[Openvas-commits] r5675 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Thu Oct 22 15:43:43 CEST 2009
Author: chandra
Date: 2009-10-22 15:43:41 +0200 (Thu, 22 Oct 2009)
New Revision: 5675
Added:
trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02465.nasl
trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02466.nasl
Modified:
trunk/openvas-plugins/ChangeLog
Log:
Added HP-UX LSC's
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2009-10-22 13:34:45 UTC (rev 5674)
+++ trunk/openvas-plugins/ChangeLog 2009-10-22 13:43:41 UTC (rev 5675)
@@ -1,5 +1,11 @@
2009-10-22 Chandrashekhar B <bchandra at secpod.com>
+ * scripts/gb_hp_ux_HPSBUX02465.nasl,
+ scripts/gb_hp_ux_HPSBUX02466.nasl:
+ Added HP-UX local security checks.
+
+2009-10-22 Chandrashekhar B <bchandra at secpod.com>
+
* scripts/gb_filecopa_ftp_server_noop_dos_vuln.nasl,
scripts/gb_adobe_prdts_mult_vuln_oct09_win.nasl,
scripts/gb_aol_detect.nasl,
Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02465.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02465.nasl 2009-10-22 13:34:45 UTC (rev 5674)
+++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02465.nasl 2009-10-22 13:43:41 UTC (rev 5675)
@@ -0,0 +1,421 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# HP-UX Update for Apache-based Web Server HPSBUX02465
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(835224);
+ script_version("$Revision: 1.0 $");
+ script_xref(name: "HPSBUX", value: "02465");
+ script_cve_id("CVE-2006-3918", "CVE-2007-4465", "CVE-2007-6203", "CVE-2008-0005", "CVE-2008-0599", "CVE-2008-2168", "CVE-2008-2364", "CVE-2008-2371", "CVE-2008-2665", "CVE-2008-2666", "CVE-2008-2829", "CVE-2008-2939", "CVE-2008-3658", "CVE-2008-3659", "CVE-2008-3660", "CVE-2008-5498", "CVE-2008-5557", "CVE-2008-5624", "CVE-2008-5625", "CVE-2008-5658");
+ script_name("HP-UX Update for Apache-based Web Server HPSBUX02465");
+ desc = "
+
+ Vulnerability Insight:
+ Potential security vulnerabilities have been identified with HP-UX running
+ Apache-based Web Server. The vulnerabilities could be exploited remotely to
+ cause a Denial of Service (DoS), cross-site scripting (XSS) or unauthorized
+ access. Apache-based Web Server is contained in the Apache Web Server Suite.
+
+ Impact:
+ Remote Denial of Service (DoS)
+ cross-site scripting (XSS)
+ unauthorized access
+
+ Affected Software/OS:
+ Apache-based Web Server on
+ HP-UX B.11.23, B.11.31 running Apache-based Web Server versions before
+ v2.2.8.05 HP-UX B.11.11, B.11.23, B.11.31 running Apache-based Web Server
+ versions before v2.0.59.12
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01905287-1
+
+ Risk factor: High";
+
+ script_description(desc);
+ script_summary("Check for the Version of Apache-based Web Server");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("HP-UX Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-hpux.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "HPUX11.31")
+{
+
+ if(ishpuxpkgvuln(pkg:"hpuxws22APCH32.APACHE", revision:"B.2.2.8.05", rls:"HPUX11.31"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxws22APCH32.APACHE2", revision:"B.2.2.8.05", rls:"HPUX11.31"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxws22APCH32.AUTH_LDAP", revision:"B.2.2.8.05", rls:"HPUX11.31"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxws22APCH32.AUTH_LDAP2", revision:"B.2.2.8.05", rls:"HPUX11.31"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxws22APCH32.MOD_JK", revision:"B.2.2.8.05", rls:"HPUX11.31"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxws22APCH32.MOD_JK2", revision:"B.2.2.8.05", rls:"HPUX11.31"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxws22APCH32.MOD_PERL", revision:"B.2.2.8.05", rls:"HPUX11.31"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxws22APCH32.MOD_PERL2", revision:"B.2.2.8.05", rls:"HPUX11.31"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxws22APCH32.PHP", revision:"B.2.2.8.05", rls:"HPUX11.31"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxws22APCH32.PHP2", revision:"B.2.2.8.05", rls:"HPUX11.31"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxws22APCH32.WEBPROXY", revision:"B.2.2.8.05", rls:"HPUX11.31"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxws22APCH32.WEBPROXY2", revision:"B.2.2.8.05", rls:"HPUX11.31"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.APACHE", revision:"B.2.0.59.12", rls:"HPUX11.31"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.APACHE2", revision:"B.2.0.59.12", rls:"HPUX11.31"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.AUTH_LDAP", revision:"B.2.0.59.12", rls:"HPUX11.31"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.AUTH_LDAP2", revision:"B.2.0.59.12", rls:"HPUX11.31"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.MOD_JK", revision:"B.2.0.59.12", rls:"HPUX11.31"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.MOD_JK2", revision:"B.2.0.59.12", rls:"HPUX11.31"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.MOD_PERL", revision:"B.2.0.59.12", rls:"HPUX11.31"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.MOD_PERL2", revision:"B.2.0.59.12", rls:"HPUX11.31"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.PHP", revision:"B.2.0.59.12", rls:"HPUX11.31"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.PHP2", revision:"B.2.0.59.12", rls:"HPUX11.31"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.WEBPROXY", revision:"B.2.0.59.12", rls:"HPUX11.31"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
+
+
+if(release == "HPUX11.23")
+{
+
