[Openvas-commits] r5674 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Thu Oct 22 15:34:48 CEST 2009


Author: chandra
Date: 2009-10-22 15:34:45 +0200 (Thu, 22 Oct 2009)
New Revision: 5674

Added:
   trunk/openvas-plugins/scripts/gb_adobe_acrobat_unspecified_vuln.nasl
   trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_vuln_oct09_lin.nasl
   trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_vuln_oct09_win.nasl
   trunk/openvas-plugins/scripts/gb_aol_activex_remote_code_exec_vuln.nasl
   trunk/openvas-plugins/scripts/gb_aol_detect.nasl
   trunk/openvas-plugins/scripts/gb_filecopa_ftp_server_detect.nasl
   trunk/openvas-plugins/scripts/gb_filecopa_ftp_server_noop_dos_vuln.nasl
   trunk/openvas-plugins/scripts/gb_vmware_authorization_service_dos_vuln_win.nasl
   trunk/openvas-plugins/scripts/gb_xm_easy_personal_ftp_detect.nasl
   trunk/openvas-plugins/scripts/gb_xm_easy_personal_ftp_dos_vuln.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/cve_current.txt
Log:
Added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2009-10-22 08:56:09 UTC (rev 5673)
+++ trunk/openvas-plugins/ChangeLog	2009-10-22 13:34:45 UTC (rev 5674)
@@ -1,3 +1,17 @@
+2009-10-22  Chandrashekhar B <bchandra at secpod.com>
+
+	* scripts/gb_filecopa_ftp_server_noop_dos_vuln.nasl,
+	scripts/gb_adobe_prdts_mult_vuln_oct09_win.nasl,
+	scripts/gb_aol_detect.nasl,
+	scripts/gb_filecopa_ftp_server_detect.nasl,
+	scripts/gb_xm_easy_personal_ftp_detect.nasl,
+	scripts/gb_xm_easy_personal_ftp_dos_vuln.nasl,
+	scripts/gb_adobe_prdts_mult_vuln_oct09_lin.nasl,
+	scripts/gb_adobe_acrobat_unspecified_vuln.nasl,
+	scripts/gb_vmware_authorization_service_dos_vuln_win.nasl,
+	scripts/gb_aol_activex_remote_code_exec_vuln.nasl:
+	Added new plugins.
+
 2009-10-22  Michael Meyer <michael.meyer at intevation.de>
 
 	* scripts/jolt2.nasl,

Modified: trunk/openvas-plugins/cve_current.txt
===================================================================
--- trunk/openvas-plugins/cve_current.txt	2009-10-22 08:56:09 UTC (rev 5673)
+++ trunk/openvas-plugins/cve_current.txt	2009-10-22 13:34:45 UTC (rev 5674)
@@ -123,10 +123,11 @@
 CVE-2009-3445			Greenbone	svn		R
 CVE-2009-3532			SecPod		svn		R
 CVE-2009-3533			SecPod		svn		R
-CVE-2009-3643			SecPod
+CVE-2009-3643			SecPod		svn		R
+CVE-2009-3459			SecPod		svn		L
 CVE-2009-3655			SecPod		svn		R
 CVE-2009-3594			SecPod		svn		R
-CVE-2009-3658			SecPod
+CVE-2009-3658			SecPod		svn		L
 CVE-2009-3528			SecPod		svn		R
 CVE-2009-3475			SecPod		svn		L
 36606				Greenbone	svn		R
@@ -141,37 +142,38 @@
 36605				Greenbone	svn		R
 36710				Greenbone	svn		R
 36700				Greenbone	svn		R
-CVE-2009-3282			SecPod
-CVE-2009-3281			SecPod
-CVE-2009-3707			SecPod
+CVE-2009-3282			SecPod		svn		L
+CVE-2009-3281			SecPod		svn		L
+CVE-2009-3707			SecPod		svn		L
