[Openvas-commits] r5743 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Wed Oct 28 11:13:17 CET 2009


Author: mime
Date: 2009-10-28 11:13:14 +0100 (Wed, 28 Oct 2009)
New Revision: 5743

Added:
   trunk/openvas-plugins/scripts/asterisk_36821.nasl
   trunk/openvas-plugins/scripts/bftpd_36820.nasl
   trunk/openvas-plugins/scripts/cherokee_36814.nasl
   trunk/openvas-plugins/scripts/nginx_36839.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/cve_current.txt
   trunk/openvas-plugins/scripts/ping_host.nasl
   trunk/openvas-plugins/scripts/secpod_asterisk_rtp_text_frames_dos_vuln.nasl
Log:
Added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2009-10-28 09:52:17 UTC (rev 5742)
+++ trunk/openvas-plugins/ChangeLog	2009-10-28 10:13:14 UTC (rev 5743)
@@ -1,3 +1,18 @@
+2009-10-28 Michael Meyer <michael.meyer at intevation.de>
+
+	* scripts/nginx_36839.nasl,
+	scripts/cherokee_36814.nasl,
+	scripts/asterisk_36821.nasl,
+	scripts/bftpd_36820.nasl:
+	Added new plugins.
+
+	* scripts/ping_host.nasl:
+	There are no timeouts for scripts in ACT_SCANNER. Moved to 
+	ACT_GATHER_INFO.
+
+	* scripts/secpod_asterisk_rtp_text_frames_dos_vuln.nasl:
+	Added asteriskPort.
+
 2009-10-26  Thomas Reinke <reinke at securityspace.com>
 
 	* scripts/deb_1912_2.nasl,

Modified: trunk/openvas-plugins/cve_current.txt
===================================================================
--- trunk/openvas-plugins/cve_current.txt	2009-10-28 09:52:17 UTC (rev 5742)
+++ trunk/openvas-plugins/cve_current.txt	2009-10-28 10:13:14 UTC (rev 5743)
@@ -195,3 +195,7 @@
 CVE-2009-3751			SecPod
 CVE-2009-3789			SecPod
 CVE-2009-3788			SecPod
+36839				Greenbone	svn		R
+36814				Greenbone	svn		R
+36821				Greenbone	svn		R
+36820				Greenbone	svn		R

Added: trunk/openvas-plugins/scripts/asterisk_36821.nasl
===================================================================
--- trunk/openvas-plugins/scripts/asterisk_36821.nasl	2009-10-28 09:52:17 UTC (rev 5742)
+++ trunk/openvas-plugins/scripts/asterisk_36821.nasl	2009-10-28 10:13:14 UTC (rev 5743)
@@ -0,0 +1,75 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Asterisk Missing ACL Check Remote Security Bypass Vulnerability
+#
+# Authors:
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100319);
+ script_bugtraq_id(36821);
+ script_version ("1.0-$Revision$");
+
+ script_name("Asterisk Missing ACL Check Remote Security Bypass Vulnerability");
+
+desc = "Overview:
+Asterisk is prone to a security-bypass vulnerability.
+
+Attackers can exploit this issue to make network calls that are
+supposed to be prohibited. This may lead to other attacks.
+
+Solution:
+Updates are available. Please see the references for details.
+
+References:
+http://www.securityfocus.com/bid/36821
+http://www.asterisk.org/
+http://downloads.digium.com/pub/security/AST-2009-007.html 
+http://www.securityfocus.com/archive/1/507471
+
+Risk factor : Low";
+
+ script_description(desc);
+ script_summary("Determine if Asterisk version is < 1.6.1.8");
+ script_category(ACT_GATHER_INFO);
+ script_family("General");
+ script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH");
+ script_dependencies("secpod_asterisk_detect.nasl");
+ script_require_keys("Services/udp/sip");
+ exit(0);
+}
+
+include("version_func.inc");
+
+asterisk_port = get_kb_item("Services/udp/sip");
+if(!asterisk_port)exit(0);
+if(!get_udp_port_state(asterisk_port))exit(0);
+
+asteriskVer = get_kb_item("Asterisk-PBX/Ver");
+if(!asteriskVer){
+    exit(0);
+}
+
+if(version_in_range(version:asteriskVer, test_version:"1.6.1", test_version2:"1.6.1.8")) {
+  security_warning(port:asterisk_port, proto:"udp");
+}   


