[Openvas-commits] r7270 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Mon Apr 12 18:40:50 CEST 2010
Author: mime
Date: 2010-04-12 18:40:45 +0200 (Mon, 12 Apr 2010)
New Revision: 7270
Added:
trunk/openvas-plugins/scripts/gb_MediaWiki_39270.nasl
trunk/openvas-plugins/scripts/gb_centreon_39118.nasl
trunk/openvas-plugins/scripts/gb_couchdb_39116.nasl
trunk/openvas-plugins/scripts/gb_couchdb_detect.nasl
trunk/openvas-plugins/scripts/gb_moodle_39150.nasl
trunk/openvas-plugins/scripts/gb_sun_java_sys_web_serv_mult_vuln.nasl
trunk/openvas-plugins/scripts/gb_zabbix_39148.nasl
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/scripts/gb_sun_java_sys_web_serv_detect.nasl
trunk/openvas-plugins/scripts/gb_sun_java_sys_web_serv_mult_vuln_lin.nasl
trunk/openvas-plugins/scripts/gb_sun_java_sys_web_serv_mult_vuln_win.nasl
Log:
Added new Plugins. Exit if vulnerability is already discovered by remote check. Try also to get version from copyright file (including update version.)
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2010-04-12 14:31:34 UTC (rev 7269)
+++ trunk/openvas-plugins/ChangeLog 2010-04-12 16:40:45 UTC (rev 7270)
@@ -1,3 +1,22 @@
+2010-04-12 Michael Meyer <michael.meyer at intevation.de>
+
+ * scripts/gb_moodle_39150.nasl,
+ scripts/gb_MediaWiki_39270.nasl,
+ scripts/gb_centreon_39118.nasl,
+ scripts/gb_sun_java_sys_web_serv_mult_vuln.nasl,
+ scripts/gb_couchdb_detect.nasl,
+ scripts/gb_zabbix_39148.nasl,
+ scripts/gb_couchdb_39116.nasl:
+ Added new Plugins.
+
+ * scripts/gb_sun_java_sys_web_serv_mult_vuln_lin.nasl,
+ scripts/gb_sun_java_sys_web_serv_mult_vuln_win.nasl:
+ Exit if vulnerability is already discovered by remote check.
+
+ * scripts/gb_sun_java_sys_web_serv_detect.nasl:
+ Try also to get version from copyright file (including update
+ version)
+
2010-04-09 Chandrashekhar B <bchandra at secpod.com>
* scripts/secpod_ie_dos_vuln.nasl:
Added: trunk/openvas-plugins/scripts/gb_MediaWiki_39270.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_MediaWiki_39270.nasl 2010-04-12 14:31:34 UTC (rev 7269)
+++ trunk/openvas-plugins/scripts/gb_MediaWiki_39270.nasl 2010-04-12 16:40:45 UTC (rev 7270)
@@ -0,0 +1,82 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# MediaWiki Cross Site Request Forgery Vulnerability
+#
+# Authors:
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100568);
+ script_bugtraq_id(39270);
+ script_version ("1.0-$Revision$");
+
+ script_name("MediaWiki Cross Site Request Forgery Vulnerability");
+
+desc = "Overview:
+MediaWiki is prone to a cross-site request-forgery vulnerability.
+
+Exploiting this issue may allow a remote attacker to perform certain
+administrative actions and gain unauthorized access to the affected
+application. Other attacks are also possible.
+
+Versions prior to MediaWiki 1.15.3 are vulnerable.
+
+Solution:
+Updates are available. Please see the references for details.
