[Openvas-commits] r5675 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Thu Oct 22 15:43:43 CEST 2009


Author: chandra
Date: 2009-10-22 15:43:41 +0200 (Thu, 22 Oct 2009)
New Revision: 5675

Added:
   trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02465.nasl
   trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02466.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
Log:
Added HP-UX LSC's

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2009-10-22 13:34:45 UTC (rev 5674)
+++ trunk/openvas-plugins/ChangeLog	2009-10-22 13:43:41 UTC (rev 5675)
@@ -1,5 +1,11 @@
 2009-10-22  Chandrashekhar B <bchandra at secpod.com>
 
+	* scripts/gb_hp_ux_HPSBUX02465.nasl,
+	scripts/gb_hp_ux_HPSBUX02466.nasl:
+	Added HP-UX local security checks.
+
+2009-10-22  Chandrashekhar B <bchandra at secpod.com>
+
 	* scripts/gb_filecopa_ftp_server_noop_dos_vuln.nasl,
 	scripts/gb_adobe_prdts_mult_vuln_oct09_win.nasl,
 	scripts/gb_aol_detect.nasl,

Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02465.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02465.nasl	2009-10-22 13:34:45 UTC (rev 5674)
+++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02465.nasl	2009-10-22 13:43:41 UTC (rev 5675)
@@ -0,0 +1,421 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# HP-UX Update for Apache-based Web Server HPSBUX02465
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(835224);
+  script_version("$Revision: 1.0 $");
+  script_xref(name: "HPSBUX", value: "02465");
+  script_cve_id("CVE-2006-3918", "CVE-2007-4465", "CVE-2007-6203", "CVE-2008-0005", "CVE-2008-0599", "CVE-2008-2168", "CVE-2008-2364", "CVE-2008-2371", "CVE-2008-2665", "CVE-2008-2666", "CVE-2008-2829", "CVE-2008-2939", "CVE-2008-3658", "CVE-2008-3659", "CVE-2008-3660", "CVE-2008-5498", "CVE-2008-5557", "CVE-2008-5624", "CVE-2008-5625", "CVE-2008-5658");
+  script_name("HP-UX Update for Apache-based Web Server HPSBUX02465");
+  desc = "
+
+  Vulnerability Insight:
+  Potential security vulnerabilities have been identified with HP-UX running
+  Apache-based Web Server. The vulnerabilities could be exploited remotely to
+  cause a Denial of Service (DoS), cross-site scripting (XSS) or unauthorized
+  access. Apache-based Web Server is contained in the Apache Web Server Suite.
+
+  Impact:
+  Remote Denial of Service (DoS)
+  cross-site scripting (XSS)
+  unauthorized access
+
+  Affected Software/OS:
+  Apache-based Web Server on
+  HP-UX B.11.23, B.11.31 running Apache-based Web Server versions before
+  v2.2.8.05 HP-UX B.11.11, B.11.23, B.11.31 running Apache-based Web Server
+  versions before v2.0.59.12
+
+  Fix: Please Install the Updated Packages.
+
+  References:
+  http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01905287-1
+
+  Risk factor: High";
+
+  script_description(desc);
+  script_summary("Check for the Version of Apache-based Web Server");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Intevation GmbH");
+  script_family("HP-UX Local Security Checks");
+  script_dependencies("gather-package-list.nasl");
+  script_require_keys("ssh/login/release");
+  exit(0);
+}
+
+
+include("pkg-lib-hpux.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+  exit(0);
+}
+
+if(release == "HPUX11.31")
+{
+
+  if(ishpuxpkgvuln(pkg:"hpuxws22APCH32.APACHE", revision:"B.2.2.8.05", rls:"HPUX11.31"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxws22APCH32.APACHE2", revision:"B.2.2.8.05", rls:"HPUX11.31"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxws22APCH32.AUTH_LDAP", revision:"B.2.2.8.05", rls:"HPUX11.31"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxws22APCH32.AUTH_LDAP2", revision:"B.2.2.8.05", rls:"HPUX11.31"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxws22APCH32.MOD_JK", revision:"B.2.2.8.05", rls:"HPUX11.31"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxws22APCH32.MOD_JK2", revision:"B.2.2.8.05", rls:"HPUX11.31"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxws22APCH32.MOD_PERL", revision:"B.2.2.8.05", rls:"HPUX11.31"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxws22APCH32.MOD_PERL2", revision:"B.2.2.8.05", rls:"HPUX11.31"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxws22APCH32.PHP", revision:"B.2.2.8.05", rls:"HPUX11.31"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxws22APCH32.PHP2", revision:"B.2.2.8.05", rls:"HPUX11.31"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxws22APCH32.WEBPROXY", revision:"B.2.2.8.05", rls:"HPUX11.31"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxws22APCH32.WEBPROXY2", revision:"B.2.2.8.05", rls:"HPUX11.31"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.