 CVE-2009-3663			SecPod
 CVE-2009-3711			SecPod
-CVE-2009-2981			SecPod
-CVE-2009-2980			SecPod
-CVE-2009-2979			SecPod
-CVE-2009-2984			SecPod
-CVE-2009-2983			SecPod
-CVE-2009-2982			SecPod
-CVE-2009-2987			SecPod
-CVE-2009-2986			SecPod
-CVE-2009-2985			SecPod
-CVE-2009-2990			SecPod
-CVE-2009-2989			SecPod
-CVE-2009-2988			SecPod
-CVE-2009-2994			SecPod
-CVE-2009-2993			SecPod
-CVE-2009-2992			SecPod
-CVE-2009-2998			SecPod
-CVE-2009-2997			SecPod
-CVE-2009-2996			SecPod
-CVE-2009-2995			SecPod
-CVE-2009-3461			SecPod
-CVE-2009-3460			SecPod
-CVE-2009-3458			SecPod
-CVE-2009-3462			SecPod
+CVE-2009-2981			SecPod		svn		L
+CVE-2009-2980			SecPod		svn		L
+CVE-2009-2979			SecPod		svn		L
+CVE-2009-2984			SecPod		svn		L
+CVE-2009-2983			SecPod		svn		L
+CVE-2009-2982			SecPod		svn		L
+CVE-2009-2987			SecPod		svn		L
+CVE-2009-2986			SecPod		svn		L
+CVE-2009-2985			SecPod		svn		L
+CVE-2009-2990			SecPod		svn		L
+CVE-2009-2991			SecPod		svn		L
+CVE-2009-2989			SecPod		svn		L
+CVE-2009-2988			SecPod		svn		L
+CVE-2009-2994			SecPod		svn		L
+CVE-2009-2993			SecPod		svn		L
+CVE-2009-2992			SecPod		svn		L
+CVE-2009-2998			SecPod		svn		L
+CVE-2009-2997			SecPod		svn		L
+CVE-2009-2996			SecPod		svn		L
+CVE-2009-2995			SecPod		svn		L
+CVE-2009-3461			SecPod		svn		L
+CVE-2009-3460			SecPod		svn		L
+CVE-2009-3458			SecPod		svn		L
+CVE-2009-3462			SecPod		svn		L
 CVE-2009-3546			SecPod
 CVE-2009-3711			SecPod
-CVE-2009-3662			SecPod
+CVE-2009-3662			SecPod		svn		R
 CVE-2009-3615			SecPod
 CVE-2009-3704			SecPod
 CVE-2009-3708			SecPod

Added: trunk/openvas-plugins/scripts/gb_adobe_acrobat_unspecified_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_adobe_acrobat_unspecified_vuln.nasl	2009-10-22 08:56:09 UTC (rev 5673)
+++ trunk/openvas-plugins/scripts/gb_adobe_acrobat_unspecified_vuln.nasl	2009-10-22 13:34:45 UTC (rev 5674)
@@ -0,0 +1,84 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_adobe_acrobat_unspecified_vuln.nasl 5388 2009-10-21 14:02:58Z oct $
+#
+# Adobe Acrobat Unspecified vulnerability
+#
+# Authors:
+# Nikta MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800959);
+  script_version("$Revision: 1.0$");
+  script_cve_id("CVE-2009-3461");
+  script_bugtraq_id(36638);
+  script_name("Adobe Acrobat Unspecified vulnerability");
+  desc = "
+  Overview : This host has Adobe Acrobat installed which is prone to unspecified
+  vulnerability.
+
+  Vulnerability Insight:
+  An unspecified error in Adobe Acrobat can be exploited to bypass intended
+  file-extension restrictions via unknown vectors.
+
+  Impact:
+  Successful exploitation allows remote attackers to execute arbitrary code
+  on the affected system via malicious files.
+
+  Impact Level: Application/System
+
+  Affected Software/OS:
+  Adobe Acrobat version 9.x before 9.2 on Windows.