Property changes on: trunk/openvas-plugins/scripts/asterisk_36821.nasl
___________________________________________________________________
Name: svn:keywords
   + Id Revision

Added: trunk/openvas-plugins/scripts/bftpd_36820.nasl
===================================================================
--- trunk/openvas-plugins/scripts/bftpd_36820.nasl	2009-10-28 09:52:17 UTC (rev 5742)
+++ trunk/openvas-plugins/scripts/bftpd_36820.nasl	2009-10-28 10:13:14 UTC (rev 5743)
@@ -0,0 +1,96 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Bftpd Unspecified Remote Denial of Service Vulnerability
+#
+# Authors:
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100320);
+ script_bugtraq_id(36820);
+ script_version ("1.0-$Revision$");
+
+ script_name("Bftpd Unspecified Remote Denial of Service Vulnerability");
+
+desc = "Overview:
+Bftpd is prone to an unspecified remote denial-of-service
+vulnerability.
+
+Successful exploits will cause the affected application to crash,
+denying service to legitimate users.
+
+Versions prior to Bftpd 2.4 are vulnerable.
+
+Solution:
+Updates are available. Please see the references for details.
+
+References:
+http://www.securityfocus.com/bid/36820
+http://bftpd.sourceforge.net/index.html
+http://bftpd.sourceforge.net/news.html#032130
+
+Risk factor : Medium";
+
+ script_description(desc);
+ script_summary("Determine if Bftpd version is < 2.4");
+ script_category(ACT_GATHER_INFO);
+ script_family("FTP");
+ script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH");
+ script_dependencies("find_service.nes","secpod_ftp_anonymous.nasl","ftpserver_detect_type_nd_version.nasl");
+ script_require_ports("Services/ftp", 21);
+ exit(0);
+}
+
+include("ftp_func.inc");
+include("version_func.inc");
+
+ftpPort = get_kb_item("Services/ftp");
+if(!ftpPort){
+  ftpPort = 21;
+}
+
+if(get_kb_item('ftp/'+port+'/broken'))exit(0);
+
+if(!get_port_state(ftpPort)){
+  exit(0);
+}
+
+if(!banner = get_ftp_banner(port:ftpPort))exit(0);
+
+if("bftpd" >< banner) {
+ 
+  if(!version = eregmatch(pattern:"220 bftpd ([0-9.]+)", string:banner))exit(0);
+
+  vers = version[1];
+  if(!isnull(vers)) {
+
+     if(version_is_less(version:vers, test_version:"2.4")) {
+       security_warning(port:ftpPort);
+       exit(0);
+     }  
+  }  
+}  
+
+exit(0); 
+
+     


Property changes on: trunk/openvas-plugins/scripts/bftpd_36820.nasl
___________________________________________________________________
Name: svn:keywords
   + Id Revision

Added: trunk/openvas-plugins/scripts/cherokee_36814.nasl
===================================================================
--- trunk/openvas-plugins/scripts/cherokee_36814.nasl	2009-10-28 09:52:17 UTC (rev 5742)
+++ trunk/openvas-plugins/scripts/cherokee_36814.nasl	2009-10-28 10:13:14 UTC (rev 5743)
@@ -0,0 +1,86 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Cherokee Web Server Malformed Packet Remote Denial of Service Vulnerability
+#
+# Authors:
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100318);
+ script_bugtraq_id(36814);
+ script_version ("1.0-$Revision$");
+
+ script_name("Cherokee Web Server Malformed Packet Remote Denial of Service Vulnerability");
+
+desc = "Overview:
+Cherokee Web Server is prone to a remote denial-of-service
+vulnerability.
+
+An attacker could exploit this issue to crash the affected
+application, denying service to legitimate users.
+
+Cherokee Web Server 0.5.4 is vulnerable; other versions may also
+be affected.
+
+References:
+http://www.securityfocus.com/bid/36814
+http://www.alobbs.com/modules.php?op=modload&name=cherokee&file=index
+http://www.securityfocus.com/archive/1/507456
+
+
+Risk factor : Medium";
+
+ script_description(desc);
+ script_summary("Determine if Cherokee Web Server version is 0.5.4");
+ script_category(ACT_GATHER_INFO);
+ script_family("Web Servers");
+ script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH");
+ script_dependencies("find_service.nes");
+ script_require_ports("Services/www", 80);
+ exit(0);
+}
+
+include("http_func.inc");
+include("version_func.inc");
+
+port = get_http_port(default:80);
+if(!get_port_state(port))exit(0);
+
+banner = get_http_banner(port: port);
+if(!banner)exit(0);
+
+if("Cherokee" >< banner) {
+
+   if(!version = eregmatch(pattern:"Server: Cherokee/([0-9.]+)", string:banner))exit(0);
+   vers = version[1];
+
+   if(!isnull(vers)) {
+     if(version_is_equal(version: vers,test_version:"0.5.4"))  {
+          security_warning(port:port);
+          exit(0); 
+     }
+   }  
+ }
+
+exit(0);
+