+ if(ishpuxpkgvuln(pkg:"hpuxws22APACHE.APACHE", revision:"B.2.2.8.05", rls:"HPUX11.23"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxws22APACHE.APACHE2", revision:"B.2.2.8.05", rls:"HPUX11.23"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxws22APACHE.AUTH_LDAP", revision:"B.2.2.8.05", rls:"HPUX11.23"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxws22APACHE.AUTH_LDAP2", revision:"B.2.2.8.05", rls:"HPUX11.23"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxws22APACHE.MOD_JK", revision:"B.2.2.8.05", rls:"HPUX11.23"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxws22APACHE.MOD_JK2", revision:"B.2.2.8.05", rls:"HPUX11.23"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxws22APACHE.MOD_PERL", revision:"B.2.2.8.05", rls:"HPUX11.23"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxws22APACHE.MOD_PERL2", revision:"B.2.2.8.05", rls:"HPUX11.23"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxws22APACHE.PHP", revision:"B.2.2.8.05", rls:"HPUX11.23"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxws22APACHE.PHP2", revision:"B.2.2.8.05", rls:"HPUX11.23"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.APACHE", revision:"B.2.0.59.12", rls:"HPUX11.23"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.APACHE2", revision:"B.2.0.59.12", rls:"HPUX11.23"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.AUTH_LDAP", revision:"B.2.0.59.12", rls:"HPUX11.23"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.AUTH_LDAP2", revision:"B.2.0.59.12", rls:"HPUX11.23"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.MOD_JK", revision:"B.2.0.59.12", rls:"HPUX11.23"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.MOD_JK2", revision:"B.2.0.59.12", rls:"HPUX11.23"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.MOD_PERL", revision:"B.2.0.59.12", rls:"HPUX11.23"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.MOD_PERL2", revision:"B.2.0.59.12", rls:"HPUX11.23"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.PHP", revision:"B.2.0.59.12", rls:"HPUX11.23"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.PHP2", revision:"B.2.0.59.12", rls:"HPUX11.23"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.WEBPROXY", revision:"B.2.0.59.12", rls:"HPUX11.23"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
+
+
+if(release == "HPUX11.11")
+{
+
+ if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.APACHE", revision:"B.2.0.59.12", rls:"HPUX11.11"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.APACHE2", revision:"B.2.0.59.12", rls:"HPUX11.11"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.AUTH_LDAP2", revision:"B.2.0.59.12", rls:"HPUX11.11"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.MOD_JK", revision:"B.2.0.59.12", rls:"HPUX11.11"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.MOD_JK2", revision:"B.2.0.59.12", rls:"HPUX11.11"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.MOD_PERL", revision:"B.2.0.59.12", rls:"HPUX11.11"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.MOD_PERL2", revision:"B.2.0.59.12", rls:"HPUX11.11"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.PHP", revision:"B.2.0.59.12", rls:"HPUX11.11"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.PHP2", revision:"B.2.0.59.12", rls:"HPUX11.11"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE.WEBPROXY", revision:"B.2.0.59.12", rls:"HPUX11.11"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02466.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02466.nasl 2009-10-22 13:34:45 UTC (rev 5674)
+++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02466.nasl 2009-10-22 13:43:41 UTC (rev 5675)
@@ -0,0 +1,113 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# HP-UX Update for Tomcat Servlet Engine HPSBUX02466
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(835223);
+ script_version("$Revision: 1.0 $");
+ script_xref(name: "HPSBUX", value: "02466");
+ script_cve_id("CVE-2008-5515", "CVE-2009-0033", "CVE-2009-0580", "CVE-2009-0781", "CVE-2009-0783");
+ script_name("HP-UX Update for Tomcat Servlet Engine HPSBUX02466");
+ desc = "
+
+ Vulnerability Insight:
+ Potential security vulnerabilities have been identified with HP-UX running
+ Tomcat-based Servlet Engine. The vulnerabilities could be exploited remotely
+ to cause a Denial of Service (DoS) or unauthorized access. Tomcat-based
+ Servlet Engine is contained in the Apache Web Server Suite.
+
+ Impact:
+ Remote Denial of Service (DoS)
+ unauthorized access
+
+ Affected Software/OS:
+ Tomcat Servlet Engine on
+ HP-UX B.11.11, B.11.23 and B.11.31 running Tomcat-based Servlet Engine
+ v5.5.27.02 or earlier
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01908935-1
+
+ Risk factor: High";
+
+ script_description(desc);
+ script_summary("Check for the Version of Tomcat Servlet Engine");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("HP-UX Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-hpux.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "HPUX11.31")
+{
+
+ if(ishpuxpkgvuln(pkg:"hpuxws22TOMCAT.TOMCAT", revision:"B.5.5.27.03", rls:"HPUX11.31"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
+
+
+if(release == "HPUX11.23")
+{
+
+ if(ishpuxpkgvuln(pkg:"hpuxws22TOMCAT.TOMCAT", revision:"B.5.5.27.03", rls:"HPUX11.23"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
+
+
+if(release == "HPUX11.11")
+{
+
+ if(ishpuxpkgvuln(pkg:"hpuxwsTOMCAT.TOMCAT", revision:"B.5.5.27.03", rls:"HPUX11.11"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
More information about the Openvas-commits
mailing list