[Openvas-commits] r5674 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Thu Oct 22 15:34:48 CEST 2009
Author: chandra
Date: 2009-10-22 15:34:45 +0200 (Thu, 22 Oct 2009)
New Revision: 5674
Added:
trunk/openvas-plugins/scripts/gb_adobe_acrobat_unspecified_vuln.nasl
trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_vuln_oct09_lin.nasl
trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_vuln_oct09_win.nasl
trunk/openvas-plugins/scripts/gb_aol_activex_remote_code_exec_vuln.nasl
trunk/openvas-plugins/scripts/gb_aol_detect.nasl
trunk/openvas-plugins/scripts/gb_filecopa_ftp_server_detect.nasl
trunk/openvas-plugins/scripts/gb_filecopa_ftp_server_noop_dos_vuln.nasl
trunk/openvas-plugins/scripts/gb_vmware_authorization_service_dos_vuln_win.nasl
trunk/openvas-plugins/scripts/gb_xm_easy_personal_ftp_detect.nasl
trunk/openvas-plugins/scripts/gb_xm_easy_personal_ftp_dos_vuln.nasl
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/cve_current.txt
Log:
Added new plugins
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2009-10-22 08:56:09 UTC (rev 5673)
+++ trunk/openvas-plugins/ChangeLog 2009-10-22 13:34:45 UTC (rev 5674)
@@ -1,3 +1,17 @@
+2009-10-22 Chandrashekhar B <bchandra at secpod.com>
+
+ * scripts/gb_filecopa_ftp_server_noop_dos_vuln.nasl,
+ scripts/gb_adobe_prdts_mult_vuln_oct09_win.nasl,
+ scripts/gb_aol_detect.nasl,
+ scripts/gb_filecopa_ftp_server_detect.nasl,
+ scripts/gb_xm_easy_personal_ftp_detect.nasl,
+ scripts/gb_xm_easy_personal_ftp_dos_vuln.nasl,
+ scripts/gb_adobe_prdts_mult_vuln_oct09_lin.nasl,
+ scripts/gb_adobe_acrobat_unspecified_vuln.nasl,
+ scripts/gb_vmware_authorization_service_dos_vuln_win.nasl,
+ scripts/gb_aol_activex_remote_code_exec_vuln.nasl:
+ Added new plugins.
+
2009-10-22 Michael Meyer <michael.meyer at intevation.de>
* scripts/jolt2.nasl,
Modified: trunk/openvas-plugins/cve_current.txt
===================================================================
--- trunk/openvas-plugins/cve_current.txt 2009-10-22 08:56:09 UTC (rev 5673)
+++ trunk/openvas-plugins/cve_current.txt 2009-10-22 13:34:45 UTC (rev 5674)
@@ -123,10 +123,11 @@
CVE-2009-3445 Greenbone svn R
CVE-2009-3532 SecPod svn R
CVE-2009-3533 SecPod svn R
-CVE-2009-3643 SecPod
+CVE-2009-3643 SecPod svn R
+CVE-2009-3459 SecPod svn L
CVE-2009-3655 SecPod svn R
CVE-2009-3594 SecPod svn R
-CVE-2009-3658 SecPod
+CVE-2009-3658 SecPod svn L
CVE-2009-3528 SecPod svn R
CVE-2009-3475 SecPod svn L
36606 Greenbone svn R
@@ -141,37 +142,38 @@
36605 Greenbone svn R
36710 Greenbone svn R
36700 Greenbone svn R
-CVE-2009-3282 SecPod
-CVE-2009-3281 SecPod
-CVE-2009-3707 SecPod
+CVE-2009-3282 SecPod svn L
+CVE-2009-3281 SecPod svn L