+
+  Fix:
+  Upgrade to Adobe Acrobat version 9.2
+  For Updates Refer, http://www.adobe.com/downloads/
+
+  References:
+  http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2009-3461
+  http://www.adobe.com/support/security/bulletins/apsb09-15.html
+
+  CVSS Score:
+    CVSS Base Score     : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 6.9
+  Risk factor: High";
+
+  script_description(desc);
+  script_summary("Check for the version of Adobe Acrobat");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Intevation GmbH");
+  script_family("General");
+  script_dependencies("secpod_adobe_prdts_detect_win.nasl");
+  script_require_keys("Adobe/Acrobat/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+# Check for Adobe Reader version 9.x prior to 9.2
+acrobatVer = get_kb_item("Adobe/Acrobat/Win/Ver");
+if(acrobatVer)
+{
+  if(version_in_range(version:acrobatVer, test_version:"9.0", test_version2:"9.1.3")){
+    security_hole(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_adobe_acrobat_unspecified_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_vuln_oct09_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_vuln_oct09_lin.nasl	2009-10-22 08:56:09 UTC (rev 5673)
+++ trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_vuln_oct09_lin.nasl	2009-10-22 13:34:45 UTC (rev 5674)
@@ -0,0 +1,100 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_adobe_prdts_mult_vuln_oct09_lin.nasl 5286 2009-10-21 12:55:09Z oct $
+#
+# Adobe Reader Multiple Vulnerabilities - Oct09 (Linux)
+#
+# Authors:
+# Nikta MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800958);
+  script_version("$Revision: 1.0$");
+  script_cve_id("CVE-2009-2979", "CVE-2009-2980", "CVE-2009-2981", "CVE-2009-2982",
+                "CVE-2009-2983", "CVE-2009-2984", "CVE-2009-2985", "CVE-2009-2986",
+                "CVE-2009-2987", "CVE-2009-2988", "CVE-2009-2989", "CVE-2009-2990",
+                "CVE-2009-2991", "CVE-2009-2992", "CVE-2009-2993", "CVE-2009-2994",
+                "CVE-2009-2995", "CVE-2009-2996", "CVE-2009-2997", "CVE-2009-2998",
+                "CVE-2009-3458", "CVE-2009-3459", "CVE-2009-3460", "CVE-2009-3462");
+  script_bugtraq_id(36686, 36687, 36688, 36691, 36667, 36690, 36680, 36682, 36693,
+                    36665, 36669, 36689, 36694, 36681, 36671, 36678, 36677, 36600,
+                    36638, 36696);
+  script_name("Adobe Reader Multiple Vulnerabilities - Oct09 (Linux)");
+  desc = "
+  Overview : This host has Adobe Reader installed which is prone to multiple
+  vulnerabilities.
+
+  Vulnerability Insight:
+  For more information about the vulnerabilities refer the links mentioned in
+  references.
+
+  Impact:
+  Successful exploitation allows remote attackers to execute arbitrary code,
+  write arbitrary files or folders to the filesystem, escalate local privileges,
+  or cause a denial of service on an affected system by tricking the user to
+  open a malicious PDF document.
+
+  Impact Level: Application/System
+
+  Affected Software/OS:
+  Adobe Reader version 7.x before 7.1.4, 8.x before 8.1.7 and 9.x before 9.2
+  on Linux.
+
+  Fix:
+  Upgrade to Adobe Reader versions 9.2, 8.1.7, or 7.1.4
+  For Updates Refer, http://www.adobe.com/downloads/
+
+  References:
+  http://secunia.com/advisories/36983
+  http://xforce.iss.net/xforce/xfdb/53691
+  http://www.vupen.com/english/advisories/2009/2851
+  http://www.vupen.com/english/advisories/2009/2898
+  http://securitytracker.com/alerts/2009/Oct/1023007.html
+  http://www.adobe.com/support/security/bulletins/apsb09-15.html
+
+  CVSS Score:
+    CVSS Base Score     : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 7.3
+  Risk factor: High";
+
+  script_description(desc);
+  script_summary("Check for the version of Adobe Reader");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Intevation GmbH");
+  script_family("General");
+  script_dependencies("gb_adobe_prdts_detect_lin.nasl");
+  script_require_keys("Adobe/Reader/Linux/Version");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+# Check for Adobe Reader version prior to 9.2 or 8.1.7 or 7.1.4
+readerVer = get_kb_item("Adobe/Reader/Linux/Version");
+if(readerVer)
+{
+  if(version_in_range(version:readerVer, test_version:"7.0", test_version2:"7.1.3")||
+     version_in_range(version:readerVer, test_version:"8.0", test_version2:"8.1.6")||
+     version_in_range(version:readerVer, test_version:"9.0", test_version2:"9.1.3")){
+    security_hole(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_vuln_oct09_lin.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_vuln_oct09_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_vuln_oct09_win.nasl	2009-10-22 08:56:09 UTC (rev 5673)
+++ trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_vuln_oct09_win.nasl	2009-10-22 13:34:45 UTC (rev 5674)
@@ -0,0 +1,113 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_adobe_prdts_mult_vuln_oct09_win.nasl 5286 2009-10-21 11:33:45Z oct $
+#
+# Adobe Reader/Acrobat Multiple Vulnerabilities - Oct09 (Win)
+#
+# Authors:
+# Nikta MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800957);
+  script_version("$Revision: 1.0$");
+  script_cve_id("CVE-2009-2979", "CVE-2009-2980", "CVE-2009-2981", "CVE-2009-2982",
+                "CVE-2009-2983", "CVE-2009-2984", "CVE-2009-2985", "CVE-2009-2986",
+                "CVE-2009-2987", "CVE-2009-2988", "CVE-2009-2989", "CVE-2009-2990",
+                "CVE-2009-2991", "CVE-2009-2992", "CVE-2009-2993", "CVE-2009-2994",
+                "CVE-2009-2995", "CVE-2009-2996", "CVE-2009-2997", "CVE-2009-2998",
+                "CVE-2009-3458", "CVE-2009-3459", "CVE-2009-3460");
+  script_bugtraq_id(36686, 36687, 36688, 36691, 36667, 36690, 36680, 36682, 36693,
+                    36665, 36669, 36689, 36694, 36681, 36671, 36678, 36677, 36600,
+                    36638);
+  script_name("Adobe Reader/Acrobat Multiple Vulnerabilities - Oct09 (Win)");
+  desc = "
+  Overview : This host has Adobe Reader/Acrobat installed which is/are prone
+  to multiple vulnerabilities.