+
+References:
+http://www.securityfocus.com/bid/39270
+http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-April/000090.html
+http://wikipedia.sourceforge.net/";
+
+ script_tag(name:"risk_factor", value:"Medium");
+ script_description(desc);
+ script_summary("Determine if MediaWiki version is < 1.15.3");
+ script_category(ACT_GATHER_INFO);
+ script_family("Web application abuses");
+ script_copyright("This script is Copyright (C) 2010 Greenbone Networks GmbH");
+ script_dependencies("secpod_mediawiki_detect.nasl");
+ script_require_ports("Services/www", 80);
+ script_exclude_keys("Settings/disable_cgi_scanning");
+ exit(0);
+}
+
+include("http_func.inc");
+include("version_func.inc");
+
+port = get_http_port(default:80);
+if(!get_port_state(port))exit(0);
+
+if (!can_host_php(port:port)) exit(0);
+
+if(!vers = get_kb_item(string("MediaWiki/Version")))exit(0);
+
+if(!isnull(vers) && vers >!< "unknown") {
+
+ if(version_is_less(version: vers, test_version: "1.15.3")) {
+ security_warning(port:port);
+ exit(0);
+ }
+}
+
+exit(0);
Property changes on: trunk/openvas-plugins/scripts/gb_MediaWiki_39270.nasl
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Added: trunk/openvas-plugins/scripts/gb_centreon_39118.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_centreon_39118.nasl 2010-04-12 14:31:34 UTC (rev 7269)
+++ trunk/openvas-plugins/scripts/gb_centreon_39118.nasl 2010-04-12 16:40:45 UTC (rev 7270)
@@ -0,0 +1,80 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Centreon 'main.php' SQL Injection Vulnerability
+#
+# Authors:
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100570);
+ script_bugtraq_id(39118);
+ script_version ("1.0-$Revision$");
+
+ script_name("Centreon 'main.php' SQL Injection Vulnerability");
+
+desc = "Overview:
+Centreon is prone to an SQL-injection vulnerability because it fails
+to sufficiently sanitize user-supplied data before using it in an
+SQL query.
+
+Exploiting this issue could allow an attacker to compromise the
+application, access or modify data, or exploit latent vulnerabilities
+in the underlying database.
+
+Centreon 2.1.5 is vulnerable; other versions may also be affected.
+
+References:
+http://www.securityfocus.com/bid/39118
+http://www.centreon.com/";
+
+ script_tag(name:"risk_factor", value:"Medium");
+ script_description(desc);
+ script_summary("Determine if FIXME is FIXME");
+ script_category(ACT_GATHER_INFO);
+ script_family("Web application abuses");
+ script_copyright("This script is Copyright (C) 2010 Greenbone Networks GmbH");
+ script_dependencies("centreon_detect.nasl");
+ script_require_ports("Services/www", 80);
+ script_exclude_keys("Settings/disable_cgi_scanning");
+ exit(0);
+}
+
+include("http_func.inc");
+include("http_keepalive.inc");
+include("version_func.inc");
+
+port = get_http_port(default:80);
+if(!get_port_state(port))exit(0);
+
+if (!can_host_php(port:port)) exit(0);
+
+if(vers = get_version_from_kb(port:port,app:"centreon")) {
+
+ if(version_is_equal(version: vers, test_version: "2.1.5")) {
+ security_warning(port:port);
+ exit(0);
+ }
+
+}
+
+exit(0);
Property changes on: trunk/openvas-plugins/scripts/gb_centreon_39118.nasl
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Added: trunk/openvas-plugins/scripts/gb_couchdb_39116.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_couchdb_39116.nasl 2010-04-12 14:31:34 UTC (rev 7269)
+++ trunk/openvas-plugins/scripts/gb_couchdb_39116.nasl 2010-04-12 16:40:45 UTC (rev 7270)
@@ -0,0 +1,87 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# CouchDB Message Digest Verification Security Bypass Vulnerability
+#
+# Authors:
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100572);
+ script_bugtraq_id(39116);
+ script_cve_id("CVE-2010-0009");
+ script_version ("1.0-$Revision$");
+
+ script_name("CouchDB Message Digest Verification Security Bypass Vulnerability");
+
+desc = "Overview:
+CouchDB is prone to a security-bypass vulnerability because it
+compares message digests using a variable time algorithm.
+
+Successfully exploiting this issue allows an attacker to determine if
+a forged digest is partially correct; repeated attacks will allow them
+to determine specific, legitimate digests.
+
+Versions prior to CouchDB 0.11 are vulnerable.
+
+Solution:
+The vendor has released updates. Please see the references for
+details.
