From scm-commit at wald.intevation.org Mon Feb 1 10:12:11 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 1 Feb 2010 10:12:11 +0100 (CET) Subject: [Openvas-commits] r6598 - in trunk/gsa: . src/html/src Message-ID: <20100201091211.2959186607B1@pyrosoma.intevation.org> Author: jan Date: 2010-02-01 10:12:09 +0100 (Mon, 01 Feb 2010) New Revision: 6598 Modified: trunk/gsa/ChangeLog trunk/gsa/src/html/src/omp.xsl Log: * src/html/src/omp.xsl: Made file entries have same length as text entries. Modified: trunk/gsa/ChangeLog =================================================================== --- trunk/gsa/ChangeLog 2010-01-29 16:41:41 UTC (rev 6597) +++ trunk/gsa/ChangeLog 2010-02-01 09:12:09 UTC (rev 6598) @@ -1,3 +1,8 @@ +2010-02-01 Jan-Oliver Wagner + + * src/html/src/omp.xsl: Made file entries have same length + as text entries. + 2010-01-29 Matthew Mundell * src/html/src/omp.xsl (get_status_response): Correct substring args. Modified: trunk/gsa/src/html/src/omp.xsl =================================================================== --- trunk/gsa/src/html/src/omp.xsl 2010-01-29 16:41:41 UTC (rev 6597) +++ trunk/gsa/src/html/src/omp.xsl 2010-02-01 09:12:09 UTC (rev 6598) @@ -1574,16 +1574,16 @@ Installer - + @@ -2498,7 +2498,7 @@ Import XML config - + @@ -2830,7 +2830,7 @@ Replace old value - + Author: mattm Date: 2010-02-01 13:38:50 +0100 (Mon, 01 Feb 2010) New Revision: 6599 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/openvasmd.c trunk/openvas-manager/src/tasks_sql.h trunk/openvas-manager/src/tracef.h Log: * src/openvasmd.c (handle_sigabrt): Check if already in handler. * src/tasks_sql.h (manage_set_config_nvts) (manage_set_config_families): Free selector after last use. * src/tracef.h (tracef) [TRACE]: Remove UTF-8 conversion. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-01 09:12:09 UTC (rev 6598) +++ trunk/openvas-manager/ChangeLog 2010-02-01 12:38:50 UTC (rev 6599) @@ -1,3 +1,12 @@ +2010-02-01 Matthew Mundell + + * src/openvasmd.c (handle_sigabrt): Check if already in handler. + + * src/tasks_sql.h (manage_set_config_nvts) + (manage_set_config_families): Free selector after last use. + + * src/tracef.h (tracef) [TRACE]: Remove UTF-8 conversion. + 2010-01-29 Matthew Mundell * src/CMakeLists.txt: Make warnings errors. Modified: trunk/openvas-manager/src/openvasmd.c =================================================================== --- trunk/openvas-manager/src/openvasmd.c 2010-02-01 09:12:09 UTC (rev 6598) +++ trunk/openvas-manager/src/openvasmd.c 2010-02-01 12:38:50 UTC (rev 6599) @@ -490,8 +490,12 @@ void handle_sigabrt (/*@unused@*/ int signal) { + static int in_sigabrt = 0; + if (in_sigabrt) _exit (EXIT_FAILURE); + in_sigabrt = 1; manage_cleanup_process_error (signal); g_critical ("%s: abort\n", __FUNCTION__); + exit (EXIT_FAILURE); } /** Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2010-02-01 09:12:09 UTC (rev 6598) +++ trunk/openvas-manager/src/tasks_sql.h 2010-02-01 12:38:50 UTC (rev 6599) @@ -8142,7 +8142,6 @@ return -1; quoted_selector = sql_quote (selector); - free (selector); /* If the family is growing, then exclude all no's, otherwise the family * is static, so include all yes's. */ @@ -8155,6 +8154,8 @@ old_nvt_count = nvt_selector_nvt_count (selector, family, 1); + free (selector); + /* Clear any NVT selectors for this family from the config. */ sql ("DELETE FROM nvt_selectors" @@ -8195,6 +8196,8 @@ { old_nvt_count = nvt_selector_nvt_count (selector, family, 0); + free (selector); + /* Clear any NVT selectors for this family from the config. */ sql ("DELETE FROM nvt_selectors" @@ -9736,7 +9739,6 @@ return -1; } quoted_selector = sql_quote (selector); - free (selector); /* Loop through all the known families. */ @@ -10028,6 +10030,7 @@ sql ("COMMIT;"); g_free (quoted_selector); + free (selector); return 0; } Modified: trunk/openvas-manager/src/tracef.h =================================================================== --- trunk/openvas-manager/src/tracef.h 2010-02-01 09:12:09 UTC (rev 6598) +++ trunk/openvas-manager/src/tracef.h 2010-02-01 12:38:50 UTC (rev 6599) @@ -90,15 +90,9 @@ do { \ if (verbose) \ { \ - /* UTF-8 hack: Convert log message to utf-8, in case it \ - * contains server input. */ \ - gsize size_dummy; \ - gchar* iso = g_strdup_printf (args); \ - gchar* utf8 = g_convert (iso, -1, "UTF-8", "ISO_8859-1", \ - NULL, &size_dummy, NULL); \ - g_free (iso); \ - g_log (G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG, "%s", utf8); \ - g_free (utf8); \ + gchar* msg_ = g_strdup_printf (args); \ + g_log (G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG, "%s", msg_); \ + g_free (msg_); \ } \ } while (0) #else From scm-commit at wald.intevation.org Mon Feb 1 13:41:34 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 1 Feb 2010 13:41:34 +0100 (CET) Subject: [Openvas-commits] r6600 - in trunk/openvas-administrator: . src Message-ID: <20100201124134.C502586607B1@pyrosoma.intevation.org> Author: mattm Date: 2010-02-01 13:41:33 +0100 (Mon, 01 Feb 2010) New Revision: 6600 Modified: trunk/openvas-administrator/ChangeLog trunk/openvas-administrator/src/tracef.h Log: * src/tracef.h (tracef) [TRACE]: Remove UTF-8 conversion. Modified: trunk/openvas-administrator/ChangeLog =================================================================== --- trunk/openvas-administrator/ChangeLog 2010-02-01 12:38:50 UTC (rev 6599) +++ trunk/openvas-administrator/ChangeLog 2010-02-01 12:41:33 UTC (rev 6600) @@ -1,3 +1,7 @@ +2010-02-01 Matthew Mundell + + * src/tracef.h (tracef) [TRACE]: Remove UTF-8 conversion. + 2010-01-29 Matthew Mundell * src/CMakeLists.txt: Make warnings errors. Modified: trunk/openvas-administrator/src/tracef.h =================================================================== --- trunk/openvas-administrator/src/tracef.h 2010-02-01 12:38:50 UTC (rev 6599) +++ trunk/openvas-administrator/src/tracef.h 2010-02-01 12:41:33 UTC (rev 6600) @@ -90,15 +90,9 @@ do { \ if (verbose) \ { \ - /* UTF-8 hack: Convert log message to utf-8, in case it \ - * contains server input. */ \ - gsize size_dummy; \ - gchar* iso = g_strdup_printf (args); \ - gchar* utf8 = g_convert (iso, -1, "UTF-8", "ISO_8859-1", \ - NULL, &size_dummy, NULL); \ - g_free (iso); \ - g_log (G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG, "%s", utf8); \ - g_free (utf8); \ + gchar* msg_ = g_strdup_printf (args); \ + g_log (G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG, "%s", msg_); \ + g_free (msg_); \ } \ } while (0) #else From scm-commit at wald.intevation.org Mon Feb 1 14:59:24 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 1 Feb 2010 14:59:24 +0100 (CET) Subject: [Openvas-commits] r6601 - in trunk/openvas-manager: . src Message-ID: <20100201135924.D712386607AB@pyrosoma.intevation.org> Author: mattm Date: 2010-02-01 14:59:23 +0100 (Mon, 01 Feb 2010) New Revision: 6601 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/tasks_sql.h Log: * src/tasks_sql.h (manage_set_config_nvts): Update family count when updating cached config info. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-01 12:41:33 UTC (rev 6600) +++ trunk/openvas-manager/ChangeLog 2010-02-01 13:59:23 UTC (rev 6601) @@ -1,5 +1,10 @@ 2010-02-01 Matthew Mundell + * src/tasks_sql.h (manage_set_config_nvts): Update family count when + updating cached config info. + +2010-02-01 Matthew Mundell + * src/openvasmd.c (handle_sigabrt): Check if already in handler. * src/tasks_sql.h (manage_set_config_nvts) Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2010-02-01 12:41:33 UTC (rev 6600) +++ trunk/openvas-manager/src/tasks_sql.h 2010-02-01 13:59:23 UTC (rev 6601) @@ -8234,8 +8234,12 @@ /* Update the cached config info. */ - sql ("UPDATE configs SET nvt_count = nvt_count - %i + %i" + sql ("UPDATE configs SET family_count = family_count + %i," + " nvt_count = nvt_count - %i + %i" " WHERE ROWID = %llu;", + old_nvt_count == 0 + ? (new_nvt_count == 0 ? 0 : 1) + : (new_nvt_count == 0 ? -1 : 0), old_nvt_count, MAX (new_nvt_count, 0), config); From scm-commit at wald.intevation.org Mon Feb 1 17:18:06 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 1 Feb 2010 17:18:06 +0100 (CET) Subject: [Openvas-commits] r6602 - in trunk/openvas-manager: . src Message-ID: <20100201161806.240CB86607A5@pyrosoma.intevation.org> Author: mattm Date: 2010-02-01 17:18:04 +0100 (Mon, 01 Feb 2010) New Revision: 6602 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/tasks_sql.h Log: * src/tasks_sql.h (migrate_9_to_10): Correct comment typo. (config_in_use): Also check for empty config. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-01 13:59:23 UTC (rev 6601) +++ trunk/openvas-manager/ChangeLog 2010-02-01 16:18:04 UTC (rev 6602) @@ -1,5 +1,10 @@ 2010-02-01 Matthew Mundell + * src/tasks_sql.h (migrate_9_to_10): Correct comment typo. + (config_in_use): Also check for empty config. + +2010-02-01 Matthew Mundell + * src/tasks_sql.h (manage_set_config_nvts): Update family count when updating cached config info. Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2010-02-01 13:59:23 UTC (rev 6601) +++ trunk/openvas-manager/src/tasks_sql.h 2010-02-01 16:18:04 UTC (rev 6602) @@ -1973,7 +1973,7 @@ /* Update the database. */ - /* The user table got a unique "uuid" column and lost the lost the + /* The user table got a unique "uuid" column and lost the * uniqueness of its "name" column. */ /** @todo ROLLBACK on failure. */ @@ -7729,7 +7729,9 @@ if (config == CONFIG_ID_FULL_AND_FAST || config == CONFIG_ID_FULL_AND_FAST_ULTIMATE || config == CONFIG_ID_FULL_AND_VERY_DEEP - || config == CONFIG_ID_FULL_AND_VERY_DEEP_ULTIMATE) + || config == CONFIG_ID_FULL_AND_VERY_DEEP_ULTIMATE + || config == sql_int (0, 0, + "SELECT ROWID FROM configs WHERE name = 'empty';")) return 1; return sql_int (0, 0, From scm-commit at wald.intevation.org Mon Feb 1 17:24:40 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 1 Feb 2010 17:24:40 +0100 (CET) Subject: [Openvas-commits] r6603 - in trunk/openvas-manager: . src Message-ID: <20100201162440.121E7865FAC8@pyrosoma.intevation.org> Author: mattm Date: 2010-02-01 17:24:34 +0100 (Mon, 01 Feb 2010) New Revision: 6603 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/tasks_sql.h Log: * src/tasks_sql.h (init_manage): Put fullstop on empty config description. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-01 16:18:04 UTC (rev 6602) +++ trunk/openvas-manager/ChangeLog 2010-02-01 16:24:34 UTC (rev 6603) @@ -1,5 +1,9 @@ 2010-02-01 Matthew Mundell + * src/tasks_sql.h (init_manage): Put fullstop on empty config description. + +2010-02-01 Matthew Mundell + * src/tasks_sql.h (migrate_9_to_10): Correct comment typo. (config_in_use): Also check for empty config. Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2010-02-01 16:18:04 UTC (rev 6602) +++ trunk/openvas-manager/src/tasks_sql.h 2010-02-01 16:24:34 UTC (rev 6603) @@ -3723,7 +3723,7 @@ sql ("INSERT into configs (name, owner, nvt_selector, comment," " family_count, nvt_count, nvts_growing, families_growing)" " VALUES ('empty', NULL, 'empty'," - " 'Empty and static configuration template'," + " 'Empty and static configuration template.'," " 0, 0, 0, 0);"); /* Setup preferences for the config. */ From scm-commit at wald.intevation.org Mon Feb 1 18:25:22 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 1 Feb 2010 18:25:22 +0100 (CET) Subject: [Openvas-commits] r6604 - in trunk/openvas-plugins: . scripts Message-ID: <20100201172522.839E3865FAC8@pyrosoma.intevation.org> Author: reinke Date: 2010-02-01 18:25:19 +0100 (Mon, 01 Feb 2010) New Revision: 6604 Added: trunk/openvas-plugins/scripts/deb_1968_2.nasl trunk/openvas-plugins/scripts/deb_1973_1.nasl trunk/openvas-plugins/scripts/deb_1974_1.nasl trunk/openvas-plugins/scripts/deb_1978_1.nasl trunk/openvas-plugins/scripts/deb_1980_1.nasl trunk/openvas-plugins/scripts/deb_1981_1.nasl trunk/openvas-plugins/scripts/deb_1981_2.nasl Modified: trunk/openvas-plugins/ChangeLog Log: New scripts added Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2010-02-01 16:24:34 UTC (rev 6603) +++ trunk/openvas-plugins/ChangeLog 2010-02-01 17:25:19 UTC (rev 6604) @@ -1,3 +1,14 @@ +2010-02-01 Thomas Reinke + + * scripts/deb_1968_2.nasl, + scripts/deb_1973_1.nasl, + scripts/deb_1974_1.nasl, + scripts/deb_1978_1.nasl, + scripts/deb_1980_1.nasl, + scripts/deb_1981_1.nasl, + scripts/deb_1981_2.nasl: + New scripts. + 2010-01-29 Michael Meyer * scripts/ingres_db_detect.nasl, Added: trunk/openvas-plugins/scripts/deb_1968_2.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1968_2.nasl 2010-02-01 16:24:34 UTC (rev 6603) +++ trunk/openvas-plugins/scripts/deb_1968_2.nasl 2010-02-01 17:25:19 UTC (rev 6604) @@ -0,0 +1,87 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1968-2 (pdns-recursor) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66776); + script_cve_id("CVE-2009-4010", "CVE-2009-4009"); + script_version ("$Revision$"); + script_name("Debian Security Advisory DSA 1968-2 (pdns-recursor)"); + + desc = "The remote host is missing an update to pdns-recursor +announced via advisory DSA 1968-2. + +It was discovered that pdns-recursor, the PowerDNS recursive name server, +contains a cache poisoning vulnerability which may allow attackers to trick the +server into serving incorrect DNS data (CVE-2009-4010). + +This DSA provides a security update for the old stable distribution +(etch), similar to the previous update in DSA-1968-1. (Note that the +etch version of pdns-recursor was not vulnerable to CVE-2009-4009.) + +Extra care should be applied when installing this update. It is an etch +backport of the lenny version of the package (3.1.7 with security fixes +applied). Major differences in internal domain name processing made +backporting just the security fix too difficult. + +For the old stable distribution (etch), this problem has been fixed in +version 3.1.4+v3.1.7-0+etch1. + +We recommend that you upgrade your pdns-recursor package. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201968-2 + +Risk factor : High"; + + script_description(desc); + + script_summary("Debian Security Advisory DSA 1968-2 (pdns-recursor)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com"); + script_family("Debian Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"pdns-recursor", ver:"3.1.4+v3.1.7-0+etch1", rls:"DEB4.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1973_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1973_1.nasl 2010-02-01 16:24:34 UTC (rev 6603) +++ trunk/openvas-plugins/scripts/deb_1973_1.nasl 2010-02-01 17:25:19 UTC (rev 6604) @@ -0,0 +1,267 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1973-1 (glibc, eglibc) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66770); + script_cve_id("CVE-2010-0015"); + script_version ("$Revision$"); + script_name("Debian Security Advisory DSA 1973-1 (glibc, eglibc)"); + + desc = "The remote host is missing an update to glibc, eglibc +announced via advisory DSA 1973-1. + +Christoph Pleger has discovered that the GNU C Library (aka glibc) and +its derivatives add information from the passwd.adjunct.byname map to +entries in the passwd map, which allows local users to obtain the +encrypted passwords of NIS accounts by calling the getpwnam function. + + +For the oldstable distribution (etch), this problem has been fixed in +version 2.3.6.ds1-13etch10 of the glibc package. + +For the stable distribution (lenny), this problem has been fixed in +version 2.7-18lenny2 of the glibc package. + +For the unstable distribution (sid) this problem has been fixed in +version 2.10.2-4 of the eglibc package. + + +We recommend that you upgrade your glibc or eglibc package. