[Openvas-commits] r5718 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Mon Oct 26 10:03:25 CET 2009
Author: mime
Date: 2009-10-26 10:02:32 +0100 (Mon, 26 Oct 2009)
New Revision: 5718
Added:
trunk/openvas-plugins/scripts/mapserver_36802.nasl
trunk/openvas-plugins/scripts/ping_host.nasl
trunk/openvas-plugins/scripts/proftpd_36804.nasl
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/cve_current.txt
trunk/openvas-plugins/scripts/admbook_cmd_exec.nasl
trunk/openvas-plugins/scripts/alcatel_backdoor_switch.nasl
trunk/openvas-plugins/scripts/amap.nasl
trunk/openvas-plugins/scripts/apcupsd_overflows.nasl
trunk/openvas-plugins/scripts/asterisk_null_pointer_dereference.nasl
trunk/openvas-plugins/scripts/asterisk_sdp_header_overflow.nasl
trunk/openvas-plugins/scripts/binlogin_overflow_telnet.nasl
trunk/openvas-plugins/scripts/chipmunk_forum_xss.nasl
trunk/openvas-plugins/scripts/cobalt_overflow_cgi.nasl
trunk/openvas-plugins/scripts/cvstrac_account_deletion.nasl
trunk/openvas-plugins/scripts/cvstrac_cgi_overflows.nasl
trunk/openvas-plugins/scripts/cvstrac_db_plaintext_pass.nasl
trunk/openvas-plugins/scripts/cvstrac_filediff.nasl
trunk/openvas-plugins/scripts/cvstrac_history_overflow.nasl
trunk/openvas-plugins/scripts/cvstrac_invalid_ticket_dos.nasl
trunk/openvas-plugins/scripts/cvstrac_jail_escape.nasl
trunk/openvas-plugins/scripts/cvstrac_malformed_uri_dos.nasl
trunk/openvas-plugins/scripts/cvstrac_ticket_title.nasl
trunk/openvas-plugins/scripts/cvstrac_timeline_overflow.nasl
trunk/openvas-plugins/scripts/datawizard_ftpxq_test_accts.nasl
trunk/openvas-plugins/scripts/elog_logbook_global_dos.nasl
trunk/openvas-plugins/scripts/finger_akfingerd.nasl
trunk/openvas-plugins/scripts/firewall_detect.nasl
trunk/openvas-plugins/scripts/free_articles_directory_file_includes.nasl
trunk/openvas-plugins/scripts/ftpd_any_cmd.nasl
trunk/openvas-plugins/scripts/gcards_dir_transversal.nasl
trunk/openvas-plugins/scripts/http_ids_evasion.nasl
trunk/openvas-plugins/scripts/http_keepalive.inc
trunk/openvas-plugins/scripts/ids_evasion.nasl
trunk/openvas-plugins/scripts/kerio_webmail_multiple_flaws.nasl
trunk/openvas-plugins/scripts/kiwi_cattools_tftpd_dir_traversal.nasl
trunk/openvas-plugins/scripts/mercur_imap_buffer_overflow.nasl
trunk/openvas-plugins/scripts/mtl_remote_file_include.nasl
trunk/openvas-plugins/scripts/myevent_multiple_flaws.nasl
trunk/openvas-plugins/scripts/netscaler_web_login.nasl
trunk/openvas-plugins/scripts/netstat_portscan.nasl
trunk/openvas-plugins/scripts/nisd_overflow.nasl
trunk/openvas-plugins/scripts/nmap.nasl
trunk/openvas-plugins/scripts/packeteer_web_login.nasl
trunk/openvas-plugins/scripts/packeteer_web_version.nasl
trunk/openvas-plugins/scripts/phplistpro_remote_file_include.nasl
trunk/openvas-plugins/scripts/sambar_default_accounts.nasl
trunk/openvas-plugins/scripts/secpod_kvirc_detect_win.nasl
trunk/openvas-plugins/scripts/sip.inc
trunk/openvas-plugins/scripts/smb_nt.inc
trunk/openvas-plugins/scripts/smb_registry_access.nasl
trunk/openvas-plugins/scripts/smb_virii.nasl
trunk/openvas-plugins/scripts/smtp_settings.nasl
trunk/openvas-plugins/scripts/snmpwalk_portscan.nasl
trunk/openvas-plugins/scripts/sslv2_hello_overflow.nasl
trunk/openvas-plugins/scripts/subversion_1_0_5.nasl
trunk/openvas-plugins/scripts/subversion_1_0_6.nasl
trunk/openvas-plugins/scripts/subversion_1_0_8.nasl
trunk/openvas-plugins/scripts/sybase_asa_default_password.nasl
trunk/openvas-plugins/scripts/webalbum_local_file_include.nasl
trunk/openvas-plugins/scripts/webcalendar_info_disclosure.nasl
trunk/openvas-plugins/scripts/www_too_long_method.nasl
trunk/openvas-plugins/scripts/xst_http_trace.nasl
trunk/openvas-plugins/scripts/yppasswdd.nasl
trunk/openvas-plugins/scripts/zeroblog_xss.nasl
Log:
Added new plugins. Replaced nessus by openvas
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/ChangeLog 2009-10-26 09:02:32 UTC (rev 5718)
@@ -1,3 +1,76 @@
+2009-10-26 Michael Meyer <michael.meyer at intevation.de>
+
+ * scripts/firewall_detect.nasl,
+ scripts/finger_akfingerd.nasl,
+ scripts/cvstrac_malformed_uri_dos.nasl,
+ scripts/packeteer_web_version.nasl,
+ scripts/www_too_long_method.nasl,
+ scripts/chipmunk_forum_xss.nasl,
+ scripts/mercur_imap_buffer_overflow.nasl,
+ scripts/sslv2_hello_overflow.nasl,
+ scripts/xst_http_trace.nasl,
+ scripts/ftpd_any_cmd.nasl,
+ scripts/cobalt_overflow_cgi.nasl,
+ scripts/packeteer_web_login.nasl,
+ scripts/cvstrac_filediff.nasl,
+ scripts/binlogin_overflow_telnet.nasl,
+ scripts/cvstrac_ticket_title.nasl,
+ scripts/cvstrac_jail_escape.nasl,
+ scripts/smtp_settings.nasl,
+ scripts/subversion_1_0_8.nasl,
+ scripts/subversion_1_0_5.nasl,
+ scripts/myevent_multiple_flaws.nasl,
+ scripts/cvstrac_history_overflow.nasl,
+ scripts/webalbum_local_file_include.nasl,
+ scripts/cvstrac_timeline_overflow.nasl,
+ scripts/phplistpro_remote_file_include.nasl,
+ scripts/kerio_webmail_multiple_flaws.nasl,
+ scripts/free_articles_directory_file_includes.nasl,
+ scripts/yppasswdd.nasl,
+ scripts/netscaler_web_login.nasl,
+ scripts/elog_logbook_global_dos.nasl,
+ scripts/admbook_cmd_exec.nasl,
+ scripts/gcards_dir_transversal.nasl,
+ scripts/cvstrac_account_deletion.nasl,
+ scripts/http_keepalive.inc,
+ scripts/apcupsd_overflows.nasl,
+ scripts/sybase_asa_default_password.nasl,
+ scripts/http_ids_evasion.nasl,
+ scripts/datawizard_ftpxq_test_accts.nasl,
+ scripts/nisd_overflow.nasl,
+ scripts/webcalendar_info_disclosure.nasl,
+ scripts/cvstrac_invalid_ticket_dos.nasl,
+ scripts/cvstrac_cgi_overflows.nasl,
+ scripts/smb_registry_access.nasl,
+ scripts/smb_nt.inc,
+ scripts/zeroblog_xss.nasl,
+ scripts/asterisk_null_pointer_dereference.nasl,
+ scripts/sip.inc,
+ scripts/mtl_remote_file_include.nasl,
+ scripts/smb_virii.nasl,
+ scripts/asterisk_sdp_header_overflow.nasl,
+ scripts/subversion_1_0_6.nasl,
+ scripts/ids_evasion.nasl,
+ scripts/cvstrac_db_plaintext_pass.nasl,
+ scripts/alcatel_backdoor_switch.nasl,
+ scripts/kiwi_cattools_tftpd_dir_traversal.nasl,
+ scripts/sambar_default_accounts.nasl:
+ Replaced "nessus" by "openvas".