+
+  Vulnerability Insight:
+  For more information about the vulnerabilities, refer to the links mentioned
+  below.
+
+  Impact:
+  Successful exploitation allows remote attackers to execute arbitrary code,
+  write arbitrary files or folders to the filesystem, escalate local privileges,
+  or cause a denial of service on an affected system by tricking the user to
+  open a malicious PDF document.
+
+  Impact Level: Application/System
+
+  Affected Software/OS:
+  Adobe Reader and Acrobat version 7.x before 7.1.4, 8.x before 8.1.7
+  and 9.x before 9.2 on Windows.
+
+  Fix:
+  Upgrade to Adobe Acrobat and Reader versions 9.2, 8.1.7, or 7.1.4
+  For Updates Refer, http://www.adobe.com/downloads/
+
+  References:
+  http://secunia.com/advisories/36983
+  http://xforce.iss.net/xforce/xfdb/53691
+  http://www.vupen.com/english/advisories/2009/2851
+  http://www.vupen.com/english/advisories/2009/2898
+  http://securitytracker.com/alerts/2009/Oct/1023007.html
+  http://www.adobe.com/support/security/bulletins/apsb09-15.html
+
+  CVSS Score:
+    CVSS Base Score     : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 7.3
+  Risk factor: High";
+
+  script_description(desc);
+  script_summary("Check for the version of Adobe Reader/Acrobat");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Intevation GmbH");
+  script_family("General");
+  script_dependencies("secpod_adobe_prdts_detect_win.nasl");
+  script_require_keys("Adobe/Reader/Win/Ver", "Adobe/Acrobat/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+# Check for Adobe Reader version prior to 9.2 or 8.1.7 or 7.1.4
+readerVer = get_kb_item("Adobe/Reader/Win/Ver");
+if(readerVer)
+{
+  if(version_in_range(version:readerVer, test_version:"7.0", test_version2:"7.1.3")||
+     version_in_range(version:readerVer, test_version:"8.0", test_version2:"8.1.6")||
+     version_in_range(version:readerVer, test_version:"9.0", test_version2:"9.1.3"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+}
+
+# Check for Adobe Reader version prior to 9.2 or 8.1.7 or 7.1.4
+acrobatVer = get_kb_item("Adobe/Acrobat/Win/Ver");
+if(acrobatVer)
+{
+  if(version_in_range(version:acrobatVer, test_version:"7.0", test_version2:"7.1.3")||
+     version_in_range(version:acrobatVer, test_version:"8.0", test_version2:"8.1.6")||
+     version_in_range(version:acrobatVer, test_version:"9.0", test_version2:"9.1.3")){
+    security_hole(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_vuln_oct09_win.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_aol_activex_remote_code_exec_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_aol_activex_remote_code_exec_vuln.nasl	2009-10-22 08:56:09 UTC (rev 5673)
+++ trunk/openvas-plugins/scripts/gb_aol_activex_remote_code_exec_vuln.nasl	2009-10-22 13:34:45 UTC (rev 5674)
@@ -0,0 +1,111 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_aol_activex_remote_code_exec_vuln.nasl 5239 2009-10-22 15:40:24Z oct $
+#
+# AOL SuperBuddy ActiveX Control Remote Code Execution Vulnerability
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801026);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-3658");
+  script_bugtraq_id(36580);
+  script_name("AOL SuperBuddy ActiveX Control Remote Code Execution Vulnerability");
+  desc = "
+  Overview: This host is installed with AOL ActiveX and is prone to remote code
+  execution vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused due to a use-after-free error in the 'Sb.SuperBuddy.1'
+  ActiveX control in sb.dll. This can be exploited to cause a memory corruption
+  via malformed arguments passed to the 'SetSuperBuddy()' ActiveX method.
