[Openvas-commits] r8807 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Mon Aug 16 09:09:51 CEST 2010


Author: chandra
Date: 2010-08-16 09:09:42 +0200 (Mon, 16 Aug 2010)
New Revision: 8807

Added:
   trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_dos_vuln_aug10_lin.nasl
   trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_dos_vuln_aug10_win.nasl
   trunk/openvas-plugins/scripts/gb_apple_quicktime_player_bof_vuln.nasl
   trunk/openvas-plugins/scripts/gb_novell_iprint_client_mult_vuln_lin.nasl
   trunk/openvas-plugins/scripts/gb_novell_iprint_client_mult_vuln_win.nasl
   trunk/openvas-plugins/scripts/gb_opera_mult_vuln_aug10_win.nasl
   trunk/openvas-plugins/scripts/gb_pligg_mult_sql_inj_vuln.nasl
   trunk/openvas-plugins/scripts/gb_subtitle_translation_wizard_bof_vuln.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/gb_nessus_41966.nasl
   trunk/openvas-plugins/scripts/secpod_novell_prdts_detect_win.nasl
Log:
Added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2010-08-13 17:40:17 UTC (rev 8806)
+++ trunk/openvas-plugins/ChangeLog	2010-08-16 07:09:42 UTC (rev 8807)
@@ -1,3 +1,21 @@
+2010-08-16  Chandrashekhar B <bchandra at secpod.com>
+
+	* scripts/gb_adobe_prdts_mult_dos_vuln_aug10_lin.nasl,
+	scripts/gb_apple_quicktime_player_bof_vuln.nasl,
+	scripts/gb_novell_iprint_client_mult_vuln_lin.nasl,
+	scripts/gb_pligg_mult_sql_inj_vuln.nasl,
+	scripts/gb_opera_mult_vuln_aug10_win.nasl,
+	scripts/gb_subtitle_translation_wizard_bof_vuln.nasl,
+	scripts/gb_adobe_prdts_mult_dos_vuln_aug10_win.nasl,
+	scripts/gb_novell_iprint_client_mult_vuln_win.nasl:
+	Added new plugins.
+
+	* scripts/secpod_novell_prdts_detect_win.nasl:
+	Updated to detect newer versions.
+	
+	* scripts/gb_nessus_41966.nasl:
+	Added new CVE.
+
 2010-08-13  Veerendra G.G <veerendragg at secpod.com>
 
