[Openvas-commits] r8807 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Mon Aug 16 09:09:51 CEST 2010
Author: chandra
Date: 2010-08-16 09:09:42 +0200 (Mon, 16 Aug 2010)
New Revision: 8807
Added:
trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_dos_vuln_aug10_lin.nasl
trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_dos_vuln_aug10_win.nasl
trunk/openvas-plugins/scripts/gb_apple_quicktime_player_bof_vuln.nasl
trunk/openvas-plugins/scripts/gb_novell_iprint_client_mult_vuln_lin.nasl
trunk/openvas-plugins/scripts/gb_novell_iprint_client_mult_vuln_win.nasl
trunk/openvas-plugins/scripts/gb_opera_mult_vuln_aug10_win.nasl
trunk/openvas-plugins/scripts/gb_pligg_mult_sql_inj_vuln.nasl
trunk/openvas-plugins/scripts/gb_subtitle_translation_wizard_bof_vuln.nasl
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/scripts/gb_nessus_41966.nasl
trunk/openvas-plugins/scripts/secpod_novell_prdts_detect_win.nasl
Log:
Added new plugins
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2010-08-13 17:40:17 UTC (rev 8806)
+++ trunk/openvas-plugins/ChangeLog 2010-08-16 07:09:42 UTC (rev 8807)
@@ -1,3 +1,21 @@
+2010-08-16 Chandrashekhar B <bchandra at secpod.com>
+
+ * scripts/gb_adobe_prdts_mult_dos_vuln_aug10_lin.nasl,
+ scripts/gb_apple_quicktime_player_bof_vuln.nasl,
+ scripts/gb_novell_iprint_client_mult_vuln_lin.nasl,
+ scripts/gb_pligg_mult_sql_inj_vuln.nasl,
+ scripts/gb_opera_mult_vuln_aug10_win.nasl,
+ scripts/gb_subtitle_translation_wizard_bof_vuln.nasl,
+ scripts/gb_adobe_prdts_mult_dos_vuln_aug10_win.nasl,
+ scripts/gb_novell_iprint_client_mult_vuln_win.nasl:
+ Added new plugins.
+
+ * scripts/secpod_novell_prdts_detect_win.nasl:
+ Updated to detect newer versions.
+
+ * scripts/gb_nessus_41966.nasl:
+ Added new CVE.
+
2010-08-13 Veerendra G.G <veerendragg at secpod.com>
* scripts/gb_ubuntu_USN_970_1.nasl,
Added: trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_dos_vuln_aug10_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_dos_vuln_aug10_lin.nasl 2010-08-13 17:40:17 UTC (rev 8806)
+++ trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_dos_vuln_aug10_lin.nasl 2010-08-16 07:09:42 UTC (rev 8807)
@@ -0,0 +1,95 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_adobe_prdts_mult_dos_vuln_aug10_lin.nasl 10674 2010-08-12 15:15:15Z aug $
+#
+# Adobe Flash Player/Air Multiple Vulnerabilities - August10 (Linux)
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801256);
+ script_version("Revision$:1.0");
+ script_cve_id("CVE-2010-0209", "CVE-2010-2213", "CVE-2010-2215",
+ "CVE-2010-2214", "CVE-2010-2216");
+ script_bugtraq_id(42341);
+ script_tag(name:"cvss_base", value:"9.3");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_name("Adobe Flash Player/Air Multiple Vulnerabilities - August10 (Linux)");
+ desc = "
+ Overview: This host is installed with Adobe Flash Player/Air and is prone to
+ multiple vulnerabilities.
+
+ Vulnerability Insight:
+ The flaws are caused due to memory corruptions and click-jacking issue via
+ unspecified vectors.
+
+ Impact:
+ Successful exploitation will let the attackers to execute arbitrary code,
+ cause denial-of-service conditions, or perform click-jacking attacks.
+
+ Impact Level: Application/System.
+
+ Affected Software/OS:
+ Adobe AIR version prior to 2.0.3
+ Adobe Flash Player version before 9.0.280 and 10.x before 10.1.82.76 on Linux.