+
+  Impact:
+  Successful exploitation will let the attacker execute arbitrary code by
+  tricking a user into visiting a specially crafted web page or compromise
+  an affected system.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  America Online (AOL) version 9.5.0.1 and prior
+
+  Fix: No solution or patch is available as on 22nd October, 2009. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://www.aol.com/
+
+  Workaround:
+  Set the kill-bit for the CLSID {189504B8-50D1-4AA8-B4D6-95C8F58A6414}
+  http://support.microsoft.com/kb/240797
+
+  References:
+  http://secunia.com/advisories/36919
+  http://www.vupen.com/english/advisories/2009/2812
+  http://retrogod.altervista.org/9sg_aol_91_superbuddy.html
+
+  CVSS Score:
+    CVSS Base Score     : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 8.0
+  Risk factor: High";
+
+  script_description(desc);
+  script_summary("Check for the AOL sb.dll version and CLSID");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Intevation GmbH");
+  script_family("General");
+  script_dependencies("gb_aol_detect.nasl");
+  script_require_keys("AOL/Ver");
+  script_require_ports(139, 445);
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("version_func.inc");
+include("secpod_activex.inc");
+include("secpod_smb_func.inc");
+
+if(!(get_kb_item("AOL/Ver") =~ "^9\..*")){
+  exit(0);
+}
+
+appPath = registry_get_sz(key:"SOFTWARE\America Online\AOL\CurrentVersion",
+                          item:"AppPath");
+if(appPath != NULL )
+{
+  share = ereg_replace(pattern:"([A-Z]):.*",replace:"\1$", string:appPath);
+  file = ereg_replace(pattern:"[A-Z]:(.*)",replace:"\1",
+                      string:appPath + "\sb.dll" );
+  dllVer = GetVer(file:file, share:share);
+  if(!dllVer){
+    exit(0);
+  }
+
+  # Check for version of sb.dll
+  if(version_is_less_equal(version:dllVer, test_version:"9.5.0.1"))
+  {
+    if(is_killbit_set(clsid:"{189504B8-50D1-4AA8-B4D6-95C8F58A6414}") == 0){
+      security_hole(0);
+    }
+  }
+}

Added: trunk/openvas-plugins/scripts/gb_aol_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_aol_detect.nasl	2009-10-22 08:56:09 UTC (rev 5673)
+++ trunk/openvas-plugins/scripts/gb_aol_detect.nasl	2009-10-22 13:34:45 UTC (rev 5674)
@@ -0,0 +1,73 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_aol_detect.nasl 5239 2009-10-22 09:15:50Z oct $
+#
+# America Online (AOL) Version Detection
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801025);
+  script_version("$Revision: 1.0 $");
+  script_name("America Online (AOL) Version Detection");
+  desc = "
+  Overview: This script detects the installed version of America Online
+  and sets the version in KB.
+
+  Risk factor: Informational";
+
+  script_description(desc);
+  script_summary("Sets KB for the version of America Online");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Intevation GmbH");
+  script_family("Service detection");
+  script_dependencies("secpod_reg_enum.nasl");
+  script_require_keys("SMB/WindowsVersion");
+  script_require_ports(139, 445);
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+  exit(0);
+}
+
+key = "SOFTWARE\America Online\AOL\";
+if(!registry_key_exists(key:key)){
+  exit(0);
+}
+
+appPath = registry_get_sz(key:key + "CurrentVersion", item:"AppPath");
+if(appPath != NULL)
+{
+  share = ereg_replace(pattern:"([A-Z]):.*",replace:"\1$",string:appPath);
+  file = ereg_replace(pattern:"[A-Z]:(.*)",replace:"\1",
+                      string:appPath + "\aol.exe");
+  version = GetVer(file:file, share:share);
+
+  if(version != NULL){
+    set_kb_item(name:"AOL/Ver", value:version);
+  }
+}

Added: trunk/openvas-plugins/scripts/gb_filecopa_ftp_server_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_filecopa_ftp_server_detect.nasl	2009-10-22 08:56:09 UTC (rev 5673)
+++ trunk/openvas-plugins/scripts/gb_filecopa_ftp_server_detect.nasl	2009-10-22 13:34:45 UTC (rev 5674)
@@ -0,0 +1,68 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_filecopa_ftp_server_detect.nasl 5291 2009-10-22 19:36:29Z oct $
+#
+# FileCopa FTP Server Version Detection
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801124);
+  script_version("$Revision: 1.0 $");
+  script_name("FileCopa FTP Server Version Detection");
+  desc = "
+  Overview: This script detects the installed version of FileCopa FTP Server
+  and sets the result in KB.
