[Openvas-commits] r7368 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Tue Apr 20 13:41:42 CEST 2010 

Author: mime
Date: 2010-04-20 13:41:39 +0200 (Tue, 20 Apr 2010)
New Revision: 7368

Added:
   trunk/openvas-plugins/scripts/gb_mysql_39543.nasl
   trunk/openvas-plugins/scripts/gb_openssl_38533.nasl
   trunk/openvas-plugins/scripts/gb_openssl_39013.nasl
   trunk/openvas-plugins/scripts/gb_phpmyadmin_37861.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/gb_openssl_38562.nasl
Log:
Added new plugins. Bugfix in version check.

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2010-04-20 09:52:22 UTC (rev 7367)
+++ trunk/openvas-plugins/ChangeLog	2010-04-20 11:41:39 UTC (rev 7368)
@@ -1,3 +1,14 @@
+2010-04-20  Michael Meyer <michael.meyer at greenbone.net>
+
+	* scripts/gb_phpmyadmin_37861.nasl,
+	scripts/gb_openssl_39013.nasl,
+	scripts/gb_mysql_39543.nasl,
+	scripts/gb_openssl_38533.nasl:
+	Added new plugins.
+
+	* scripts/gb_openssl_38562.nasl:
+	Bugfix in version check.
+
 2010-04-19  Michael Meyer <michael.meyer at greenbone.net>
 
 	* scripts/gb_http_file_server_39544.nasl,

Added: trunk/openvas-plugins/scripts/gb_mysql_39543.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_mysql_39543.nasl	2010-04-20 09:52:22 UTC (rev 7367)
+++ trunk/openvas-plugins/scripts/gb_mysql_39543.nasl	2010-04-20 11:41:39 UTC (rev 7368)
@@ -0,0 +1,83 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# MySQL UNINSTALL PLUGIN Security Bypass Vulnerability
+#
+# Authors:
+# Michael Meyer <michael.meyer at greenbone.net>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100586);
+ script_bugtraq_id(39543);
+ script_version ("1.0-$Revision$");
+
+ script_name("MySQL UNINSTALL PLUGIN Security Bypass Vulnerability");
+
+desc = "Overview:
+MySQL is prone to a security-bypass vulnerability.
+
+An attacker can exploit this issue to uninstall plugins without having
+sufficient privileges. This may result in denial-of-service
+conditions.
+
+Versions of MySQL 5.1.45 and prior are affected.
+
+Solution:
+A fix in the source code repository is available. Please see the
+references for more information.
+
+References:
+http://www.securityfocus.com/bid/39543
+http://lists.mysql.com/commits/103144
+http://dev.mysql.com/doc/refman/5.1/en/news-5-1-46.html
+http://www.mysql.com/";
+
+ script_tag(name:"risk_factor", value:"Medium");
+ script_description(desc);
+ script_summary("Determine if installed MySQL version is vulnerable");
+ script_category(ACT_GATHER_INFO);
+ script_family("Databases");
+ script_copyright("This script is Copyright (C) 2010 Greenbone Networks GmbH");
+ script_dependencies("mysql_version.nasl");
+ script_require_ports("Services/mysql", 3306);
+ exit(0);
+}
+
+include("version_func.inc");
+include("misc_func.inc");
+
+port = get_kb_item("Services/mysql");
+if(!port)exit(0);
+if(!get_tcp_port_state(port))exit(0);
+
+if(!ver = get_mysql_version(port:port))exit(0);
+if(isnull(ver))exit(0);
+
+if(ver =~ "^5\.1") {
+
+  if(version_is_less_equal(version: ver, test_version: "5.1.45")) {
+    security_warning(port:port);
+    exit(0);
+  }  
+}  
+
+exit(0);


Property changes on: trunk/openvas-plugins/scripts/gb_mysql_39543.nasl
___________________________________________________________________
Name: svn:keywords
   + Id Revision