+
+ Fix: Upgrade to Adobe Air 2.0.3 and Adobe Flash Player 9.0.280 or 10.1.82.76 or later
+ For updates refer, http://get.adobe.com/air
+ http://www.adobe.com/support/flashplayer/downloads.html
+
+ References:
+ http://www.adobe.com/support/security/bulletins/apsb10-16.html
+ ";
+
+ script_description(desc);
+ script_summary("Check for the version of Adobe Flash Player/Air");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2010 Greenbone Networks GmbH");
+ script_family("Denial of Service");
+ script_dependencies("gb_adobe_flash_player_detect_lin.nasl");
+ script_require_keys("AdobeFlashPlayer/Linux/Ver", "Adobe/Air/Linux/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+# Check for Adobe Flash Player
+playerVer = get_kb_item("AdobeFlashPlayer/Linux/Ver");
+if(playerVer != NULL)
+{
+ if(version_is_less(version:playerVer, test_version2:"9.0.280") ||
+ version_in_range(version:playerVer, test_version:"10.0", test_version2:"10.1.82.75"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
+
+# Check for Adobe Air
+airVer = get_kb_item("Adobe/Air/Linux/Ver");
+if(airVer != NULL)
+{
+ if(version_is_less(version:airVer, test_version:"2.0.3")){
+ security_hole(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_dos_vuln_aug10_lin.nasl
___________________________________________________________________
Name: svn:keywords
+ Revision
Added: trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_dos_vuln_aug10_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_dos_vuln_aug10_win.nasl 2010-08-13 17:40:17 UTC (rev 8806)
+++ trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_dos_vuln_aug10_win.nasl 2010-08-16 07:09:42 UTC (rev 8807)
@@ -0,0 +1,95 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_adobe_prdts_mult_dos_vuln_aug10_win.nasl 10674 2010-08-12 15:15:15Z aug $
+#
+# Adobe Flash Player/Air Multiple Vulnerabilities - August10 (Win)
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801255);
+ script_version("Revision$:1.0");
+ script_cve_id("CVE-2010-0209", "CVE-2010-2213", "CVE-2010-2215",
+ "CVE-2010-2214", "CVE-2010-2216");
+ script_bugtraq_id(42341);
+ script_tag(name:"cvss_base", value:"9.3");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_name("Adobe Flash Player/Air Multiple Vulnerabilities - August10 (Win)");
+ desc = "
+ Overview: This host is installed with Adobe Flash Player/Air and is prone to
+ multiple vulnerabilities.
+
+ Vulnerability Insight:
+ The flaws are caused due to memory corruptions and click-jacking issue via
+ unspecified vectors.
+
+ Impact:
+ Successful exploitation will let the attackers to execute arbitrary code,
+ cause denial-of-service conditions, or perform click-jacking attacks.
+
+ Impact Level: Application/System.
+
+ Affected Software/OS:
+ Adobe AIR version prior to 2.0.3
+ Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76 on windows.
+
+ Fix: Upgrade to Adobe Air 2.0.3 and Adobe Flash Player 9.0.280 or 10.1.82.76 or later
+ For updates refer, http://get.adobe.com/air
+ http://www.adobe.com/support/flashplayer/downloads.html
+
+ References:
+ http://www.adobe.com/support/security/bulletins/apsb10-16.html
+ ";
+
+ script_description(desc);
+ script_summary("Check for the version of Adobe Flash Player/Air");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2010 Greenbone Networks GmbH");
+ script_family("Denial of Service");
+ script_dependencies("gb_adobe_flash_player_detect_win.nasl");
+ script_require_keys("AdobeFlashPlayer/Win/Ver", "Adobe/Air/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+# Check for Adobe Flash Player
+playerVer = get_kb_item("AdobeFlashPlayer/Win/Ver");
+if(playerVer != NULL)
+{
+ if(version_is_less(version:playerVer, test_version2:"9.0.280") ||
+ version_in_range(version:playerVer, test_version:"10.0", test_version2:"10.1.82.75"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
+
+# Check for Adobe Air
+airVer = get_kb_item("Adobe/Air/Win/Ver");
+if(airVer != NULL)
+{
+ if(version_is_less(version:airVer, test_version:"2.0.3")){
+ security_hole(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_dos_vuln_aug10_win.nasl
___________________________________________________________________
Name: svn:keywords
+ Revision
Added: trunk/openvas-plugins/scripts/gb_apple_quicktime_player_bof_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_apple_quicktime_player_bof_vuln.nasl 2010-08-13 17:40:17 UTC (rev 8806)
+++ trunk/openvas-plugins/scripts/gb_apple_quicktime_player_bof_vuln.nasl 2010-08-16 07:09:42 UTC (rev 8807)
@@ -0,0 +1,85 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_apple_quicktime_player_bof_vuln.nasl 10586 2010-08-13 13:14:17 aug $
+#
+# QuickTime Player Streaming Debug Error Logging Buffer Overflow Vulnerability
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801427);
+ script_version("$Revision$: 1.0");
+ script_cve_id("CVE-2010-1799");
+ script_bugtraq_id(41962);
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"risk_factor", value:"High");
+ script_name("QuickTime Player Streaming Debug Error Logging Buffer Overflow Vulnerability");
+ desc = "
+ Overview: The host is running QuickTime Player and is prone to buffer overflow
+ vulnerability.