+
+ * scripts/secpod_kvirc_detect_win.nasl:
+ Fixed "nasl_array_iterator: unhandled type 57 (0x39)"
+
+ * scripts/proftpd_36804.nasl,
+ scripts/mapserver_36802.nasl,
+ scripts/ping_host.nasl:
+ Added new plugins.
+
+ * scripts/snmpwalk_portscan.nasl,
+ scripts/nmap.nasl,
+ scripts/netstat_portscan.nasl,
+ scripts/amap.nasl:
+ Added dependency ping_host.nasl
+
2009-10-23 Chandrashekhar B <bchandra at secpod.com>
* scripts/gb_pidgin_oscar_dos_vuln_oct09_lin.nasl,
Modified: trunk/openvas-plugins/cve_current.txt
===================================================================
--- trunk/openvas-plugins/cve_current.txt 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/cve_current.txt 2009-10-26 09:02:32 UTC (rev 5718)
@@ -181,5 +181,5 @@
CVE-2009-3695 SecPod
CVE-2009-3698 SecPod
CVE-2009-2999 SecPod
-CVE-2009-3639 Greenbone R
-CVE-2009-2281 Greenbone R
+CVE-2009-3639 Greenbone svn R
+CVE-2009-2281 Greenbone svn R
Modified: trunk/openvas-plugins/scripts/admbook_cmd_exec.nasl
===================================================================
--- trunk/openvas-plugins/scripts/admbook_cmd_exec.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/admbook_cmd_exec.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -89,9 +89,9 @@
req = http_get(
item:string(
dir, "/write.php?",
- "name=nessus&",
- "email=nessus@", this_host(), "&",
- "message=", urlencode(str:string("Nessus ran ", SCRIPT_NAME, " at ", unixtime()))
+ "name=openvas&",
+ "email=openvas@", this_host(), "&",
+ "message=", urlencode(str:string("OpenVAS ran ", SCRIPT_NAME, " at ", unixtime()))
),
port:port
);
Modified: trunk/openvas-plugins/scripts/alcatel_backdoor_switch.nasl
===================================================================
--- trunk/openvas-plugins/scripts/alcatel_backdoor_switch.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/alcatel_backdoor_switch.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -77,7 +77,7 @@
data = get_telnet_banner(port:port);
if(data)
{
- security_note(port:port,data:string("The banner:\n",data,"\nshould be reported to deraison at nessus.org\n"));
+ security_note(port:port,data:string("The banner:\n",data,"\nshould be reported to openvas-plugins at wald.intevation.org\n"));
security_hole(port);
register_service(port: port, proto: "aos");
}
Modified: trunk/openvas-plugins/scripts/amap.nasl
===================================================================
--- trunk/openvas-plugins/scripts/amap.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/amap.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -29,9 +29,7 @@
family = "Port scanners";
script_family(family);
-# commented out dependency on proprietary plugin, once when we implement
-# it, we can uncomment it
-# script_dependencies("ping_host.nasl");
+ script_dependencies("ping_host.nasl");
script_add_preference(name: "File containing machine readable results : ", value: "", type: "file");
Modified: trunk/openvas-plugins/scripts/apcupsd_overflows.nasl
===================================================================
--- trunk/openvas-plugins/scripts/apcupsd_overflows.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/apcupsd_overflows.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -23,7 +23,7 @@
is vulnerable to a buffer overflow which could
allow an attacker to gain a root shell on this host.