 	* scripts/gb_ubuntu_USN_970_1.nasl,

Added: trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_dos_vuln_aug10_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_dos_vuln_aug10_lin.nasl	2010-08-13 17:40:17 UTC (rev 8806)
+++ trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_dos_vuln_aug10_lin.nasl	2010-08-16 07:09:42 UTC (rev 8807)
@@ -0,0 +1,95 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_adobe_prdts_mult_dos_vuln_aug10_lin.nasl 10674 2010-08-12 15:15:15Z aug $
+#
+# Adobe Flash Player/Air Multiple Vulnerabilities - August10 (Linux)
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801256);
+  script_version("Revision$:1.0");
+  script_cve_id("CVE-2010-0209", "CVE-2010-2213", "CVE-2010-2215",
+                "CVE-2010-2214", "CVE-2010-2216");
+  script_bugtraq_id(42341);
+  script_tag(name:"cvss_base", value:"9.3");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_name("Adobe Flash Player/Air Multiple Vulnerabilities - August10 (Linux)");
+  desc = "
+  Overview: This host is installed with Adobe Flash Player/Air and is prone to
+  multiple vulnerabilities.
+
+  Vulnerability Insight:
+  The flaws are caused due to memory corruptions and click-jacking issue via
+  unspecified vectors.
+
+  Impact:
+  Successful exploitation will let the attackers to execute arbitrary code,
+  cause denial-of-service conditions, or perform click-jacking attacks.
+
+  Impact Level: Application/System.
+
+  Affected Software/OS:
+  Adobe AIR version prior to 2.0.3
+  Adobe Flash Player version before 9.0.280 and 10.x before 10.1.82.76 on Linux.
+
+  Fix: Upgrade to Adobe Air 2.0.3 and Adobe Flash Player 9.0.280 or 10.1.82.76 or later
+  For updates refer, http://get.adobe.com/air
+  http://www.adobe.com/support/flashplayer/downloads.html
+
+  References:
+  http://www.adobe.com/support/security/bulletins/apsb10-16.html
+  ";
+
+  script_description(desc);
+  script_summary("Check for the version of Adobe Flash Player/Air");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2010 Greenbone Networks GmbH");
+  script_family("Denial of Service");
+  script_dependencies("gb_adobe_flash_player_detect_lin.nasl");
+  script_require_keys("AdobeFlashPlayer/Linux/Ver", "Adobe/Air/Linux/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+# Check for Adobe Flash Player
+playerVer = get_kb_item("AdobeFlashPlayer/Linux/Ver");
+if(playerVer != NULL)
+{
+  if(version_is_less(version:playerVer, test_version2:"9.0.280") ||
+     version_in_range(version:playerVer, test_version:"10.0", test_version2:"10.1.82.75"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+}
+
+# Check for Adobe Air
+airVer = get_kb_item("Adobe/Air/Linux/Ver");
+if(airVer != NULL)
+{
+  if(version_is_less(version:airVer, test_version:"2.0.3")){
+    security_hole(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_dos_vuln_aug10_lin.nasl
___________________________________________________________________
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_dos_vuln_aug10_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_dos_vuln_aug10_win.nasl	2010-08-13 17:40:17 UTC (rev 8806)
+++ trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_dos_vuln_aug10_win.nasl	2010-08-16 07:09:42 UTC (rev 8807)
@@ -0,0 +1,95 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_adobe_prdts_mult_dos_vuln_aug10_win.nasl 10674 2010-08-12 15:15:15Z aug $
+#
+# Adobe Flash Player/Air Multiple Vulnerabilities - August10 (Win)
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801255);
+  script_version("Revision$:1.0");
+  script_cve_id("CVE-2010-0209", "CVE-2010-2213", "CVE-2010-2215",
+                "CVE-2010-2214", "CVE-2010-2216");
+  script_bugtraq_id(42341);
+  script_tag(name:"cvss_base", value:"9.3");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_name("Adobe Flash Player/Air Multiple Vulnerabilities - August10 (Win)");
+  desc = "
+  Overview: This host is installed with Adobe Flash Player/Air and is prone to
+  multiple vulnerabilities.
+
+  Vulnerability Insight:
+  The flaws are caused due to memory corruptions and click-jacking issue via
+  unspecified vectors.
+
+  Impact:
+  Successful exploitation will let the attackers to execute arbitrary code,