APACHE", revision:"B.2.0.59.12", rls:"HPUX11.31"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.APACHE2", revision:"B.2.0.59.12", rls:"HPUX11.31"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.AUTH_LDAP", revision:"B.2.0.59.12", rls:"HPUX11.31"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.AUTH_LDAP2", revision:"B.2.0.59.12", rls:"HPUX11.31"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.MOD_JK", revision:"B.2.0.59.12", rls:"HPUX11.31"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.MOD_JK2", revision:"B.2.0.59.12", rls:"HPUX11.31"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.MOD_PERL", revision:"B.2.0.59.12", rls:"HPUX11.31"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.MOD_PERL2", revision:"B.2.0.59.12", rls:"HPUX11.31"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.PHP", revision:"B.2.0.59.12", rls:"HPUX11.31"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.PHP2", revision:"B.2.0.59.12", rls:"HPUX11.31"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.WEBPROXY", revision:"B.2.0.59.12", rls:"HPUX11.31"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  exit(0);
+}
+
+
+if(release == "HPUX11.23")
+{
+
+  if(ishpuxpkgvuln(pkg:"hpuxws22APACHE.APACHE", revision:"B.2.2.8.05", rls:"HPUX11.23"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxws22APACHE.APACHE2", revision:"B.2.2.8.05", rls:"HPUX11.23"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxws22APACHE.AUTH_LDAP", revision:"B.2.2.8.05", rls:"HPUX11.23"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxws22APACHE.AUTH_LDAP2", revision:"B.2.2.8.05", rls:"HPUX11.23"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxws22APACHE.MOD_JK", revision:"B.2.2.8.05", rls:"HPUX11.23"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxws22APACHE.MOD_JK2", revision:"B.2.2.8.05", rls:"HPUX11.23"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxws22APACHE.MOD_PERL", revision:"B.2.2.8.05", rls:"HPUX11.23"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxws22APACHE.MOD_PERL2", revision:"B.2.2.8.05", rls:"HPUX11.23"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxws22APACHE.PHP", revision:"B.2.2.8.05", rls:"HPUX11.23"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxws22APACHE.PHP2", revision:"B.2.2.8.05", rls:"HPUX11.23"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.APACHE", revision:"B.2.0.59.12", rls:"HPUX11.23"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.APACHE2", revision:"B.2.0.59.12", rls:"HPUX11.23"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.AUTH_LDAP", revision:"B.2.0.59.12", rls:"HPUX11.23"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.AUTH_LDAP2", revision:"B.2.0.59.12", rls:"HPUX11.23"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.MOD_JK", revision:"B.2.0.59.12", rls:"HPUX11.23"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.MOD_JK2", revision:"B.2.0.59.12", rls:"HPUX11.23"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.MOD_PERL", revision:"B.2.0.59.12", rls:"HPUX11.23"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.MOD_PERL2", revision:"B.2.0.59.12", rls:"HPUX11.23"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.PHP", revision:"B.2.0.59.12", rls:"HPUX11.23"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.PHP2", revision:"B.2.0.59.12", rls:"HPUX11.23"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.WEBPROXY", revision:"B.2.0.59.12", rls:"HPUX11.23"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  exit(0);
+}
+
+
+if(release == "HPUX11.11")
+{
+
+  if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.APACHE", revision:"B.2.0.59.12", rls:"HPUX11.11"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.APACHE2", revision:"B.2.0.59.12", rls:"HPUX11.11"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.AUTH_LDAP2", revision:"B.2.0.59.12", rls:"HPUX11.11"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.MOD_JK", revision:"B.2.0.59.12", rls:"HPUX11.11"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.MOD_JK2", revision:"B.2.0.59.12", rls:"HPUX11.11"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.MOD_PERL", revision:"B.2.0.59.12", rls:"HPUX11.11"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.MOD_PERL2", revision:"B.2.0.59.12", rls:"HPUX11.11"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.PHP", revision:"B.2.0.59.12", rls:"HPUX11.11"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.PHP2", revision:"B.2.0.59.12", rls:"HPUX11.11"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.WEBPROXY", revision:"B.2.0.59.12", rls:"HPUX11.11"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  exit(0);
+}

Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02466.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02466.nasl	2009-10-22 13:34:45 UTC (rev 5674)
+++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02466.nasl	2009-10-22 13:43:41 UTC (rev 5675)
@@ -0,0 +1,113 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# HP-UX Update for Tomcat Servlet Engine HPSBUX02466
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(835223);
+  script_version("$Revision: 1.0 $");
+  script_xref(name: "HPSBUX", value: "02466");
+  script_cve_id("CVE-2008-5515", "CVE-2009-0033", "CVE-2009-0580", "CVE-2009-0781", "CVE-2009-0783");
+  script_name("HP-UX Update for Tomcat Servlet Engine HPSBUX02466");
+  desc = "
+
+  Vulnerability Insight:
+  Potential security vulnerabilities have been identified with HP-UX running
+  Tomcat-based Servlet Engine. The vulnerabilities could be exploited remotely
+  to cause a Denial of Service (DoS) or unauthorized access. Tomcat-based
+  Servlet Engine is contained in the Apache Web Server Suite.
+
+  Impact:
+  Remote Denial of Service (DoS)
+  unauthorized access
+
+  Affected Software/OS:
+  Tomcat Servlet Engine on
+  HP-UX B.11.11, B.11.23 and B.11.31 running Tomcat-based Servlet Engine
+  v5.5.27.02 or earlier
+
+  Fix: Please Install the Updated Packages.
+
+  References:
+  http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01908935-1
+
+  Risk factor: High";
+
+  script_description(desc);
+  script_summary("Check for the Version of Tomcat Servlet Engine");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Intevation GmbH");
+  script_family("HP-UX Local Security Checks");
+  script_dependencies("gather-package-list.nasl");
+  script_require_keys("ssh/login/release");
+  exit(0);
+}
+
+
+include("pkg-lib-hpux.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+  exit(0);
+}
+
+if(release == "HPUX11.31")
+{
+
+  if(ishpuxpkgvuln(pkg:"hpuxws22TOMCAT.TOMCAT", revision:"B.5.5.27.03", rls:"HPUX11.31"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  exit(0);
+}
+
+
+if(release == "HPUX11.23")
+{
+
+  if(ishpuxpkgvuln(pkg:"hpuxws22TOMCAT.TOMCAT", revision:"B.5.5.27.03", rls:"HPUX11.23"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  exit(0);
+}
+
+
+if(release == "HPUX11.11")
+{
+
+  if(ishpuxpkgvuln(pkg:"hpuxwsTOMCAT.TOMCAT", revision:"B.5.5.27.03", rls:"HPUX11.11"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  exit(0);
+}



More information about the Openvas-commits mailing list