ item:"CommonFilesDir");
+ if(offPath)
+ {
+ offPath += "\Microsoft Shared\OFFICE12";
+ offVer = FileVer(file:"\Ogl.dll", path:offPath);
+ if(offVer)
+ {
+ # Grep for Ogl.dll version 12.0 < 12.0.6509.5000
+ if(version_in_range(version:offVer, test_version:"12.0", test_version2:"12.0.6509.4999"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+ }
+ }
+}
+
+# Microsoft Visual Studio .Net 2003
+if(egrep(pattern:"^7\..*", string:get_kb_item("Microsoft/VisualStudio.Net/Ver")))
+{
+ vsPath = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion",
+ item:"CommonFilesDir");
+ if(vsPath)
+ {
+ vsPath = vsPath + "\Microsoft Shared\Office10";
+ vsVer = FileVer(file:"\MSO.DLL", path:vsPath);
+ # Check for MSO.dll version 10.0 < 10.0.6855.0
+ if(vsVer)
+ {
+ if(version_in_range(version:vsVer, test_version:"10.0", test_version2:"10.0.6854.9"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+ }
+ }
+}
+
+# Visual Studio 2008 Check
+if(egrep(pattern:"^9\..*", string:get_kb_item("Microsoft/VisualStudio/Ver")))
+{
+ vsPath = registry_get_sz(key:"SOFTWARE\Microsoft\Microsoft SDKs\Windows",
+ item:"CurrentInstallFolder");
+ if(vsPath)
+ {
+ vsPath = vsPath + "\Bootstrapper\Packages\ReportViewer";
+ rvVer = FileVer(file:"\ReportViewer.exe", path:vsPath);
+ # Check for ReportViewer.exe 9.0 < 9.0.21022.227, 9.0.30000 < 9.0.30729.4402
+ if(rvVer)
+ {
+ if(version_in_range(version:rvVer, test_version:"9.0", test_version2:"9.0.21022.226")||
+ version_in_range(version:rvVer, test_version:"9.0.30000", test_version2:"9.0.30729.4401"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+ }
+ }
+}
+
+# Windows 2K with IE 6 SP1
+if(hotfix_check_sp(win2k:5) > 0)
+{
+ ieVer = get_kb_item("MS/IE/EXE/Ver");
+ if(ieVer =~ "^6\.0\.2800")
+ {
+ dllPath = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion",
+ item:"CommonFilesDir");
+ if(dllPath)
+ {
+ dllPath += "\Microsoft Shared\VGX";
+ dllVer = FileVer(file:"\vgx.dll", path:dllPath);
+ if(dllVer)
+ {
+ # Grep for vgx.dll version < 6.0.2800.1637
+ if(version_is_less(version:dllVer, test_version:"6.0.2800.1637"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+ }
+ }
+ }
+}
+
+# Microsoft SQL Server 2005
+key = "SOFTWARE\Microsoft\Microsoft SQL Server\";
+if(registry_key_exists(key:key))
+{
+ foreach item (registry_enum_keys(key:key))
+ {
+ sqlpath = registry_get_sz(key:key + item + "\Setup", item:"SQLBinRoot");
+ sqlVer = FileVer (file:"\sqlservr.exe", path:sqlpath);
+ # Check for SQL Server 2005 version 2005.90.3000 < 2005.90.3080.0, 2005.90.3300.0 < 2005.90.3353.0,
+ # 2005.90.4000 < 2005.90.4053.0 and 2005.90.4200 < 2005.90.4262.0
+ if(sqlVer)
+ {
+ if(version_in_range(version:sqlVer, test_version:"2005.90.3000", test_version2:"2005.90.3079.9")||
+ version_in_range(version:sqlVer, test_version:"2005.90.3300", test_version2:"2005.90.3352.9")||
+ version_in_range(version:sqlVer, test_version:"2005.90.4000", test_version2:"2005.90.4052.9")||
+ version_in_range(version:sqlVer, test_version:"2005.90.4200", test_version2:"2005.90.4261.9"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+ }
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_ms09-062.nasl
___________________________________________________________________
Name: svn:executable
+ *
Modified: trunk/openvas-plugins/scripts/secpod_office_products_version_900032.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_office_products_version_900032.nasl 2009-10-20 20:38:31 UTC (rev 5657)
+++ trunk/openvas-plugins/scripts/secpod_office_products_version_900032.nasl 2009-10-21 08:12:07 UTC (rev 5658)
@@ -25,6 +25,10 @@
#
# Updated to include detect mechanism for Office Outlook
# -By Antu Sanadi 2009/10/14
+#
+# Updated to include detect mechanism for Office Groove and Office Compatibility Pack
+# - By Sharath S <sharaths at secpod.com> On 2009-10-20
+#
# ------------------------------------------------------------------------
# This program was written by SecPod and is licensed under the GNU GPL
# license. Please refer to the below link for details,
@@ -41,11 +45,11 @@
if(description)
{
script_id(900032);
- script_version("$Revision: 1.6 $");
+ script_version("$Revision: 1.7 $");
script_category(ACT_GATHER_INFO);
script_family("Windows");
script_name("MS Office Products Version Detection");
- script_summary("Determines the version of WinWord, Excel, and Access");
+ script_summary("Determines the version of Microsoft Office products");
desc = "
Overview : Retrieve the version of MS Office products from file and
sets KB.