Added: trunk/openvas-plugins/scripts/gb_openssl_38533.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_openssl_38533.nasl	2010-04-20 09:52:22 UTC (rev 7367)
+++ trunk/openvas-plugins/scripts/gb_openssl_38533.nasl	2010-04-20 11:41:39 UTC (rev 7368)
@@ -0,0 +1,100 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# OpenSSL 'dtls1_retrieve_buffered_fragment()' Remote Denial of Service Vulnerability
+#
+# Authors:
+# Michael Meyer <michael.meyer at greenbone.net>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100588);
+ script_bugtraq_id(38533);
+ script_cve_id("CVE-2010-0433");
+ script_version ("1.0-$Revision$");
+
+ script_name("OpenSSL 'dtls1_retrieve_buffered_fragment()' Remote Denial of Service Vulnerability");
+
+desc = "Overview:
+OpenSSL is prone to a denial-of-service vulnerability caused
+by a NULL-pointer dereference.
+
+According to its banner, OpenVAS has discovered that the remote Webserver is
+using a version prior to OpenSSL 0.9.8n which is vulnerable.
+
+An attacker can exploit this issue to crash the affected application,
+denying service to legitimate users.
+
+OpenSSL versions 0.9.8m and prior are vulnerable.
+
+Solution:
+Updates are available. Please see the references for more information.
+
+References:
+http://www.securityfocus.com/bid/38533
+https://bugzilla.redhat.com/show_bug.cgi?id=567711
+https://bugzilla.redhat.com/show_bug.cgi?id=569774
+http://www.openwall.com/lists/oss-security/2010/03/03/5
+http://cvs.openssl.org/chngview?cn=19374
+http://www.openssl.org
+http://www.securityfocus.com/archive/1/510726";
+
+ script_tag(name:"risk_factor", value:"Medium");
+ script_description(desc);
+ script_summary("Determine if installed OpenSSL version is vulnerable");
+ script_category(ACT_GATHER_INFO);
+ script_family("Denial of Service");
+ script_copyright("This script is Copyright (C) 2010 Greenbone Networks GmbH");
+ script_dependencies("http_version.nasl");
+ script_require_ports("Services/www", 443);
+ exit(0);
+}
+
+include("http_func.inc");
+include("version_func.inc");
+
+port = get_http_port(default:80);
+if(!get_port_state(port))exit(0);
+
+banner = get_http_banner(port:port);
+
+if(!banner || "OpenSSL/" >!< banner)exit(0);
+
+version = eregmatch(pattern: "OpenSSL/([^ ]+)", string: banner);
+if(isnull(version[1]))exit(0);
+
+vers = version[1];
+
+vers = ereg_replace(string:vers, pattern:"([a-z]$)", replace:".\1");
+
+if(vers =~ "^0\.9\.") {
+
+  if(!isnull(vers)) {
+
+    if(version_is_less(version: vers, test_version: "0.9.8.n")) {
+        security_warning(port:port);
+        exit(0);
+    }
+
+  }
+}
+
+exit(0);


Property changes on: trunk/openvas-plugins/scripts/gb_openssl_38533.nasl
___________________________________________________________________
Name: svn:keywords
   + Id Revision

Modified: trunk/openvas-plugins/scripts/gb_openssl_38562.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_openssl_38562.nasl	2010-04-20 09:52:22 UTC (rev 7367)
+++ trunk/openvas-plugins/scripts/gb_openssl_38562.nasl	2010-04-20 11:41:39 UTC (rev 7368)
@@ -75,11 +75,13 @@
 
 vers = version[1];
 
+vers = ereg_replace(string:vers, pattern:"([a-z]$)", replace:".\1");
+
 if(vers =~ "^0\.9\.") {
 
   if(!isnull(vers)) {
 
-    if(version_is_less(version: vers, test_version: "0.9.8m")) {
+    if(version_is_less(version: vers, test_version: "0.9.8.m")) {
         security_warning(port:port);
         exit(0);
     }