+
+References:
+http://www.securityfocus.com/bid/39116
+http://couchdb.apache.org/";
+
+ script_tag(name:"risk_factor", value:"Medium");
+ script_description(desc);
+ script_summary("Determine if installed CouchDB version is < 0.11");
+ script_category(ACT_GATHER_INFO);
+ script_family("Databases");
+ script_copyright("This script is Copyright (C) 2010 Greenbone Networks GmbH");
+ script_dependencies("gb_couchdb_detect.nasl");
+ script_require_ports("Services/www", 5984);
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("http_keepalive.inc");
+include("version_func.inc");
+
+port = get_http_port(default:5984);
+if(!get_port_state(port))exit(0);
+
+if(!version = get_kb_item(string("couchdb/",port,"/version")))exit(0);
+
+vers = version;
+
+if(!isnull(vers) && vers >!< "unknown") {
+
+ if(version_is_less(version: vers, test_version: "0.11")) {
+ security_warning(port:port);
+ exit(0);
+ }
+
+}
+
+exit(0);
+
Property changes on: trunk/openvas-plugins/scripts/gb_couchdb_39116.nasl
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Added: trunk/openvas-plugins/scripts/gb_couchdb_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_couchdb_detect.nasl 2010-04-12 14:31:34 UTC (rev 7269)
+++ trunk/openvas-plugins/scripts/gb_couchdb_detect.nasl 2010-04-12 16:40:45 UTC (rev 7270)
@@ -0,0 +1,91 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# CouchDB Detection
+#
+# Authors:
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+# need desc here to modify it later in script.
+desc = "Overview:
+This host is running CouchDB. Apache CouchDB is a document-oriented
+database that can be queried and indexed in a MapReduce fashion using
+JavaScript. CouchDB also offers incremental replication with
+bi-directional conflict detection and resolution.
+
+See also:
+http://couchdb.apache.org/";
+
+if (description)
+{
+
+ script_tag(name:"risk_factor", value:"None");
+ script_id(100571);
+ script_version ("1.0-$Revision$");
+ script_name("CouchDB Detection");
+ script_description(desc);
+ script_summary("Checks for the presence of CouchDB");
+ script_category(ACT_GATHER_INFO);
+ script_family("Service detection");
+ script_copyright("This script is Copyright (C) 2010 Greenbone Networks GmbH");
+ script_dependencies("find_service.nes");
+ script_require_ports("Services/www", 5984);
+ exit(0);
+}
+
+include("http_func.inc");
+include("global_settings.inc");
+
+port = get_http_port(default:5984);
+if(!get_port_state(port))exit(0);
+
+banner = get_http_banner(port: port);
+if(!banner)exit(0);
+if("Server: CouchDB/" >!< banner)exit(0);
+
+vers = string("unknown");
+version = eregmatch(pattern:"Server: CouchDB/([^ ]+)", string: banner);
+
+if(!isnull(version[1])) {
+ vers = version[1];
+ set_kb_item(name:string("cpe:/a:apache:couchdb:", vers), value: TRUE);
+} else {
+ set_kb_item(name:string("cpe:/a:apache:couchdb"), value: TRUE);
+}
+
+set_kb_item(name:string("couchdb/",port,"/version"), value: vers);
+
+info = string("org/\n\nCouchDB Version (");
+info += string(vers);
+info += string(") was detected on the remote host");
+
+desc = ereg_replace(
+ string:desc,
+ pattern:"org/$",
+ replace:info
+ );
+
+if(report_verbosity > 0) {
+ security_note(port:port,data:desc);
+ exit(0);
+}
+
+exit(0);
Property changes on: trunk/openvas-plugins/scripts/gb_couchdb_detect.nasl
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Added: trunk/openvas-plugins/scripts/gb_moodle_39150.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_moodle_39150.nasl 2010-04-12 14:31:34 UTC (rev 7269)
+++ trunk/openvas-plugins/scripts/gb_moodle_39150.nasl 2010-04-12 16:40:45 UTC (rev 7270)
@@ -0,0 +1,100 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Moodle Prior to 1.9.8/1.8.12 Multiple Vulnerabilities
+#
+# Authors:
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100569);
+ script_bugtraq_id(39150);
+ script_version ("1.0-$Revision$");
+
+ script_name("Moodle Prior to 1.9.8/1.8.12 Multiple Vulnerabilities");
+
+desc = "Overview:
+Moodle is prone to multiple vulnerabilities, including:
+
+- multiple cross-site scripting issues
+- a security-bypass issue
+- an information-disclosure issue
+- multiple SQL-injection issues
+- an HTML-injection issue
+- a session-fixation issue
+
+Attackers can exploit these issues to bypass certain security
+restrictions, obtain sensitive information, perform unauthorized
+actions, compromise the application, access or modify data, or exploit
+latent vulnerabilities in the underlying database. Other attacks may
+also be possible.