@@ -85,7 +89,7 @@
}
}
-# Excel Viewer
+# Excel Viewer (or) PowerPoint Viewer (or) Office Compatibility Pack
key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
foreach item (registry_enum_keys(key:key))
{
@@ -93,79 +97,90 @@
registry_get_sz(key:key + item, item:"DisplayName"))
{
xlviewVer = registry_get_sz(key:key + item, item:"DisplayVersion");
- if(xlviewVer == NULL){
- break;
- }
-
- xlviewFile = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion",
- item:"ProgramFilesDir");
- if(xlviewVer =~ "^11(\..*)")
- xlviewFile += "\Microsoft Office\Office11\XLVIEW.EXE";
- else if(xlviewVer =~ "^12(\..*)")
- xlviewFile += "\Microsoft Office\Office12\XLVIEW.EXE";
-
- if(xlviewFile == NULL){
- break;
- }
-
- share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:xlviewFile);
- xlview = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:xlviewFile);
- xlviewVer = GetVer(file:xlview, share:share);
if(xlviewVer != NULL)
{
- set_kb_item(name:"SMB/Office/XLView/Version", value:xlviewVer);
- break;
+ xlviewFile = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion",
+ item:"ProgramFilesDir");
+ if(xlviewVer =~ "^11(\..*)")
+ xlviewFile += "\Microsoft Office\Office11\XLVIEW.EXE";
+ else if(xlviewVer =~ "^12(\..*)")
+ xlviewFile += "\Microsoft Office\Office12\XLVIEW.EXE";
+
+ if(xlviewFile != NULL)
+ {
+ share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:xlviewFile);
+ xlview = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:xlviewFile);
+ xlviewVer = GetVer(file:xlview, share:share);
+ if(xlviewVer != NULL){
+ set_kb_item(name:"SMB/Office/XLView/Version", value:xlviewVer);
+ }
+ }
}
}
-}
-
-# PowerPoint Viewer
-key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
-foreach item (registry_enum_keys(key:key))
-{
- if("Microsoft Office PowerPoint Viewer" ><
+ else if("Microsoft Office PowerPoint Viewer" ><
registry_get_sz(key:key + item, item:"DisplayName"))
{
pptviewVer = registry_get_sz(key:key + item, item:"DisplayVersion");
- if(pptviewVer == NULL){
- break;
- }
-
- ppviewFile = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion",
- item:"ProgramFilesDir");
- if(pptviewVer =~ "^11(\..*)")
- ppviewFile += "\Microsoft Office\PowerPoint Viewer\PPTVIEW.exe";
- else if(pptviewVer =~ "^12(\..*)")
- ppviewFile += "\Microsoft Office\Office12\PPTVIEW.exe";
- if(ppviewFile == NULL){
- break;
- }
-
- share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:ppviewFile);
- pptview = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:ppviewFile);
- pptviewVer = GetVer(file:pptview, share:share);
if(pptviewVer != NULL)
{
- set_kb_item(name:"SMB/Office/PPView/Version", value:pptviewVer);
- break;
+ ppviewFile = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion",
+ item:"ProgramFilesDir");
+ if(pptviewVer =~ "^11(\..*)")
+ ppviewFile += "\Microsoft Office\PowerPoint Viewer\PPTVIEW.exe";
+ else if(pptviewVer =~ "^12(\..*)")
+ ppviewFile += "\Microsoft Office\Office12\PPTVIEW.exe";
+ if(ppviewFile != NULL)
+ {
+ share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:ppviewFile);
+ pptview = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:ppviewFile);
+ pptviewVer = GetVer(file:pptview, share:share);
+ if(pptviewVer != NULL){
+ set_kb_item(name:"SMB/Office/PPView/Version", value:pptviewVer);
+ }
+ }
}
}
+ else if("Compatibility Pack" ><
+ registry_get_sz(key:key + item, item:"DisplayName"))
+ {
+ cPackVer = registry_get_sz(key:key + item, item:"DisplayVersion");
+ if(cPackVer != NULL){
+ set_kb_item(name:"SMB/Office/ComptPack/Version", value:cPackVer);
+ }
+ }
}
-# Office Power Point Converter
-ppcnvFile = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion",
- item:"ProgramFilesDir");
-if(ppcnvFile)
+# Office Groove
+groovePath = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion" +
+ "\App Paths\GROOVE.EXE", item:"Path");
+if(groovePath != NULL)
{
- ppcnvFile += "\Microsoft Office\Office12\PPCNVCOM.exe";
- share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:ppcnvFile);
- ppfile = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:ppcnvFile);
- ppcnvVer = GetVer(file:ppfile, share:share);
- if(ppcnvVer){
- set_kb_item(name:"SMB/Office/PowerPntCnv/Version", value:ppcnvVer);
+ groovePath += "\GROOVE.exe";
+ share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:groovePath);
+ groove = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:groovePath);
+ grooveVer = GetVer(file:groove, share:share);
+ if(grooveVer != NULL){
+ set_kb_item(name:"SMB/Office/Groove/Version", value:grooveVer);
}
}
+# Office Power Point Convertes
+if(registry_key_exists(key:"SOFTWARE\Microsoft\Office"))
+{
+ ppcnvFile = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion",
+ item:"ProgramFilesDir");
+ if(ppcnvFile)
+ {
+ ppcnvFile += "\Microsoft Office\Office12\PPCNVCOM.exe";
+ share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:ppcnvFile);
+ ppfile = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:ppcnvFile);
+ ppcnvVer = GetVer(file:ppfile, share:share);
+ if(ppcnvVer){
+ set_kb_item(name:"SMB/Office/PowerPntCnv/Version", value:ppcnvVer);
+ }
+ }
+}
+
# To Conform Office Installation
if(!get_kb_item("MS/Office/Ver")){
exit(0);
@@ -269,7 +284,7 @@
}
}
-#Office outlook
+# Office outlook
outlookFile = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion" +
"\App Paths\OUTLOOK.EXE", item:"Path");
if(outlookFile)
@@ -282,7 +297,3 @@
set_kb_item(name:"SMB/Office/Outloook/Version", value:outlookVer);
}
}
-
-
-
-
More information about the Openvas-commits
mailing list