-*** Nessus solely relied on the version number of the
+*** OpenVAS solely relied on the version number of the
*** remote server, so this might be a false positive
Risk factor : High";
Modified: trunk/openvas-plugins/scripts/asterisk_null_pointer_dereference.nasl
===================================================================
--- trunk/openvas-plugins/scripts/asterisk_null_pointer_dereference.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/asterisk_null_pointer_dereference.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -125,10 +125,10 @@
"REGISTER\r\n",
"Via: SIP/2.0/UDP ", this_host(), ":", port, "\r\n",
"To: User <sip:user@", get_host_name(), ":", port, ">\r\n",
- "From: OpenVAS <sip:nessus@", this_host(), ":", port, ">\r\n",
+ "From: OpenVAS <sip:openvas@", this_host(), ":", port, ">\r\n",
"Call-ID: ", rand(), "\r\n",
"CSeq: ", rand(), " OPTIONS\r\n",
- "Contact: OpenVAS <sip:nessus@", this_host(), ">\r\n",
+ "Contact: OpenVAS <sip:openvas@", this_host(), ">\r\n",
"Max-Forwards: 0\r\n",
"Accept: application/sdp\r\n",
"Content-Length: 0\r\n\r\n");
@@ -139,7 +139,6 @@
exp = sip_send_recv(port:port, data:bad_register);
if (isnull(exp)) {
res = sip_send_recv(port:port, data:option);
- display(res);
if (isnull(res)) {
security_hole(port);
exit(0);
Modified: trunk/openvas-plugins/scripts/asterisk_sdp_header_overflow.nasl
===================================================================
--- trunk/openvas-plugins/scripts/asterisk_sdp_header_overflow.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/asterisk_sdp_header_overflow.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -77,7 +77,7 @@
"From: <sip:", this_host(), ":", port, ">\r\n",
"Call-ID: ", rand(), "\r\n",
"CSeq: ", rand(), " OPTIONS\r\n",
- "Contact: <sip:nessus@", this_host(), ">\r\n",
+ "Contact: <sip:openvas@", this_host(), ">\r\n",
"Max-Forwards: 10\r\n",
"Content-Length: 0\r\n\r\n");
@@ -132,7 +132,7 @@
"From: <sip:", this_host(), ":", port, ">\r\n",
"Call-ID: ", rand(), "\r\n",
"CSeq: ", rand(), " OPTIONS\r\n",
- "Contact: <sip:nessus@", this_host(), ">\r\n",
+ "Contact: <sip:openvas@", this_host(), ">\r\n",
"Max-Forwards: 0\r\n",
"Content-Length: 0\r\n\r\n");
Modified: trunk/openvas-plugins/scripts/binlogin_overflow_telnet.nasl
===================================================================
--- trunk/openvas-plugins/scripts/binlogin_overflow_telnet.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/binlogin_overflow_telnet.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -71,7 +71,7 @@
{
buffer = telnet_negotiate(socket:soc);
- send(socket:soc, data:string("nessus ", env, "\r\n"));
+ send(socket:soc, data:string("openvas ", env, "\r\n"));
r = recv(socket:soc, length:4096);
close(soc);
if("word:" >< r)
Modified: trunk/openvas-plugins/scripts/chipmunk_forum_xss.nasl
===================================================================
--- trunk/openvas-plugins/scripts/chipmunk_forum_xss.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/chipmunk_forum_xss.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -65,7 +65,7 @@
if (!can_host_php(port:port)) exit(0);
if (get_kb_item(string("www/", port, "/generic_xss"))) exit(0);
-xss = "'</a><IFRAME SRC=javascript:alert(%27XSS%20DETECTED%20BY%20NESSUS%27)></IFRAME>";
+xss = "'</a><IFRAME SRC=javascript:alert(%27XSS%20DETECTED%20BY%20OpenVAS%27)></IFRAME>";
exss = urlencode(str:xss);
#if (thorough_tests) dirs = make_list("/board", "/forum", "/", cgi_dirs());
Modified: trunk/openvas-plugins/scripts/cobalt_overflow_cgi.nasl
===================================================================
--- trunk/openvas-plugins/scripts/cobalt_overflow_cgi.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/cobalt_overflow_cgi.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -17,7 +17,7 @@
Some versions of this CGI allow remote users to execute arbitrary commands
with the privileges of the web server.
-*** Nessus just checked the presence of this file
+*** OpenVAS just checked the presence of this file
*** but did not try to exploit the flaw, so this might
*** be a false positive
Modified: trunk/openvas-plugins/scripts/cvstrac_account_deletion.nasl
===================================================================
--- trunk/openvas-plugins/scripts/cvstrac_account_deletion.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/cvstrac_account_deletion.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -23,7 +23,7 @@
giving them elevated access and potentially control
over other user accounts.
-***** Nessus has determined the vulnerability exists on the target
+***** OpenVAS has determined the vulnerability exists on the target
***** simply by looking at the version number(s) of CVSTrac
***** installed there.
Modified: trunk/openvas-plugins/scripts/cvstrac_cgi_overflows.nasl
===================================================================
--- trunk/openvas-plugins/scripts/cvstrac_cgi_overflows.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/cvstrac_cgi_overflows.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -24,7 +24,7 @@
this flaw, would be able to execute arbitrary code on the
remote system.
-***** Nessus has determined the vulnerability exists on the target
+***** OpenVAS has determined the vulnerability exists on the target
***** simply by looking at the version number(s) of CVSTrac
***** installed there.
Modified: trunk/openvas-plugins/scripts/cvstrac_db_plaintext_pass.nasl
===================================================================
--- trunk/openvas-plugins/scripts/cvstrac_db_plaintext_pass.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/cvstrac_db_plaintext_pass.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -21,7 +21,7 @@
This version contains a flaw related to *.db files that
may allow an attacker to gain access to plaintext passwords.
-***** Nessus has determined the vulnerability exists on the target
+***** OpenVAS has determined the vulnerability exists on the target
***** simply by looking at the version number(s) of CVSTrac
***** installed there.
Modified: trunk/openvas-plugins/scripts/cvstrac_filediff.nasl
===================================================================
--- trunk/openvas-plugins/scripts/cvstrac_filediff.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/cvstrac_filediff.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -26,7 +26,7 @@
which, when exploited, can lead to a remote attacker
executing arbitrary commands on the system.
-***** Nessus has determined the vulnerability exists on the target
+***** OpenVAS has determined the vulnerability exists on the target
***** simply by looking at the version number(s) of CVSTrac
***** installed there.
Modified: trunk/openvas-plugins/scripts/cvstrac_history_overflow.nasl
===================================================================
--- trunk/openvas-plugins/scripts/cvstrac_history_overflow.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/cvstrac_history_overflow.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -22,7 +22,7 @@
function in history.c that may allow an attacker to cause a
buffer overflow and execute arbitrary code on the remote system.
-***** Nessus has determined the vulnerability exists on the target
+***** OpenVAS has determined the vulnerability exists on the target
***** simply by looking at the version number(s) of CVSTrac
***** installed there.
Modified: trunk/openvas-plugins/scripts/cvstrac_invalid_ticket_dos.nasl
===================================================================
--- trunk/openvas-plugins/scripts/cvstrac_invalid_ticket_dos.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/cvstrac_invalid_ticket_dos.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -23,7 +23,7 @@
An attacker, exploiting this flaw, would be able to remotely
shut down the cvstrac server.
-***** Nessus has determined the vulnerability exists on the target
+***** OpenVAS has determined the vulnerability exists on the target
***** simply by looking at the version number(s) of CVSTrac
***** installed there.
Modified: trunk/openvas-plugins/scripts/cvstrac_jail_escape.nasl
===================================================================
--- trunk/openvas-plugins/scripts/cvstrac_jail_escape.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/cvstrac_jail_escape.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -23,7 +23,7 @@
attacker, exploiting this flaw, would be able to access files
outside of the web root.
-***** Nessus has determined the vulnerability exists on the target
+***** OpenVAS has determined the vulnerability exists on the target
***** simply by looking at the version number(s) of CVSTrac
***** installed there.
Modified: trunk/openvas-plugins/scripts/cvstrac_malformed_uri_dos.nasl
===================================================================
--- trunk/openvas-plugins/scripts/cvstrac_malformed_uri_dos.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/cvstrac_malformed_uri_dos.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -25,7 +25,7 @@
Upon sending a malformed link, the cvstrac server would go into
an infinite loop, rendering the services as unavailable.