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201973-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Debian Security Advisory DSA 1973-1 (glibc, eglibc)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com"); + script_family("Debian Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"glibc-doc", ver:"2.3.6.ds1-13etch10", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"locales", ver:"2.3.6.ds1-13etch10", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6.1", ver:"2.3.6.ds1-13etch10", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"nscd", ver:"2.3.6.ds1-13etch10", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"locales-all", ver:"2.3.6.ds1-13etch10", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6.1-prof", ver:"2.3.6.ds1-13etch10", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6.1-pic", ver:"2.3.6.ds1-13etch10", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6.1-dbg", ver:"2.3.6.ds1-13etch10", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6.1-dev", ver:"2.3.6.ds1-13etch10", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6", ver:"2.3.6.ds1-13etch10", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6-prof", ver:"2.3.6.ds1-13etch10", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6-dbg", ver:"2.3.6.ds1-13etch10", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6-dev-i386", ver:"2.3.6.ds1-13etch10", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6-pic", ver:"2.3.6.ds1-13etch10", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6-dev", ver:"2.3.6.ds1-13etch10", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6-i386", ver:"2.3.6.ds1-13etch10", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6-xen", ver:"2.3.6.ds1-13etch10", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6-i686", ver:"2.3.6.ds1-13etch10", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6-amd64", ver:"2.3.6.ds1-13etch10", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6-dev-amd64", ver:"2.3.6.ds1-13etch10", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6-ppc64", ver:"2.3.6.ds1-13etch10", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6-dev-ppc64", ver:"2.3.6.ds1-13etch10", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6-dev-s390x", ver:"2.3.6.ds1-13etch10", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6-s390x", ver:"2.3.6.ds1-13etch10", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6-sparcv9b", ver:"2.3.6.ds1-13etch10", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6-sparc64", ver:"2.3.6.ds1-13etch10", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6-sparcv9", ver:"2.3.6.ds1-13etch10", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6-dev-sparc64", ver:"2.3.6.ds1-13etch10", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"locales", ver:"2.7-18lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"glibc-doc", ver:"2.7-18lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"glibc-source", ver:"2.7-18lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6.1-dbg", ver:"2.7-18lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6.1-pic", ver:"2.7-18lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6.1-prof", ver:"2.7-18lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6.1-dev", ver:"2.7-18lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"nscd", ver:"2.7-18lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6.1", ver:"2.7-18lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6.1-alphaev67", ver:"2.7-18lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"locales-all", ver:"2.7-18lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6", ver:"2.7-18lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6-dev", ver:"2.7-18lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6-i386", ver:"2.7-18lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6-prof", ver:"2.7-18lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6-dbg", ver:"2.7-18lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6-pic", ver:"2.7-18lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6-dev-i386", ver:"2.7-18lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6-i686", ver:"2.7-18lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6-dev-amd64", ver:"2.7-18lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6-xen", ver:"2.7-18lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6-amd64", ver:"2.7-18lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6-dev-mips64", ver:"2.7-18lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6-mips64", ver:"2.7-18lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6-mipsn32", ver:"2.7-18lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6-dev-mipsn32", ver:"2.7-18lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6-ppc64", ver:"2.7-18lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6-dev-ppc64", ver:"2.7-18lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6-dev-s390x", ver:"2.7-18lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6-s390x", ver:"2.7-18lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6-sparc64", ver:"2.7-18lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6-sparcv9b", ver:"2.7-18lenny2", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libc6-dev-sparc64", ver:"2.7-18lenny2", rls:"DEB5.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1974_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1974_1.nasl 2010-02-01 16:24:34 UTC (rev 6603) +++ trunk/openvas-plugins/scripts/deb_1974_1.nasl 2010-02-01 17:25:19 UTC (rev 6604) @@ -0,0 +1,107 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1974-1 (gzip) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66771); + script_cve_id("CVE-2009-2624", "CVE-2010-0001", "CVE-2006-4334"); + script_version ("$Revision$"); + script_name("Debian Security Advisory DSA 1974-1 (gzip)"); + + desc = "The remote host is missing an update to gzip +announced via advisory DSA 1974-1. + +Several vulnerabilities have been found in gzip, the GNU compression +utilities. The Common Vulnerabilities and Exposures project identifies +the following problems: + +CVE-2009-2624 + +Thiemo Nagel discovered a missing input sanitation flaw in the way gzip +used to decompress data blocks for dynamic Huffman codes, which could +lead to the execution of arbitrary code when trying to decompress a +crafted archive. This issue is a reappearance of CVE-2006-4334 and only +affects the lenny version. + +CVE-2010-0001 + +Aki Helin discovered an integer underflow when decompressing files that +are compressed using the LZW algorithm. This could lead to the execution +of arbitrary code when trying to decompress a crafted LZW compressed +gzip archive. + + +For the stable distribution (lenny), these problems have been fixed in +version 1.3.12-6+lenny1. + +For the oldstable distribution (etch), these problems have been fixed in +version 1.3.5-15+etch1. + +For the testing distribution (squeeze) and the unstable distribution +(sid), these problems will be fixed soon. + + +We recommend that you upgrade your gzip packages. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201974-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Debian Security Advisory DSA 1974-1 (gzip)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com"); + script_family("Debian Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"gzip", ver:"1.3.5-15+etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"gzip-win32", ver:"1.3.12-6+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"gzip", ver:"1.3.12-6+lenny1", rls:"DEB5.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1978_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1978_1.nasl 2010-02-01 16:24:34 UTC (rev 6603) +++ trunk/openvas-plugins/scripts/deb_1978_1.nasl 2010-02-01 17:25:19 UTC (rev 6604) @@ -0,0 +1,147 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1978-1 (phpgroupware) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66772); + script_cve_id("CVE-2009-4414", "CVE-2009-4415", "CVE-2009-4416"); + script_version ("$Revision$"); + script_name("Debian Security Advisory DSA 1978-1 (phpgroupware)"); + + desc = "The remote host is missing an update to phpgroupware +announced via advisory DSA 1978-1. + +Several remote vulnerabilities have been discovered in phpgroupware, a +Web based groupware system written in PHP. The Common Vulnerabilities +and Exposures project identifies the following problems: + +CVE-2009-4414 + +An SQL injection vulnerability was found in the authentication +module. + +CVE-2009-4415 + +Multiple directory traversal vulnerabilities were found in the +addressbook module. + +CVE-2009-4416 + +The authentication module is affected by cross-site scripting. + + +For the stable distribution (lenny) these problems have been fixed in +version 0.9.16.012+dfsg-8+lenny1. + +For the unstable distribution (sid) these problems have been fixed in +version 0.9.16.012+dfsg-9. + +We recommend that you upgrade your phpgroupware packages. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201978-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Debian Security Advisory DSA 1978-1 (phpgroupware)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com"); + script_family("Debian Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"phpgroupware-0.9.16-email", ver:"0.9.16.012+dfsg-8+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"phpgroupware-0.9.16-core-base", ver:"0.9.16.012+dfsg-8+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"phpgroupware-0.9.16-calendar", ver:"0.9.16.012+dfsg-8+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"phpgroupware-0.9.16-addressbook", ver:"0.9.16.012+dfsg-8+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"phpgroupware", ver:"0.9.16.012+dfsg-8+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"phpgroupware-0.9.16-news-admin", ver:"0.9.16.012+dfsg-8+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"phpgroupware-0.9.16-manual", ver:"0.9.16.012+dfsg-8+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"phpgroupware-0.9.16-filemanager", ver:"0.9.16.012+dfsg-8+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"phpgroupware-0.9.16-phpgwapi", ver:"0.9.16.012+dfsg-8+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"phpgroupware-0.9.16-preferences", ver:"0.9.16.012+dfsg-8+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"phpgroupware-0.9.16", ver:"0.9.16.012+dfsg-8+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"phpgroupware-0.9.16-core", ver:"0.9.16.012+dfsg-8+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"phpgroupware-0.9.16-admin", ver:"0.9.16.012+dfsg-8+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"phpgroupware-0.9.16-notes", ver:"0.9.16.012+dfsg-8+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"phpgroupware-0.9.16-doc", ver:"0.9.16.012+dfsg-8+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"phpgroupware-0.9.16-phpgwapi-doc", ver:"0.9.16.012+dfsg-8+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"phpgroupware-0.9.16-setup", ver:"0.9.16.012+dfsg-8+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"phpgroupware-0.9.16-todo", ver:"0.9.16.012+dfsg-8+lenny1", rls:"DEB5.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1980_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1980_1.nasl 2010-02-01 16:24:34 UTC (rev 6603) +++ trunk/openvas-plugins/scripts/deb_1980_1.nasl 2010-02-01 17:25:19 UTC (rev 6604) @@ -0,0 +1,104 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1980-1 (ircd-hybrid/ircd-ratbox) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66773); + script_cve_id("CVE-2009-4016", "CVE-2010-0300"); + script_version ("$Revision$"); + script_name("Debian Security Advisory DSA 1980-1 (ircd-hybrid/ircd-ratbox)"); + + desc = "The remote host is missing an update to ircd-hybrid/ircd-ratbox +announced via advisory DSA 1980-1. + + +David Leadbeater discovered an integer underflow that could be triggered +via the LINKS command and can lead to a denial of service or the +execution of arbitrary code (CVE-2009-4016). This issue affects both, +ircd-hybrid and ircd-ratbox. + +It was discovered that the ratbox IRC server is prone to a denial of +service attack via the HELP command. The ircd-hybrid package is not +vulnerable to this issue (CVE-2010-0300). + + +For the stable distribution (lenny), this problem has been fixed in +version 1:7.2.2.dfsg.2-4+lenny1 of the ircd-hybrid package and in +version 2.2.8.dfsg-2+lenny1 of ircd-ratbox. + +Due to a bug in the archive software it was not possible to release the +fix for the oldstable distribution (etch) simultaneously. The packages +will be released as version 7.2.2.dfsg.2-3+etch1 once they become +available. + +For the testing distribution (squeeze) and the unstable distribution +(sid), this problem will be fixed soon. + + +We recommend that you upgrade your ircd-hybrid/ircd-ratbox packages. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201980-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Debian Security Advisory DSA 1980-1 (ircd-hybrid/ircd-ratbox)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com"); + script_family("Debian Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"hybrid-dev", ver:"7.2.2.dfsg.2-4+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"ircd-ratbox", ver:"2.2.8.dfsg-2+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"ircd-ratbox-dbg", ver:"2.2.8.dfsg-2+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"ircd-hybrid", ver:"7.2.2.dfsg.2-4+lenny1", rls:"DEB5.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1981_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1981_1.nasl 2010-02-01 16:24:34 UTC (rev 6603) +++ trunk/openvas-plugins/scripts/deb_1981_1.nasl 2010-02-01 17:25:19 UTC (rev 6604) @@ -0,0 +1,89 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1981-1 (maildrop) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66774); + script_version ("$Revision$"); + script_name("Debian Security Advisory DSA 1981-1 (maildrop)"); + + desc = "The remote host is missing an update to maildrop +announced via advisory DSA 1981-1. + + +Christoph Anton Mitterer discovered that maildrop, a mail delivery agent +with filtering abilities, is prone to a privilege escalation issue that +grants a user root group privileges. + + +For the stable distribution (lenny), this problem has been fixed in +version 2.0.4-3+lenny1. + +For the oldstable distribution (etch), this problem has been fixed in +version 2.0.2-11+etch1. + +For the testing distribution (squeeze) and the unstable distribution +(sid), this problem will be fixed soon. + + +We recommend that you upgrade your maildrop packages. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201981-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Debian Security Advisory DSA 1981-1 (maildrop)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com"); + script_family("Debian Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"maildrop", ver:"2.0.2-11+etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"maildrop", ver:"2.0.4-3+lenny1", rls:"DEB5.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1981_2.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1981_2.nasl 2010-02-01 16:24:34 UTC (rev 6603) +++ trunk/openvas-plugins/scripts/deb_1981_2.nasl 2010-02-01 17:25:19 UTC (rev 6604) @@ -0,0 +1,97 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1981-2 (maildrop) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66775); + script_cve_id("CVE-2010-0301"); + script_version ("$Revision$"); + script_name("Debian Security Advisory DSA 1981-2 (maildrop)"); + + desc = "The remote host is missing an update to maildrop +announced via advisory DSA 1981-2. + +The latest DSA for maildrop introduced two regressions. The maildrop +program stopped working when invoked as a non-root user, such as with +postfix. Also, the lenny version dropped a dependency on the +courier-authlib package. + + +For the stable distribution (lenny), this problem has been fixed in +version 2.0.4-3+lenny3. + +For the oldstable distribution (etch), this problem has been fixed in +version 2.0.2-11+etch2. + +For the testing distribution (squeeze) this problem will be fixed soon. + +For the unstable distribution (sid), this problem has been fixed in +version 2.2.0-3.1. + +For reference, the original advisory text is below. + +Christoph Anton Mitterer discovered that maildrop, a mail delivery agent +with filtering abilities, is prone to a privilege escalation issue that +grants a user root group privileges. + +We recommend that you upgrade your maildrop packages. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201981-2 + +Risk factor : High"; + + script_description(desc); + + script_summary("Debian Security Advisory DSA 1981-2 (maildrop)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com"); + script_family("Debian Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"maildrop", ver:"2.0.2-11+etch2", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"maildrop", ver:"2.0.4-3+lenny3", rls:"DEB5.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} From scm-commit at wald.intevation.org Mon Feb 1 19:59:48 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 1 Feb 2010 19:59:48 +0100 (CET) Subject: [Openvas-commits] r6605 - in trunk/gsa: . src/html/src Message-ID: <20100201185948.E23A2865FAC6@pyrosoma.intevation.org> Author: mattm Date: 2010-02-01 19:59:48 +0100 (Mon, 01 Feb 2010) New Revision: 6605 Modified: trunk/gsa/ChangeLog trunk/gsa/src/html/src/omp.xsl Log: * src/html/src/omp.xsl (lsc_credential) [details]: Remove colon from heading. Modified: trunk/gsa/ChangeLog =================================================================== --- trunk/gsa/ChangeLog 2010-02-01 17:25:19 UTC (rev 6604) +++ trunk/gsa/ChangeLog 2010-02-01 18:59:48 UTC (rev 6605) @@ -1,3 +1,8 @@ +2010-02-01 Matthew Mundell + + * src/html/src/omp.xsl (lsc_credential) [details]: Remove colon from + heading. + 2010-02-01 Jan-Oliver Wagner * src/html/src/omp.xsl: Made file entries have same length Modified: trunk/gsa/src/html/src/omp.xsl =================================================================== --- trunk/gsa/src/html/src/omp.xsl 2010-02-01 17:25:19 UTC (rev 6604) +++ trunk/gsa/src/html/src/omp.xsl 2010-02-01 18:59:48 UTC (rev 6605) @@ -1485,7 +1485,7 @@

Targets using this Credential: None

Targets using this Credential:

Targets using this Credential

From scm-commit at wald.intevation.org Mon Feb 1 21:54:16 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 1 Feb 2010 21:54:16 +0100 (CET) Subject: [Openvas-commits] r6606 - in trunk/openvas-manager: . src Message-ID: <20100201205416.6A437865FAA6@pyrosoma.intevation.org> Author: mattm Date: 2010-02-01 21:54:04 +0100 (Mon, 01 Feb 2010) New Revision: 6606 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/manage.c trunk/openvas-manager/src/manage.h trunk/openvas-manager/src/omp.c trunk/openvas-manager/src/tasks_sql.h Log: * src/tasks_sql.h (target_lsc_credential_name): Remove. (target_lsc_credential): New function. (init_lsc_credential_iterator): Take lsc_credential_t instead of credential name. * src/manage.h: Update header accordingly. * src/manage.c (start_task): Pass lsc_credential_t to init_lsc_credential_iterator instead of name. * src/omp.c (omp_xml_handle_end_element): In CLIENT_GET_LSC_CREDENTIALS pass lsc_credential_t to init_lsc_credential_iterator instead of name. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-01 18:59:48 UTC (rev 6605) +++ trunk/openvas-manager/ChangeLog 2010-02-01 20:54:04 UTC (rev 6606) @@ -1,5 +1,20 @@ 2010-02-01 Matthew Mundell + * src/tasks_sql.h (target_lsc_credential_name): Remove. + (target_lsc_credential): New function. + (init_lsc_credential_iterator): Take lsc_credential_t instead of + credential name. + + * src/manage.h: Update header accordingly. + + * src/manage.c (start_task): Pass lsc_credential_t to + init_lsc_credential_iterator instead of name. + + * src/omp.c (omp_xml_handle_end_element): In CLIENT_GET_LSC_CREDENTIALS + pass lsc_credential_t to init_lsc_credential_iterator instead of name. + +2010-02-01 Matthew Mundell + * src/tasks_sql.h (init_manage): Put fullstop on empty config description. 2010-02-01 Matthew Mundell Modified: trunk/openvas-manager/src/manage.c =================================================================== --- trunk/openvas-manager/src/manage.c 2010-02-01 18:59:48 UTC (rev 6605) +++ trunk/openvas-manager/src/manage.c 2010-02-01 20:54:04 UTC (rev 6606) @@ -908,6 +908,7 @@ GSList *files = NULL; task_status_t run_status; config_t config_id; + lsc_credential_t credential; tracef (" start task %u\n", task_id (task)); @@ -952,11 +953,13 @@ return -4; } + credential = target_lsc_credential (target); + free (target); + /* Create the report. */ if (create_report (task, report_id, TASK_STATUS_REQUESTED)) { - free (target); free (hosts); set_task_run_status (task, run_status); return -3; @@ -1005,7 +1008,6 @@ if (send_to_server ("CLIENT <|> PREFERENCES <|>\n")) { - free (target); free (hosts); set_task_run_status (task, run_status); current_report = (report_t) 0; @@ -1017,7 +1019,6 @@ config = task_config_name (task); if (config == NULL) { - free (target); free (hosts); tracef (" task config is NULL.\n"); set_task_run_status (task, run_status); @@ -1027,7 +1028,6 @@ if (find_config (config, &config_id) || (config_id == 0)) { - free (target); free (hosts); set_task_run_status (task, run_status); current_report = (report_t) 0; @@ -1044,7 +1044,6 @@ free (plugins); if (fail) { - free (target); free (hosts); free (config); set_task_run_status (task, run_status); @@ -1056,7 +1055,6 @@ if (send_to_server ("ntp_keep_communication_alive <|> yes\n")) { - free (target); free (hosts); free (config); set_task_run_status (task, run_status); @@ -1065,7 +1063,6 @@ } if (send_to_server ("ntp_client_accepts_notes <|> yes\n")) { - free (target); free (hosts); free (config); set_task_run_status (task, run_status); @@ -1075,7 +1072,6 @@ // FIX still getting FINISHED msgs if (send_to_server ("ntp_opt_show_end <|> no\n")) { - free (target); free (hosts); free (config); set_task_run_status (task, run_status); @@ -1084,7 +1080,6 @@ } if (send_to_server ("ntp_short_status <|> no\n")) { - free (target); free (hosts); free (config); set_task_run_status (task, run_status); @@ -1096,7 +1091,6 @@ if (send_config_preferences (config, "SERVER_PREFS")) { - free (target); free (hosts); free (config); set_task_run_status (task, run_status); @@ -1105,7 +1099,6 @@ } if (send_config_preferences (config, "PLUGINS_PREFS")) { - free (target); free (hosts); free (config); set_task_run_status (task, run_status); @@ -1115,48 +1108,40 @@ /* Send credential preferences if there's a credential linked to target. */ - { - iterator_t credentials; - char *credential = target_lsc_credential_name (target); + if (credential) + { + iterator_t credentials; - if (credential) - { - init_lsc_credential_iterator (&credentials, credential, 1, NULL); - if (next (&credentials)) - { - const char *user = lsc_credential_iterator_login (&credentials); - const char *password = lsc_credential_iterator_password (&credentials); + init_lsc_credential_iterator (&credentials, credential, 1, NULL); + if (next (&credentials)) + { + const char *user = lsc_credential_iterator_login (&credentials); + const char *password = lsc_credential_iterator_password (&credentials); - if (sendf_to_server ("SMB Authorization[entry]:SMB login: <|> %s\n", - user) - || sendf_to_server ("SMB Authorization[password]:SMB password:" - " <|> %s\n", - password) - || sendf_to_server ("SSH Authorization[entry]:SSH login name:" - " <|> %s\n", - user) - || sendf_to_server ("SSH Authorization[password]:" - "SSH password (unsafe!):" - " <|> %s\n", - password)) - { - free (credential); - free (target); - free (hosts); - free (config); - cleanup_iterator (&credentials); - set_task_run_status (task, run_status); - current_report = (report_t) 0; - return -10; - } - } - cleanup_iterator (&credentials); - free (credential); - } - } + if (sendf_to_server ("SMB Authorization[entry]:SMB login: <|> %s\n", + user) + || sendf_to_server ("SMB Authorization[password]:SMB password:" + " <|> %s\n", + password) + || sendf_to_server ("SSH Authorization[entry]:SSH login name:" + " <|> %s\n", + user) + || sendf_to_server ("SSH Authorization[password]:" + "SSH password (unsafe!):" + " <|> %s\n", + password)) + { + free (hosts); + free (config); + cleanup_iterator (&credentials); + set_task_run_status (task, run_status); + current_report = (report_t) 0; + return -10; + } + } + cleanup_iterator (&credentials); + } - free (target); - if (send_to_server ("<|> CLIENT\n")) { free (hosts); Modified: trunk/openvas-manager/src/manage.h =================================================================== --- trunk/openvas-manager/src/manage.h 2010-02-01 18:59:48 UTC (rev 6605) +++ trunk/openvas-manager/src/manage.h 2010-02-01 20:54:04 UTC (rev 6606) @@ -1001,7 +1001,7 @@ delete_lsc_credential (lsc_credential_t); void -init_lsc_credential_iterator (iterator_t*, const char*, int, const char*); +init_lsc_credential_iterator (iterator_t*, lsc_credential_t, int, const char*); const char* lsc_credential_iterator_name (iterator_t*); Modified: trunk/openvas-manager/src/omp.c =================================================================== --- trunk/openvas-manager/src/omp.c 2010-02-01 18:59:48 UTC (rev 6605) +++ trunk/openvas-manager/src/omp.c 2010-02-01 20:54:04 UTC (rev 6606) @@ -8476,6 +8476,8 @@ { iterator_t credentials; int format; + lsc_credential_t lsc_credential = 0; + assert (strcasecmp ("GET_LSC_CREDENTIALS", element_name) == 0); if (current_format) @@ -8499,18 +8501,32 @@ } else format = 0; + if (format == -1) SEND_TO_CLIENT_OR_FAIL (XML_ERROR_SYNTAX ("get_lsc_credentials", "GET_LSC_CREDENTIALS format attribute should" " be \"key\", \"rpm\", \"deb\" or \"exe\".")); + else if (current_uuid + && find_lsc_credential (current_uuid, &lsc_credential)) + SEND_TO_CLIENT_OR_FAIL (XML_INTERNAL_ERROR ("get_lsc_credentials")); + else if (current_uuid && (lsc_credential == 0)) + { + if (send_find_error_to_client ("get_lsc_credentials", + "lsc_credential", + current_uuid)) + { + error_send_to_client (error); + return; + } + } else { SEND_TO_CLIENT_OR_FAIL (""); init_lsc_credential_iterator (&credentials, - current_uuid, + lsc_credential, /* Attribute sort_order. */ current_int_2, /* Attribute sort_field. */ @@ -8635,6 +8651,7 @@ SEND_TO_CLIENT_OR_FAIL (""); } openvas_free_string_var (¤t_name); + openvas_free_string_var (¤t_uuid); set_client_state (CLIENT_AUTHENTIC); break; } Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2010-02-01 18:59:48 UTC (rev 6605) +++ trunk/openvas-manager/src/tasks_sql.h 2010-02-01 20:54:04 UTC (rev 6606) @@ -6539,16 +6539,15 @@ return hosts; } -/** @todo Make static? */ /** - * @brief Return the name of any credential associated with a target. + * @brief Return the credential associated with a target, if any. * * @param[in] name Target name. * - * @return Name of credential if any, else NULL. + * @return Credential if any, else 0. */ -char* -target_lsc_credential_name (const char *name) +static lsc_credential_t +target_lsc_credential (const char *name) { int ret; lsc_credential_t lsc_credential; @@ -6557,7 +6556,7 @@ if (user_owns ("target", quoted_name) == 0) { g_free (quoted_name); - return NULL; + return 0; } ret = sql_int64 (&lsc_credential, 0, 0, @@ -6570,18 +6569,16 @@ case 0: break; case 1: /* Too few rows in result of query. */ - return NULL; + return 0; break; default: /* Programming error. */ assert (0); case -1: /** @todo Move return to arg; return -1. */ - return NULL; + return 0; break; } - return sql_string (0, 0, - "SELECT name FROM lsc_credentials WHERE ROWID = %llu;", - lsc_credential); + return lsc_credential; } /** @@ -10626,35 +10623,32 @@ * @brief Initialise an LSC Credential iterator. * * @param[in] iterator Iterator. - * @param[in] name Name of single credential to iterate, NULL for all. + * @param[in] credential Single LSC credential to iterate, 0 for all. * @param[in] ascending Whether to sort ascending or descending. * @param[in] sort_field Field to sort on, or NULL for "ROWID". */ void -init_lsc_credential_iterator (iterator_t* iterator, const char *name, - int ascending, const char* sort_field) +init_lsc_credential_iterator (iterator_t* iterator, + lsc_credential_t lsc_credential, int ascending, + const char* sort_field) { assert (current_credentials.uuid); - if (name && strlen (name)) - { - gchar *quoted_name = sql_quote (name); - init_iterator (iterator, - "SELECT name, login, password, comment, public_key," - " private_key, rpm, deb, exe," - " (SELECT count(*) > 0 FROM targets" - " WHERE lsc_credential = lsc_credentials.ROWID)" - " FROM lsc_credentials" - " WHERE name = '%s'" - " AND ((owner IS NULL) OR (owner =" - " (SELECT ROWID FROM users WHERE users.uuid = '%s')))" - " ORDER BY %s %s;", - quoted_name, - current_credentials.uuid, - sort_field ? sort_field : "ROWID", - ascending ? "ASC" : "DESC"); - g_free (quoted_name); - } + if (lsc_credential) + init_iterator (iterator, + "SELECT name, login, password, comment, public_key," + " private_key, rpm, deb, exe," + " (SELECT count(*) > 0 FROM targets" + " WHERE lsc_credential = lsc_credentials.ROWID)" + " FROM lsc_credentials" + " WHERE ROWID = %llu" + " AND ((owner IS NULL) OR (owner =" + " (SELECT ROWID FROM users WHERE users.uuid = '%s')))" + " ORDER BY %s %s;", + lsc_credential, + current_credentials.uuid, + sort_field ? sort_field : "ROWID", + ascending ? "ASC" : "DESC"); else init_iterator (iterator, "SELECT name, login, password, comment, public_key," From scm-commit at wald.intevation.org Mon Feb 1 22:27:37 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 1 Feb 2010 22:27:37 +0100 (CET) Subject: [Openvas-commits] r6607 - in trunk/openvas-manager: . src Message-ID: <20100201212737.34C9C865F4A6@pyrosoma.intevation.org> Author: mattm Date: 2010-02-01 22:27:34 +0100 (Mon, 01 Feb 2010) New Revision: 6607 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/manage.h trunk/openvas-manager/src/omp.c trunk/openvas-manager/src/tasks_sql.h Log: * src/tasks_sql.h (init_lsc_credential_iterator): Add ROWID. (lsc_credential_iterator_lsc_credential): New function. (lsc_credential_iterator_name, lsc_credential_iterator_login) (lsc_credential_iterator_password, lsc_credential_iterator_public_key) (lsc_credential_iterator_private_key, lsc_credential_iterator_rpm) (lsc_credential_iterator_deb, lsc_credential_iterator_exe) (lsc_credential_iterator_comment, lsc_credential_iterator_in_use): Adjust column position. (init_lsc_credential_target_iterator): Take lsc_credential_t instead of name. * src/manage.h: Add header accordingly. * src/omp.c (omp_xml_handle_end_element): In CLIENT_GET_LSC_CREDENTIALS Pass lsc_credential_t to init_lsc_credential_target_iterator instead of passing name. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-01 20:54:04 UTC (rev 6606) +++ trunk/openvas-manager/ChangeLog 2010-02-01 21:27:34 UTC (rev 6607) @@ -1,5 +1,24 @@ 2010-02-01 Matthew Mundell + * src/tasks_sql.h (init_lsc_credential_iterator): Add ROWID. + (lsc_credential_iterator_lsc_credential): New function. + (lsc_credential_iterator_name, lsc_credential_iterator_login) + (lsc_credential_iterator_password, lsc_credential_iterator_public_key) + (lsc_credential_iterator_private_key, lsc_credential_iterator_rpm) + (lsc_credential_iterator_deb, lsc_credential_iterator_exe) + (lsc_credential_iterator_comment, lsc_credential_iterator_in_use): Adjust + column position. + (init_lsc_credential_target_iterator): Take lsc_credential_t instead of + name. + + * src/manage.h: Add header accordingly. + + * src/omp.c (omp_xml_handle_end_element): In CLIENT_GET_LSC_CREDENTIALS + Pass lsc_credential_t to init_lsc_credential_target_iterator instead of + passing name. + +2010-02-01 Matthew Mundell + * src/tasks_sql.h (target_lsc_credential_name): Remove. (target_lsc_credential): New function. (init_lsc_credential_iterator): Take lsc_credential_t instead of Modified: trunk/openvas-manager/src/manage.h =================================================================== --- trunk/openvas-manager/src/manage.h 2010-02-01 20:54:04 UTC (rev 6606) +++ trunk/openvas-manager/src/manage.h 2010-02-01 21:27:34 UTC (rev 6607) @@ -1003,6 +1003,9 @@ void init_lsc_credential_iterator (iterator_t*, lsc_credential_t, int, const char*); +lsc_credential_t +lsc_credential_iterator_lsc_credential (iterator_t*); + const char* lsc_credential_iterator_name (iterator_t*); @@ -1034,7 +1037,7 @@ lsc_credential_name (lsc_credential_t); void -init_lsc_credential_target_iterator (iterator_t*, const char *, int); +init_lsc_credential_target_iterator (iterator_t*, lsc_credential_t, int); const char* lsc_credential_target_iterator_name (iterator_t*); Modified: trunk/openvas-manager/src/omp.c =================================================================== --- trunk/openvas-manager/src/omp.c 2010-02-01 20:54:04 UTC (rev 6606) +++ trunk/openvas-manager/src/omp.c 2010-02-01 21:27:34 UTC (rev 6607) @@ -8609,10 +8609,8 @@ break; default: { - const char *name; iterator_t targets; - name = lsc_credential_iterator_name (&credentials); SENDF_TO_CLIENT_OR_FAIL ("" "%s" @@ -8621,18 +8619,19 @@ "%i" "%s" "", - name, + lsc_credential_iterator_name (&credentials), lsc_credential_iterator_login (&credentials), lsc_credential_iterator_comment (&credentials), lsc_credential_iterator_in_use (&credentials), lsc_credential_iterator_public_key (&credentials) ? "gen" : "pass"); - /** @todo Pass lsc_credential_t instead of name. */ - init_lsc_credential_target_iterator (&targets, - name, - /* sort_order. */ - current_int_2); + init_lsc_credential_target_iterator + (&targets, + lsc_credential_iterator_lsc_credential + (&credentials), + /* sort_order. */ + current_int_2); while (next (&targets)) SENDF_TO_CLIENT_OR_FAIL ("" Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2010-02-01 20:54:04 UTC (rev 6606) +++ trunk/openvas-manager/src/tasks_sql.h 2010-02-01 21:27:34 UTC (rev 6607) @@ -10636,7 +10636,7 @@ if (lsc_credential) init_iterator (iterator, - "SELECT name, login, password, comment, public_key," + "SELECT ROWID, name, login, password, comment, public_key," " private_key, rpm, deb, exe," " (SELECT count(*) > 0 FROM targets" " WHERE lsc_credential = lsc_credentials.ROWID)" @@ -10651,7 +10651,7 @@ ascending ? "ASC" : "DESC"); else init_iterator (iterator, - "SELECT name, login, password, comment, public_key," + "SELECT ROWID, name, login, password, comment, public_key," " private_key, rpm, deb, exe," " (SELECT count(*) > 0 FROM targets" " WHERE lsc_credential = lsc_credentials.ROWID)" @@ -10664,31 +10664,38 @@ ascending ? "ASC" : "DESC"); } -DEF_ACCESS (lsc_credential_iterator_name, 0); -DEF_ACCESS (lsc_credential_iterator_login, 1); -DEF_ACCESS (lsc_credential_iterator_password, 2); +lsc_credential_t +lsc_credential_iterator_lsc_credential (iterator_t* iterator) +{ + if (iterator->done) return 0; + return (lsc_credential_t) sqlite3_column_int64 (iterator->stmt, 0); +} +DEF_ACCESS (lsc_credential_iterator_name, 1); +DEF_ACCESS (lsc_credential_iterator_login, 2); +DEF_ACCESS (lsc_credential_iterator_password, 3); + const char* lsc_credential_iterator_comment (iterator_t* iterator) { const char *ret; if (iterator->done) return ""; - ret = (const char*) sqlite3_column_text (iterator->stmt, 3); + ret = (const char*) sqlite3_column_text (iterator->stmt, 4); return ret ? ret : ""; } -DEF_ACCESS (lsc_credential_iterator_public_key, 4); -DEF_ACCESS (lsc_credential_iterator_private_key, 5); -DEF_ACCESS (lsc_credential_iterator_rpm, 6); -DEF_ACCESS (lsc_credential_iterator_deb, 7); -DEF_ACCESS (lsc_credential_iterator_exe, 8); +DEF_ACCESS (lsc_credential_iterator_public_key, 5); +DEF_ACCESS (lsc_credential_iterator_private_key, 6); +DEF_ACCESS (lsc_credential_iterator_rpm, 7); +DEF_ACCESS (lsc_credential_iterator_deb, 8); +DEF_ACCESS (lsc_credential_iterator_exe, 9); int lsc_credential_iterator_in_use (iterator_t* iterator) { int ret; if (iterator->done) return -1; - ret = (int) sqlite3_column_int (iterator->stmt, 9); + ret = (int) sqlite3_column_int (iterator->stmt, 10); return ret; } @@ -10700,28 +10707,25 @@ lsc_credential); } -/** @todo Adjust omp.c caller, replace name with a config_t. */ /** * @brief Initialise an LSC credential target iterator. * * Iterates over all targets that use the credential. * - * @param[in] iterator Iterator. - * @param[in] name Name of credential. - * @param[in] ascending Whether to sort ascending or descending. + * @param[in] iterator Iterator. + * @param[in] lsc_credential Name of LSC credential. + * @param[in] ascending Whether to sort ascending or descending. */ void -init_lsc_credential_target_iterator (iterator_t* iterator, const char *name, +init_lsc_credential_target_iterator (iterator_t* iterator, + lsc_credential_t lsc_credential, int ascending) { - gchar *quoted_name = sql_quote (name); init_iterator (iterator, - "SELECT name FROM targets WHERE lsc_credential =" - " (SELECT ROWID FROM lsc_credentials WHERE name = '%s')" + "SELECT name FROM targets WHERE lsc_credential = %llu" " ORDER BY name %s;", - quoted_name, + lsc_credential, ascending ? "ASC" : "DESC"); - g_free (quoted_name); } DEF_ACCESS (lsc_credential_target_iterator_name, 0); From scm-commit at wald.intevation.org Tue Feb 2 07:26:34 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 2 Feb 2010 07:26:34 +0100 (CET) Subject: [Openvas-commits] r6608 - in trunk/openvas-plugins: . scripts Message-ID: <20100202062634.CAD53865FAA6@pyrosoma.intevation.org> Author: chandra Date: 2010-02-02 07:26:26 +0100 (Tue, 02 Feb 2010) New Revision: 6608 Added: trunk/openvas-plugins/scripts/gb_mort_bay_jetty_mult_vuln.nasl trunk/openvas-plugins/scripts/gb_mort_bay_jetty_mult_xss_vuln.nasl trunk/openvas-plugins/scripts/gb_sun_java_sys_web_serv_dos_vuln_win.nasl trunk/openvas-plugins/scripts/gb_sun_java_sys_web_serv_heap_bof_vuln_lin.nasl trunk/openvas-plugins/scripts/secpod_realplayer_asm_ruleboook_bof_lin.nasl trunk/openvas-plugins/scripts/secpod_realplayer_asm_ruleboook_bof_win.nasl trunk/openvas-plugins/scripts/secpod_realplayer_detect_lin.nasl trunk/openvas-plugins/scripts/secpod_realplayer_mult_code_exec_vuln_lin.nasl trunk/openvas-plugins/scripts/secpod_realplayer_mult_code_exec_vuln_win.nasl trunk/openvas-plugins/scripts/secpod_realplayer_smil_bof_lin.nasl trunk/openvas-plugins/scripts/secpod_systemtap_shell_cmd_injection_vuln.nasl Modified: trunk/openvas-plugins/ChangeLog Log: Added new plugins Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2010-02-01 21:27:34 UTC (rev 6607) +++ trunk/openvas-plugins/ChangeLog 2010-02-02 06:26:26 UTC (rev 6608) @@ -1,3 +1,18 @@ +2010-02-02 Chandrashekhar B + + * scripts/gb_sun_java_sys_web_serv_dos_vuln_win.nasl, + scripts/secpod_systemtap_shell_cmd_injection_vuln.nasl, + scripts/secpod_realplayer_asm_ruleboook_bof_win.nasl, + scripts/secpod_realplayer_mult_code_exec_vuln_lin.nasl, + scripts/gb_mort_bay_jetty_mult_vuln.nasl, + scripts/gb_mort_bay_jetty_mult_xss_vuln.nasl, + scripts/secpod_realplayer_detect_lin.nasl, + scripts/secpod_realplayer_asm_ruleboook_bof_lin.nasl, + scripts/secpod_realplayer_mult_code_exec_vuln_win.nasl, + scripts/gb_sun_java_sys_web_serv_heap_bof_vuln_lin.nasl, + scripts/secpod_realplayer_smil_bof_lin.nasl: + Added new plugins. + 2010-02-01 Thomas Reinke * scripts/deb_1968_2.nasl, Added: trunk/openvas-plugins/scripts/gb_mort_bay_jetty_mult_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_mort_bay_jetty_mult_vuln.nasl 2010-02-01 21:27:34 UTC (rev 6607) +++ trunk/openvas-plugins/scripts/gb_mort_bay_jetty_mult_vuln.nasl 2010-02-02 06:26:26 UTC (rev 6608) @@ -0,0 +1,102 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_mort_bay_jetty_mult_vuln.nasl 6816 2010-02-01 12:33:29 feb $ +# +# Mort Bay Jetty Multiple Vulnerabilities +# +# Authors: +# Madhuri D +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800286); + script_version("$Revision$: 1.0"); + script_cve_id("CVE-2009-4609", "CVE-2009-4610", "CVE-2009-4611", "CVE-2009-4612"); + script_name("Mort Bay Jetty Multiple Vulnerabilities"); + desc = " + Overview: This host is running Mort Bay Jetty and is prone to multiple + vulnerabilities. + + Vulnerability Insight: + Inputs passed to the query string to 'jsp/dump.jsp' and to Name or Value + parameter in 'Session Dump Servlet' is not properly sanitised before being + returned to the user. + + Impact: + Successful exploitation could allow remote attackers to execute arbitrary HTML + and script code in a user's browser session and execute arbitrary commands or + overwrite files in the context of an affected site. + + Impact Level: Application. + + Affected Software/OS: + Jetty version 6.0.0 to 7.0.0 + + Fix: + No solution or patch is available as on 01st, February, 2010. Information + regarding this issue will be updated once the solution details are available. + For updates refer, http://www.mortbay.org/jetty + + Workaround: + Apply workaround from below link, + http://seclists.org/fulldisclosure/2009/Oct/319 + + References: + http://seclists.org/fulldisclosure/2009/Oct/319 + http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt + + CVSS Score: + CVSS Base Score : 5.0 (AV:N/AC:L/Au:NR/C:P/I:N/A:N) + CVSS Temporal Score : 4.0 + Risk factor : Medium"; + + script_description(desc); + script_summary("Check for the version of Mort Bay Jetty"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("gb_jetty_detect.nasl"); + script_family("Web application abuses"); + script_require_ports("Services/www", 8080); + exit(0); +} + + +include("http_func.inc"); +include("version_func.inc"); + +jettyPort = get_http_port(default:8080); +if(!jettyPort){ + exit(0); +} + +jettyVer = get_kb_item("www/" + jettyPort + "/Jetty"); +if(!jettyVer){ + exit(0); +} + +jettyVer = eregmatch(pattern:"([0-9.]+)", string:jettyVer); +if(jettyVer[1] != NULL) +{ + if(version_in_range(version:jettyVer[1], test_version:"6.0.0", test_version2:"7.0.0")){ + security_warning(jettyPort); + } +} + + Added: trunk/openvas-plugins/scripts/gb_mort_bay_jetty_mult_xss_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_mort_bay_jetty_mult_xss_vuln.nasl 2010-02-01 21:27:34 UTC (rev 6607) +++ trunk/openvas-plugins/scripts/gb_mort_bay_jetty_mult_xss_vuln.nasl 2010-02-02 06:26:26 UTC (rev 6608) @@ -0,0 +1,113 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_mort_bay_jetty_mult_xss_vuln.nasl 6816 2010-02-01 12:33:29 feb $ +# +# MortMort Bay Jetty Multiple Cross Site Scripting Vulnerabilities +# +# Authors: +# Madhuri D +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800285); + script_version("$Revision$: 1.0"); + script_cve_id("CVE-2009-4612"); + script_name("Mort Bay Jetty Multiple Cross-Site Scripting Vulnerabilities"); + desc = " + Overview: This host is running Mort Bay Jetty and is prone to multiple Cross + Site Scripting vulnerabilities. + + Vulnerability Insight: + Multiple flaws exists due to error in 'PATH_INFO' parameter, it is not + properly sanitised data before used via the default URI under 'jspsnoop/', + 'jspsnoop/ERROR/', 'jspsnoop/IOException/' and 'snoop.jsp' + + Impact: + Successful exploitation could allow remote attackers to execute arbitrary HTML + and script code in a user's browser session in the context of an affected site + allowing Cross-Site Scripting attacks. + + Impact Level: Application. + + Affected Software/OS: + Jetty version 6.0.x to 6.1.21 + + Fix: + No solution or patch is available as on 01st, February, 2010. Information + regarding this issue will be updated once the solution details are available. + For updates refer, http://www.mortbay.org/jetty/ + + Workaround: + Apply workaround from below link, + http://seclists.org/fulldisclosure/2009/Oct/319 + + References: + http://seclists.org/fulldisclosure/2009/Oct/319 + http://www.ush.it/team/ush/hack_httpd_escape/adv.txt + + CVSS Score: + CVSS Base Score : 5.0 (AV:N/AC:L/Au:NR/C:P/I:N/A:N) + CVSS Temporal Score : 4.5 + Risk factor : Medium"; + + script_description(desc); + script_summary("Check for the version of Mort Bay Jetty"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("gb_jetty_detect.nasl"); + script_family("Web application abuses"); + script_require_ports("Services/www", 8080); + exit(0); +} + + +include("http_func.inc"); +include("version_func.inc"); + +jettyPort = get_http_port(default:8080); +if(!jettyPort){ + exit(0); +} + +jettyVer = get_kb_item("www/" + jettyPort + "/Jetty"); +if(!jettyVer){ + exit(0); +} + +jettyVer = eregmatch(pattern:"([0-9.]