+  cause denial-of-service conditions, or perform click-jacking attacks.
+
+  Impact Level: Application/System.
+
+  Affected Software/OS:
+  Adobe AIR version prior to 2.0.3
+  Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76 on windows.
+
+  Fix: Upgrade to Adobe  Air 2.0.3 and Adobe Flash Player 9.0.280 or 10.1.82.76 or later
+  For updates refer, http://get.adobe.com/air
+  http://www.adobe.com/support/flashplayer/downloads.html
+
+  References:
+  http://www.adobe.com/support/security/bulletins/apsb10-16.html
+  ";
+
+  script_description(desc);
+  script_summary("Check for the version of Adobe Flash Player/Air");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2010 Greenbone Networks GmbH");
+  script_family("Denial of Service");
+  script_dependencies("gb_adobe_flash_player_detect_win.nasl");
+  script_require_keys("AdobeFlashPlayer/Win/Ver", "Adobe/Air/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+# Check for Adobe Flash Player
+playerVer = get_kb_item("AdobeFlashPlayer/Win/Ver");
+if(playerVer != NULL)
+{
+  if(version_is_less(version:playerVer, test_version2:"9.0.280") ||
+     version_in_range(version:playerVer, test_version:"10.0", test_version2:"10.1.82.75"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+}
+
+# Check for Adobe Air
+airVer = get_kb_item("Adobe/Air/Win/Ver");
+if(airVer != NULL)
+{
+  if(version_is_less(version:airVer, test_version:"2.0.3")){
+    security_hole(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_dos_vuln_aug10_win.nasl
___________________________________________________________________
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/gb_apple_quicktime_player_bof_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_apple_quicktime_player_bof_vuln.nasl	2010-08-13 17:40:17 UTC (rev 8806)
+++ trunk/openvas-plugins/scripts/gb_apple_quicktime_player_bof_vuln.nasl	2010-08-16 07:09:42 UTC (rev 8807)
@@ -0,0 +1,85 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_apple_quicktime_player_bof_vuln.nasl 10586 2010-08-13 13:14:17 aug $
+#
+# QuickTime Player Streaming Debug Error Logging Buffer Overflow Vulnerability
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801427);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2010-1799");
+  script_bugtraq_id(41962);
+  script_tag(name:"cvss_base", value:"7.5");
+  script_tag(name:"risk_factor", value:"High");
+  script_name("QuickTime Player Streaming Debug Error Logging Buffer Overflow Vulnerability");
+  desc = "
+  Overview: The host is running QuickTime Player and is prone to buffer overflow
+  vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused due to a boundary error in 'QuickTimeStreaming.qtx' when
+  constructing a string to write to a debug log file.
+
+  Impact:
+  Successful exploitation could allow attackers to cause a stack-based buffer
+  overflow by tricking a user into viewing a specially crafted web page that
+  references a SMIL file containing an overly long URL.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  QuickTime Player version prior to 7.6.7
+
+  Fix: Upgrade to QuickTime Player version 7.6.7 or later
+  For updates refer, http://www.apple.com/quicktime/download/
+
+  References:
+  http://secunia.com/advisories/40729
+  http://www.securelist.com/en/advisories/40729
+  http://telussecuritylabs.com/threats/show/FSC20100727-08
+  http://en.community.dell.com/support-forums/virus-spyware/f/3522/t/19340212.aspx ";
+
+  script_description(desc);
+  script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
+  script_summary("Check the version of QuickTime Player");
+  script_category(ACT_GATHER_INFO);
+  script_family("Buffer overflow");
+  script_dependencies("secpod_apple_quicktime_detection_win_900124.nasl");
+  script_require_keys("QuickTime/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get the version from KB
+quickVer = get_kb_item("QuickTime/Win/Ver");
+if(!quickVer){
+  exit(0);
+}
+
+## Check for QuickTime Playe Version less than 7.6.7
+if(version_is_less(version:quickVer, test_version:"7.6.7")){
+  security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_apple_quicktime_player_bof_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *
Name: svn:keywords
   + Revision