+
+These issues affect versions prior to Moodle 1.9.8 and 1.8.12.
+
+Solution:
+Updates are available. Please see the references for more information.
+
+References:
+http://www.securityfocus.com/bid/39150
+http://docs.moodle.org/en/Moodle_1.9.8_release_notes
+http://www.moodle.org
+http://moodle.org/security/";
+
+ script_tag(name:"risk_factor", value:"Medium");
+ script_description(desc);
+ script_summary("Determine if installed Moodle version is vulnerable");
+ script_category(ACT_GATHER_INFO);
+ script_family("Web application abuses");
+ script_copyright("This script is Copyright (C) 2010 Greenbone Networks GmbH");
+ script_dependencies("gb_moodle_cms_detect.nasl");
+ script_require_ports("Services/www", 80);
+ script_exclude_keys("Settings/disable_cgi_scanning");
+ exit(0);
+}
+
+include("http_func.inc");
+include("version_func.inc");
+
+port = get_http_port(default:80);
+if(!get_port_state(port))exit(0);
+
+if (!can_host_php(port:port)) exit(0);
+
+if(vers = get_version_from_kb(port:port,app:"moodle")) {
+
+ if(vers =~ "1\.8") {
+
+ if(version_is_less(version: vers, test_version: "1.8.9")) {
+ security_warning(port:port);
+ exit(0);
+ }
+
+ } else if(vers =~ "1\.9") {
+
+ if(version_is_less(version: vers, test_version: "1.9.8")) {
+ security_warning(port:port);
+ exit(0);
+ }
+ }
+}
+
+exit(0);
Property changes on: trunk/openvas-plugins/scripts/gb_moodle_39150.nasl
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Modified: trunk/openvas-plugins/scripts/gb_sun_java_sys_web_serv_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_sun_java_sys_web_serv_detect.nasl 2010-04-12 14:31:34 UTC (rev 7269)
+++ trunk/openvas-plugins/scripts/gb_sun_java_sys_web_serv_detect.nasl 2010-04-12 16:40:45 UTC (rev 7270)
@@ -51,6 +51,7 @@
include("http_func.inc");
+include("openvas-https.inc");
foreach jswsPort (make_list(80, 8800, 8989, 8888))
{
@@ -59,6 +60,26 @@
banner = get_http_banner(port:jswsPort);
if(banner != NULL)
{
+
+ if("Server: Sun-" >< banner) {
+
+ url = "/admingui/version/copyright";
+ req = http_get(item:url, port:jswsPort);
+ body = http_send_recv(port: jswsPort, data: req);
+
+ if("Location: https://" >< body) {
+ body = https_req_get(port:jswsPort, request: req);
+ }
+
+ if("Sun Java System Web Server" >< body) {
+ version = eregmatch(pattern: "Sun Java System Web Server ([^ ]+)", string: body);
+ }
+
+ if(!isnull(version[1])) {
+ set_kb_item(name:string("Sun/JavaSysWebServ/",jswsPort,"/Ver"),value: version[1]);
+ }
+ }
+
jswsVer = eregmatch(pattern:"Server: Sun-(ONE|Java-System)-Web-Server\/" +
"([0-9]\.[0-9.]+)([^0-9.]|$)",
string:banner);
Added: trunk/openvas-plugins/scripts/gb_sun_java_sys_web_serv_mult_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_sun_java_sys_web_serv_mult_vuln.nasl 2010-04-12 14:31:34 UTC (rev 7269)
+++ trunk/openvas-plugins/scripts/gb_sun_java_sys_web_serv_mult_vuln.nasl 2010-04-12 16:40:45 UTC (rev 7270)
@@ -0,0 +1,116 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Sun Java System Web Server Multiple Vulnerabilities
+#
+# Authors:
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100567);
+ script_bugtraq_id(37874,37910);
+ script_cve_id("CVE-2010-0272","CVE-2010-0273", "CVE-2010-0360",
+ "CVE-2010-0361","CVE-2010-0388", "CVE-2010-0389");
+ script_version ("1.0-$Revision$");
+
+ script_name("Sun Java System Web Server Multiple Vulnerabilities");
+
+desc = "
+Overview: This host has Sun Java Web Server running which is prone to
+Multiple Vulnerabilities.