Added: trunk/openvas-plugins/scripts/gb_openssl_39013.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_openssl_39013.nasl	2010-04-20 09:52:22 UTC (rev 7367)
+++ trunk/openvas-plugins/scripts/gb_openssl_39013.nasl	2010-04-20 11:41:39 UTC (rev 7368)
@@ -0,0 +1,100 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# OpenSSL 'ssl3_get_record()' Remote Denial of Service Vulnerability
+#
+# Authors:
+# Michael Meyer <michael.meyer at greenbone.net>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100587);
+ script_bugtraq_id(39013);
+ script_cve_id("CVE-2010-0740");
+ script_version ("1.0-$Revision$");
+
+ script_name("OpenSSL 'ssl3_get_record()' Remote Denial of Service Vulnerability");
+
+desc = "Overview:
+OpenSSL is prone to a denial-of-service vulnerability caused
+by a NULL-pointer dereference.
+
+According to its banner, OpenVAS has discovered that the remote
+Webserver is using a version prior to OpenSSL 0.9.8n which is vulnerable.
+
+An attacker can exploit this issue to crash the affected application,
+denying service to legitimate users.
+
+OpenSSL versions 0.9.8f through 0.9.8m are vulnerable.
+
+Solution:
+Updates are available. Please see the references for more information.
+
+References:
+http://www.securityfocus.com/bid/39013
+http://www.openbsd.org/errata45.html
+http://www.openbsd.org/errata46.html
+http://www.openbsd.org/errata47.html
+http://www.openssl.org
+http://www.securityfocus.com/archive/1/510726
+http://openssl.org/news/secadv_20100324.txt";
+
+ script_tag(name:"risk_factor", value:"Medium");
+ script_description(desc);
+ script_summary("Determine if OpenSSL version is < 0.9.8n");
+ script_category(ACT_GATHER_INFO);
+ script_family("Denial of Service");
+ script_copyright("This script is Copyright (C) 2010 Greenbone Networks GmbH");
+ script_dependencies("http_version.nasl");
+ script_require_ports("Services/www", 443);
+ exit(0);
+}
+
+include("http_func.inc");
+include("version_func.inc");
+
+port = get_http_port(default:80);
+if(!get_port_state(port))exit(0);
+
+banner = get_http_banner(port:port);
+
+if(!banner || "OpenSSL/" >!< banner)exit(0);
+
+version = eregmatch(pattern: "OpenSSL/([^ ]+)", string: banner);
+if(isnull(version[1]))exit(0);
+
+vers = version[1];
+
+vers = ereg_replace(string:vers, pattern:"([a-z]$)", replace:".\1");
+
+if(vers =~ "^0\.9\.") {
+
+  if(!isnull(vers)) {
+
+    if(version_is_less(version: vers, test_version: "0.9.8.n")) {
+        security_warning(port:port);
+        exit(0);
+    }
+
+  }
+}
+
+exit(0);


Property changes on: trunk/openvas-plugins/scripts/gb_openssl_39013.nasl
___________________________________________________________________
Name: svn:keywords
   + Id Revision

Added: trunk/openvas-plugins/scripts/gb_phpmyadmin_37861.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_phpmyadmin_37861.nasl	2010-04-20 09:52:22 UTC (rev 7367)
+++ trunk/openvas-plugins/scripts/gb_phpmyadmin_37861.nasl	2010-04-20 11:41:39 UTC (rev 7368)
@@ -0,0 +1,81 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# phpMyAdmin 'unserialize()' Remote Code Execution Vulnerability
+#
+# Authors:
+# Michael Meyer <michael.meyer at greenbone.net>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100589);
+ script_bugtraq_id(37861);
+ script_cve_id("CVE-2009-4605");
+ script_version ("1.0-$Revision$");
+
+ script_name("phpMyAdmin 'unserialize()' Remote Code Execution Vulnerability");
+
+desc = "Overview:
+phpMyAdmin is prone to a vulnerability that lets attackers execute
+arbitrary code in the context of the webserver process. This may
+facilitate unauthorized access or privilege escalation; other attacks
+are also possible.
+
+Versions prior to phpMyAdmin 3.0.0 or 2.11.10 are vulnerable.
+
+Solution:
+Updates are available. Please see the references for more information.
+
+References:
+http://www.securityfocus.com/bid/37861
+http://www.phpmyadmin.net/
+http://www.phpmyadmin.net/home_page/security/PMASA-2010-3.php";
+
+ script_tag(name:"risk_factor", value:"High");
+ script_description(desc);
+ script_summary("Determine if installed phpMyAdmin version is vulnerable.");
+ script_category(ACT_GATHER_INFO);
+ script_family("Web application abuses");
+ script_copyright("This script is Copyright (C) 2010 Greenbone Networks GmbH");
+ script_dependencies("secpod_phpmyadmin_detect_900129.nasl");
+ script_require_ports("Services/www", 80);
+ script_exclude_keys("Settings/disable_cgi_scanning");
+ exit(0);
+}
+
+include("http_func.inc");
+include("version_func.inc");
+
+port = get_http_port(default:80);
+if(!get_port_state(port))exit(0);
+
+if (!can_host_php(port:port)) exit(0);
+
+if(vers = get_version_from_kb(port:port,app:"phpMyAdmin")) {
+
+  if(version_is_less(version: vers, test_version: "2.11.10")) {
+      security_hole(port:port);
+      exit(0);
+  }
+
+}
+
+exit(0);


Property changes on: trunk/openvas-plugins/scripts/gb_phpmyadmin_37861.nasl
___________________________________________________________________
Name: svn:keywords
   + Id Revision

More information about the Openvas-commits mailing list