Modified: trunk/openvas-plugins/scripts/gb_nessus_41966.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_nessus_41966.nasl	2010-08-13 17:40:17 UTC (rev 8806)
+++ trunk/openvas-plugins/scripts/gb_nessus_41966.nasl	2010-08-16 07:09:42 UTC (rev 8807)
@@ -28,8 +28,8 @@
 {
  script_id(100728);
  script_bugtraq_id(41966);
- script_tag(name:"cvss_base", value:"4.3");
-  script_cve_id("CVE-2010-2914");
+ script_tag(name:"cvss_base", value:"5.0");
+ script_cve_id("CVE-2010-2914", "CVE-2010-2989");
  script_version ("1.0-$Revision$");
 
  script_name("Nessus Web Server Plugin Unspecified Cross Site Scripting Vulnerability");
@@ -65,7 +65,7 @@
  exit(0);
 }
 
-     
+
 include("http_func.inc");
 include("openvas-https.inc");
 include("version_func.inc");

Added: trunk/openvas-plugins/scripts/gb_novell_iprint_client_mult_vuln_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_novell_iprint_client_mult_vuln_lin.nasl	2010-08-13 17:40:17 UTC (rev 8806)
+++ trunk/openvas-plugins/scripts/gb_novell_iprint_client_mult_vuln_lin.nasl	2010-08-16 07:09:42 UTC (rev 8807)
@@ -0,0 +1,90 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_novell_iprint_client_mult_vuln_lin.nasl 10562 2010-08-13- 16:14:17 aug $
+#
+# Novell iPrint Client Multiple Security Vulnerabilities (Linux)
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801424);
+  script_version("$Revision$: 1.0");
+  script_bugtraq_id(42100);
+  script_tag(name:"cvss_base", value:"10.0");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_name("Novell iPrint Client Multiple Security Vulnerabilities (Linux)");
+  desc = "
+  Overview: The host is installed Novell iPrint Client and is prone to multiple
+  vulnerabilities.
+
+  Vulnerability Insight:
+  Multiple flaws are caused due to:
+  - Failure to properly verify the name of parameters passed via '<embed>'
+    tags.
+  - Error in handling plugin parameters. A long value for the operation
+    parameter can trigger a stack-based buffer overflow.
+
+  Impact:
+  Successful exploitation could allow attackers to execute arbitrary code,
+  delete all files on a system in the context of an affected site.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Novell iPrint Client version 5.40 and prior.
+
+  Fix: Apply patch from below link
+  http://download.novell.com/Download?buildid=ftwZBxEFjIg~
+
+  *****
+  NOTE : Ignore this warning, if above mentioned patch is applied already.
+  *****
+
+  References:
+  http://dvlabs.tippingpoint.com/advisory/TPTI-10-06
+  http://dvlabs.tippingpoint.com/advisory/TPTI-10-05
+  http://www.zerodayinitiative.com/advisories/ZDI-10-139/
+  http://www.zerodayinitiative.com/advisories/ZDI-10-140/ ";
+
+  script_description(desc);
+  script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
+  script_summary("Check the version of Novell iPrint Client");
+  script_category(ACT_GATHER_INFO);
+  script_family("General");
+  script_dependencies("secpod_novell_prdts_detect_lin.nasl");
+  script_require_keys("Novell/iPrint/Client/Linux/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get the version from KB
+iPrintVer = get_kb_item("Novell/iPrint/Client/Linux/Ver");
+if(!iPrintVer){
+  exit(0);
+}
+
+## Check for Novell iPrint Client Version <= 5.40
+if(version_is_less_equal(version:iPrintVer, test_version:"5.40.0")){
+  security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_novell_iprint_client_mult_vuln_lin.nasl
___________________________________________________________________
Name: svn:executable
   + *
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/gb_novell_iprint_client_mult_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_novell_iprint_client_mult_vuln_win.nasl	2010-08-13 17:40:17 UTC (rev 8806)
+++ trunk/openvas-plugins/scripts/gb_novell_iprint_client_mult_vuln_win.nasl	2010-08-16 07:09:42 UTC (rev 8807)
@@ -0,0 +1,113 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_novell_iprint_client_mult_vuln_win.nasl 10562 2010-08-13 16:14:17 aug $
+#
+# Novell iPrint Client Multiple Security Vulnerabilities (Windows)
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801423);
+  script_version("$Revision$: 1.0");
+  script_bugtraq_id(42100);
+  script_tag(name:"cvss_base", value:"10.0");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_name("Novell iPrint Client Multiple Security Vulnerabilities (Windows)");
+  desc = "
+  Overview: The host is installed Novell iPrint Client and is prone to multiple
+  vulnerabilities.
+
+  Vulnerability Insight:
+  Multiple flaws are caused due to:
+  - Error in handling 'ienipp.ocx' ActiveX control.
+  - Error within the nipplib.dll module that can be reached via the 'ienipp.ocx'
+    ActiveX control with 'CLSID 36723f97-7aa0-11d4-8919-FF2D71D0D32C'.
+  - Failure to verify the name of parameters passed via '<embed>' tags.
+  - Error in handling plugin parameters. A long value for the operation
+    parameter can trigger a stack-based buffer overflow.
+
+  Impact:
+  Successful exploitation could allow attackers to execute arbitrary code,