Property changes on: trunk/openvas-plugins/scripts/cherokee_36814.nasl
___________________________________________________________________
Name: svn:keywords
   + Id Revision

Added: trunk/openvas-plugins/scripts/nginx_36839.nasl
===================================================================
--- trunk/openvas-plugins/scripts/nginx_36839.nasl	2009-10-28 09:52:17 UTC (rev 5742)
+++ trunk/openvas-plugins/scripts/nginx_36839.nasl	2009-10-28 10:13:14 UTC (rev 5743)
@@ -0,0 +1,84 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
+#
+# Authors:
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100321);
+ script_bugtraq_id(36839);
+ script_version ("1.0-$Revision$");
+
+ script_name("nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability");
+
+desc = "Overview:
+The 'nginx' program is prone to a buffer-overflow vulnerability
+because the application fails to perform adequate boundary checks on
+user-supplied data.
+
+Attackers can exploit this issue to execute arbitrary code within the
+context of the affected application. Failed exploit attempts will
+result in a denial-of-service condition.
+
+Solution:
+Updates are available. Please see the references for more information.
+
+References:
+http://www.securityfocus.com/bid/36839
+http://nginx.net/
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552035
+
+Risk factor : High";
+
+ script_description(desc);
+ script_summary("Determine if nginx is prone to a buffer-overflow vulnerability");
+ script_category(ACT_GATHER_INFO);
+ script_family("Web Servers");
+ script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH");
+ script_dependencies("nginx_detect.nasl");
+ script_require_ports("Services/www", 80);
+ exit(0);
+}
+
+include("http_func.inc");
+include("version_func.inc");
+
+port = get_http_port(default:80);
+if(!get_port_state(port))exit(0);
+
+if(!vers = get_kb_item(string("nginx/", port, "/version")))exit(0);
+if(!isnull(vers) && vers >!< "unknown") {
+
+
+  if(version_in_range(version:vers, test_version:"0.7", test_version2: "0.7.61") ||
+     version_in_range(version:vers, test_version:"0.6", test_version2: "0.6.38") ||
+     version_in_range(version:vers, test_version:"0.5", test_version2: "0.5.37") ||
+     version_in_range(version:vers, test_version:"0.4", test_version2: "0.4.14")) {
+
+      security_hole(port:port);
+
+  }
+}
+
+exit(0);


Property changes on: trunk/openvas-plugins/scripts/nginx_36839.nasl
___________________________________________________________________
Name: svn:keywords
   + Id Revision

Modified: trunk/openvas-plugins/scripts/ping_host.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ping_host.nasl	2009-10-28 09:52:17 UTC (rev 5742)
+++ trunk/openvas-plugins/scripts/ping_host.nasl	2009-10-28 10:13:14 UTC (rev 5743)
@@ -37,7 +37,7 @@
 
  script_description(desc);
  script_summary("Ping the remote host");
- script_category(ACT_SCANNER);
+ script_category(ACT_GATHER_INFO);
  script_family("Port scanners");
  script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH");
 

Modified: trunk/openvas-plugins/scripts/secpod_asterisk_rtp_text_frames_dos_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_asterisk_rtp_text_frames_dos_vuln.nasl	2009-10-28 09:52:17 UTC (rev 5742)
+++ trunk/openvas-plugins/scripts/secpod_asterisk_rtp_text_frames_dos_vuln.nasl	2009-10-28 10:13:14 UTC (rev 5743)
@@ -82,6 +82,10 @@
 
 include("version_func.inc");
 
+asteriskPort = get_kb_item("Services/udp/sip");
+if(!asterisk_port)exit(0);
+if(!get_udp_port_state(asterisk_port))exit(0);
+
 asteriskVer = get_kb_item("Asterisk-PBX/Ver");
 if(!asteriskVer){
   exit(0);



More information about the Openvas-commits mailing list