+
+  Risk Factor: Informational";
+
+  script_description(desc);
+  script_summary("Set KB for the version of FileCopa FTP Server");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Intevation GmbH");
+  script_family("Service detection");
+  script_dependencies("find_service.nes");
+  script_require_ports("Services/ftp", 21);
+  exit(0);
+}
+
+
+include("ftp_func.inc");
+
+filecopePort = get_kb_item("Services/ftp");
+if(!filecopePort){
+  filecopePort = 21;
+}
+
+if(!get_port_state(filecopePort)){
+  exit(0);
+}
+
+banner = get_ftp_banner(port:filecopePort);
+if("FileCOPA FTP Server" >< banner)
+{
+  filecopeVer = eregmatch(pattern:"FileCOPA FTP Server Version ([0-9.]+)",
+                          string:banner);
+  if(filecopeVer[1]){
+    set_kb_item(name:"FileCOPA-FTP-Server/Ver", value:filecopeVer[1]);
+  }
+}

Added: trunk/openvas-plugins/scripts/gb_filecopa_ftp_server_noop_dos_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_filecopa_ftp_server_noop_dos_vuln.nasl	2009-10-22 08:56:09 UTC (rev 5673)
+++ trunk/openvas-plugins/scripts/gb_filecopa_ftp_server_noop_dos_vuln.nasl	2009-10-22 13:34:45 UTC (rev 5674)
@@ -0,0 +1,91 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_filecopa_ftp_server_noop_dos_vuln.nasl 5291 2009-10-22 19:52:26Z oct $
+#
+# FileCopa FTP Server 'NOOP' Command DoS Vulnerability
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801125);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-3662");
+  script_bugtraq_id(36397);
+  script_name("FileCopa FTP Server 'NOOP' Command DoS Vulnerability");
+  desc = "
+  Overview: This host is running FileCopa FTP Server and is prone to Denial of
+  Service vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused due to an error in the handling of 'NOOP' FTP commands.
+  This can be exploited to hang an affected server via an overly large number
+  of specially crafted NOOP commands.
+
+  Impact:
+  Successful exploitation will let the attackers to cause a Denial of Service.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  FileCopa FTP Server version 5.01 and prior on Windows.
+
+  Fix: Upgrade to FileCopa FTP Server version 5.02
+  http://www.filecopa-ftpserver.com/download.html
+
+  References:
+  http://secunia.com/advisories/36773
+  http://downloads.securityfocus.com/vulnerabilities/exploits/36397.txt
+
+  CVSS Score:
+    CVSS Base Score     : 5.0 (AV:N/AC:L/Au:NR/C:N/I:N/A:P)
+    CVSS Temporal Score : 3.9
+  Risk factor: Medium";
+
+  script_description(desc);
+  script_summary("Check the version of FileCopa FTP Server");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Intevation GmbH");
+  script_family("FTP");
+  script_dependencies("gb_filecopa_ftp_server_detect.nasl");
+  script_require_keys("FileCOPA-FTP-Server/Ver");
+  script_require_ports("Services/ftp", 21);
+  exit(0);
+}
+
+
+include("ftp_func.inc");
+include("version_func.inc");
+
+filecopaPort = get_kb_item("Services/ftp");
+if(!filecopaPort){
+  exit(0);
+}
+
+filecopaVer = get_kb_item("FileCOPA-FTP-Server/Ver");
+if(!filecopaVer){
+  exit(0);
+}
+
+# Check for FileCopa FTP Server versions < 5.02
+if(version_is_less(version:filecopaVer, test_version:"5.02")){
+  security_warning(filecopaPort);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_filecopa_ftp_server_noop_dos_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_vmware_authorization_service_dos_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_vmware_authorization_service_dos_vuln_win.nasl	2009-10-22 08:56:09 UTC (rev 5673)
+++ trunk/openvas-plugins/scripts/gb_vmware_authorization_service_dos_vuln_win.nasl	2009-10-22 13:34:45 UTC (rev 5674)
@@ -0,0 +1,115 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_vmware_authorization_service_dos_vuln_win.nasl 5350 2009-10-21 10:33:04Z oct $
+#
+# VMware Authorization Service Denial of Service Vulnerability (Win)
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801027);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-3707");
+  script_name("VMware Authorization Service Denial of Service Vulnerability (Win)");
+  desc = "
+
+  Overview: The host is installed with VMWare product(s) that are vulnerable to
+  Denial of Service vulnerability.