+  delete all files on a system in the context of an affected site.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Novell iPrint Client version 5.40 and prior.
+
+  Fix: Apply patch from below link
+  http://download.novell.com/Download?buildid=ftwZBxEFjIg~
+
+  *****
+  NOTE : Ignore this warning, if above mentioned patch is applied already.
+  *****
+
+  References:
+  http://dvlabs.tippingpoint.com/advisory/TPTI-10-06
+  http://dvlabs.tippingpoint.com/advisory/TPTI-10-05
+  http://www.zerodayinitiative.com/advisories/ZDI-10-139/
+  http://www.zerodayinitiative.com/advisories/ZDI-10-140/ ";
+
+  script_description(desc);
+  script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
+  script_summary("Check the version of Novell iPrint Client");
+  script_category(ACT_GATHER_INFO);
+  script_family("General");
+  script_dependencies("secpod_novell_prdts_detect_win.nasl");
+  script_require_keys("Novell/iPrint/Ver");
+  exit(0);
+}
+
+include("smb_nt.inc");
+include("version_func.inc");
+include("secpod_activex.inc");
+include("secpod_smb_func.inc");
+
+## Get the version from KB
+iPrintVer = get_kb_item("Novell/iPrint/Ver");
+if(!iPrintVer){
+  exit(0);
+}
+
+## Check for Novell iPrint Client Version <= 5.40
+if(version_is_less_equal(version:iPrintVer, test_version:"5.40"))
+{
+  ## Path for the ienipp.ocx file
+  path = registry_get_sz(key:"SOFTWARE\Microsoft\COM3\Setup",
+                        item:"Install Path");
+  if(!path){
+    exit(0);
+  }
+
+  path = path + "\ienipp.ocx";
+  share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:path);
+  file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:path);
+
+  ## Confirm the file existance
+  ocxSize = get_file_size(share:share, file:file);
+  if(ocxSize)
+  {
+    if(is_killbit_set(clsid:"{36723f97-7aa0-11d4-8919-FF2D71D0D32C}") == 0){
+      security_hole(0);
+    }
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_novell_iprint_client_mult_vuln_win.nasl
___________________________________________________________________
Name: svn:executable
   + *
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/gb_opera_mult_vuln_aug10_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_opera_mult_vuln_aug10_win.nasl	2010-08-13 17:40:17 UTC (rev 8806)
+++ trunk/openvas-plugins/scripts/gb_opera_mult_vuln_aug10_win.nasl	2010-08-16 07:09:42 UTC (rev 8807)
@@ -0,0 +1,91 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_opera_mult_vuln_aug10_win.nasl 10680 2010-08-13 11:11:11Z aug $
+#
+# Opera Browser Multiple Vulnerabilities August-10 (Windows)
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801257);
+  script_version("Revision$:1.0");
+  script_bugtraq_id(42407);
+  script_tag(name:"cvss_base", value:"9.3");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_name("Opera Browser Multiple Vulnerabilities August-10 (Windows)");
+  desc = "
+  Overview: The host is installed with Opera Browser and is prone to multiple
+  vulnerabilities.
+
+  Vulnerability Insight:
+  Multiple flaws are cause due to:
+  - An error in the processing of painting operations on a canvas while
+    certain transformations are being applied, which can be exploited to cause
+    a heap-based buffer overflow.
+  - An error when displaying the download dialog, which could allow attackers
+    to trick a user into running downloaded executables.
+  - An error when previewing a news feed, which can be exploited to execute
+    script code and automatically subscribe the user to the feed.
+
+  Impact:
+  Successful exploitation will allow remote attackers to bypass certain security
+  protections, execute arbitrary code, or cause denial-of-service conditions.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Opera Web Browser Version prior to 10.61
+
+  Fix: Upgarde to Opera Web Browser Version 10.61 or later,
+  For Updates Refer, http://www.opera.com/download/
+
+  References:
+  http://secunia.com/advisories/40120
+  http://www.opera.com/support/kb/view/966/
+  http://www.opera.com/support/kb/view/967/
+  http://www.opera.com/support/kb/view/968/
+  http://www.opera.com/docs/changelogs/windows/1061/
+  ";
+
+  script_description(desc);
+  script_summary("Check for the version of Opera");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
+  script_family("General");
+  script_dependencies("secpod_opera_detection_win_900036.nasl");
+  script_require_keys("Opera/Win/Version");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get Opera Version from KB
+ver = get_kb_item("Opera/Win/Version");
+
+if(ver)
+{
+  ## Grep for Opera Versions prior to 10.61
+  if(version_in_range(version:ver, test_version:"10.0", test_version2:"10.60")){
+    security_hole(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_opera_mult_vuln_aug10_win.nasl
___________________________________________________________________
Name: svn:executable
   + *
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/gb_pligg_mult_sql_inj_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_pligg_mult_sql_inj_vuln.nasl	2010-08-13 17:40:17 UTC (rev 8806)