+
+ Vulnerability Insight:
+ The flaw is caused due to a boundary error in 'QuickTimeStreaming.qtx' when
+ constructing a string to write to a debug log file.
+
+ Impact:
+ Successful exploitation could allow attackers to cause a stack-based buffer
+ overflow by tricking a user into viewing a specially crafted web page that
+ references a SMIL file containing an overly long URL.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ QuickTime Player version prior to 7.6.7
+
+ Fix: Upgrade to QuickTime Player version 7.6.7 or later
+ For updates refer, http://www.apple.com/quicktime/download/
+
+ References:
+ http://secunia.com/advisories/40729
+ http://www.securelist.com/en/advisories/40729
+ http://telussecuritylabs.com/threats/show/FSC20100727-08
+ http://en.community.dell.com/support-forums/virus-spyware/f/3522/t/19340212.aspx ";
+
+ script_description(desc);
+ script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
+ script_summary("Check the version of QuickTime Player");
+ script_category(ACT_GATHER_INFO);
+ script_family("Buffer overflow");
+ script_dependencies("secpod_apple_quicktime_detection_win_900124.nasl");
+ script_require_keys("QuickTime/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get the version from KB
+quickVer = get_kb_item("QuickTime/Win/Ver");
+if(!quickVer){
+ exit(0);
+}
+
+## Check for QuickTime Playe Version less than 7.6.7
+if(version_is_less(version:quickVer, test_version:"7.6.7")){
+ security_hole(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_apple_quicktime_player_bof_vuln.nasl
___________________________________________________________________
Name: svn:executable
+ *
Name: svn:keywords
+ Revision
Modified: trunk/openvas-plugins/scripts/gb_nessus_41966.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_nessus_41966.nasl 2010-08-13 17:40:17 UTC (rev 8806)
+++ trunk/openvas-plugins/scripts/gb_nessus_41966.nasl 2010-08-16 07:09:42 UTC (rev 8807)
@@ -28,8 +28,8 @@
{
script_id(100728);
script_bugtraq_id(41966);
- script_tag(name:"cvss_base", value:"4.3");
- script_cve_id("CVE-2010-2914");
+ script_tag(name:"cvss_base", value:"5.0");
+ script_cve_id("CVE-2010-2914", "CVE-2010-2989");
script_version ("1.0-$Revision$");
script_name("Nessus Web Server Plugin Unspecified Cross Site Scripting Vulnerability");
@@ -65,7 +65,7 @@
exit(0);
}
-
+
include("http_func.inc");
include("openvas-https.inc");
include("version_func.inc");
Added: trunk/openvas-plugins/scripts/gb_novell_iprint_client_mult_vuln_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_novell_iprint_client_mult_vuln_lin.nasl 2010-08-13 17:40:17 UTC (rev 8806)
+++ trunk/openvas-plugins/scripts/gb_novell_iprint_client_mult_vuln_lin.nasl 2010-08-16 07:09:42 UTC (rev 8807)
@@ -0,0 +1,90 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_novell_iprint_client_mult_vuln_lin.nasl 10562 2010-08-13- 16:14:17 aug $
+#
+# Novell iPrint Client Multiple Security Vulnerabilities (Linux)
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801424);
+ script_version("$Revision$: 1.0");
+ script_bugtraq_id(42100);
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_name("Novell iPrint Client Multiple Security Vulnerabilities (Linux)");
+ desc = "
+ Overview: The host is installed Novell iPrint Client and is prone to multiple
+ vulnerabilities.