-***** Nessus has determined the vulnerability exists on the target
+***** OpenVAS has determined the vulnerability exists on the target
***** simply by looking at the version number(s) of CVSTrac
***** installed there.
Modified: trunk/openvas-plugins/scripts/cvstrac_ticket_title.nasl
===================================================================
--- trunk/openvas-plugins/scripts/cvstrac_ticket_title.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/cvstrac_ticket_title.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -22,7 +22,7 @@
containing a semi-colon (';') that may allow an attacker
to execute arbitrary commands on the system.
-***** Nessus has determined the vulnerability exists on the target
+***** OpenVAS has determined the vulnerability exists on the target
***** simply by looking at the version number(s) of CVSTrac
***** installed there.
Modified: trunk/openvas-plugins/scripts/cvstrac_timeline_overflow.nasl
===================================================================
--- trunk/openvas-plugins/scripts/cvstrac_timeline_overflow.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/cvstrac_timeline_overflow.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -23,7 +23,7 @@
An attacker, exploiting this flaw, would be potentially able to
run exploit code on the remote machine.
-***** Nessus has determined the vulnerability exists on the target
+***** OpenVAS has determined the vulnerability exists on the target
***** simply by looking at the version number(s) of CVSTrac
***** installed there.
Modified: trunk/openvas-plugins/scripts/datawizard_ftpxq_test_accts.nasl
===================================================================
--- trunk/openvas-plugins/scripts/datawizard_ftpxq_test_accts.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/datawizard_ftpxq_test_accts.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -131,11 +131,11 @@
if ("test/test" >< info)
info = string(info, "\n",
"Note that the test account reportedly allows write access to the entire\n",
- "filesystem, although Nessus did not attempt to verify this.\n");
+ "filesystem, although OpenVAS did not attempt to verify this.\n");
if (contents)
info = string(info, "\n",
- "In addition, Nessus was able to use one of the accounts to read ", file, " :\n",
+ "In addition, OpenVAS was able to use one of the accounts to read ", file, " :\n",
"\n",
contents);
Modified: trunk/openvas-plugins/scripts/elog_logbook_global_dos.nasl
===================================================================
--- trunk/openvas-plugins/scripts/elog_logbook_global_dos.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/elog_logbook_global_dos.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -36,7 +36,7 @@
See also :
http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0198.html
-http://www.nessus.org/u?67c4b2ac
+http://savannah.psi.ch/websvn/log.php?repname=elog&path=/trunk/&rev=1749&sc=1&isdir=1
http://midas.psi.ch/elogs/Forum/2053
Solution :
Modified: trunk/openvas-plugins/scripts/finger_akfingerd.nasl
===================================================================
--- trunk/openvas-plugins/scripts/finger_akfingerd.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/finger_akfingerd.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -58,7 +58,7 @@
soc = open_sock_tcp(port);
if(soc)
{
- buf = string("nessusIs4Scanning2You at 127.0.0.1@127.0.0.1\r\n"); #send request for forwarded finger query
+ buf = string("openvasIs4Scanning2You at 127.0.0.1@127.0.0.1\r\n"); #send request for forwarded finger query
send(socket:soc, data:buf);
data = recv(socket:soc, length:96);
close(soc);
Modified: trunk/openvas-plugins/scripts/firewall_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/firewall_detect.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/firewall_detect.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -44,7 +44,7 @@
include("global_settings.inc");
if ( report_paranoia < 2 ) exit(0);
-if ( ! get_kb_item("Host/scanners/nessus_tcp_scanner") ) exit(0);
+if ( ! get_kb_item("Host/scanners/openvas_tcp_scanner") ) exit(0);
open = int(get_kb_item("TCPScanner/OpenPortsNb"));
closed = int(get_kb_item("TCPScanner/ClosedPortsNb"));
Modified: trunk/openvas-plugins/scripts/free_articles_directory_file_includes.nasl
===================================================================
--- trunk/openvas-plugins/scripts/free_articles_directory_file_includes.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/free_articles_directory_file_includes.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -123,7 +123,7 @@
"Plugin output :\n",
"\n",
"Here are the contents of the file '/etc/passwd' that\n",
- "Nessus was able to read from the remote host :\n",
+ "OpenVAS was able to read from the remote host :\n",
"\n",
content
);
Modified: trunk/openvas-plugins/scripts/ftpd_any_cmd.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ftpd_any_cmd.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/ftpd_any_cmd.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -48,7 +48,7 @@
login = get_kb_item("ftp/login");
pass = get_kb_item("ftp/password");
if (! login) login = "anonymous";
-if (! pass) pass = "bounce at nessus.org";
+if (! pass) pass = "bounce at openvas.org";
port = get_kb_item("Services/ftp");
if (! port) port = 21;
Modified: trunk/openvas-plugins/scripts/gcards_dir_transversal.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gcards_dir_transversal.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/gcards_dir_transversal.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -29,7 +29,7 @@
See also :
http://retrogod.altervista.org/gcards_145_xpl.html
-http://www.nessus.org/u?5e89025e
+http://www.gregphoto.net/index.php/2006/03/27/gcards-146-released-due-to-security-issues/
Solution :
@@ -121,7 +121,7 @@
"Plugin output :\n",
"\n",
"Here are the contents of the file '/etc/passwd' that\n",
- "Nessus was able to read from the remote host :\n",
+ "OpenVAS was able to read from the remote host :\n",
"\n",
content
);
Modified: trunk/openvas-plugins/scripts/http_ids_evasion.nasl
===================================================================
--- trunk/openvas-plugins/scripts/http_ids_evasion.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/http_ids_evasion.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -19,7 +19,7 @@
script_name(name);
desc = "
-This plugin configures Nessus for NIDS evasion (see the 'Prefs' panel).
+This plugin configures OpenVAS for NIDS evasion (see the 'Prefs' panel).
NIDS evasion options are useful if you want to determine
the quality of the expensive NIDS you just bought.
Modified: trunk/openvas-plugins/scripts/http_keepalive.inc
===================================================================
--- trunk/openvas-plugins/scripts/http_keepalive.inc 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/http_keepalive.inc 2009-10-26 09:02:32 UTC (rev 5718)
@@ -63,7 +63,7 @@
'Connection: Keep-Alive\r\n',
'Host: ', get_host_name(), '\r\n',
'Pragma: no-cache\r\n',
-'User-Agent: Mozilla/4.75 [en] (X11, U; Nessus)\r\n\r\n');
+'User-Agent: Mozilla/4.75 [en] (X11, U; OpenVAS)\r\n\r\n');
soc = http_open_socket(port);
if(!soc)return -2;
Modified: trunk/openvas-plugins/scripts/ids_evasion.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ids_evasion.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/ids_evasion.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -23,7 +23,7 @@
script_name(name);
desc = "
-This plugin configures Nessus for NIDS evasion (see the 'Prefs' panel).