+CVE-2009-3707 SecPod svn L
CVE-2009-3663 SecPod
CVE-2009-3711 SecPod
-CVE-2009-2981 SecPod
-CVE-2009-2980 SecPod
-CVE-2009-2979 SecPod
-CVE-2009-2984 SecPod
-CVE-2009-2983 SecPod
-CVE-2009-2982 SecPod
-CVE-2009-2987 SecPod
-CVE-2009-2986 SecPod
-CVE-2009-2985 SecPod
-CVE-2009-2990 SecPod
-CVE-2009-2989 SecPod
-CVE-2009-2988 SecPod
-CVE-2009-2994 SecPod
-CVE-2009-2993 SecPod
-CVE-2009-2992 SecPod
-CVE-2009-2998 SecPod
-CVE-2009-2997 SecPod
-CVE-2009-2996 SecPod
-CVE-2009-2995 SecPod
-CVE-2009-3461 SecPod
-CVE-2009-3460 SecPod
-CVE-2009-3458 SecPod
-CVE-2009-3462 SecPod
+CVE-2009-2981 SecPod svn L
+CVE-2009-2980 SecPod svn L
+CVE-2009-2979 SecPod svn L
+CVE-2009-2984 SecPod svn L
+CVE-2009-2983 SecPod svn L
+CVE-2009-2982 SecPod svn L
+CVE-2009-2987 SecPod svn L
+CVE-2009-2986 SecPod svn L
+CVE-2009-2985 SecPod svn L
+CVE-2009-2990 SecPod svn L
+CVE-2009-2991 SecPod svn L
+CVE-2009-2989 SecPod svn L
+CVE-2009-2988 SecPod svn L
+CVE-2009-2994 SecPod svn L
+CVE-2009-2993 SecPod svn L
+CVE-2009-2992 SecPod svn L
+CVE-2009-2998 SecPod svn L
+CVE-2009-2997 SecPod svn L
+CVE-2009-2996 SecPod svn L
+CVE-2009-2995 SecPod svn L
+CVE-2009-3461 SecPod svn L
+CVE-2009-3460 SecPod svn L
+CVE-2009-3458 SecPod svn L
+CVE-2009-3462 SecPod svn L
CVE-2009-3546 SecPod
CVE-2009-3711 SecPod
-CVE-2009-3662 SecPod
+CVE-2009-3662 SecPod svn R
CVE-2009-3615 SecPod
CVE-2009-3704 SecPod
CVE-2009-3708 SecPod
Added: trunk/openvas-plugins/scripts/gb_adobe_acrobat_unspecified_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_adobe_acrobat_unspecified_vuln.nasl 2009-10-22 08:56:09 UTC (rev 5673)
+++ trunk/openvas-plugins/scripts/gb_adobe_acrobat_unspecified_vuln.nasl 2009-10-22 13:34:45 UTC (rev 5674)
@@ -0,0 +1,84 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_adobe_acrobat_unspecified_vuln.nasl 5388 2009-10-21 14:02:58Z oct $
+#
+# Adobe Acrobat Unspecified vulnerability
+#
+# Authors:
+# Nikta MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800959);
+ script_version("$Revision: 1.0$");
+ script_cve_id("CVE-2009-3461");
+ script_bugtraq_id(36638);
+ script_name("Adobe Acrobat Unspecified vulnerability");
+ desc = "
+ Overview : This host has Adobe Acrobat installed which is prone to unspecified
+ vulnerability.
+
+ Vulnerability Insight:
+ An unspecified error in Adobe Acrobat can be exploited to bypass intended
+ file-extension restrictions via unknown vectors.
+
+ Impact:
+ Successful exploitation allows remote attackers to execute arbitrary code
+ on the affected system via malicious files.
+
+ Impact Level: Application/System
+
+ Affected Software/OS:
+ Adobe Acrobat version 9.x before 9.2 on Windows.