+
+  Vulnerability Insight:
+  The vulnerability is caused due to an error in the VMware Authorization
+  Service when processing login requests. This can be exploited to terminate
+  the 'vmware-authd' process via 'USER' or 'PASS' strings containing '\xFF'
+  characters, sent to TCP port 912.
+
+  Impact:
+  Successful exploitation allow attackers to execute arbitrary code on the
+  affected application and causes the Denial of Service.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  VMware ACE 2.5.3 and prior.
+  VMware Player 2.5.3 build 185404 and prior.
+  VMware Workstation 6.5.3 build 185404 and prior.
+
+  Fix: No solution or patch is available as on 22nd October, 2009. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://www.vmware.com/
+
+  References:
+  http://secunia.com/advisories/36988
+  http://securitytracker.com/alerts/2009/Oct/1022997.html
+
+  CVSS Score:
+    CVSS Base Score     : 5.0 (AV:N/AC:L/Au:NR/C:N/I:N/A:P)
+    CVSS Temporal Score : 4.2
+  Risk factor: Medium";
+
+  script_description(desc);
+  script_summary("Check for the version of VMware Products");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Intevation GmbH");
+  script_family("Denial of Service");
+  script_dependencies("gb_vmware_prdts_detect_win.nasl");
+  script_require_keys("VMware/Win/Installed", "VMware/Player/Win/Ver",
+                      "VMware/Workstation/Win/Ver", "VMware/ACE/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+if(!get_kb_item("VMware/Win/Installed")){
+  exit(0);
+}
+
+# VMware Player
+vmpVer = get_kb_item("VMware/Player/Win/Ver");
+if(vmpVer)
+{
+  if(version_in_range(version:vmpVer, test_version:"2.0", test_version2:"2.5.3"))
+  {
+    security_warning(0);
+    exit(0);
+  }
+}
+
+# VMware Workstation
+vmwtnVer = get_kb_item("VMware/Workstation/Win/Ver");
+if(vmwtnVer)
+{
+  if(version_in_range(version:vmwtnVer, test_version:"6.0", test_version2:"6.5.3"))
+  {
+    security_warning(0);
+    exit(0);
+  }
+}
+
+# VMware ACE
+aceVer = get_kb_item("VMware/ACE/Win/Ver");
+if(aceVer)
+{
+  if(version_in_range(version:aceVer, test_version:"2.0", test_version2:"2.5.3")){
+    security_warning(0);
+  }
+}

Added: trunk/openvas-plugins/scripts/gb_xm_easy_personal_ftp_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_xm_easy_personal_ftp_detect.nasl	2009-10-22 08:56:09 UTC (rev 5673)
+++ trunk/openvas-plugins/scripts/gb_xm_easy_personal_ftp_detect.nasl	2009-10-22 13:34:45 UTC (rev 5674)
@@ -0,0 +1,69 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_xm_easy_personal_ftp_detect.nasl 5237 2009-10-21 15:18:29Z oct $
+#
+# XM Easy Personal FTP Server Version Detection
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801119);
+  script_version("$Revision: 1.0 $");
+  script_name("XM Easy Personal FTP Server Version Detection");
+  desc = "
+  Overview: This script detects the installed version of Rhino Software
+  Serv-U and sets the result in KB.