+
+ Vulnerability Insight:
+ Multiple flaws are caused due to:
+ - Failure to properly verify the name of parameters passed via '<embed>'
+ tags.
+ - Error in handling plugin parameters. A long value for the operation
+ parameter can trigger a stack-based buffer overflow.
+
+ Impact:
+ Successful exploitation could allow attackers to execute arbitrary code,
+ delete all files on a system in the context of an affected site.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Novell iPrint Client version 5.40 and prior.
+
+ Fix: Apply patch from below link
+ http://download.novell.com/Download?buildid=ftwZBxEFjIg~
+
+ *****
+ NOTE : Ignore this warning, if above mentioned patch is applied already.
+ *****
+
+ References:
+ http://dvlabs.tippingpoint.com/advisory/TPTI-10-06
+ http://dvlabs.tippingpoint.com/advisory/TPTI-10-05
+ http://www.zerodayinitiative.com/advisories/ZDI-10-139/
+ http://www.zerodayinitiative.com/advisories/ZDI-10-140/ ";
+
+ script_description(desc);
+ script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
+ script_summary("Check the version of Novell iPrint Client");
+ script_category(ACT_GATHER_INFO);
+ script_family("General");
+ script_dependencies("secpod_novell_prdts_detect_lin.nasl");
+ script_require_keys("Novell/iPrint/Client/Linux/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get the version from KB
+iPrintVer = get_kb_item("Novell/iPrint/Client/Linux/Ver");
+if(!iPrintVer){
+ exit(0);
+}
+
+## Check for Novell iPrint Client Version <= 5.40
+if(version_is_less_equal(version:iPrintVer, test_version:"5.40.0")){
+ security_hole(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_novell_iprint_client_mult_vuln_lin.nasl
___________________________________________________________________
Name: svn:executable
+ *
Name: svn:keywords
+ Revision
Added: trunk/openvas-plugins/scripts/gb_novell_iprint_client_mult_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_novell_iprint_client_mult_vuln_win.nasl 2010-08-13 17:40:17 UTC (rev 8806)
+++ trunk/openvas-plugins/scripts/gb_novell_iprint_client_mult_vuln_win.nasl 2010-08-16 07:09:42 UTC (rev 8807)
@@ -0,0 +1,113 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_novell_iprint_client_mult_vuln_win.nasl 10562 2010-08-13 16:14:17 aug $
+#
+# Novell iPrint Client Multiple Security Vulnerabilities (Windows)
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801423);
+ script_version("$Revision$: 1.0");
+ script_bugtraq_id(42100);
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_name("Novell iPrint Client Multiple Security Vulnerabilities (Windows)");
+ desc = "
+ Overview: The host is installed Novell iPrint Client and is prone to multiple
+ vulnerabilities.
+
+ Vulnerability Insight:
+ Multiple flaws are caused due to:
+ - Error in handling 'ienipp.ocx' ActiveX control.
+ - Error within the nipplib.dll module that can be reached via the 'ienipp.ocx'
+ ActiveX control with 'CLSID 36723f97-7aa0-11d4-8919-FF2D71D0D32C'.
+ - Failure to verify the name of parameters passed via '<embed>' tags.
+ - Error in handling plugin parameters. A long value for the operation
+ parameter can trigger a stack-based buffer overflow.
+
+ Impact:
+ Successful exploitation could allow attackers to execute arbitrary code,
+ delete all files on a system in the context of an affected site.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Novell iPrint Client version 5.40 and prior.
+
+ Fix: Apply patch from below link
+ http://download.novell.com/Download?buildid=ftwZBxEFjIg~
+
+ *****
+ NOTE : Ignore this warning, if above mentioned patch is applied already.