+
+ Fix:
+ Upgrade to Adobe Acrobat version 9.2
+ For Updates Refer, http://www.adobe.com/downloads/
+
+ References:
+ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2009-3461
+ http://www.adobe.com/support/security/bulletins/apsb09-15.html
+
+ CVSS Score:
+ CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 6.9
+ Risk factor: High";
+
+ script_description(desc);
+ script_summary("Check for the version of Adobe Acrobat");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("General");
+ script_dependencies("secpod_adobe_prdts_detect_win.nasl");
+ script_require_keys("Adobe/Acrobat/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+# Check for Adobe Reader version 9.x prior to 9.2
+acrobatVer = get_kb_item("Adobe/Acrobat/Win/Ver");
+if(acrobatVer)
+{
+ if(version_in_range(version:acrobatVer, test_version:"9.0", test_version2:"9.1.3")){
+ security_hole(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_adobe_acrobat_unspecified_vuln.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_vuln_oct09_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_vuln_oct09_lin.nasl 2009-10-22 08:56:09 UTC (rev 5673)
+++ trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_vuln_oct09_lin.nasl 2009-10-22 13:34:45 UTC (rev 5674)
@@ -0,0 +1,100 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_adobe_prdts_mult_vuln_oct09_lin.nasl 5286 2009-10-21 12:55:09Z oct $
+#
+# Adobe Reader Multiple Vulnerabilities - Oct09 (Linux)
+#
+# Authors:
+# Nikta MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800958);
+ script_version("$Revision: 1.0$");
+ script_cve_id("CVE-2009-2979", "CVE-2009-2980", "CVE-2009-2981", "CVE-2009-2982",
+ "CVE-2009-2983", "CVE-2009-2984", "CVE-2009-2985", "CVE-2009-2986",
+ "CVE-2009-2987", "CVE-2009-2988", "CVE-2009-2989", "CVE-2009-2990",
+ "CVE-2009-2991", "CVE-2009-2992", "CVE-2009-2993", "CVE-2009-2994",
+ "CVE-2009-2995", "CVE-2009-2996", "CVE-2009-2997", "CVE-2009-2998",
+ "CVE-2009-3458", "CVE-2009-3459", "CVE-2009-3460", "CVE-2009-3462");
+ script_bugtraq_id(36686, 36687, 36688, 36691, 36667, 36690, 36680, 36682, 36693,
+ 36665, 36669, 36689, 36694, 36681, 36671, 36678, 36677, 36600,
+ 36638, 36696);
+ script_name("Adobe Reader Multiple Vulnerabilities - Oct09 (Linux)");
+ desc = "
+ Overview : This host has Adobe Reader installed which is prone to multiple
+ vulnerabilities.
+
+ Vulnerability Insight:
+ For more information about the vulnerabilities refer the links mentioned in
+ references.
+
+ Impact:
+ Successful exploitation allows remote attackers to execute arbitrary code,
+ write arbitrary files or folders to the filesystem, escalate local privileges,
+ or cause a denial of service on an affected system by tricking the user to
+ open a malicious PDF document.
+
+ Impact Level: Application/System
+
+ Affected Software/OS:
+ Adobe Reader version 7.x before 7.1.4, 8.x before 8.1.7 and 9.x before 9.2
+ on Linux.
+
+ Fix:
+ Upgrade to Adobe Reader versions 9.2, 8.1.7, or 7.1.4
+ For Updates Refer, http://www.adobe.com/downloads/
+
+ References:
+ http://secunia.com/advisories/36983
+ http://xforce.iss.net/xforce/xfdb/53691
+ http://www.vupen.com/english/advisories/2009/2851
+ http://www.vupen.com/english/advisories/2009/2898
+ http://securitytracker.com/alerts/2009/Oct/1023007.html
+ http://www.adobe.com/support/security/bulletins/apsb09-15.html
+
+ CVSS Score:
+ CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 7.3
+ Risk factor: High";
+
+ script_description(desc);
+ script_summary("Check for the version of Adobe Reader");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("General");
+ script_dependencies("gb_adobe_prdts_detect_lin.nasl");
+ script_require_keys("Adobe/Reader/Linux/Version");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+# Check for Adobe Reader version prior to 9.2 or 8.1.7 or 7.1.4
+readerVer = get_kb_item("Adobe/Reader/Linux/Version");
+if(readerVer)
+{
+ if(version_in_range(version:readerVer, test_version:"7.0", test_version2:"7.1.3")||
+ version_in_range(version:readerVer, test_version:"8.0", test_version2:"8.1.6")||
+ version_in_range(version:readerVer, test_version:"9.0", test_version2:"9.1.3")){
+ security_hole(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_vuln_oct09_lin.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_vuln_oct09_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_vuln_oct09_win.nasl 2009-10-22 08:56:09 UTC (rev 5673)
+++ trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_vuln_oct09_win.nasl 2009-10-22 13:34:45 UTC (rev 5674)
@@ -0,0 +1,113 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_adobe_prdts_mult_vuln_oct09_win.nasl 5286 2009-10-21 11:33:45Z oct $
+#
+# Adobe Reader/Acrobat Multiple Vulnerabilities - Oct09 (Win)
+#
+# Authors:
+# Nikta MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800957);
+ script_version("$Revision: 1.0$");
+ script_cve_id("CVE-2009-2979", "CVE-2009-2980", "CVE-2009-2981", "CVE-2009-2982",
+ "CVE-2009-2983", "CVE-2009-2984", "CVE-2009-2985", "CVE-2009-2986",
+ "CVE-2009-2987", "CVE-2009-2988", "CVE-2009-2989", "CVE-2009-2990",
+ "CVE-2009-2991", "CVE-2009-2992", "CVE-2009-2993", "CVE-2009-2994",
+ "CVE-2009-2995", "CVE-2009-2996", "CVE-2009-2997", "CVE-2009-2998",
+ "CVE-2009-3458", "CVE-2009-3459", "CVE-2009-3460");
+ script_bugtraq_id(36686, 36687, 36688, 36691, 36667, 36690, 36680, 36682, 36693,
+ 36665, 36669, 36689, 36694, 36681, 36671, 36678, 36677, 36600,
+ 36638);
+ script_name("Adobe Reader/Acrobat Multiple Vulnerabilities - Oct09 (Win)");
+ desc = "
+ Overview : This host has Adobe Reader/Acrobat installed which is/are prone
+ to multiple vulnerabilities.