+
+  Risk Factor: Informational";
+
+  script_description(desc);
+  script_summary("Set KB for the version of XM Easy Personal FTP Server");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Intevation GmbH");
+  script_family("Service detection");
+  script_dependencies("find_service.nes");
+  script_require_ports("Services/ftp", 21);
+  exit(0);
+}
+
+
+include("ftp_func.inc");
+
+xmPort = get_kb_item("Services/ftp");
+if(!xmPort){
+  xmPort = 21;
+}
+
+if(!get_port_state(xmPort)){
+  exit(0);
+}
+
+banner = get_ftp_banner(port:xmPort);
+
+if("220 Welcome to DXM's FTP Server" >< banner)
+{
+  xmVer = eregmatch(pattern:"DXM's FTP Server ([0-9.]+)", string:banner);
+
+  if(!isnull(xmVer[1])){
+    set_kb_item(name:"XM-Easy-Personal-FTP/Ver", value:xmVer[1]);
+  }
+}

Added: trunk/openvas-plugins/scripts/gb_xm_easy_personal_ftp_dos_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_xm_easy_personal_ftp_dos_vuln.nasl	2009-10-22 08:56:09 UTC (rev 5673)
+++ trunk/openvas-plugins/scripts/gb_xm_easy_personal_ftp_dos_vuln.nasl	2009-10-22 13:34:45 UTC (rev 5674)
@@ -0,0 +1,127 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_xm_easy_personal_ftp_dos_vuln.nasl 5237 2009-10-21 22:48:26Z oct $
+#
+# XM Easy Personal FTP Server 'LIST' And 'NLST' Command DoS Vulnerability
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801120);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-3643");
+  script_name("XM Easy Personal FTP Server 'LIST' And 'NLST' Command DoS Vulnerability");
+  desc = "
+  Overview: This host is running XM Easy Personal FTP Server and is prone to
+  Denial of Service vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused due to an error when processing directory listing FTP
+  requests. This can be exploited to terminate the FTP service via overly
+  large 'LIST' or 'NLST' requests.
+
+  Impact:
+  Successful exploitation will let the attackers to cause a Denial of Service
+  in the affected application.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Dxmsoft, XM Easy Personal FTP Server version 5.8.0 and prior
+
+  Fix: No solution or patch is available as on 21th October, 2009. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://www.dxm2008.com/index.htm
+
+  References:
+  http://osvdb.org/58542
+  http://secunia.com/advisories/36941/
+  http://xforce.iss.net/xforce/xfdb/53643
+  http://packetstormsecurity.org/0910-exploits/XM-ftp-dos.txt
+
+  CVSS Score:
+    CVSS Base Score     : 5.0 (AV:N/AC:L/Au:NR/C:N/I:N/A:P)
+    CVSS Temporal Score : 4.5
+  Risk factor: Medium";
+
+  script_description(desc);
+  script_summary("Check the version of XM Easy Personal FTP Server");
+  script_category(ACT_MIXED_ATTACK);
+  script_copyright("Copyright (C) 2009 Intevation GmbH");
+  script_family("FTP");
+  script_dependencies("gb_xm_easy_personal_ftp_detect.nasl", "secpod_ftp_anonymous.nasl");
+  script_require_keys("XM-Easy-Personal-FTP/Ver");
+  script_require_ports("Services/ftp", 21);
+  exit(0);
+}
+
+
+include("ftp_func.inc");
+include("version_func.inc");
+
+xmPort = get_kb_item("Services/ftp");
+if(!xmPort){
+  exit(0);
+}
+
+xmVer = get_kb_item("XM-Easy-Personal-FTP/Ver");
+if(isnull(xmVer)){
+  exit(0);
+}
+
+if(!safe_checks())
+{
+  soc1 = open_sock_tcp(xmPort);
+  if(soc1)
+  {
+    user = get_kb_item("ftp/login");
+    if(!user){
+      user = "anonymous";
+    }
+
+    pass = get_kb_item("ftp/password");
+    if(!pass){
+      pass = string("anonymous");
+    }
+
+    ftplogin = ftp_log_in(socket:soc1, user:user, pass:pass);
+    if(ftplogin)
+    {
+      send(socket:soc1, data:string("nlst ", crap(length: 6300, data:"./A")));
+      close(soc1);
+
+      soc2 = open_sock_tcp(xmPort);
+      resp = ftp_recv_line(socket:soc2);
+      if(!resp)
+      {
+        security_warning(xmPort);
+        exit(0);
+      }
+      close(soc2);
+    }
+  }
+}
+
+# Check for XM Easy Personal FTP Server versions <= 5.8.0
+if(version_is_less_equal(version:xmVer, test_version:"5.8.0")){
+  security_warning(xmPort);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_xm_easy_personal_ftp_dos_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *



More information about the Openvas-commits mailing list