+ *****
+
+ References:
+ http://dvlabs.tippingpoint.com/advisory/TPTI-10-06
+ http://dvlabs.tippingpoint.com/advisory/TPTI-10-05
+ http://www.zerodayinitiative.com/advisories/ZDI-10-139/
+ http://www.zerodayinitiative.com/advisories/ZDI-10-140/ ";
+
+ script_description(desc);
+ script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
+ script_summary("Check the version of Novell iPrint Client");
+ script_category(ACT_GATHER_INFO);
+ script_family("General");
+ script_dependencies("secpod_novell_prdts_detect_win.nasl");
+ script_require_keys("Novell/iPrint/Ver");
+ exit(0);
+}
+
+include("smb_nt.inc");
+include("version_func.inc");
+include("secpod_activex.inc");
+include("secpod_smb_func.inc");
+
+## Get the version from KB
+iPrintVer = get_kb_item("Novell/iPrint/Ver");
+if(!iPrintVer){
+ exit(0);
+}
+
+## Check for Novell iPrint Client Version <= 5.40
+if(version_is_less_equal(version:iPrintVer, test_version:"5.40"))
+{
+ ## Path for the ienipp.ocx file
+ path = registry_get_sz(key:"SOFTWARE\Microsoft\COM3\Setup",
+ item:"Install Path");
+ if(!path){
+ exit(0);
+ }
+
+ path = path + "\ienipp.ocx";
+ share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:path);
+ file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:path);
+
+ ## Confirm the file existance
+ ocxSize = get_file_size(share:share, file:file);
+ if(ocxSize)
+ {
+ if(is_killbit_set(clsid:"{36723f97-7aa0-11d4-8919-FF2D71D0D32C}") == 0){
+ security_hole(0);
+ }
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_novell_iprint_client_mult_vuln_win.nasl
___________________________________________________________________
Name: svn:executable
+ *
Name: svn:keywords
+ Revision
Added: trunk/openvas-plugins/scripts/gb_opera_mult_vuln_aug10_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_opera_mult_vuln_aug10_win.nasl 2010-08-13 17:40:17 UTC (rev 8806)
+++ trunk/openvas-plugins/scripts/gb_opera_mult_vuln_aug10_win.nasl 2010-08-16 07:09:42 UTC (rev 8807)
@@ -0,0 +1,91 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_opera_mult_vuln_aug10_win.nasl 10680 2010-08-13 11:11:11Z aug $
+#
+# Opera Browser Multiple Vulnerabilities August-10 (Windows)
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801257);
+ script_version("Revision$:1.0");
+ script_bugtraq_id(42407);
+ script_tag(name:"cvss_base", value:"9.3");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_name("Opera Browser Multiple Vulnerabilities August-10 (Windows)");
+ desc = "
+ Overview: The host is installed with Opera Browser and is prone to multiple
+ vulnerabilities.
+
+ Vulnerability Insight:
+ Multiple flaws are cause due to:
+ - An error in the processing of painting operations on a canvas while
+ certain transformations are being applied, which can be exploited to cause
+ a heap-based buffer overflow.
+ - An error when displaying the download dialog, which could allow attackers
+ to trick a user into running downloaded executables.
+ - An error when previewing a news feed, which can be exploited to execute
+ script code and automatically subscribe the user to the feed.
+
+ Impact:
+ Successful exploitation will allow remote attackers to bypass certain security
+ protections, execute arbitrary code, or cause denial-of-service conditions.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Opera Web Browser Version prior to 10.61
+
+ Fix: Upgarde to Opera Web Browser Version 10.61 or later,
+ For Updates Refer, http://www.opera.com/download/
+
+ References:
+ http://secunia.com/advisories/40120
+ http://www.opera.com/support/kb/view/966/
+ http://www.opera.com/support/kb/view/967/
+ http://www.opera.com/support/kb/view/968/
+ http://www.opera.com/docs/changelogs/windows/1061/
+ ";
+
+ script_description(desc);
+ script_summary("Check for the version of Opera");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
+ script_family("General");
+ script_dependencies("secpod_opera_detection_win_900036.nasl");
+ script_require_keys("Opera/Win/Version");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get Opera Version from KB
+ver = get_kb_item("Opera/Win/Version");
+
+if(ver)
+{
+ ## Grep for Opera Versions prior to 10.61
+ if(version_in_range(version:ver, test_version:"10.0", test_version2:"10.60")){
+ security_hole(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_opera_mult_vuln_aug10_win.nasl
___________________________________________________________________
Name: svn:executable
+ *
Name: svn:keywords
+ Revision
Added: trunk/openvas-plugins/scripts/gb_pligg_mult_sql_inj_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_pligg_mult_sql_inj_vuln.nasl 2010-08-13 17:40:17 UTC (rev 8806)
+++ trunk/openvas-plugins/scripts/gb_pligg_mult_sql_inj_vuln.nasl 2010-08-16 07:09:42 UTC (rev 8807)
@@ -0,0 +1,89 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_pligg_mult_sql_inj_vuln.nasl 10681 2010-08-13 14:14:14Z aug $
+#
+# Pligg Multiple SQL Injection Vulnerabilities
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801258);
+ script_version("$Revision$: 1.0");
+ script_cve_id("CVE-2010-2577");
+ script_bugtraq_id(42408);
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"risk_factor", value:"High");
+ script_name("Pligg Multiple SQL Injection Vulnerabilities");
+ desc = "
+ Overview: The host is running Pligg CMS and is prone to multiple SQL injection
+ vulnerabilities.