+
+ Vulnerability Insight:
+ For more information about the vulnerabilities, refer to the links mentioned
+ below.
+
+ Impact:
+ Successful exploitation allows remote attackers to execute arbitrary code,
+ write arbitrary files or folders to the filesystem, escalate local privileges,
+ or cause a denial of service on an affected system by tricking the user to
+ open a malicious PDF document.
+
+ Impact Level: Application/System
+
+ Affected Software/OS:
+ Adobe Reader and Acrobat version 7.x before 7.1.4, 8.x before 8.1.7
+ and 9.x before 9.2 on Windows.
+
+ Fix:
+ Upgrade to Adobe Acrobat and Reader versions 9.2, 8.1.7, or 7.1.4
+ For Updates Refer, http://www.adobe.com/downloads/
+
+ References:
+ http://secunia.com/advisories/36983
+ http://xforce.iss.net/xforce/xfdb/53691
+ http://www.vupen.com/english/advisories/2009/2851
+ http://www.vupen.com/english/advisories/2009/2898
+ http://securitytracker.com/alerts/2009/Oct/1023007.html
+ http://www.adobe.com/support/security/bulletins/apsb09-15.html
+
+ CVSS Score:
+ CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 7.3
+ Risk factor: High";
+
+ script_description(desc);
+ script_summary("Check for the version of Adobe Reader/Acrobat");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("General");
+ script_dependencies("secpod_adobe_prdts_detect_win.nasl");
+ script_require_keys("Adobe/Reader/Win/Ver", "Adobe/Acrobat/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+# Check for Adobe Reader version prior to 9.2 or 8.1.7 or 7.1.4
+readerVer = get_kb_item("Adobe/Reader/Win/Ver");
+if(readerVer)
+{
+ if(version_in_range(version:readerVer, test_version:"7.0", test_version2:"7.1.3")||
+ version_in_range(version:readerVer, test_version:"8.0", test_version2:"8.1.6")||
+ version_in_range(version:readerVer, test_version:"9.0", test_version2:"9.1.3"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
+
+# Check for Adobe Reader version prior to 9.2 or 8.1.7 or 7.1.4
+acrobatVer = get_kb_item("Adobe/Acrobat/Win/Ver");
+if(acrobatVer)
+{
+ if(version_in_range(version:acrobatVer, test_version:"7.0", test_version2:"7.1.3")||
+ version_in_range(version:acrobatVer, test_version:"8.0", test_version2:"8.1.6")||
+ version_in_range(version:acrobatVer, test_version:"9.0", test_version2:"9.1.3")){
+ security_hole(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_vuln_oct09_win.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_aol_activex_remote_code_exec_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_aol_activex_remote_code_exec_vuln.nasl 2009-10-22 08:56:09 UTC (rev 5673)
+++ trunk/openvas-plugins/scripts/gb_aol_activex_remote_code_exec_vuln.nasl 2009-10-22 13:34:45 UTC (rev 5674)
@@ -0,0 +1,111 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_aol_activex_remote_code_exec_vuln.nasl 5239 2009-10-22 15:40:24Z oct $
+#
+# AOL SuperBuddy ActiveX Control Remote Code Execution Vulnerability
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801026);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-3658");
+ script_bugtraq_id(36580);
+ script_name("AOL SuperBuddy ActiveX Control Remote Code Execution Vulnerability");
+ desc = "
+ Overview: This host is installed with AOL ActiveX and is prone to remote code
+ execution vulnerability.