+)", string:jettyVer); +if(!safe_checks()) +{ + sndReq = http_get(item:string(jettyVer, "/jspsnoop/%3Cscript%3Ealert(123)%" + + "3C/script%3E"), port:jettyPort); + rcvRes = http_send_recv(port:jettyPort, data:sndReq); + if("123" >< rcvRes); + { + security_warning(jettyPort); + exit(0); + } +} + +if(jettyVer[1] != NULL) +{ + if(version_in_range(version:jettyVer[1], test_version:"6.0.0", test_version2:"6.1.21")){ + security_warning(jettyPort); + } +} + Added: trunk/openvas-plugins/scripts/gb_sun_java_sys_web_serv_dos_vuln_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_sun_java_sys_web_serv_dos_vuln_win.nasl 2010-02-01 21:27:34 UTC (rev 6607) +++ trunk/openvas-plugins/scripts/gb_sun_java_sys_web_serv_dos_vuln_win.nasl 2010-02-02 06:26:26 UTC (rev 6608) @@ -0,0 +1,140 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_sun_java_sys_web_serv_dos_vuln_win.nasl 6969 2010-01-29 17:57:42Z jan $ +# +# Sun Java System Web Server Denial of Service Vulnerability (Win) +# +# Authors: +# Veerendra G +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800161); + script_version("$Revision$: 1.0"); + script_cve_id("CVE-2010-0388","CVE-2010-0389"); + script_bugtraq_id(37910); + script_name("Sun Java System Web Server Denial of Service Vulnerability (Win)"); + desc = " + Overview: This host has Sun Java Web Server running which is prone to + Denial of Service Vulnerability. + + Vulnerability Insight: + - Format string vulnerability in the WebDAV implementation in webservd that + can be exploited to cause denial of service via format string specifiers + in the encoding attribute of the XML declaration in a PROPFIND request. + - An unspecified error in admin server that can be exploited to cause + denial of service via an HTTP request that lacks a method token. + + Impact: + Successful exploitation lets the attackers to cause a denial of service + via HTTP request that lacks a method token or format string specifiers + in PROPFIND request. + + Impact Level: Application + + Affected Software/OS: + Sun Java System Web Server version 7.0 update 6 on Windows. + Sun Java System Web Server version 7.0 update 7 on Windows. + + Fix: + No solution or patch is available as on 29th January, 2010. Information + regarding this issue will be updated once the solution details are available. + For updates refer, http://www.sun.com/ + + References: + http://xforce.iss.net/xforce/xfdb/55812 + http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70-webdav.html + http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70-admin.html + + CVSS Score: + CVSS Base Score : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P) + CVSS Temporal Score : 6.7 + Risk factor: High"; + + script_description(desc); + script_summary("Check for the version of Java System Web Server"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2010 Greenbone Networks GmbH"); + script_family("Denial of Service"); + script_dependencies("gb_sun_java_sys_web_serv_detect.nasl", + "secpod_reg_enum.nasl"); + script_require_keys("Sun/Java/SysWebServ/Ver", "Sun/JavaSysWebServ/Port", + "SMB/WindowsVersion"); + exit(0); +} + + +include("smb_nt.inc"); +include("secpod_reg.inc"); +include("version_func.inc"); +include("secpod_smb_func.inc"); + +## Check for Windows +if(!get_kb_item("SMB/WindowsVersion")){ + exit(0); +} + +## Check for Sun Java System Web Server 7.0 +if(get_kb_item("Sun/JavaSysWebServ/Ver") != "7.0"){ + exit(0); +} + +## Get Application Installed Path +key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; +sjswsPath = registry_get_sz(key:key + "Sun Java System Web Server", + item:"UninstallString"); + +if(sjswsPath != NULL) +{ + ## Construct path to point "WebServer.inf" file + sjswsPath = ereg_replace(pattern:'\"(.*)\"', replace:"\1", string:sjswsPath); + sjswsPath = sjswsPath - "\bin\uninstall.exe" + "\setup\WebServer.inf"; + + share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:sjswsPath); + file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1",string:sjswsPath); + + ## Get file contents + fileData = read_file(share:share, file:file, offset:0, count:500); + + ## Extract Product Version and Update Version + sjswsVer = eregmatch(pattern:"PRODUCT_VERSION=([0-9.]+)", string:fileData); + sjswsUpdateVer = eregmatch(pattern:"PRODUCT_SP_VERSION=([0-9]+)", string:fileData); + + ## Construct Full Product Version + if(sjswsVer[1] != NULL){ + if(sjswsUpdateVer != NULL) + sjswsFullVer = sjswsVer[1] + "." + sjswsUpdateVer[1]; + else + sjswsFullVer = sjswsVer[1] + "." + "0"; + } + + if(sjswsFullVer != NULL) + { + ## Check Sun Java System Web Server is equal to 7.0.6 or 7.0.7 + ## i.e Sun Java System Web Server 7 Update 6 / Update 7 + if(version_is_equal(version:sjswsFullVer, test_version:"7.0.6")|| + version_is_equal(version:sjswsFullVer, test_version:"7.0.7")) + { + sjswsPort = get_kb_item("Sun/JavaSysWebServ/Port"); + security_hole(sjswsPort); + exit(0); + } + } +} Property changes on: trunk/openvas-plugins/scripts/gb_sun_java_sys_web_serv_dos_vuln_win.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_sun_java_sys_web_serv_heap_bof_vuln_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_sun_java_sys_web_serv_heap_bof_vuln_lin.nasl 2010-02-01 21:27:34 UTC (rev 6607) +++ trunk/openvas-plugins/scripts/gb_sun_java_sys_web_serv_heap_bof_vuln_lin.nasl 2010-02-02 06:26:26 UTC (rev 6608) @@ -0,0 +1,124 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_sun_java_sys_web_serv_heap_bof_vuln_lin.nasl 6969 2010-01-29 17:57:42Z jan $ +# +# Sun Java System Web Server Multiple Heap-based Buffer Overflow Vulnerabilities (Linux) +# +# Authors: +# Veerendra G +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800160); + script_version("$Revision$: 1.0"); + script_cve_id("CVE-2010-0387"); + script_bugtraq_id(37896); + script_name("Sun Java System Web Server Multiple Heap-based Buffer Overflow Vulnerabilities (Linux)"); + desc = " + Overview: This host has Sun Java Web Server running which is prone to + multiple Heap-based Buffer Overflow Vulnerabilities. + + Vulnerability Insight: + An error exists in in webservd and admin server that can be exploited to + overflow a buffer and execute arbitrary code on the system or cause the + server to crash via a long string in an 'Authorization: Digest' HTTP + header. + + Impact: + Successful exploitation lets the attackers to cause the application to crash + or execute arbitrary code on the system by sending an overly long request in + an 'Authorization: Digest' header. + + Impact Level: System/Application + + Affected Software/OS: + Sun Java System Web Server version 7.0 update 7 on Linux. + + Fix: + No solution or patch is available as on 29th January, 2010. Information + regarding this issue will be updated once the solution details are available. + For updates refer, http://www.sun.com/ + + References: + http://xforce.iss.net/xforce/xfdb/55792 + http://securitytracker.com/alerts/2010/Jan/1023488.html + http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-digest.html + + CVSS Score: + CVSS Base Score : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P) + CVSS Temporal Score : 6.7 + Risk factor: High"; + + script_description(desc); + script_summary("Check for the version of Java System Web Server"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2010 Greenbone Networks GmbH"); + script_family("Buffer overflow"); + script_dependencies("gb_sun_java_sys_web_serv_detect.nasl"); + script_require_keys("Sun/Java/SysWebServ/Ver","Sun/JavaSysWebServ/Port"); + exit(0); +} + + +include("ssh_func.inc"); +include("version_func.inc"); + +## Check for Sun Java System Web Server 7.0 +if( get_kb_item("Sun/JavaSysWebServ/Ver") != "7.0"){ + exit(0); +} + +sock = ssh_login_or_reuse_connection(); +if(!sock){ + exit(0); +} + +## Find path of the given file +paths = find_file(file_name:"webservd", file_path:"/", useregex:TRUE, + regexpar:"$", sock:jswsSock); + +## Iterate over all paths +foreach sjswsBin (paths) +{ + ## Extract version from the file + sjswsVer = get_bin_version(full_prog_name:chomp(sjswsBin), sock:jswsSock, + version_argv:"-v", + ver_pattern:"Sun (ONE |Java System )Web Server " + + "([0-9.]+)(SP|U)?([0-9]+)?([^0-9.]|$)"); + ## Construct proper file version + if(sjswsVer[2] != NULL) + { + if(sjswsVer[4] != NULL) + sjswsVer = sjswsVer[2] + "." + sjswsVer[4]; + else + sjswsVer = sjswsVer[2]; + + ## Check for Web Server version 7.0 Update 7 + if(version_is_equal(version:sjswsVer, test_version:"7.0.7")) + { + sjswsPort = get_kb_item("Sun/JavaSysWebServ/Port"); + security_hole(sjswsPort); + ssh_close_connection(); + exit(0); + } + } +} + +ssh_close_connection(); Property changes on: trunk/openvas-plugins/scripts/gb_sun_java_sys_web_serv_heap_bof_vuln_lin.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/secpod_realplayer_asm_ruleboook_bof_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_realplayer_asm_ruleboook_bof_lin.nasl 2010-02-01 21:27:34 UTC (rev 6607) +++ trunk/openvas-plugins/scripts/secpod_realplayer_asm_ruleboook_bof_lin.nasl 2010-02-02 06:26:26 UTC (rev 6608) @@ -0,0 +1,83 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_realplayer_asm_rolboook_bof_lin.nasl 6968 2010-01-29 15:45:02Z jan $ +# +# RealNetworks RealPlayer ASM RuleBook BOF Vulnerability (Linux) +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2010 SecPod, http://www.secpod.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(902110); + script_version("$Revision$: 1.0"); + script_cve_id("CVE-2009-4247"); + script_bugtraq_id(37880); + script_name("RealNetworks RealPlayer ASM RuleBook BOF Vulnerability (Linux)"); + desc = " + Overview: This host is installed with RealPlayer which is prone to Buffer + Overflow vulnerability. + + Vulnerability Insight: + The buffer overflow error occurs when processing a malformed 'ASM RuleBook'. + + Impact: + Successful exploitation will let the attacker execute arbitrary codes within + the context of the application and can cause heap overflow or cause remote + code execution. + + Affected Software/OS: + RealPlayer versions 10.x and 11.0.0 on Linux platforms. + + Fix: Upgrade to RealPlayer version 11.0.5 or later. + For Updates Refer, http://www.real.com/player + + References: + http://secunia.com/advisories/38218 + http://xforce.iss.net/xforce/xfdb/55794 + http://www.vupen.com/english/advisories/2010/0178 + http://service.real.com/realplayer/security/01192010_player/en/ + + CVSS Score: + CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 7.9 + Risk factor: High "; + + script_description(desc); + script_summary("Check for the version of RealPlayer"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2010 Intevation GmbH"); + script_family("Buffer overflow"); + script_dependencies("secpod_realplayer_detect_lin.nasl"); + script_require_keys("RealPlayer/Linux/Ver"); + exit(0); +} + + +include("version_func.inc"); + +rpVer = get_kb_item("RealPlayer/Linux/Ver"); +if(isnull(rpVer)){ + exit(0); +} + +if((rpVer =~ "^10\.*") || (rpVer =~ "^11\.0\.1.*")){ + security_hole(0); +} Property changes on: trunk/openvas-plugins/scripts/secpod_realplayer_asm_ruleboook_bof_lin.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/secpod_realplayer_asm_ruleboook_bof_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_realplayer_asm_ruleboook_bof_win.nasl 2010-02-01 21:27:34 UTC (rev 6607) +++ trunk/openvas-plugins/scripts/secpod_realplayer_asm_ruleboook_bof_win.nasl 2010-02-02 06:26:26 UTC (rev 6608) @@ -0,0 +1,88 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_realplayer_asm_ruleboook_bof_win.nasl 6968 2010-01-29 18:45:02Z jan $ +# +# RealNetworks RealPlayer ASM RuleBook BOF Vulnerability (Win) +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2010 SecPod, http://www.secpod.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(902111); + script_version("$Revision$: 1.0"); + script_cve_id("CVE-2009-4247"); + script_bugtraq_id(37880); + script_name("RealNetworks RealPlayer ASM RuleBook BOF Vulnerability (Win)"); + desc = " + Overview: This host is installed with RealPlayer which is prone to Buffer + Overflow vulnerability. + + Vulnerability Insight: + The buffer overflow error occurs when processing a malformed 'ASM RuleBook'. + + Impact: + Successful exploitation will let the attacker execute arbitrary codes within + the context of the application and can cause heap overflow or cause remote + code execution. + + Affected Software/OS: + RealPlayer SP 1.0.0 and 1.0.1, + RealPlayer versions befor 10.5(6.0.12.1741) and + RealPlayer versions 11.0.0 through 11.0.4 on Windows platforms + + Fix: Upgrade to RealPlayer version 10.5(6.0.12.1741) or 11.0.5 or 12.0.0.343 + For Updates Refer, http://www.real.com/player + + References: + http://secunia.com/advisories/38218 + http://xforce.iss.net/xforce/xfdb/55794 + http://www.vupen.com/english/advisories/2010/0178 + http://service.real.com/realplayer/security/01192010_player/en/ + + CVSS Score: + CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 7.9 + Risk factor: High "; + + script_description(desc); + script_summary("Check for the version of RealPlayer"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2010 Intevation GmbH"); + script_family("Buffer overflow"); + script_dependencies("gb_realplayer_detect_win.nasl"); + script_require_keys("RealPlayer/Win/Ver"); + exit(0); +} + + +include("version_func.inc"); + +rpVer = get_kb_item("RealPlayer/Win/Ver"); +if(isnull(rpVer)){ + exit(0); +} + +# Realplayer version 10.x(6.x) Realplayer version SP 1.x(12.0.0.x) +if(version_is_less(version:rpVer, test_version:"6.0.12.1741")|| + version_in_range(version:rpVer, test_version:"11.0.0", test_version2:"11.0.0.477") || + version_in_range(version:rpVer, test_version:"12.0.0", test_version2:"12.0.0.342")){ + security_hole(0); +} Property changes on: trunk/openvas-plugins/scripts/secpod_realplayer_asm_ruleboook_bof_win.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/secpod_realplayer_detect_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_realplayer_detect_lin.nasl 2010-02-01 21:27:34 UTC (rev 6607) +++ trunk/openvas-plugins/scripts/secpod_realplayer_detect_lin.nasl 2010-02-02 06:26:26 UTC (rev 6608) @@ -0,0 +1,76 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_realplayer_detect_lin.nasl 6968 2010-01-29 10:10:29Z jan $ +# +# RealPlayer Version Detection (Linux) +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2010 SecPod, http://www.secpod.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(902106); + script_version("$Revision$: 1.0"); + script_name("RealPlayer Version Detection (Linux)"); + desc = " + Overview: This script detects the installed version of RealPlayer and sets + the reuslt in KB. + + Risk Factor: Informational"; + + script_description(desc); + script_summary("Set KB for the version of RealPlayer"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2010 SecPod"); + script_family("Service detection"); + exit(0); +} + + +include("ssh_func.inc"); +include("version_func.inc"); + +sock = ssh_login_or_reuse_connection(); +if(!sock){ + exit(0); +} + +rpbin = find_bin(prog_name:"realplay", sock:sock); +if(isnull(rpbin)){ + exit(0); +} + +foreach dir(make_list("/opt/real/RealPlayer", "/usr/local/RealPlayer")) +{ + paths = find_file(file_name:"README",file_path: dir, useregex:TRUE, + regexpar:"$", sock:sock); + foreach binName (paths) + { + rpVer = get_bin_version(full_prog_name:"cat", version_argv:binName, + ver_pattern:"RealPlayer ([0-9.]+)", + sock:sock); + if(rpVer[1] != NULL) + { + set_kb_item(name:"RealPlayer/Linux/Ver", value:rpVer[1]); + exit(0); + } + } +} +ssh_close_connection(); Property changes on: trunk/openvas-plugins/scripts/secpod_realplayer_detect_lin.