+This plugin configures OpenVAS for NIDS evasion (see the 'Prefs' panel).
NIDS evasion options are useful if you want to determine
the quality of the expensive NIDS you just bought.
@@ -51,7 +51,7 @@
reach the remote host or which do not determine if the
remote host actually receives the packets seen ;
-- Fake RST : each time a connection is established, Nessus
+- Fake RST : each time a connection is established, OpenVAS
will send a RST packet with a bogus tcp checksum or
a bogus ttl (depending on the options you chose above),
thus making the IDS believe the connection was closed
Modified: trunk/openvas-plugins/scripts/kerio_webmail_multiple_flaws.nasl
===================================================================
--- trunk/openvas-plugins/scripts/kerio_webmail_multiple_flaws.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/kerio_webmail_multiple_flaws.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -52,7 +52,7 @@
This could also cause a denial of service in the server.
-*** This might be a false positive, as Nessus did not have
+*** This might be a false positive, as OpenVAS did not have
*** the proper credentials to determine if the remote Kerio
*** is affected by this flaw.
Modified: trunk/openvas-plugins/scripts/kiwi_cattools_tftpd_dir_traversal.nasl
===================================================================
--- trunk/openvas-plugins/scripts/kiwi_cattools_tftpd_dir_traversal.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/kiwi_cattools_tftpd_dir_traversal.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -89,7 +89,7 @@
{
report = string(
desc, "\n\n", "Plugin output :\n\n",
- "Here are the contents of the file '\\boot.ini' that Nessus\n",
+ "Here are the contents of the file '\\boot.ini' that OpenVAS\n",
"was able to read from the remote host :\n", get);
security_hole(port:port, protocol:"udp", data:report);
}
Added: trunk/openvas-plugins/scripts/mapserver_36802.nasl
===================================================================
--- trunk/openvas-plugins/scripts/mapserver_36802.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/mapserver_36802.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -0,0 +1,90 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# MapServer HTTP Request Processing Integer Overflow Vulnerability
+#
+# Authors:
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100317);
+ script_bugtraq_id(36802);
+ script_cve_id("CVE-2009-2281");
+ script_version ("1.0-$Revision$");
+
+ script_name("MapServer HTTP Request Processing Integer Overflow Vulnerability");
+
+desc = "Overview:
+MapServer is prone to a remote integer-overflow vulnerability.
+
+An attacker can exploit this issue to execute arbitrary code.
+Successful exploits will compromise affected computers. Failed exploit
+attempts will result in a denial-of-service condition.
+
+This issue affects MapServer 4.10.x; other versions may be
+vulnerable as well.
+
+NOTE: This issue reportedly stems from an incomplete fix for CVE-2009-
+ 0840, which was discussed in BID 34306 (MapServer Multiple
+ Security Vulnerabilities).
+
+Solution:
+Updates are available. Please see the references for details.
+
+References:
+http://www.securityfocus.com/bid/36802
+http://mapserver.gis.umn.edu/
+
+Risk factor : Medium";
+
+ script_description(desc);
+ script_summary("Determine if MapServer is prone to a remote integer-overflow vulnerability");
+ script_category(ACT_GATHER_INFO);
+ script_family("Web application abuses");
+ script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH");
+ script_dependencies("gb_mapserver_detect.nasl");
+ script_require_ports("Services/www", 80);
+ script_exclude_keys("Settings/disable_cgi_scanning");
+ exit(0);
+}
+
+include("http_func.inc");
+include("http_keepalive.inc");
+include("version_func.inc");
+
+port = get_http_port(default:80);
+if(!get_port_state(port))exit(0);
+
+if(!version = get_kb_item(string("www/", port, "/MapServer")))exit(0);
+
+if(!isnull(version)) {
+
+ if(version_in_range(version: version, test_version: "5.4", test_version2: "5.4.2") ||
+ version_in_range(version: version, test_version: "5.2", test_version2: "5.2.3") ||
+ version_in_range(version: version, test_version: "5.0", test_version2: "5.0.3") ||
+ version_in_range(version: version, test_version: "4.10", test_version2: "4.10.5")) {
+ security_warning(port:port);
+ exit(0);
+ }
+}
+
+exit(0);
Property changes on: trunk/openvas-plugins/scripts/mapserver_36802.nasl
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Modified: trunk/openvas-plugins/scripts/mercur_imap_buffer_overflow.nasl
===================================================================
--- trunk/openvas-plugins/scripts/mercur_imap_buffer_overflow.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/mercur_imap_buffer_overflow.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -81,7 +81,7 @@
report = string(desc, "\n\n",
"Note :\n\n",
- "*** Nessus did only check for this vulnerability,\n",
+ "*** OpenVAS did only check for this vulnerability,\n",
"*** by using the banner of the remote IMAP4 service.\n",
"*** This might be a false positive.\n\n");
Modified: trunk/openvas-plugins/scripts/mtl_remote_file_include.nasl
===================================================================
--- trunk/openvas-plugins/scripts/mtl_remote_file_include.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/mtl_remote_file_include.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -111,7 +111,7 @@
"Plugin output :\n",
"\n",
"Here are the contents of the file '/etc/passwd' that\n",
- "Nessus was able to read from the remote host :\n",
+ "OpenVAS was able to read from the remote host :\n",
"\n",
content
);
Modified: trunk/openvas-plugins/scripts/myevent_multiple_flaws.nasl
===================================================================
--- trunk/openvas-plugins/scripts/myevent_multiple_flaws.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/myevent_multiple_flaws.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -129,7 +129,7 @@
"Plugin output :\n",
"\n",
"Here are the contents of the file '/etc/passwd' that\n",
- "Nessus was able to read from the remote host :\n",
+ "OpenVAS was able to read from the remote host :\n",
"\n",
content
);
Modified: trunk/openvas-plugins/scripts/netscaler_web_login.nasl
===================================================================
--- trunk/openvas-plugins/scripts/netscaler_web_login.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/netscaler_web_login.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -20,7 +20,7 @@
Description :
-Nessus successfully logged into the remote Citrix NetScaler web
+OpenVAS successfully logged into the remote Citrix NetScaler web
management interface using the supplied credentials and stored the
authentication cookie for later use.