+
+ Vulnerability Insight:
+ The flaw is caused due to a use-after-free error in the 'Sb.SuperBuddy.1'
+ ActiveX control in sb.dll. This can be exploited to cause a memory corruption
+ via malformed arguments passed to the 'SetSuperBuddy()' ActiveX method.
+
+ Impact:
+ Successful exploitation will let the attacker execute arbitrary code by
+ tricking a user into visiting a specially crafted web page or compromise
+ an affected system.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ America Online (AOL) version 9.5.0.1 and prior
+
+ Fix: No solution or patch is available as on 22nd October, 2009. Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://www.aol.com/
+
+ Workaround:
+ Set the kill-bit for the CLSID {189504B8-50D1-4AA8-B4D6-95C8F58A6414}
+ http://support.microsoft.com/kb/240797
+
+ References:
+ http://secunia.com/advisories/36919
+ http://www.vupen.com/english/advisories/2009/2812
+ http://retrogod.altervista.org/9sg_aol_91_superbuddy.html
+
+ CVSS Score:
+ CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 8.0
+ Risk factor: High";
+
+ script_description(desc);
+ script_summary("Check for the AOL sb.dll version and CLSID");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("General");
+ script_dependencies("gb_aol_detect.nasl");
+ script_require_keys("AOL/Ver");
+ script_require_ports(139, 445);
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("version_func.inc");
+include("secpod_activex.inc");
+include("secpod_smb_func.inc");
+
+if(!(get_kb_item("AOL/Ver") =~ "^9\..*")){
+ exit(0);
+}
+
+appPath = registry_get_sz(key:"SOFTWARE\America Online\AOL\CurrentVersion",
+ item:"AppPath");
+if(appPath != NULL )
+{
+ share = ereg_replace(pattern:"([A-Z]):.*",replace:"\1$", string:appPath);
+ file = ereg_replace(pattern:"[A-Z]:(.*)",replace:"\1",
+ string:appPath + "\sb.dll" );
+ dllVer = GetVer(file:file, share:share);
+ if(!dllVer){
+ exit(0);
+ }
+
+ # Check for version of sb.dll
+ if(version_is_less_equal(version:dllVer, test_version:"9.5.0.1"))
+ {
+ if(is_killbit_set(clsid:"{189504B8-50D1-4AA8-B4D6-95C8F58A6414}") == 0){
+ security_hole(0);
+ }
+ }
+}
Added: trunk/openvas-plugins/scripts/gb_aol_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_aol_detect.nasl 2009-10-22 08:56:09 UTC (rev 5673)
+++ trunk/openvas-plugins/scripts/gb_aol_detect.nasl 2009-10-22 13:34:45 UTC (rev 5674)
@@ -0,0 +1,73 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_aol_detect.nasl 5239 2009-10-22 09:15:50Z oct $
+#
+# America Online (AOL) Version Detection
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801025);
+ script_version("$Revision: 1.0 $");
+ script_name("America Online (AOL) Version Detection");
+ desc = "
+ Overview: This script detects the installed version of America Online
+ and sets the version in KB.
+
+ Risk factor: Informational";
+
+ script_description(desc);
+ script_summary("Sets KB for the version of America Online");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("Service detection");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_keys("SMB/WindowsVersion");
+ script_require_ports(139, 445);
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+ exit(0);
+}
+
+key = "SOFTWARE\America Online\AOL\";
+if(!registry_key_exists(key:key)){
+ exit(0);
+}
+
+appPath = registry_get_sz(key:key + "CurrentVersion", item:"AppPath");
+if(appPath != NULL)
+{
+ share = ereg_replace(pattern:"([A-Z]):.*",replace:"\1$",string:appPath);
+ file = ereg_replace(pattern:"[A-Z]:(.*)",replace:"\1",
+ string:appPath + "\aol.exe");
+ version = GetVer(file:file, share:share);
+
+ if(version != NULL){
+ set_kb_item(name:"AOL/Ver", value:version);
+ }
+}
Added: trunk/openvas-plugins/scripts/gb_filecopa_ftp_server_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_filecopa_ftp_server_detect.nasl 2009-10-22 08:56:09 UTC (rev 5673)
+++ trunk/openvas-plugins/scripts/gb_filecopa_ftp_server_detect.nasl 2009-10-22 13:34:45 UTC (rev 5674)
@@ -0,0 +1,68 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_filecopa_ftp_server_detect.nasl 5291 2009-10-22 19:36:29Z oct $
+#
+# FileCopa FTP Server Version Detection
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801124);
+ script_version("$Revision: 1.0 $");
+ script_name("FileCopa FTP Server Version Detection");
+ desc = "
+ Overview: This script detects the installed version of FileCopa FTP Server
+ and sets the result in KB.