+
+ Vulnerability Insight:
+ The flaws are caused by improper validation of user-supplied inputs via the
+ 'title' parameter in storyrss.php and story.php and 'role' parameter in
+ groupadmin.php that allows attacker to manipulate SQL queries by injecting
+ arbitrary SQL code.
+
+ Impact:
+ Successful exploitation will let the attacker to cause SQL Injection attack
+ and gain sensitive information.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Pligg CMS Version 1.1.0 and prior.
+
+ Fix: Upgrade to Pligg CMS Version 1.1.1 or later.
+ For updates refer, http://www.pligg.com/download/
+
+ References:
+ http://secunia.com/advisories/40931
+ http://secunia.com/secunia_research/2010-111/
+ ";
+
+ script_description(desc);
+ script_summary("Check for the version of Pligg");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2010 Greenbone Networks GmbH");
+ script_family("Web application abuses");
+ script_dependencies("pligg_cms_detect.nasl");
+ script_require_ports("Services/www", 80);
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+## Get Pligg Port
+port = get_http_port(default:80);
+if(!port){
+ exit(0);
+}
+
+## Check for Pligg Version prior to 1.1.1
+if(ver = get_version_from_kb(port:port,app:"pligg"))
+{
+ if(version_is_less(version:ver, test_version:"1.1.1")){
+ security_hole(port:port);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_pligg_mult_sql_inj_vuln.nasl
___________________________________________________________________
Name: svn:keywords
+ Revision
Added: trunk/openvas-plugins/scripts/gb_subtitle_translation_wizard_bof_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_subtitle_translation_wizard_bof_vuln.nasl 2010-08-13 17:40:17 UTC (rev 8806)
+++ trunk/openvas-plugins/scripts/gb_subtitle_translation_wizard_bof_vuln.nasl 2010-08-16 07:09:42 UTC (rev 8807)
@@ -0,0 +1,102 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_subtitle_translation_wizard_bof_vuln.nasl 10481 2010-08-13 11:15:24Z aug $
+#
+# Subtitle Translation Wizard '.srt' File Stack Based Buffer Overflow Vulnerability
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801426);
+ script_version("$Revision$: 1.0");
+ script_cve_id("CVE-2010-2440");
+ script_bugtraq_id(41026);
+ script_tag(name:"cvss_base", value:"9.3");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_name("Subtitle Translation Wizard '.srt' File Stack Based Buffer Overflow Vulnerability");
+ desc = "
+ Overview: This host is installed with Subtitle Translation Wizard and is
+ prone to buffer overflow vulnerability.
+
+ Vulnerability Insight:
+ The flaw exists due to a boundary error when processing subtitle files in
+ 'st-wizard.exe', which causes a stack-based buffer overflow via '.srt' file
+ containing an overly long string.
+
+ Impact:
+ Successful exploitation will allow remote attackers to execute arbitrary
+ code. Failed exploit attempts will result in denial-of-service conditions.
+
+ Impact Level: Application.