Modified: trunk/openvas-plugins/scripts/netstat_portscan.nasl
===================================================================
--- trunk/openvas-plugins/scripts/netstat_portscan.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/netstat_portscan.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -27,11 +27,7 @@
script_copyright("This script is Copyright (C) 2004 Michel Arboi");
family = "Port scanners";
script_family(family);
-
-# commented out dependency on proprietary plugin, once when we implement
-# it, we can uncomment it
-# script_dependencies("ping_host.nasl", "ssh_authorization.nasl");
- script_dependencies("ssh_authorization.nasl");
+ script_dependencies("ping_host.nasl","ssh_authorization.nasl");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/nisd_overflow.nasl
===================================================================
--- trunk/openvas-plugins/scripts/nisd_overflow.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/nisd_overflow.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -70,7 +70,7 @@
to a buffer overflow which allows any user to obtain a root
shell on this host.
-*** Nessus did not actually check for this flaw, so this
+*** OpenVAS did not actually check for this flaw, so this
*** might be a false positive
Solution : disable this service if you don't useit, or apply
Modified: trunk/openvas-plugins/scripts/nmap.nasl
===================================================================
--- trunk/openvas-plugins/scripts/nmap.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/nmap.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -32,9 +32,7 @@
family = "Port scanners";
script_family(family);
-# commented out dependency on proprietary plugin, once when we implement
-# it, we can uncomment it
-# script_dependencies("ping_host.nasl");
+ script_dependencies("ping_host.nasl");
v = pread(cmd: "nmap", argv: make_list("nmap", "-V"));
if (v != NULL)
Modified: trunk/openvas-plugins/scripts/packeteer_web_login.nasl
===================================================================
--- trunk/openvas-plugins/scripts/packeteer_web_login.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/packeteer_web_login.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -17,7 +17,7 @@
Description :
-Nessus was able to log onto the remote Packeteer web management
+OpenVAS was able to log onto the remote Packeteer web management
interface with the given credentials and has stored the authentication
cookie in the KB for use with other plugins.
Modified: trunk/openvas-plugins/scripts/packeteer_web_version.nasl
===================================================================
--- trunk/openvas-plugins/scripts/packeteer_web_version.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/packeteer_web_version.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -10,7 +10,7 @@
Description :
-Nessus was able to determine the software version of the Packeteer web
+OpenVAS was able to determine the software version of the Packeteer web
management interface running on the remote host.
Risk factor :
Modified: trunk/openvas-plugins/scripts/phplistpro_remote_file_include.nasl
===================================================================
--- trunk/openvas-plugins/scripts/phplistpro_remote_file_include.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/phplistpro_remote_file_include.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -116,7 +116,7 @@
"Plugin output :\n",
"\n",
"Here are the repeated contents of the file '/etc/passwd' that\n",
- "Nessus was able to read from the remote host :\n",
+ "OpenVAS was able to read from the remote host :\n",
"\n",
content
);
Added: trunk/openvas-plugins/scripts/ping_host.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ping_host.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/ping_host.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -0,0 +1,103 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Ping Host
+#
+# Authors:
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100315);
+ script_version ("1.0-$Revision$");
+
+ script_name("Ping Host");
+
+ desc = "This plugin try to determine if the remote host is up.
+
+Risk factor : Informational";
+
+ script_description(desc);
+ script_summary("Ping the remote host");
+ script_category(ACT_SCANNER);
+ script_family("Port scanners");
+ script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH");
+
+ script_add_preference(name:"Report about unrechable Hosts", type:"checkbox", value:"no");
+ script_add_preference(name:"Mark unrechable Hosts as dead (not scanning)", type:"checkbox", value:"yes");
+
+ exit(0);
+}
+
+set_kb_item(name: "/tmp/start_time", value: unixtime());
+if(islocalhost())exit(0);
+
+# Try ICMP (Ping) first
+ICMP_ECHO_REQUEST = 8;
+IP_ID = 0xBABA;
+ICMP_ID = rand() % 65536;
+
+ip_packet =
+ forge_ip_packet(ip_tos : 6,
+ ip_id : IP_ID,
+ ip_off : IP_DF,
+ ip_p : IPPROTO_ICMP,
+ ip_src : this_host());
+
+icmp_packet =
+ forge_icmp_packet(icmp_type : ICMP_ECHO_REQUEST,
+ icmp_code : 123,
+ icmp_seq : 256,
+ icmp_id : ICMP_ID,
+ ip : ip_packet);
+attempt = 2;
+ret = NULL;
+
+filter = "icmp and dst host " + this_host() + " and src host " + get_host_ip() + " and icmp[0] = 0 " + " and icmp[4:2] = " + ICMP_ID;
+
+while (!ret && attempt--) {
+ ret = send_packet(icmp_packet, pcap_active: TRUE, pcap_filter: filter, pcap_timeout: 3);
+ if(ret) {
+ set_kb_item(name: "/tmp/ping/ICMP", value: 1);
+ exit(0);
+ }
+}
+
+# ICMP fails. Try TCP SYN
+if(tcp_ping()) {
+ set_kb_item(name: "/tmp/ping/TCP", value: 1);
+ exit(0);
+}
+
+# Host seems to be dead.
+report_dead = script_get_preference("Report about unrechable Hosts");
+mark_dead = script_get_preference("Mark unrechable Hosts as dead (not scanning)");
+
+if("yes" >< report_dead) {
+ data = string("The remote host ", get_host_ip(), " is considered as dead.\nOpenVAS has not scanned this host.\n");
+ log_message(data:data, port:0);
+}
+
+if("yes" >< mark_dead) {
+ set_kb_item(name:"Host/ping_failed", value: 1);
+}
+exit(0);
+
Property changes on: trunk/openvas-plugins/scripts/ping_host.nasl
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Added: trunk/openvas-plugins/scripts/proftpd_36804.nasl
===================================================================
--- trunk/openvas-plugins/scripts/proftpd_36804.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/proftpd_36804.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -0,0 +1,93 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# ProFTPD mod_tls Module NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
+#
+# Authors:
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100316);
+ script_bugtraq_id(36804);
+ script_cve_id("CVE-2009-3639");
+ script_version ("1.0-$Revision$");
+
+ script_name("ProFTPD mod_tls Module NULL Character CA SSL Certificate Validation Security Bypass Vulnerability");
+
+desc = "Overview:
+ProFTPD is prone to a security-bypass vulnerability because the
+application fails to properly validate the domain name in a signed CA
+certificate, allowing attackers to substitute malicious SSL
+certificates for trusted ones.
+
+Successful exploits allows attackers to perform man-in-the-
+middle attacks or impersonate trusted servers, which will aid in
+further attacks.
+
+Versions prior to ProFTPD 1.3.2b are vulnerable.
+
+Solution:
+Updates are available. Please see the references for details.