+++ trunk/openvas-plugins/scripts/gb_pligg_mult_sql_inj_vuln.nasl	2010-08-16 07:09:42 UTC (rev 8807)
@@ -0,0 +1,89 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_pligg_mult_sql_inj_vuln.nasl 10681 2010-08-13 14:14:14Z aug $
+#
+# Pligg Multiple SQL Injection Vulnerabilities
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801258);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2010-2577");
+  script_bugtraq_id(42408);
+  script_tag(name:"cvss_base", value:"7.5");
+  script_tag(name:"risk_factor", value:"High");
+  script_name("Pligg Multiple SQL Injection Vulnerabilities");
+  desc = "
+  Overview: The host is running Pligg CMS and is prone to multiple SQL injection
+  vulnerabilities.
+
+  Vulnerability Insight:
+  The flaws are caused by improper validation of user-supplied inputs via the
+  'title' parameter in storyrss.php and story.php and 'role' parameter in
+  groupadmin.php that allows attacker to manipulate SQL queries by injecting
+  arbitrary SQL code.
+
+  Impact:
+  Successful exploitation will let the attacker to cause SQL Injection attack
+  and gain sensitive information.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Pligg CMS Version 1.1.0 and prior.
+
+  Fix: Upgrade to Pligg CMS Version 1.1.1 or later.
+  For updates refer, http://www.pligg.com/download/
+
+  References:
+  http://secunia.com/advisories/40931
+  http://secunia.com/secunia_research/2010-111/
+  ";
+
+  script_description(desc);
+  script_summary("Check for the version of Pligg");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2010 Greenbone Networks GmbH");
+  script_family("Web application abuses");
+  script_dependencies("pligg_cms_detect.nasl");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+## Get Pligg Port
+port = get_http_port(default:80);
+if(!port){
+  exit(0);
+}
+
+## Check for Pligg Version prior to 1.1.1
+if(ver = get_version_from_kb(port:port,app:"pligg"))
+{
+  if(version_is_less(version:ver, test_version:"1.1.1")){
+    security_hole(port:port);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_pligg_mult_sql_inj_vuln.nasl
___________________________________________________________________
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/gb_subtitle_translation_wizard_bof_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_subtitle_translation_wizard_bof_vuln.nasl	2010-08-13 17:40:17 UTC (rev 8806)
+++ trunk/openvas-plugins/scripts/gb_subtitle_translation_wizard_bof_vuln.nasl	2010-08-16 07:09:42 UTC (rev 8807)
@@ -0,0 +1,102 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_subtitle_translation_wizard_bof_vuln.nasl 10481 2010-08-13 11:15:24Z aug $
+#
+# Subtitle Translation Wizard '.srt' File Stack Based Buffer Overflow Vulnerability
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801426);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2010-2440");
+  script_bugtraq_id(41026);
+  script_tag(name:"cvss_base", value:"9.3");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_name("Subtitle Translation Wizard '.srt' File Stack Based Buffer Overflow Vulnerability");
+  desc = "
+  Overview: This host is installed with Subtitle Translation Wizard and is
+  prone to buffer overflow vulnerability.
+
+  Vulnerability Insight:
+  The flaw exists due to a boundary error when processing subtitle files in
+  'st-wizard.exe', which causes a stack-based buffer overflow via '.srt' file
+  containing an overly long string.
+
+  Impact:
+  Successful exploitation will allow remote attackers to execute arbitrary
+  code. Failed exploit attempts will result in denial-of-service conditions.
+
+  Impact Level: Application.
+
+  Affected Software:
+  Subtitle Translation Wizard 3.0
+
+  Fix: No solution or patch is available as on 13th, August 2010 . Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://www.upredsun.com/subtitle-translation/subtitle-translation.html
+
+  References:
+  http://osvdb.org/65678
+  http://secunia.com/advisories/40303
+  http://www.exploit-db.com/exploits/13965/ ";
+
+  script_description(desc);
+  script_summary("Check for the version of Subtitle Translation Wizard");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
+  script_family("Buffer overflow");
+  script_dependencies("secpod_reg_enum.nasl");
+  script_require_keys("SMB/WindowsVersion");
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+  exit(0);
+}
+
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" +
+       "\Subtitle Translation Wizard_is1";
+if(!registry_key_exists(key:key)){
+  exit(0);
+}
+
+## Check for Subtitle Translation Wizard DisplayName
+stwName = registry_get_sz(key:key, item:"DisplayName");
+if("Subtitle Translation Wizard" >< stwName)
+{
+  ## Grep for the version
+  stwVer = eregmatch(pattern:"Subtitle Translation Wizard ([0-9.]+)" , string:stwName);
+  if(stwVer[1] != NULL)
+  {
+    ## Check for Subtitle Translation Wizard version equal to 3.0
+    if(version_is_equal(version:stwVer[1], test_version:"3.0")){
+        security_hole(0) ;
+    }
+  }
+}
+