+
+ Risk Factor: Informational";
+
+ script_description(desc);
+ script_summary("Set KB for the version of FileCopa FTP Server");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("Service detection");
+ script_dependencies("find_service.nes");
+ script_require_ports("Services/ftp", 21);
+ exit(0);
+}
+
+
+include("ftp_func.inc");
+
+filecopePort = get_kb_item("Services/ftp");
+if(!filecopePort){
+ filecopePort = 21;
+}
+
+if(!get_port_state(filecopePort)){
+ exit(0);
+}
+
+banner = get_ftp_banner(port:filecopePort);
+if("FileCOPA FTP Server" >< banner)
+{
+ filecopeVer = eregmatch(pattern:"FileCOPA FTP Server Version ([0-9.]+)",
+ string:banner);
+ if(filecopeVer[1]){
+ set_kb_item(name:"FileCOPA-FTP-Server/Ver", value:filecopeVer[1]);
+ }
+}
Added: trunk/openvas-plugins/scripts/gb_filecopa_ftp_server_noop_dos_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_filecopa_ftp_server_noop_dos_vuln.nasl 2009-10-22 08:56:09 UTC (rev 5673)
+++ trunk/openvas-plugins/scripts/gb_filecopa_ftp_server_noop_dos_vuln.nasl 2009-10-22 13:34:45 UTC (rev 5674)
@@ -0,0 +1,91 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_filecopa_ftp_server_noop_dos_vuln.nasl 5291 2009-10-22 19:52:26Z oct $
+#
+# FileCopa FTP Server 'NOOP' Command DoS Vulnerability
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801125);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-3662");
+ script_bugtraq_id(36397);
+ script_name("FileCopa FTP Server 'NOOP' Command DoS Vulnerability");
+ desc = "
+ Overview: This host is running FileCopa FTP Server and is prone to Denial of
+ Service vulnerability.
+
+ Vulnerability Insight:
+ The flaw is caused due to an error in the handling of 'NOOP' FTP commands.
+ This can be exploited to hang an affected server via an overly large number
+ of specially crafted NOOP commands.
+
+ Impact:
+ Successful exploitation will let the attackers to cause a Denial of Service.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ FileCopa FTP Server version 5.01 and prior on Windows.
+
+ Fix: Upgrade to FileCopa FTP Server version 5.02
+ http://www.filecopa-ftpserver.com/download.html
+
+ References:
+ http://secunia.com/advisories/36773
+ http://downloads.securityfocus.com/vulnerabilities/exploits/36397.txt
+
+ CVSS Score:
+ CVSS Base Score : 5.0 (AV:N/AC:L/Au:NR/C:N/I:N/A:P)
+ CVSS Temporal Score : 3.9
+ Risk factor: Medium";
+
+ script_description(desc);
+ script_summary("Check the version of FileCopa FTP Server");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("FTP");
+ script_dependencies("gb_filecopa_ftp_server_detect.nasl");
+ script_require_keys("FileCOPA-FTP-Server/Ver");
+ script_require_ports("Services/ftp", 21);
+ exit(0);
+}
+
+
+include("ftp_func.inc");
+include("version_func.inc");
+
+filecopaPort = get_kb_item("Services/ftp");
+if(!filecopaPort){
+ exit(0);
+}
+
+filecopaVer = get_kb_item("FileCOPA-FTP-Server/Ver");
+if(!filecopaVer){
+ exit(0);
+}
+
+# Check for FileCopa FTP Server versions < 5.02
+if(version_is_less(version:filecopaVer, test_version:"5.02")){
+ security_warning(filecopaPort);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_filecopa_ftp_server_noop_dos_vuln.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_vmware_authorization_service_dos_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_vmware_authorization_service_dos_vuln_win.nasl 2009-10-22 08:56:09 UTC (rev 5673)
+++ trunk/openvas-plugins/scripts/gb_vmware_authorization_service_dos_vuln_win.nasl 2009-10-22 13:34:45 UTC (rev 5674)
@@ -0,0 +1,115 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_vmware_authorization_service_dos_vuln_win.nasl 5350 2009-10-21 10:33:04Z oct $
+#
+# VMware Authorization Service Denial of Service Vulnerability (Win)
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801027);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-3707");
+ script_name("VMware Authorization Service Denial of Service Vulnerability (Win)");
+ desc = "
+
+ Overview: The host is installed with VMWare product(s) that are vulnerable to
+ Denial of Service vulnerability.