+
+References:
+http://www.securityfocus.com/bid/36804
+http://bugs.proftpd.org/show_bug.cgi?id=3275
+http://www.proftpd.org
+
+Risk factor : Medium";
+
+ script_description(desc);
+ script_summary("Determine if ProFTPD version is < 1.3.2b");
+ script_category(ACT_GATHER_INFO);
+ script_family("FTP");
+ script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH");
+ script_dependencies("secpod_proftpd_server_remote_detect.nasl");
+ script_require_ports("Services/ftp", 21);
+ exit(0);
+}
+
+include("version_func.inc");
+
+port = get_kb_item("Services/ftp");
+if(!port){
+ port = 21;
+}
+
+if(get_kb_item('ftp/'+port+'/broken'))exit(0);
+
+if(!get_port_state(port)){
+ exit(0);
+}
+
+if(!version = get_kb_item(string("ProFTPD/Ver")))exit(0);
+
+if(!isnull(version)) {
+
+ if(version_is_less(version:version, test_version:"1.3.2b")) {
+ security_warning(port: port);
+ exit(0);
+
+ }
+}
+
+exit(0);
+
Property changes on: trunk/openvas-plugins/scripts/proftpd_36804.nasl
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Modified: trunk/openvas-plugins/scripts/sambar_default_accounts.nasl
===================================================================
--- trunk/openvas-plugins/scripts/sambar_default_accounts.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/sambar_default_accounts.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -63,7 +63,7 @@
req = string(
"POST /session/login HTTP/1.1\r\n",
"Host: ", get_host_name(), "\r\n",
-"User-Agent: Mozilla/5.0 (Nessus; rv:1.2.1)\r\n",
+"User-Agent: Mozilla/5.0 (OpenVAS; rv:1.2.1)\r\n",
"Accept: text/xml, text/html\r\n",
"Accept-Language: us\r\n",
"Content-Type: application/x-www-form-urlencoded\r\n",
Modified: trunk/openvas-plugins/scripts/secpod_kvirc_detect_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_kvirc_detect_win.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/secpod_kvirc_detect_win.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -57,6 +57,11 @@
}
key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
+
+if(!registry_key_exists(key:key)){
+ exit(0);
+}
+
foreach item (registry_enum_keys(key:key))
{
kvireName = registry_get_sz(key:key + item, item:"DisplayName");
Modified: trunk/openvas-plugins/scripts/sip.inc
===================================================================
--- trunk/openvas-plugins/scripts/sip.inc 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/sip.inc 2009-10-26 09:02:32 UTC (rev 5718)
@@ -29,7 +29,7 @@
"Via: SIP/2.0/UDP ", this_host(), ":", port, "\r\n",
"Max-Forwards: 70\r\n",
"To: <sip:", this_host(), ":", port, ">\r\n",
- "From: Nessus <sip:", this_host(), ":", port, ">\r\n",
+ "From: OpenVAS <sip:", this_host(), ":", port, ">\r\n",
"Call-ID: ", rand(), "\r\n",
"CSeq: 63104 OPTIONS\r\n",
"Contact: <sip:", this_host(), ">\r\n",
Modified: trunk/openvas-plugins/scripts/smb_nt.inc
===================================================================
--- trunk/openvas-plugins/scripts/smb_nt.inc 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/smb_nt.inc 2009-10-26 09:02:32 UTC (rev 5718)
@@ -292,7 +292,7 @@
local_var pass_len_hi, pass_len_lo;
extra = 0;
native_os = "Unix";
- native_lanmanager = "Nessus";
+ native_lanmanager = "OpenVAS";
if(!domain){
domain = "MYGROUP";
@@ -390,7 +390,7 @@
extra = 0;
native_os = "Unix";
- native_lanmanager = "Nessus";
+ native_lanmanager = "OpenVAS";
if(!domain)domain = "WORKGROUP";
if(domain){
Modified: trunk/openvas-plugins/scripts/smb_registry_access.nasl
===================================================================
--- trunk/openvas-plugins/scripts/smb_registry_access.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/smb_registry_access.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -132,7 +132,7 @@
if(!r)
{
security_note(data:"It was not possible to connect to PIPE\winreg on "+
- "the remote host. If you\nintend to use Nessus to "+
+ "the remote host. If you\nintend to use OpenVAS to "+
"perform registry-based checks, the registry "+
"checks\nwill not work because the 'Remote "+
"Registry Access' service (winreg) has been\n" +
Modified: trunk/openvas-plugins/scripts/smb_virii.nasl
===================================================================
--- trunk/openvas-plugins/scripts/smb_virii.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/smb_virii.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -14,7 +14,7 @@
desc = "
This script checks for the presence of different virii on the remote
-host, by using the SMB credentials you provide Nessus with.
+host, by using the SMB credentials you provide OpenVAS with.
- W32/Badtrans-B
- JS_GIGGER.A at mm
Modified: trunk/openvas-plugins/scripts/smtp_settings.nasl
===================================================================
--- trunk/openvas-plugins/scripts/smtp_settings.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/smtp_settings.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -25,11 +25,11 @@
The checks that rely on this are SMTP or DNS relay checks.
-By default, nessus.org is being used. However, under some
+By default, openvas.org is being used. However, under some
circumstances, this may make leak packets from your network
to this domain, thus compromising the privacy of your tests.
-While the owner of 'nessus.org' is not known to keep logs of
+While the owner of 'openvas.org' is not known to keep logs of
such packet traces, you may want to change this value to
maximize your privacy.