+
+Vulnerability Insight:
+- An error exists in WebDAV implementation in webservd and can be exploited
+ to cause Stack-based buffer overflow via long URI in an HTTP OPTIONS
+ request.
+- An unspecified error that can be exploited to cause a heap-based buffer
+ overflow which allows remote attackers to discover process memory
+ locations and execute arbitrary code by sending a process memory address
+ via crafted data.
+- Format string vulnerability in the WebDAV implementation in webservd that
+ can be exploited to cause denial of service via format string specifiers
+ in the encoding attribute of the XML declaration in a PROPFIND request.
+- An unspecified error in admin server that can be exploited to cause
+ denial of service via an HTTP request that lacks a method token.
+
+Impact:
+Successful exploitation lets the attackers to discover process memory
+locations or execute arbitrary code in the context of an affected system
+or cause the application to crash via a long URI in an HTTP OPTIONS request.
+
+Impact Level: System/Application
+
+Affected Software/OS:
+Sun Java System Web Server 7.0 Update 7 and prior.
+
+Fix:
+No solution or patch is available as on 29th January, 2010. Information
+regarding this issue will be updated once the solution details are available.
+For updates refer, http://www.sun.com/
+
+References:
+http://intevydis.com/sjws_demo.html
+http://xforce.iss.net/xforce/xfdb/55812
+http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70-admin.html
+http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70-webdav.html
+http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-trace.html
+http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-webdav.html
+
+CVSS Score:
+CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C)
+CVSS Temporal Score : 9.0";
+
+script_tag(name:"risk_factor", value:"High");
+script_description(desc);
+script_summary("Check for the version of Java System Web Server");
+script_category(ACT_GATHER_INFO);
+script_family("Buffer overflow");
+script_copyright("This script is Copyright (C) 2010 Greenbone Networks GmbH");
+script_dependencies("gb_sun_java_sys_web_serv_detect.nasl");
+script_require_ports("Services/www", 8989);
+script_require_keys("Sun/Java/SysWebServ/Ver","Sun/JavaSysWebServ/Port");
+exit(0);
+}
+
+include("http_func.inc");
+include("version_func.inc");
+
+if( get_kb_item("Sun/JavaSysWebServ/Ver") != "7.0"){
+ exit(0);
+}
+
+port = get_http_port(default:8989);
+if(!get_port_state(port))exit(0);
+
+if(version = get_kb_item(string("Sun/JavaSysWebServ/",port,"/Ver"))) {
+
+vers = str_replace(find:"U", string: version, replace:".");
+
+ if(version_is_less_equal(version: vers, test_version: "7.0.7")) {
+ security_warning(port:port);
+ set_kb_item(name: "Sun/JavaSysWebServ/37874", value: TRUE);
+ exit(0);
+ }
+
+}
+
+exit(0);
Property changes on: trunk/openvas-plugins/scripts/gb_sun_java_sys_web_serv_mult_vuln.nasl
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Modified: trunk/openvas-plugins/scripts/gb_sun_java_sys_web_serv_mult_vuln_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_sun_java_sys_web_serv_mult_vuln_lin.nasl 2010-04-12 14:31:34 UTC (rev 7269)
+++ trunk/openvas-plugins/scripts/gb_sun_java_sys_web_serv_mult_vuln_lin.nasl 2010-04-12 16:40:45 UTC (rev 7270)
@@ -84,7 +84,7 @@
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2010 Greenbone Networks GmbH");
script_family("Buffer overflow");
- script_dependencies("gb_sun_java_sys_web_serv_detect.nasl");
+ script_dependencies("gb_sun_java_sys_web_serv_detect.nasl","gb_sun_java_sys_web_serv_mult_vuln.nasl");
script_require_keys("Sun/Java/SysWebServ/Ver","Sun/JavaSysWebServ/Port");