+
+ Vulnerability Insight:
+ The vulnerability is caused due to an error in the VMware Authorization
+ Service when processing login requests. This can be exploited to terminate
+ the 'vmware-authd' process via 'USER' or 'PASS' strings containing '\xFF'
+ characters, sent to TCP port 912.
+
+ Impact:
+ Successful exploitation allow attackers to execute arbitrary code on the
+ affected application and causes the Denial of Service.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ VMware ACE 2.5.3 and prior.
+ VMware Player 2.5.3 build 185404 and prior.
+ VMware Workstation 6.5.3 build 185404 and prior.
+
+ Fix: No solution or patch is available as on 22nd October, 2009. Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://www.vmware.com/
+
+ References:
+ http://secunia.com/advisories/36988
+ http://securitytracker.com/alerts/2009/Oct/1022997.html
+
+ CVSS Score:
+ CVSS Base Score : 5.0 (AV:N/AC:L/Au:NR/C:N/I:N/A:P)
+ CVSS Temporal Score : 4.2
+ Risk factor: Medium";
+
+ script_description(desc);
+ script_summary("Check for the version of VMware Products");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("Denial of Service");
+ script_dependencies("gb_vmware_prdts_detect_win.nasl");
+ script_require_keys("VMware/Win/Installed", "VMware/Player/Win/Ver",
+ "VMware/Workstation/Win/Ver", "VMware/ACE/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+if(!get_kb_item("VMware/Win/Installed")){
+ exit(0);
+}
+
+# VMware Player
+vmpVer = get_kb_item("VMware/Player/Win/Ver");
+if(vmpVer)
+{
+ if(version_in_range(version:vmpVer, test_version:"2.0", test_version2:"2.5.3"))
+ {
+ security_warning(0);
+ exit(0);
+ }
+}
+
+# VMware Workstation
+vmwtnVer = get_kb_item("VMware/Workstation/Win/Ver");
+if(vmwtnVer)
+{
+ if(version_in_range(version:vmwtnVer, test_version:"6.0", test_version2:"6.5.3"))
+ {
+ security_warning(0);
+ exit(0);
+ }
+}
+
+# VMware ACE
+aceVer = get_kb_item("VMware/ACE/Win/Ver");
+if(aceVer)
+{
+ if(version_in_range(version:aceVer, test_version:"2.0", test_version2:"2.5.3")){
+ security_warning(0);
+ }
+}
Added: trunk/openvas-plugins/scripts/gb_xm_easy_personal_ftp_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_xm_easy_personal_ftp_detect.nasl 2009-10-22 08:56:09 UTC (rev 5673)
+++ trunk/openvas-plugins/scripts/gb_xm_easy_personal_ftp_detect.nasl 2009-10-22 13:34:45 UTC (rev 5674)
@@ -0,0 +1,69 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_xm_easy_personal_ftp_detect.nasl 5237 2009-10-21 15:18:29Z oct $
+#
+# XM Easy Personal FTP Server Version Detection
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801119);
+ script_version("$Revision: 1.0 $");
+ script_name("XM Easy Personal FTP Server Version Detection");
+ desc = "
+ Overview: This script detects the installed version of Rhino Software
+ Serv-U and sets the result in KB.