@@ -67,7 +67,7 @@
fromaddr = script_get_preference("From address : ");
toaddr = script_get_preference("To address : ");
-if (!fromaddr) fromaddr = "nessus at example.com";
+if (!fromaddr) fromaddr = "openvas at example.com";
if (! toaddr) toaddr = "postmaster@[AUTO_REPLACED_IP]";
if ("AUTO_REPLACED_IP" >< toaddr) {
Modified: trunk/openvas-plugins/scripts/snmpwalk_portscan.nasl
===================================================================
--- trunk/openvas-plugins/scripts/snmpwalk_portscan.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/snmpwalk_portscan.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -28,9 +28,7 @@
family = "Port scanners";
script_family(family);
-# commented out dependency on proprietary plugin, once when we implement
-# it, we can uncomment it
-# script_dependencies("ping_host.nasl");
+ script_dependencies("ping_host.nasl");
script_add_preference(name: "Community name :", type: "entry", value: "public");
script_add_preference(name: "SNMP protocol :", type: "radio", value: "1;2c");
Modified: trunk/openvas-plugins/scripts/sslv2_hello_overflow.nasl
===================================================================
--- trunk/openvas-plugins/scripts/sslv2_hello_overflow.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/sslv2_hello_overflow.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -82,7 +82,7 @@
0x02, 0x00, 0x03, 0x00,
0x00, 0x00, 0x10, 0x07,
0x00, 0xc0)
- + crap(16, "NESSUS");
+ + crap(16, "OpenVAS");
send(socket:soc, data:req);
res = recv(socket:soc, length:64);
@@ -102,7 +102,7 @@
0x02, 0x00, 0x03, 0x00,
0x00, 0x00, 0x38, 0x07,
0x00, 0xc0)
- + crap(16, data:"NESSUS")
+ + crap(16, data:"OpenVAS")
+ crap(40, data:"VULN");
send(socket:soc, data:req);
Modified: trunk/openvas-plugins/scripts/subversion_1_0_5.nasl
===================================================================
--- trunk/openvas-plugins/scripts/subversion_1_0_5.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/subversion_1_0_5.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -53,7 +53,7 @@
if (! get_tcp_port_state(port))
exit(0);
-dat = string("( 2 ( edit-pipeline ) 24:svn://host/svn/nessusr0x ) ");
+dat = string("( 2 ( edit-pipeline ) 24:svn://host/svn/OpenVASr0x ) ");
soc = open_sock_tcp(port);
if (!soc)
Modified: trunk/openvas-plugins/scripts/subversion_1_0_6.nasl
===================================================================
--- trunk/openvas-plugins/scripts/subversion_1_0_6.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/subversion_1_0_6.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -52,7 +52,7 @@
if (! get_tcp_port_state(port))
exit(0);
-dat = string("( 2 ( edit-pipeline ) 24:svn://host/svn/nessusr0x ) ");
+dat = string("( 2 ( edit-pipeline ) 24:svn://host/svn/OpenVASr0x ) ");
soc = open_sock_tcp(port);
if (!soc)
Modified: trunk/openvas-plugins/scripts/subversion_1_0_8.nasl
===================================================================
--- trunk/openvas-plugins/scripts/subversion_1_0_8.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/subversion_1_0_8.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -54,7 +54,7 @@
if (! get_tcp_port_state(port))
exit(0);
-dat = string("( 2 ( edit-pipeline ) 24:svn://host/svn/nessusr0x ) ");
+dat = string("( 2 ( edit-pipeline ) 24:svn://host/svn/OpenVASr0x ) ");
soc = open_sock_tcp(port);
if (!soc)
Modified: trunk/openvas-plugins/scripts/sybase_asa_default_password.nasl
===================================================================
--- trunk/openvas-plugins/scripts/sybase_asa_default_password.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/sybase_asa_default_password.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -84,7 +84,7 @@
);
pkt_bulk_copy = raw_string(0x00);
pkt_magic2 = crap(data:nul, length:9);
-pkt_client = raw_string("nessus", crap(data:nul, length:24), 0x06);
+pkt_client = raw_string("OpenVA", crap(data:nul, length:24), 0x06);
# database is here
pkt_magic3 = raw_string(0x00);
# password repeats here but with length first!
Modified: trunk/openvas-plugins/scripts/webalbum_local_file_include.nasl
===================================================================
--- trunk/openvas-plugins/scripts/webalbum_local_file_include.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/webalbum_local_file_include.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -97,7 +97,7 @@
"Plugin output :\n",
"\n",
"Here are the contents of the file '/etc/passwd' that\n",
- "Nessus was able to read from the remote host :\n",
+ "OpenVAS was able to read from the remote host :\n",
"\n",
content
);
Modified: trunk/openvas-plugins/scripts/webcalendar_info_disclosure.nasl
===================================================================
--- trunk/openvas-plugins/scripts/webcalendar_info_disclosure.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/webcalendar_info_disclosure.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -31,7 +31,7 @@
http://www.securityfocus.com/archive/1/433053/30/0/threaded
http://www.securityfocus.com/archive/1/436263/30/0/threaded
-http://www.nessus.org/u?2fe61fc9
+http://sourceforge.net/project/shownotes.php?group_id=3870&release_id=423010
Solution :
@@ -85,8 +85,8 @@
if ("webcalendar_session=deleted; expires" >< res && '<input name="login" id="user"' >< res)
{
postdata=string(
- "login=nessus", unixtime(), "&",
- "password=nessus"
+ "login=openvas", unixtime(), "&",
+ "password=openvas"
);
req = string(
"POST ", url, " HTTP/1.1\r\n",
Modified: trunk/openvas-plugins/scripts/www_too_long_method.nasl
===================================================================
--- trunk/openvas-plugins/scripts/www_too_long_method.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/www_too_long_method.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -52,7 +52,7 @@
include("http_func.inc");
-r = string(crap(data:"HEADNESSUSNESSUS", length: 2048), " / HTTP/1.0\r\n\r\n");
+r = string(crap(data:"HEADOPENVASOPENVAS", length: 2048), " / HTTP/1.0\r\n\r\n");
port = get_http_port(default:80);
Modified: trunk/openvas-plugins/scripts/xst_http_trace.nasl
===================================================================
--- trunk/openvas-plugins/scripts/xst_http_trace.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/xst_http_trace.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -119,7 +119,7 @@
"\n\nPlugin output :\n\n",
report);
-file = "/Nessus"+rand() + ".html"; # Does not exist
+file = "/OpenVAS"+rand() + ".html"; # Does not exist
cmd1 = http_get(item: file, port:port);
cmd2 = cmd1;
Modified: trunk/openvas-plugins/scripts/yppasswdd.nasl
===================================================================
--- trunk/openvas-plugins/scripts/yppasswdd.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/yppasswdd.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -100,7 +100,7 @@
to a buffer overflow which would allow any user to obtain a root
shell on this host.
-*** Nessus reports this vulnerability using only
+*** OpenVAS reports this vulnerability using only
*** information that was gathered. Use caution
*** when testing without safe checks enabled.
Modified: trunk/openvas-plugins/scripts/zeroblog_xss.nasl
===================================================================
--- trunk/openvas-plugins/scripts/zeroblog_xss.nasl 2009-10-26 08:44:40 UTC (rev 5717)
+++ trunk/openvas-plugins/scripts/zeroblog_xss.nasl 2009-10-26 09:02:32 UTC (rev 5718)
@@ -62,7 +62,7 @@
if (!can_host_php(port:port)) exit(0);
if (get_kb_item(string("www/", port, "/generic_xss"))) exit(0);
-xss = "'<IFRAME SRC=javascript:alert(%27XSS DETECTED BY NESSUS%27)></IFRAME>";
+xss = "'<IFRAME SRC=javascript:alert(%27XSS DETECTED BY OpenVAS%27)></IFRAME>";
exss = urlencode(str:xss);
if (thorough_tests) dirs = make_list("/zeroblog", "/", "/blog", cgi_dirs());
More information about the Openvas-commits
mailing list