+
+ Affected Software:
+ Subtitle Translation Wizard 3.0
+
+ Fix: No solution or patch is available as on 13th, August 2010 . Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://www.upredsun.com/subtitle-translation/subtitle-translation.html
+
+ References:
+ http://osvdb.org/65678
+ http://secunia.com/advisories/40303
+ http://www.exploit-db.com/exploits/13965/ ";
+
+ script_description(desc);
+ script_summary("Check for the version of Subtitle Translation Wizard");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
+ script_family("Buffer overflow");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_keys("SMB/WindowsVersion");
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+ exit(0);
+}
+
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" +
+ "\Subtitle Translation Wizard_is1";
+if(!registry_key_exists(key:key)){
+ exit(0);
+}
+
+## Check for Subtitle Translation Wizard DisplayName
+stwName = registry_get_sz(key:key, item:"DisplayName");
+if("Subtitle Translation Wizard" >< stwName)
+{
+ ## Grep for the version
+ stwVer = eregmatch(pattern:"Subtitle Translation Wizard ([0-9.]+)" , string:stwName);
+ if(stwVer[1] != NULL)
+ {
+ ## Check for Subtitle Translation Wizard version equal to 3.0
+ if(version_is_equal(version:stwVer[1], test_version:"3.0")){
+ security_hole(0) ;
+ }
+ }
+}
+
Property changes on: trunk/openvas-plugins/scripts/gb_subtitle_translation_wizard_bof_vuln.nasl
___________________________________________________________________
Name: svn:executable
+ *
Name: svn:keywords
+ Revision
Modified: trunk/openvas-plugins/scripts/secpod_novell_prdts_detect_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_novell_prdts_detect_win.nasl 2010-08-13 17:40:17 UTC (rev 8806)
+++ trunk/openvas-plugins/scripts/secpod_novell_prdts_detect_win.nasl 2010-08-16 07:09:42 UTC (rev 8807)
@@ -15,6 +15,9 @@
# Date: 09th Nov 2009
# Changes: Added check for Novell Groupwise client.
#
+# Updated by: Madhuri D <dmadhuri at secpod.com> on 2010-08-13
+# Modified to detect recent versions.
+#
# Copyright:
# Copyright (c) 2009 SecPod, http://www.secpod.com
#
@@ -35,7 +38,7 @@
if(description)
{
script_id(900340);
- script_version("Revision: 1.2");
+ script_version("$Revision$: 1.3");
script_tag(name:"risk_factor", value:"None");
script_name("Novell Multiple Products Version Detection");
desc = "
@@ -79,7 +82,7 @@
}
if(eDirVer){
set_kb_item(name:"Novell/eDir/Win/Ver", value:eDirVer);
- security_note(data:"Novell eDirectory version " + eDirVer +
+ security_note(data:"Novell eDirectory version " + eDirVer +
" was detected on the host");
}
}
@@ -88,10 +91,14 @@
# Set KB for Novell iPrint
if(registry_key_exists(key:"SOFTWARE\Novell-iPrint"))
{
- iprintVer = registry_get_sz(key:"SOFTWARE\Novell-iPrint",
- item:"Current Version");
- if(!iprintVer)
+ ver = registry_get_sz(key:"SOFTWARE\Novell-iPrint", item:"Current Version");
+ if(ver)
{
+ iprintVer = eregmatch(pattern:"([0-9.]+)" , string:ver);
+ iprintVer = iprintVer[1];
+ }
+ else
+ {
iprintName = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion" +
"\Uninstall\Novell iPrint Client",
item:"DisplayName");
@@ -99,16 +106,16 @@
{
iprintVer = eregmatch(pattern:"v([0-9.]+)", string:iprintName);
if(iprintVer[1]){
- iprintVer = iprintVer[1];
+ iprintVer = iprintVer[1];
}
}
}
+}
- if(iprintVer){
+if(iprintVer){
set_kb_item(name:"Novell/iPrint/Ver", value:iprintVer);
- security_note(data:"Novell iPrint version " + iprintVer +
+ security_note(data:"Novell iPrint version " + iprintVer +
" was detected on the host");
- }
}
# Set KB for Novell Client
@@ -132,7 +139,7 @@
if(clientVer){
set_kb_item(name:"Novell/Client/Ver", value:clientVer);
- security_note(data:"Novell Client version " + clientVer +
+ security_note(data:"Novell Client version " + clientVer +
" was detected on the host");
}
}
@@ -182,8 +189,8 @@
gcVer = GetVer(file:file, share:share);
if(gcVer != NULL){
set_kb_item(name:"Novell/Groupwise/Client/Win/Ver", value:gcVer);
- security_note(data:"Novell Groupwise Client version " + gcVer +
- " running at location " + gcPath +
+ security_note(data:"Novell Groupwise Client version " + gcVer +
+ " running at location " + gcPath +
" was detected on the host");
}
}
More information about the Openvas-commits
mailing list