Property changes on: trunk/openvas-plugins/scripts/gb_subtitle_translation_wizard_bof_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *
Name: svn:keywords
   + Revision

Modified: trunk/openvas-plugins/scripts/secpod_novell_prdts_detect_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_novell_prdts_detect_win.nasl	2010-08-13 17:40:17 UTC (rev 8806)
+++ trunk/openvas-plugins/scripts/secpod_novell_prdts_detect_win.nasl	2010-08-16 07:09:42 UTC (rev 8807)
@@ -15,6 +15,9 @@
 # Date: 09th Nov 2009
 # Changes: Added check for Novell Groupwise client.
 #
+# Updated by: Madhuri D  <dmadhuri at secpod.com> on 2010-08-13
+#  Modified to detect recent versions.
+#
 # Copyright:
 # Copyright (c) 2009 SecPod, http://www.secpod.com
 #
@@ -35,7 +38,7 @@
 if(description)
 {
   script_id(900340);
-  script_version("Revision: 1.2");
+  script_version("$Revision$: 1.3");
   script_tag(name:"risk_factor", value:"None");
   script_name("Novell Multiple Products Version Detection");
   desc = "
@@ -79,7 +82,7 @@
     }
     if(eDirVer){
       set_kb_item(name:"Novell/eDir/Win/Ver", value:eDirVer);
-      security_note(data:"Novell eDirectory version " + eDirVer + 
+      security_note(data:"Novell eDirectory version " + eDirVer +
                          " was detected on the host");
     }
   }
@@ -88,10 +91,14 @@
 # Set KB for Novell iPrint
 if(registry_key_exists(key:"SOFTWARE\Novell-iPrint"))
 {
-  iprintVer = registry_get_sz(key:"SOFTWARE\Novell-iPrint",
-                              item:"Current Version");
-  if(!iprintVer)
+  ver = registry_get_sz(key:"SOFTWARE\Novell-iPrint", item:"Current Version");
+  if(ver)
   {
+    iprintVer = eregmatch(pattern:"([0-9.]+)" , string:ver);
+    iprintVer = iprintVer[1];
+  }
+  else
+  {
     iprintName = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion" +
                                     "\Uninstall\Novell iPrint Client",
                                 item:"DisplayName");
@@ -99,16 +106,16 @@
     {
       iprintVer = eregmatch(pattern:"v([0-9.]+)", string:iprintName);
       if(iprintVer[1]){
-        iprintVer = iprintVer[1];
+          iprintVer = iprintVer[1];
       }
     }
   }
+}
 
-  if(iprintVer){
+if(iprintVer){
     set_kb_item(name:"Novell/iPrint/Ver", value:iprintVer);
-    security_note(data:"Novell iPrint version " + iprintVer + 
+    security_note(data:"Novell iPrint version " + iprintVer +
                        " was detected on the host");
-  }
 }
 
 # Set KB for Novell Client
@@ -132,7 +139,7 @@
 
   if(clientVer){
     set_kb_item(name:"Novell/Client/Ver", value:clientVer);
-    security_note(data:"Novell Client version " + clientVer + 
+    security_note(data:"Novell Client version " + clientVer +
                        " was detected on the host");
   }
 }
@@ -182,8 +189,8 @@
     gcVer = GetVer(file:file, share:share);
     if(gcVer != NULL){
       set_kb_item(name:"Novell/Groupwise/Client/Win/Ver", value:gcVer);
-      security_note(data:"Novell Groupwise Client version " + gcVer + 
-                         " running at location " + gcPath +  
+      security_note(data:"Novell Groupwise Client version " + gcVer +
+                         " running at location " + gcPath +
                          " was detected on the host");
     }
   }



More information about the Openvas-commits mailing list