exit(0);
}
@@ -93,6 +93,11 @@
include("ssh_func.inc");
include("version_func.inc");
+## Check if vulnerability already discovered by remote check
+if(get_kb_item("Sun/JavaSysWebServ/37874")){
+ exit(0);
+}
+
## Check for Sun Java System Web Server 7.0
if( get_kb_item("Sun/JavaSysWebServ/Ver") != "7.0"){
exit(0);
Modified: trunk/openvas-plugins/scripts/gb_sun_java_sys_web_serv_mult_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_sun_java_sys_web_serv_mult_vuln_win.nasl 2010-04-12 14:31:34 UTC (rev 7269)
+++ trunk/openvas-plugins/scripts/gb_sun_java_sys_web_serv_mult_vuln_win.nasl 2010-04-12 16:40:45 UTC (rev 7270)
@@ -80,8 +80,7 @@
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2010 Greenbone Networks GmbH");
script_family("Buffer overflow");
- script_dependencies("gb_sun_java_sys_web_serv_detect.nasl",
- "secpod_reg_enum.nasl");
+ script_dependencies("gb_sun_java_sys_web_serv_detect.nasl","secpod_reg_enum.nasl","gb_sun_java_sys_web_serv_mult_vuln.nasl");
script_require_keys("Sun/Java/SysWebServ/Ver", "Sun/JavaSysWebServ/Port",
"SMB/WindowsVersion");
exit(0);
@@ -98,6 +97,11 @@
exit(0);
}
+## Check if vulnerability already discovered by remote check
+if(get_kb_item("Sun/JavaSysWebServ/37874")){
+ exit(0);
+}
+
## Check for Sun Java System Web Server 7.0
if( get_kb_item("Sun/JavaSysWebServ/Ver") != "7.0"){
exit(0);
Added: trunk/openvas-plugins/scripts/gb_zabbix_39148.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_zabbix_39148.nasl 2010-04-12 14:31:34 UTC (rev 7269)
+++ trunk/openvas-plugins/scripts/gb_zabbix_39148.nasl 2010-04-12 16:40:45 UTC (rev 7270)
@@ -0,0 +1,84 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# ZABBIX 'DBcondition' Parameter SQL Injection Vulnerability
+#
+# Authors:
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100566);
+ script_bugtraq_id(39148);
+ script_version ("1.0-$Revision$");
+
+ script_name("ZABBIX 'DBcondition' Parameter SQL Injection Vulnerability");
+
+desc = "Overview:
+ZABBIX is prone to an SQL-injection vulnerability because it fails
+to sufficiently sanitize user-supplied data before using it in an
+SQL query.
+
+Exploiting this issue could allow an attacker to compromise the
+application, access or modify data, or exploit latent vulnerabilities
+in the underlying database.
+
+Versions prior to ZABBIX 1.8.2 are vulnerable.
+
+Solution:
+Updates are available. Please see the references for details.
+
+References:
+http://www.securityfocus.com/bid/39148
+http://www.zabbix.com/rn1.8.2.php
+http://www.zabbix.com/index.php";
+
+ script_tag(name:"risk_factor", value:"Medium");
+ script_description(desc);
+ script_summary("Determine if ZABBIX version is < 1.8.2");
+ script_category(ACT_GATHER_INFO);
+ script_family("Web application abuses");
+ script_copyright("This script is Copyright (C) 2010 Greenbone Networks GmbH");
+ script_dependencies("zabbix_web_detect.nasl");
+ script_require_ports("Services/www", 80);
+ script_exclude_keys("Settings/disable_cgi_scanning");
+ exit(0);
+}
+
+include("http_func.inc");
+include("http_keepalive.inc");
+include("version_func.inc");
+
+port = get_http_port(default:80);
+if(!get_port_state(port))exit(0);
+
+if (!can_host_php(port:port)) exit(0);
+
+if(vers = get_version_from_kb(port:port,app:"zabbix_client")) {
+
+ if(version_is_less(version: vers, test_version: "1.8.2")) {
+ security_warning(port:port);
+ exit(0);
+ }
+
+}
+
+exit(0);
Property changes on: trunk/openvas-plugins/scripts/gb_zabbix_39148.nasl
___________________________________________________________________
Name: svn:keywords
+ Id Revision
More information about the Openvas-commits
mailing list