+
+ Risk Factor: Informational";
+
+ script_description(desc);
+ script_summary("Set KB for the version of XM Easy Personal FTP Server");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("Service detection");
+ script_dependencies("find_service.nes");
+ script_require_ports("Services/ftp", 21);
+ exit(0);
+}
+
+
+include("ftp_func.inc");
+
+xmPort = get_kb_item("Services/ftp");
+if(!xmPort){
+ xmPort = 21;
+}
+
+if(!get_port_state(xmPort)){
+ exit(0);
+}
+
+banner = get_ftp_banner(port:xmPort);
+
+if("220 Welcome to DXM's FTP Server" >< banner)
+{
+ xmVer = eregmatch(pattern:"DXM's FTP Server ([0-9.]+)", string:banner);
+
+ if(!isnull(xmVer[1])){
+ set_kb_item(name:"XM-Easy-Personal-FTP/Ver", value:xmVer[1]);
+ }
+}
Added: trunk/openvas-plugins/scripts/gb_xm_easy_personal_ftp_dos_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_xm_easy_personal_ftp_dos_vuln.nasl 2009-10-22 08:56:09 UTC (rev 5673)
+++ trunk/openvas-plugins/scripts/gb_xm_easy_personal_ftp_dos_vuln.nasl 2009-10-22 13:34:45 UTC (rev 5674)
@@ -0,0 +1,127 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_xm_easy_personal_ftp_dos_vuln.nasl 5237 2009-10-21 22:48:26Z oct $
+#
+# XM Easy Personal FTP Server 'LIST' And 'NLST' Command DoS Vulnerability
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801120);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-3643");
+ script_name("XM Easy Personal FTP Server 'LIST' And 'NLST' Command DoS Vulnerability");
+ desc = "
+ Overview: This host is running XM Easy Personal FTP Server and is prone to
+ Denial of Service vulnerability.
+
+ Vulnerability Insight:
+ The flaw is caused due to an error when processing directory listing FTP
+ requests. This can be exploited to terminate the FTP service via overly
+ large 'LIST' or 'NLST' requests.
+
+ Impact:
+ Successful exploitation will let the attackers to cause a Denial of Service
+ in the affected application.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Dxmsoft, XM Easy Personal FTP Server version 5.8.0 and prior
+
+ Fix: No solution or patch is available as on 21th October, 2009. Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://www.dxm2008.com/index.htm
+
+ References:
+ http://osvdb.org/58542
+ http://secunia.com/advisories/36941/
+ http://xforce.iss.net/xforce/xfdb/53643
+ http://packetstormsecurity.org/0910-exploits/XM-ftp-dos.txt
+
+ CVSS Score:
+ CVSS Base Score : 5.0 (AV:N/AC:L/Au:NR/C:N/I:N/A:P)
+ CVSS Temporal Score : 4.5
+ Risk factor: Medium";
+
+ script_description(desc);
+ script_summary("Check the version of XM Easy Personal FTP Server");
+ script_category(ACT_MIXED_ATTACK);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("FTP");
+ script_dependencies("gb_xm_easy_personal_ftp_detect.nasl", "secpod_ftp_anonymous.nasl");
+ script_require_keys("XM-Easy-Personal-FTP/Ver");
+ script_require_ports("Services/ftp", 21);
+ exit(0);
+}
+
+
+include("ftp_func.inc");
+include("version_func.inc");
+
+xmPort = get_kb_item("Services/ftp");
+if(!xmPort){
+ exit(0);
+}
+
+xmVer = get_kb_item("XM-Easy-Personal-FTP/Ver");
+if(isnull(xmVer)){
+ exit(0);
+}
+
+if(!safe_checks())
+{
+ soc1 = open_sock_tcp(xmPort);
+ if(soc1)
+ {
+ user = get_kb_item("ftp/login");
+ if(!user){
+ user = "anonymous";
+ }
+
+ pass = get_kb_item("ftp/password");
+ if(!pass){
+ pass = string("anonymous");
+ }
+
+ ftplogin = ftp_log_in(socket:soc1, user:user, pass:pass);
+ if(ftplogin)
+ {
+ send(socket:soc1, data:string("nlst ", crap(length: 6300, data:"./A")));
+ close(soc1);
+
+ soc2 = open_sock_tcp(xmPort);
+ resp = ftp_recv_line(socket:soc2);
+ if(!resp)
+ {
+ security_warning(xmPort);
+ exit(0);
+ }
+ close(soc2);
+ }
+ }
+}
+
+# Check for XM Easy Personal FTP Server versions <= 5.8.0
+if(version_is_less_equal(version:xmVer, test_version:"5.8.0")){
+ security_warning(xmPort);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_xm_easy_personal_ftp_dos_vuln.nasl
___________________________________________________________________
Name: svn:executable
+ *
More information about the Openvas-commits
mailing list