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/secpod_realplayer_mult_code_exec_vuln_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_realplayer_mult_code_exec_vuln_lin.nasl 2010-02-01 21:27:34 UTC (rev 6607) +++ trunk/openvas-plugins/scripts/secpod_realplayer_mult_code_exec_vuln_lin.nasl 2010-02-02 06:26:26 UTC (rev 6608) @@ -0,0 +1,86 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_realplayer_mult_code_exec_vuln_lin.nasl 6968 2010-01-29 10:45:02Z jan $ +# +# RealNetworks RealPlayer Multiple Code Execution Vulnerabilities (Linux) +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2010 SecPod, http://www.secpod.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(902108); + script_version("$Revision$: 1.0"); + script_cve_id("CVE-2009-0375", "CVE-2009-0376", "CVE-2009-4241", "CVE-2009-4242", + "CVE-2009-4243", "CVE-2009-4244", "CVE-2009-4245", "CVE-2009-4246", + "CVE-2009-4247", "CVE-2009-4248", "CVE-2009-4257"); + script_bugtraq_id(33652, 37880); + script_name("RealNetworks RealPlayer Multiple Code Execution Vulnerabilities (Linux)"); + desc = " + Overview: This host is installed with RealPlayer which is prone to multiple code + execution vulnerabilities. + + Vulnerability Insight: + Buffer overflow errors exists, when processing a malformed 'ASM Rulebook', + 'GIF file', 'media file', 'IVR file', 'SIPR Codec', 'SMIL file','Skin', + and 'set_parameter' method. + + Impact: Successful exploitation will let the attacker execute arbitrary + codes within the context of the application and can cause heap overflow + or allow remote code execution. + + Affected Software/OS: + RealPlayer versions 10.x and prior Linux platforms. + + Fix: Upgrade to RealPlayer version 11.0.5 or later. + For Updates Refer, http://www.real.com/player + + References: + http://secunia.com/advisories/38218 + http://xforce.iss.net/xforce/xfdb/55794 + http://www.vupen.com/english/advisories/2010/0178 + http://service.real.com/realplayer/security/01192010_player/en/ + + CVSS Score: + CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 7.9 + Risk factor: High "; + + script_description(desc); + script_summary("Check for the version of RealPlayer"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2010 Intevation GmbH"); + script_family("Buffer overflow"); + script_dependencies("secpod_realplayer_detect_lin.nasl"); + script_require_keys("RealPlayer/Linux/Ver"); + exit(0); +} + + +include("version_func.inc"); + +rpVer = get_kb_item("RealPlayer/Linux/Ver"); +if(isnull(rpVer)){ + exit(0); +} + +if(rpVer =~ "^10\.*"){ + security_hole(0); +} Property changes on: trunk/openvas-plugins/scripts/secpod_realplayer_mult_code_exec_vuln_lin.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/secpod_realplayer_mult_code_exec_vuln_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_realplayer_mult_code_exec_vuln_win.nasl 2010-02-01 21:27:34 UTC (rev 6607) +++ trunk/openvas-plugins/scripts/secpod_realplayer_mult_code_exec_vuln_win.nasl 2010-02-02 06:26:26 UTC (rev 6608) @@ -0,0 +1,89 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_realplayer_mult_code_exec_vuln_win.nasl 6968 2010-01-29 10:45:02Z jan $ +# +# RealNetworks RealPlayer Multiple Code Execution Vulnerabilities (Win) +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2010 SecPod, http://www.secpod.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(902105); + script_version("$Revision$: 1.0"); + script_cve_id("CVE-2009-0375", "CVE-2009-0376", "CVE-2009-4241", "CVE-2009-4242", + "CVE-2009-4243", "CVE-2009-4244", "CVE-2009-4245", "CVE-2009-4246", + "CVE-2009-4247", "CVE-2009-4248", "CVE-2009-4257"); + script_bugtraq_id(33652, 37880); + script_name("RealNetworks RealPlayer Multiple Code Execution Vulnerabilities (Win)"); + desc = " + Overview: This host is installed with RealPlayer which is prone to multiple code + execution vulnerabilities. + + Vulnerability Insight: + Buffer overflow errors exists, when processing a malformed 'ASM Rulebook', + 'GIF file', 'media file', 'IVR file', 'SIPR Codec', 'SMIL file','Skin', + and 'set_parameter' method. + + Impact: Successful exploitation will let the attacker execute arbitrary + codes within the context of the application and can cause heap overflow + or allow remote code execution. + + Affected Software/OS: + RealPlayer versions before 10.5(6.0.12.1741) and + RealPlayer versions 11.0.0 through 11.0.4 on Windows platforms. + + Fix: Upgrade to RealPlayer version 10.5(6.0.12.1741) or 11.0.5 + For Updates Refer, http://www.real.com/player + + References: + http://secunia.com/advisories/38218 + http://xforce.iss.net/xforce/xfdb/55794 + http://www.vupen.com/english/advisories/2010/0178 + http://service.real.com/realplayer/security/01192010_player/en/ + + CVSS Score: + CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 7.9 + Risk factor: High "; + + script_description(desc); + script_summary("Check for the version of RealPlayer"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2010 Intevation GmbH"); + script_family("Buffer overflow"); + script_dependencies("gb_realplayer_detect_win.nasl"); + script_require_keys("RealPlayer/Win/Ver"); + exit(0); +} + + +include("version_func.inc"); + +rpVer = get_kb_item("RealPlayer/Win/Ver"); +if(isnull(rpVer)){ + exit(0); +} + +#Realplayer version 10.x(6.x) +if(version_is_less(version:rpVer, test_version:"6.0.12.1741")|| + version_in_range(version:rpVer, test_version:"11.0.0", test_version2:"11.0.0.477")){ + security_hole(0); +} Property changes on: trunk/openvas-plugins/scripts/secpod_realplayer_mult_code_exec_vuln_win.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/secpod_realplayer_smil_bof_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_realplayer_smil_bof_lin.nasl 2010-02-01 21:27:34 UTC (rev 6607) +++ trunk/openvas-plugins/scripts/secpod_realplayer_smil_bof_lin.nasl 2010-02-02 06:26:26 UTC (rev 6608) @@ -0,0 +1,84 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_realplayer_smil_bof_lin.nasl 6968 2010-01-29 12:45:02Z jan $ +# +# RealNetworks RealPlayer SMIL file BOF Vulnerability (Linux) +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2010 SecPod, http://www.secpod.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(902109); + script_version("$Revision$: 1.0"); + script_cve_id("CVE-2009-4257"); + script_bugtraq_id(37880); + script_name("RealNetworks RealPlayer SMIL file BOF Vulnerability (Linux)"); + desc = " + Overview: This host is installed with RealPlayer which is prone to Buffer + overflow vulnerability. + + Vulnerability Insight: + The buffer overflow error exists when processing a malformed 'SMIL file'. + + Impact: + Successful exploitation will let the attacker execute arbitrary codes within + the context of the application and can cause heap overflow or cause remote + code execution. + + Affected Software/OS: + RealPlayer versions 10.x and 11.0.0 on Linux platforms. + + Fix: Upgrade to RealPlayer version 11.0.5 or later. + For Updates Refer, http://www.real.com/player + + References: + http://secunia.com/advisories/38218 + http://xforce.iss.net/xforce/xfdb/55794 + http://www.vupen.com/english/advisories/2010/0178 + http://service.real.com/realplayer/security/01192010_player/en/ + + CVSS Score: + CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 7.9 + Risk factor: High "; + + script_description(desc); + script_summary("Check for the version of RealPlayer"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2010 Intevation GmbH"); + script_family("Buffer overflow"); + script_dependencies("secpod_realplayer_detect_lin.nasl"); + script_require_keys("RealPlayer/Linux/Ver"); + exit(0); +} + + +include("version_func.inc"); + +rpVer = get_kb_item("RealPlayer/Linux/Ver"); +if(isnull(rpVer)){ + exit(0); +} + +if((rpVer =~ "^10\.*") || + version_is_equal(version:rpVer, test_version:"11.0.0")){ + security_hole(0); +} Property changes on: trunk/openvas-plugins/scripts/secpod_realplayer_smil_bof_lin.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/secpod_systemtap_shell_cmd_injection_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_systemtap_shell_cmd_injection_vuln.nasl 2010-02-01 21:27:34 UTC (rev 6607) +++ trunk/openvas-plugins/scripts/secpod_systemtap_shell_cmd_injection_vuln.nasl 2010-02-02 06:26:26 UTC (rev 6608) @@ -0,0 +1,85 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_systemtap_shell_cmd_injection_vuln.nasl 7005 2010-01-29 12:33:29 jan $ +# +# SystemTap 'stap-server' Remote Shell Command Injection Vulnerability +# +# Authors: +# Madhuri D +# +# Copyright: +# Copyright (c) 2010 SecPod, http://www.secpod.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(902017); + script_version("$Revision$: 1.0"); + script_cve_id("CVE-2009-4273"); + script_name("SystemTap 'stap-server' Remote Shell Command Injection Vulnerability"); + desc = " + Overview: This host has SystemTap installed and is prone to Arbitrary Command + Execution vulnerability + + Vulnerability Insight: + The flaw is caused due to input validation error in the 'stap-server' component + when processing user-supplied requests. + + Impact: + Successful exploitation could allow rmote attackers to inject and execute + malicious shell commands or compromise a system. + + Impact Level: System. + + Affected Software/OS: + SystemTap versions prior to 1.1 + + Fix: + No solution or patch is available as on 29th January, 2010. Information + regarding this issue will be updated once the solution details are available. + For updates refer, http://sourceware.org/systemtap/ + + References: + http://secunia.com/advisories/38154 + http://www.vupen.com/english/advisories/2010/0169 + + CVSS Score: + CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 7.4 + Risk factor : High"; + + script_description(desc); + script_summary("Check for the version of SystemTap"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2010 SecPod"); + script_dependencies("secpod_systemtap_detect.nasl"); + script_family("General"); + script_require_keys("SystemTap/Ver"); + exit(0); +} + + +include("version_func.inc"); + +systapVer = get_kb_item("SystemTap/Ver"); +if(systapVer != NULL) +{ + if(version_is_less(version:systapVer, test_version:"1.1")){ + security_hole(0); + } +} + + Property changes on: trunk/openvas-plugins/scripts/secpod_systemtap_shell_cmd_injection_vuln.nasl ___________________________________________________________________ Name: svn:keywords + Revision From scm-commit at wald.intevation.org Tue Feb 2 11:16:00 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 2 Feb 2010 11:16:00 +0100 (CET) Subject: [Openvas-commits] r6609 - in trunk/openvas-manager: . src Message-ID: <20100202101600.3A9EA86607B2@pyrosoma.intevation.org> Author: mattm Date: 2010-02-02 11:15:57 +0100 (Tue, 02 Feb 2010) New Revision: 6609 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/manage.h trunk/openvas-manager/src/omp.c trunk/openvas-manager/src/tasks_sql.h Log: * src/tasks_sql.h (find_target): New function. (delete_target): Take target_t instead of name. * src/manage.h: Update headers accordingly. (target_t): New type. * src/omp.c (omp_xml_handle_end_element): In CLIENT_DELETE_TARGET pass target_t to delete_target instead of passing a name. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-02 06:26:26 UTC (rev 6608) +++ trunk/openvas-manager/ChangeLog 2010-02-02 10:15:57 UTC (rev 6609) @@ -1,3 +1,14 @@ +2010-02-02 Matthew Mundell + + * src/tasks_sql.h (find_target): New function. + (delete_target): Take target_t instead of name. + + * src/manage.h: Update headers accordingly. + (target_t): New type. + + * src/omp.c (omp_xml_handle_end_element): In CLIENT_DELETE_TARGET pass + target_t to delete_target instead of passing a name. + 2010-02-01 Matthew Mundell * src/tasks_sql.h (init_lsc_credential_iterator): Add ROWID. Modified: trunk/openvas-manager/src/manage.h =================================================================== --- trunk/openvas-manager/src/manage.h 2010-02-02 06:26:26 UTC (rev 6608) +++ trunk/openvas-manager/src/manage.h 2010-02-02 10:15:57 UTC (rev 6609) @@ -168,6 +168,7 @@ typedef long long int agent_t; typedef long long int config_t; typedef long long int escalator_t; +typedef long long int target_t; typedef long long int task_t; typedef long long int result_t; typedef long long int report_t; @@ -192,6 +193,7 @@ typedef long long int agent_t; typedef long long int config_t; typedef long long int escalator_t; +typedef long long int target_t; typedef long long int task_t; typedef long long int result_t; typedef long long int report_t; @@ -697,11 +699,14 @@ /* Targets. */ +gboolean +find_target (const char*, target_t*); + int create_target (const char*, const char*, const char*, const char*); int -delete_target (const char*); +delete_target (target_t); void init_target_iterator (iterator_t*, const char*, int, const char*); Modified: trunk/openvas-manager/src/omp.c =================================================================== --- trunk/openvas-manager/src/omp.c 2010-02-02 06:26:26 UTC (rev 6608) +++ trunk/openvas-manager/src/omp.c 2010-02-02 10:15:57 UTC (rev 6609) @@ -5618,6 +5618,8 @@ case CLIENT_DELETE_TARGET: { + target_t target = 0; + assert (strcasecmp ("DELETE_TARGET", element_name) == 0); assert (modify_task_name != NULL); @@ -5629,8 +5631,20 @@ "DELETE_TARGET name must be at least one" " character long")); } - else switch (delete_target (modify_task_name)) + else if (find_target (modify_task_name, &target)) + SEND_TO_CLIENT_OR_FAIL (XML_INTERNAL_ERROR ("delete_target")); + else if (target == 0) { + if (send_find_error_to_client ("delete_target", + "target", + modify_task_name)) + { + error_send_to_client (error); + return; + } + } + else switch (delete_target (target)) + { case 0: openvas_free_string_var (&modify_task_name); SEND_TO_CLIENT_OR_FAIL (XML_OK ("delete_target")); Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2010-02-02 06:26:26 UTC (rev 6608) +++ trunk/openvas-manager/src/tasks_sql.h 2010-02-02 10:15:57 UTC (rev 6609) @@ -6327,15 +6327,41 @@ /* Targets. */ -/** @todo Add target_t and find_target. +/** + * @brief Find a target given a name. * - * The permission check will be easier and more solid if the target user - * accesses these functions via a target_t instead of via the target name. - * That way all functions that return target_t's can do the permission - * check and everything else can work with target_t and be sure that the - * permission is already checked. + * @param[in] name Name of target. + * @param[out] target Target return, 0 if succesfully failed to find target. + * + * @return FALSE on success (including if failed to find target), TRUE on error. */ +gboolean +find_target (const char* name, target_t* target) +{ + if (user_owns ("target", name) == 0) + { + *target = 0; + return FALSE; + } + switch (sql_int64 (target, 0, 0, + "SELECT ROWID FROM targets WHERE name = '%s';", + name)) + { + case 0: + break; + case 1: /* Too few rows in result of query. */ + *target = 0; + break; + default: /* Programming error. */ + assert (0); + case -1: + return TRUE; + break; + } + return FALSE; +} + /** * @brief Create a target. * @@ -6422,33 +6448,24 @@ /** * @brief Delete a target. * - * @param[in] name Name of target. + * @param[in] target Target. * - * @return 0 success, 1 fail because a task refers to the target, - * 2 access forbidden, -1 error. + * @return 0 success, 1 fail because a task refers to the target, -1 error. */ int -delete_target (const char* name) +delete_target (target_t target) { - gchar* quoted_name = sql_quote (name); sql ("BEGIN IMMEDIATE;"); - if (user_owns ("target", quoted_name) == 0) - { - g_free (quoted_name); - sql ("ROLLBACK;"); - return 2; - } if (sql_int (0, 0, - "SELECT count(*) FROM tasks WHERE target = '%s'", - quoted_name)) + "SELECT count(*) FROM tasks WHERE target =" + " (SELECT name FROM targets WHERE ROWID = %llu);", + target)) { - g_free (quoted_name); sql ("ROLLBACK;"); return 1; } - sql ("DELETE FROM targets WHERE name = '%s';", quoted_name); + sql ("DELETE FROM targets WHERE ROWID = %llu;", target); sql ("COMMIT;"); - g_free (quoted_name); return 0; } From scm-commit at wald.intevation.org Tue Feb 2 11:35:44 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 2 Feb 2010 11:35:44 +0100 (CET) Subject: [Openvas-commits] r6610 - in trunk/openvas-manager: . src Message-ID: <20100202103544.865D0865FAA0@pyrosoma.intevation.org> Author: mattm Date: 2010-02-02 11:35:42 +0100 (Tue, 02 Feb 2010) New Revision: 6610 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/manage.h trunk/openvas-manager/src/omp.c trunk/openvas-manager/src/tasks_sql.h Log: * src/tasks_sql.h (init_target_iterator): Take target_t instead of name. * src/manage.h: Update header accordingly. * src/omp.c (omp_xml_handle_end_element): In CLIENT_GET_TARGETS pass a target_t to init_target_iterator instead of passing a name. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-02 10:15:57 UTC (rev 6609) +++ trunk/openvas-manager/ChangeLog 2010-02-02 10:35:42 UTC (rev 6610) @@ -1,5 +1,14 @@ 2010-02-02 Matthew Mundell + * src/tasks_sql.h (init_target_iterator): Take target_t instead of name. + + * src/manage.h: Update header accordingly. + + * src/omp.c (omp_xml_handle_end_element): In CLIENT_GET_TARGETS pass a + target_t to init_target_iterator instead of passing a name. + +2010-02-02 Matthew Mundell + * src/tasks_sql.h (find_target): New function. (delete_target): Take target_t instead of name. Modified: trunk/openvas-manager/src/manage.h =================================================================== --- trunk/openvas-manager/src/manage.h 2010-02-02 10:15:57 UTC (rev 6609) +++ trunk/openvas-manager/src/manage.h 2010-02-02 10:35:42 UTC (rev 6610) @@ -709,7 +709,7 @@ delete_target (target_t); void -init_target_iterator (iterator_t*, const char*, int, const char*); +init_target_iterator (iterator_t*, target_t, int, const char*); const char* target_iterator_name (iterator_t*); Modified: trunk/openvas-manager/src/omp.c =================================================================== --- trunk/openvas-manager/src/omp.c 2010-02-02 10:15:57 UTC (rev 6609) +++ trunk/openvas-manager/src/omp.c 2010-02-02 10:35:42 UTC (rev 6610) @@ -8747,63 +8747,81 @@ case CLIENT_GET_TARGETS: { - iterator_t targets, tasks; + target_t target = 0; + assert (strcasecmp ("GET_TARGETS", element_name) == 0); - SEND_TO_CLIENT_OR_FAIL (""); - init_target_iterator (&targets, - current_name, /* Attribute name. */ - current_int_2, /* Attribute sort_order. */ - current_format); /* Attribute sort_field. */ - while (next (&targets)) + if (current_name && find_target (current_name, &target)) + SEND_TO_CLIENT_OR_FAIL (XML_INTERNAL_ERROR ("delete_target")); + else if (current_name && target == 0) { - char *lsc_name; - lsc_credential_t lsc_credential; + if (send_find_error_to_client ("delete_target", + "target", + current_name)) + { + error_send_to_client (error); + return; + } + } + else + { + iterator_t targets, tasks; - lsc_credential = target_iterator_lsc_credential (&targets); - lsc_name = lsc_credential_name (lsc_credential); - SENDF_TO_CLIENT_OR_FAIL ("" - "%s" - "%s" - "%i" - "%s" - "%i" - "" - "%s" - "" - "", - target_iterator_name (&targets), - target_iterator_hosts (&targets), - max_hosts - (target_iterator_hosts (&targets)), - target_iterator_comment (&targets), - target_in_use - (target_iterator_name (&targets)), - lsc_name ? lsc_name : ""); + SEND_TO_CLIENT_OR_FAIL (""); + init_target_iterator (&targets, + target, + current_int_2, /* Attribute sort_order. */ + current_format); /* Attribute sort_field. */ + while (next (&targets)) + { + char *lsc_name; + lsc_credential_t lsc_credential; - if (current_name) - { - init_target_task_iterator (&tasks, - current_name, - /* Attribute sort_order. */ - current_int_2); - while (next (&tasks)) - SENDF_TO_CLIENT_OR_FAIL ("" - "%s" - "", - target_task_iterator_uuid (&tasks), - target_task_iterator_name (&tasks)); - cleanup_iterator (&tasks); + lsc_credential = target_iterator_lsc_credential (&targets); + lsc_name = lsc_credential_name (lsc_credential); + SENDF_TO_CLIENT_OR_FAIL ("" + "%s" + "%s" + "%i" + "%s" + "%i" + "" + "%s" + "" + "", + target_iterator_name (&targets), + target_iterator_hosts (&targets), + max_hosts + (target_iterator_hosts (&targets)), + target_iterator_comment (&targets), + target_in_use + (target_iterator_name (&targets)), + lsc_name ? lsc_name : ""); + + if (current_name) + { + init_target_task_iterator (&tasks, + current_name, + /* Attribute sort_order. */ + current_int_2); + while (next (&tasks)) + SENDF_TO_CLIENT_OR_FAIL ("" + "%s" + "", + target_task_iterator_uuid (&tasks), + target_task_iterator_name (&tasks)); + cleanup_iterator (&tasks); + } + + SEND_TO_CLIENT_OR_FAIL ("" + ""); + free (lsc_name); } - - SEND_TO_CLIENT_OR_FAIL ("" - ""); - free (lsc_name); + cleanup_iterator (&targets); + SEND_TO_CLIENT_OR_FAIL (""); } - cleanup_iterator (&targets); - SEND_TO_CLIENT_OR_FAIL (""); openvas_free_string_var (¤t_format); openvas_free_string_var (¤t_name); set_client_state (CLIENT_AUTHENTIC); Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2010-02-02 10:15:57 UTC (rev 6609) +++ trunk/openvas-manager/src/tasks_sql.h 2010-02-02 10:35:42 UTC (rev 6610) @@ -6473,32 +6473,28 @@ * @brief Initialise a target iterator. * * @param[in] iterator Iterator. - * @param[in] name Name of target to limit iteration to. NULL for all. + * @param[in] target Target to limit iteration to. 0 for all. * @param[in] ascending Whether to sort ascending or descending. * @param[in] sort_field Field to sort on, or NULL for "ROWID". */ void -init_target_iterator (iterator_t* iterator, const char* name, +init_target_iterator (iterator_t* iterator, target_t target, int ascending, const char* sort_field) { assert (current_credentials.uuid); - if (name) - { - gchar *quoted_name = sql_quote (name); - init_iterator (iterator, - "SELECT name, hosts, comment, lsc_credential" - " FROM targets" - " WHERE name = '%s'" - " AND ((owner IS NULL) OR (owner =" - " (SELECT ROWID FROM users WHERE users.uuid = '%s')))" - " ORDER BY %s %s;", - quoted_name, - current_credentials.uuid, - sort_field ? sort_field : "ROWID", - ascending ? "ASC" : "DESC"); - g_free (quoted_name); - } + if (target) + init_iterator (iterator, + "SELECT name, hosts, comment, lsc_credential" + " FROM targets" + " WHERE ROWID = %llu" + " AND ((owner IS NULL) OR (owner =" + " (SELECT ROWID FROM users WHERE users.uuid = '%s')))" + " ORDER BY %s %s;", + target, + current_credentials.uuid, + sort_field ? sort_field : "ROWID", + ascending ? "ASC" : "DESC"); else init_iterator (iterator, "SELECT name, hosts, comment, lsc_credential" From scm-commit at wald.intevation.org Tue Feb 2 11:46:09 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 2 Feb 2010 11:46:09 +0100 (CET) Subject: [Openvas-commits] r6611 - in trunk/openvas-manager: . src Message-ID: <20100202104609.4605686607B2@pyrosoma.intevation.org> Author: mattm Date: 2010-02-02 11:46:07 +0100 (Tue, 02 Feb 2010) New Revision: 6611 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/manage.h trunk/openvas-manager/src/omp.c trunk/openvas-manager/src/tasks_sql.h Log: * src/tasks_sql.h (init_target_task_iterator): Take target_t instead of name. * src/manage.h: Update header accordingly. * src/omp.c (omp_xml_handle_end_element): In CLIENT_GET_TARGETS pass a target_t to init_target_task_iterator instead of passing a name. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-02 10:35:42 UTC (rev 6610) +++ trunk/openvas-manager/ChangeLog 2010-02-02 10:46:07 UTC (rev 6611) @@ -1,5 +1,14 @@ 2010-02-02 Matthew Mundell + * src/tasks_sql.h (init_target_task_iterator): Take target_t instead of name. + + * src/manage.h: Update header accordingly. + + * src/omp.c (omp_xml_handle_end_element): In CLIENT_GET_TARGETS pass a + target_t to init_target_task_iterator instead of passing a name. + +2010-02-02 Matthew Mundell + * src/tasks_sql.h (init_target_iterator): Take target_t instead of name. * src/manage.h: Update header accordingly. Modified: trunk/openvas-manager/src/manage.h =================================================================== --- trunk/openvas-manager/src/manage.h 2010-02-02 10:35:42 UTC (rev 6610) +++ trunk/openvas-manager/src/manage.h 2010-02-02 10:46:07 UTC (rev 6611) @@ -733,7 +733,7 @@ target_lsc_credential_name (const char *); void -init_target_task_iterator (iterator_t*, const char *, int); +init_target_task_iterator (iterator_t*, target_t, int); const char* target_task_iterator_name (iterator_t*); Modified: trunk/openvas-manager/src/omp.c =================================================================== --- trunk/openvas-manager/src/omp.c 2010-02-02 10:35:42 UTC (rev 6610) +++ trunk/openvas-manager/src/omp.c 2010-02-02 10:46:07 UTC (rev 6611) @@ -8800,10 +8800,10 @@ (target_iterator_name (&targets)), lsc_name ? lsc_name : ""); - if (current_name) + if (target) { init_target_task_iterator (&tasks, - current_name, + target, /* Attribute sort_order. */ current_int_2); while (next (&tasks)) Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2010-02-02 10:35:42 UTC (rev 6610) +++ trunk/openvas-manager/src/tasks_sql.h 2010-02-02 10:46:07 UTC (rev 6611) @@ -6635,29 +6635,25 @@ * Iterates over all tasks that use the target. * * @param[in] iterator Iterator. - * @param[in] name Name of target. + * @param[in] target Target. * @param[in] ascending Whether to sort ascending or descending. */ void -init_target_task_iterator (iterator_t* iterator, const char *name, +init_target_task_iterator (iterator_t* iterator, target_t target, int ascending) { - gchar *quoted_name; - assert (current_credentials.uuid); - quoted_name = sql_quote (name); init_iterator (iterator, "SELECT name, uuid FROM tasks" - " WHERE target = '%s'" + " WHERE target = (SELECT name FROM targets WHERE ROWID = %llu)" " AND hidden = 0" " AND ((owner IS NULL) OR (owner =" " (SELECT ROWID FROM users WHERE users.uuid = '%s')))" " ORDER BY name %s;", - quoted_name, + target, current_credentials.uuid, ascending ? "ASC" : "DESC"); - g_free (quoted_name); } DEF_ACCESS (target_task_iterator_name, 0); From scm-commit at wald.intevation.org Tue Feb 2 11:56:54 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 2 Feb 2010 11:56:54 +0100 (CET) Subject: [Openvas-commits] r6612 - in trunk/openvas-manager: . src Message-ID: <20100202105654.3D3FD86607B2@pyrosoma.intevation.org> Author: mattm Date: 2010-02-02 11:56:52 +0100 (Tue, 02 Feb 2010) New Revision: 6612 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/manage.h trunk/openvas-manager/src/omp.c trunk/openvas-manager/src/tasks_sql.h Log: * src/tasks_sql.h (init_target_iterator): Add ROWID. (target_iterator_target): New function. (target_iterator_name, target_iterator_hosts, target_iterator_comment) (target_iterator_lsc_credential): Shift column positions. (target_in_use): Take target_t instead of name. * src/manage.h: Update headers accordingly. * src/omp.c (omp_xml_handle_end_element): In CLIENT_GET_TARGETS pass a target_t to target_in_use instead of passing a name. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-02 10:46:07 UTC (rev 6611) +++ trunk/openvas-manager/ChangeLog 2010-02-02 10:56:52 UTC (rev 6612) @@ -1,7 +1,21 @@ 2010-02-02 Matthew Mundell - * src/tasks_sql.h (init_target_task_iterator): Take target_t instead of name. + * src/tasks_sql.h (init_target_iterator): Add ROWID. + (target_iterator_target): New function. + (target_iterator_name, target_iterator_hosts, target_iterator_comment) + (target_iterator_lsc_credential): Shift column positions. + (target_in_use): Take target_t instead of name. + * src/manage.h: Update headers accordingly. + + * src/omp.c (omp_xml_handle_end_element): In CLIENT_GET_TARGETS pass a + target_t to target_in_use instead of passing a name. + +2010-02-02 Matthew Mundell + + * src/tasks_sql.h (init_target_task_iterator): Take target_t instead of + name. + * src/manage.h: Update header accordingly. * src/omp.c (omp_xml_handle_end_element): In CLIENT_GET_TARGETS pass a Modified: trunk/openvas-manager/src/manage.h =================================================================== --- trunk/openvas-manager/src/manage.h 2010-02-02 10:46:07 UTC (rev 6611) +++ trunk/openvas-manager/src/manage.h 2010-02-02 10:56:52 UTC (rev 6612) @@ -711,6 +711,9 @@ void init_target_iterator (iterator_t*, target_t, int, const char*); +target_t +target_iterator_target (iterator_t*); + const char* target_iterator_name (iterator_t*); @@ -727,7 +730,7 @@ target_hosts (const char*); int -target_in_use (const char*); +target_in_use (target_t); char* target_lsc_credential_name (const char *); Modified: trunk/openvas-manager/src/omp.c =================================================================== --- trunk/openvas-manager/src/omp.c 2010-02-02 10:46:07 UTC (rev 6611) +++ trunk/openvas-manager/src/omp.c 2010-02-02 10:56:52 UTC (rev 6612) @@ -8797,7 +8797,7 @@ (target_iterator_hosts (&targets)), target_iterator_comment (&targets), target_in_use - (target_iterator_name (&targets)), + (target_iterator_target (&targets)), lsc_name ? lsc_name : ""); if (target) Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2010-02-02 10:46:07 UTC (rev 6611) +++ trunk/openvas-manager/src/tasks_sql.h 2010-02-02 10:56:52 UTC (rev 6612) @@ -6485,7 +6485,7 @@ if (target) init_iterator (iterator, - "SELECT name, hosts, comment, lsc_credential" + "SELECT ROWID, name, hosts, comment, lsc_credential" " FROM targets" " WHERE ROWID = %llu" " AND ((owner IS NULL) OR (owner =" @@ -6497,7 +6497,7 @@ ascending ? "ASC" : "DESC"); else init_iterator (iterator, - "SELECT name, hosts, comment, lsc_credential" + "SELECT ROWID, name, hosts, comment, lsc_credential" " FROM targets" " WHERE ((owner IS NULL) OR (owner =" " (SELECT ROWID FROM users WHERE users.uuid = '%s')))" @@ -6507,15 +6507,22 @@ ascending ? "ASC" : "DESC"); } -DEF_ACCESS (target_iterator_name, 0); -DEF_ACCESS (target_iterator_hosts, 1); +target_t +target_iterator_target (iterator_t* iterator) +{ + if (iterator->done) return 0; + return (target_t) sqlite3_column_int64 (iterator->stmt, 0); +} +DEF_ACCESS (target_iterator_name, 1); +DEF_ACCESS (target_iterator_hosts, 2); + const char* target_iterator_comment (iterator_t* iterator) { const char *ret; if (iterator->done) return ""; - ret = (const char*) sqlite3_column_text (iterator->stmt, 2); + ret = (const char*) sqlite3_column_text (iterator->stmt, 3); return ret ? ret : ""; } @@ -6524,7 +6531,7 @@ { int ret; if (iterator->done) return -1; - ret = (int) sqlite3_column_int (iterator->stmt, 3); + ret = (int) sqlite3_column_int (iterator->stmt, 4); return ret; } @@ -6614,19 +6621,17 @@ /** * @brief Return whether a target is referenced by a task * - * @param[in] name Name of target. + * @param[in] target Target. * * @return 1 if in use, else 0. */ int -target_in_use (const char* name) +target_in_use (target_t target) { - gchar* quoted_name = sql_quote (name); - int ret = sql_int (0, 0, - "SELECT count(*) FROM tasks WHERE target = '%s'", - quoted_name); - g_free (quoted_name); - return ret; + return sql_int (0, 0, + "SELECT count(*) FROM tasks WHERE target =" + " (SELECT name FROM targets WHERE ROWID = %llu);", + target); } /** From scm-commit at wald.intevation.org Tue Feb 2 12:43:20 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 2 Feb 2010 12:43:20 +0100 (CET) Subject: [Openvas-commits] r6613 - trunk/openvas-packaging/openvas-server/debian/2-0/debian Message-ID: <20100202114320.5BD0086607B2@pyrosoma.intevation.org> Author: waja Date: 2010-02-02 12:43:19 +0100 (Tue, 02 Feb 2010) New Revision: 6613 Modified: trunk/openvas-packaging/openvas-server/debian/2-0/debian/changelog trunk/openvas-packaging/openvas-server/debian/2-0/debian/control Log: add gettext-base as dependency Modified: trunk/openvas-packaging/openvas-server/debian/2-0/debian/changelog =================================================================== --- trunk/openvas-packaging/openvas-server/debian/2-0/debian/changelog 2010-02-02 10:56:52 UTC (rev 6612) +++ trunk/openvas-packaging/openvas-server/debian/2-0/debian/changelog 2010-02-02 11:43:19 UTC (rev 6613) @@ -1,6 +1,6 @@ openvas-server (2.0.3-4) UNRELEASED; urgency=low - * NOT RELEASED YET + * Add gettext-base as dependency for openvas-server -- Jan Wagner Mon, 12 Oct 2009 14:51:57 +0200 Modified: trunk/openvas-packaging/openvas-server/debian/2-0/debian/control =================================================================== --- trunk/openvas-packaging/openvas-server/debian/2-0/debian/control 2010-02-02 10:56:52 UTC (rev 6612) +++ trunk/openvas-packaging/openvas-server/debian/2-0/debian/control 2010-02-02 11:43:19 UTC (rev 6613) @@ -12,7 +12,7 @@ Package: openvas-server Section: net Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends}, openssl +Depends: ${shlibs:Depends}, ${misc:Depends}, openssl, gettext-base Recommends: openvas-plugins-base Suggests: openvas-plugins-dfsg, openvas-client Description: remote network security auditor - server From scm-commit at wald.intevation.org Tue Feb 2 12:47:17 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 2 Feb 2010 12:47:17 +0100 (CET) Subject: [Openvas-commits] r6614 - trunk/openvas-packaging/openvas-server/debian/2-0/debian Message-ID: <20100202114717.7A20E86607B2@pyrosoma.intevation.org> Author: waja Date: 2010-02-02 12:47:16 +0100 (Tue, 02 Feb 2010) New Revision: 6614 Modified: trunk/openvas-packaging/openvas-server/debian/2-0/debian/changelog Log: add lp bug Modified: trunk/openvas-packaging/openvas-server/debian/2-0/debian/changelog =================================================================== --- trunk/openvas-packaging/openvas-server/debian/2-0/debian/changelog 2010-02-02 11:43:19 UTC (rev 6613) +++ trunk/openvas-packaging/openvas-server/debian/2-0/debian/changelog 2010-02-02 11:47:16 UTC (rev 6614) @@ -1,6 +1,6 @@ openvas-server (2.0.3-4) UNRELEASED; urgency=low - * Add gettext-base as dependency for openvas-server + * Add gettext-base as dependency for openvas-server (LP: #511981) -- Jan Wagner Mon, 12 Oct 2009 14:51:57 +0200 From scm-commit at wald.intevation.org Tue Feb 2 13:12:19 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 2 Feb 2010 13:12:19 +0100 (CET) Subject: [Openvas-commits] r6615 - in trunk/openvas-plugins: . scripts Message-ID: <20100202121219.41D8D86607B2@pyrosoma.intevation.org> Author: mime Date: 2010-02-02 13:12:14 +0100 (Tue, 02 Feb 2010) New Revision: 6615 Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/portscan-strobe.nasl Log: Bugfix Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2010-02-02 11:47:16 UTC (rev 6614) +++ trunk/openvas-plugins/ChangeLog 2010-02-02 12:12:14 UTC (rev 6615) @@ -1,3 +1,8 @@ +2010-02-02 Michael Meyer + + * scripts/portscan-strobe.nasl: + Bugfix. + 2010-02-02 Chandrashekhar B * scripts/gb_sun_java_sys_web_serv_dos_vuln_win.nasl, Modified: trunk/openvas-plugins/scripts/portscan-strobe.nasl =================================================================== --- trunk/openvas-plugins/scripts/portscan-strobe.nasl 2010-02-02 11:47:16 UTC (rev 6614) +++ trunk/openvas-plugins/scripts/portscan-strobe.nasl 2010-02-02 12:12:14 UTC (rev 6615) @@ -92,7 +92,7 @@ if ( p) argv[i++] = "-P "+p; p = script_get_preference("Disable usage of getpeername"); - if ( p) argv[i++] = "-g"; + if ("yes" >< p) argv[i++] = "-g"; prs = split (pr,sep:"-",keep:FALSE); From scm-commit at wald.intevation.org Tue Feb 2 18:27:17 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 2 Feb 2010 18:27:17 +0100 (CET) Subject: [Openvas-commits] r6616 - in trunk/openvas-manager: . src Message-ID: <20100202172717.855EC86607BE@pyrosoma.intevation.org> Author: mattm Date: 2010-02-02 18:27:15 +0100 (Tue, 02 Feb 2010) New Revision: 6616 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/ompd.c trunk/openvas-manager/src/otp.c Log: * src/tasks_sql.h (serve_omp): Convert scanner input to UTF-8 before logging. * src/otp.c (process_otp_scanner_input): Turn off tracing of ISO input. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-02 12:12:14 UTC (rev 6615) +++ trunk/openvas-manager/ChangeLog 2010-02-02 17:27:15 UTC (rev 6616) @@ -1,5 +1,12 @@ 2010-02-02 Matthew Mundell + * src/tasks_sql.h (serve_omp): Convert scanner input to UTF-8 before + logging. + + * src/otp.c (process_otp_scanner_input): Turn off tracing of ISO input. + +2010-02-02 Matthew Mundell + * src/tasks_sql.h (init_target_iterator): Add ROWID. (target_iterator_target): New function. (target_iterator_name, target_iterator_hosts, target_iterator_comment) Modified: trunk/openvas-manager/src/ompd.c =================================================================== --- trunk/openvas-manager/src/ompd.c 2010-02-02 12:12:14 UTC (rev 6615) +++ trunk/openvas-manager/src/ompd.c 2010-02-02 17:27:15 UTC (rev 6616) @@ -1020,17 +1020,22 @@ * error" case. */ if (from_scanner_end > initial_start) { - logf ("<= scanner %.*s\n", - from_scanner_end - initial_start, - from_scanner + initial_start); + /* Convert to UTF-8. */ + gsize size_dummy; + gchar *utf8 = g_convert (from_scanner, + from_scanner_end - initial_start, + "UTF-8", "ISO_8859-1", + NULL, &size_dummy, NULL); + if (utf8 == NULL) return -1; + + logf ("<= scanner %s\n", utf8); #if TRACE_TEXT - tracef ("<= scanner \"%.*s\"\n", - from_scanner_end - initial_start, - from_scanner + initial_start); + tracef ("<= scanner %s\n", utf8); #else tracef ("<= scanner %i bytes\n", from_scanner_end - initial_start); #endif + g_free (utf8); } #endif /* TRACE || LOG */ Modified: trunk/openvas-manager/src/otp.c =================================================================== --- trunk/openvas-manager/src/otp.c 2010-02-02 12:12:14 UTC (rev 6615) +++ trunk/openvas-manager/src/otp.c 2010-02-02 17:27:15 UTC (rev 6616) @@ -1469,7 +1469,7 @@ char* message; char* field; /* Found a full field, process the field. */ -#if 1 +#if SCANNER_SENDS_UTF8 tracef (" scanner messages: %.*s...\n", from_scanner_end - from_scanner_start < 200 ? from_scanner_end - from_scanner_start @@ -1482,10 +1482,12 @@ from_start = from_scanner_start; messages = match + 3; input = messages; +#ifdef SCANNER_SENDS_UTF8 tracef (" scanner message: %s\n", message); +#endif /* Strip leading and trailing whitespace. */ -#if 0 +#ifdef SCANNER_SENDS_UTF8 /* What to do when the scanner sends UTF-8. */ field = openvas_strip_space (message, match); #else @@ -1493,7 +1495,6 @@ { gsize size_dummy; char* iso_field = openvas_strip_space (message, match); - tracef (" scanner ISO field: %s\n", iso_field); field = g_convert (iso_field, match - message - 1, "UTF-8", "ISO_8859-1", NULL, &size_dummy, NULL); From scm-commit at wald.intevation.org Tue Feb 2 19:30:06 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 2 Feb 2010 19:30:06 +0100 (CET) Subject: [Openvas-commits] r6617 - in trunk/openvas-manager: . src Message-ID: <20100202183006.98BD1865FAD3@pyrosoma.intevation.org> Author: mattm Date: 2010-02-02 19:30:03 +0100 (Tue, 02 Feb 2010) New Revision: 6617 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/manage.c trunk/openvas-manager/src/manage.h trunk/openvas-manager/src/omp.c trunk/openvas-manager/src/tasks_sql.h Log: * src/tasks_sql.h (set_target_hosts, target_hosts) (target_lsc_credential, set_target_hosts): Take target_t instead of name. (task_target): Return target_t instead of name. (make_task_rcfile): Work with target_t instead of name. (target_name): New function. * src/manage.h: Update headers accordingly. * src/manage.c (start_task): Work with target_t instead of name. * src/omp.c (omp_xml_handle_end_element): In CLIENT_CREATE_TASK and CLIENT_GET_STATUS work with target_t instead of target name. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-02 17:27:15 UTC (rev 6616) +++ trunk/openvas-manager/ChangeLog 2010-02-02 18:30:03 UTC (rev 6617) @@ -1,5 +1,20 @@ 2010-02-02 Matthew Mundell + * src/tasks_sql.h (set_target_hosts, target_hosts) + (target_lsc_credential, set_target_hosts): Take target_t instead of name. + (task_target): Return target_t instead of name. + (make_task_rcfile): Work with target_t instead of name. + (target_name): New function. + + * src/manage.h: Update headers accordingly. + + * src/manage.c (start_task): Work with target_t instead of name. + + * src/omp.c (omp_xml_handle_end_element): In CLIENT_CREATE_TASK and + CLIENT_GET_STATUS work with target_t instead of target name. + +2010-02-02 Matthew Mundell + * src/tasks_sql.h (serve_omp): Convert scanner input to UTF-8 before logging. Modified: trunk/openvas-manager/src/manage.c =================================================================== --- trunk/openvas-manager/src/manage.c 2010-02-02 17:27:15 UTC (rev 6616) +++ trunk/openvas-manager/src/manage.c 2010-02-02 18:30:03 UTC (rev 6617) @@ -902,7 +902,8 @@ int start_task (task_t task, char **report_id) { - char *hosts, *target, *config; + target_t target; + char *hosts, *config; gchar *plugins; int fail, pid; GSList *files = NULL; @@ -937,9 +938,9 @@ } target = task_target (task); - if (target == NULL) + if (target == 0) { - tracef (" task target is NULL.\n"); + tracef (" task target is 0.\n"); set_task_run_status (task, run_status); return -2; } @@ -947,14 +948,12 @@ hosts = target_hosts (target); if (hosts == NULL) { - free (target); tracef (" target hosts is NULL.\n"); set_task_run_status (task, run_status); return -4; } credential = target_lsc_credential (target); - free (target); /* Create the report. */ Modified: trunk/openvas-manager/src/manage.h =================================================================== --- trunk/openvas-manager/src/manage.h 2010-02-02 17:27:15 UTC (rev 6616) +++ trunk/openvas-manager/src/manage.h 2010-02-02 18:30:03 UTC (rev 6617) @@ -376,7 +376,7 @@ void set_task_config (task_t, const char*); -char* +target_t task_target (task_t); void @@ -727,8 +727,11 @@ target_iterator_lsc_credential (iterator_t*); char* -target_hosts (const char*); +target_name (target_t); +char* +target_hosts (target_t); + int target_in_use (target_t); Modified: trunk/openvas-manager/src/omp.c =================================================================== --- trunk/openvas-manager/src/omp.c 2010-02-02 17:27:15 UTC (rev 6616) +++ trunk/openvas-manager/src/omp.c 2010-02-02 18:30:03 UTC (rev 6617) @@ -6920,7 +6920,8 @@ { gchar* msg; config_t config; - char *tsk_uuid, *name, *description, *target; + target_t target; + char *tsk_uuid, *name, *description; assert (strcasecmp ("CREATE_TASK", element_name) == 0); assert (current_client_task != (task_t) 0); @@ -6953,15 +6954,13 @@ description = task_description (current_client_task); config = task_config (current_client_task); - /** @todo Hence task_target_name? */ target = task_target (current_client_task); if ((description && (config || target)) || (description == NULL - && (config == 0 || target == NULL))) + && (config == 0 || target == 0))) { request_delete_task (¤t_client_task); free (tsk_uuid); - free (target); SEND_TO_CLIENT_OR_FAIL (XML_ERROR_SYNTAX ("create_task", "CREATE_TASK requires either an rcfile" @@ -7003,7 +7002,6 @@ request_delete_task (¤t_client_task); free (tsk_uuid); free (description); - free (target); SEND_TO_CLIENT_OR_FAIL (XML_ERROR_SYNTAX ("create_task", "CREATE_TASK requires a name attribute")); @@ -7078,7 +7076,6 @@ { request_delete_task (¤t_client_task); free (tsk_uuid); - free (target); SEND_TO_CLIENT_OR_FAIL (XML_ERROR_SYNTAX ("create_task", "CREATE_TASK target must exist")); @@ -7090,7 +7087,6 @@ { request_delete_task (¤t_client_task); free (tsk_uuid); - free (target); SEND_TO_CLIENT_OR_FAIL (XML_ERROR_SYNTAX ("create_task", "CREATE_TASK config must exist")); @@ -7105,7 +7101,6 @@ { request_delete_task (¤t_client_task); free (tsk_uuid); - free (target); SEND_TO_CLIENT_OR_FAIL (XML_ERROR_SYNTAX ("create_task", "Failed to generate task rcfile")); @@ -7367,7 +7362,8 @@ { int ret, maximum_hosts; gchar *response, *progress_xml; - char *name, *config, *escalator, *target, *hosts; + target_t target; + char *name, *config, *escalator, *task_target_name, *hosts; gchar *first_report_id, *first_report; char* description; gchar *description64, *last_report_id, *last_report; @@ -7590,6 +7586,7 @@ name = task_name (task); escalator = task_escalator (task); config = task_config_name (task); + task_target_name = target_name (target); response = g_strdup_printf ("" "%s" @@ -7942,7 +7941,7 @@ name, config ? config : "", escalator ? escalator : "", - target ? target : "", + task_target_name ? task_target_name : "", task_run_status_name (index), progress_xml, description64, @@ -7958,7 +7957,7 @@ second_last_report); free (config); free (escalator); - free (target); + free (task_target_name); g_free (progress_xml); g_free (last_report); g_free (second_last_report); Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2010-02-02 17:27:15 UTC (rev 6616) +++ trunk/openvas-manager/src/tasks_sql.h 2010-02-02 18:30:03 UTC (rev 6617) @@ -91,7 +91,7 @@ update_all_config_caches (); static void -set_target_hosts (const char *, const char *); +set_target_hosts (target_t, const char *); static gchar* select_config_nvts (config_t, const char*, int, const char*); @@ -4115,12 +4115,25 @@ * * @return Target of task. */ -char* +target_t task_target (task_t task) { - return sql_string (0, 0, - "SELECT target FROM tasks WHERE ROWID = %llu;", - task); + target_t target = 0; + switch (sql_int64 (&target, 0, 0, + "SELECT ROWID FROM targets WHERE name =" + " (SELECT target FROM tasks WHERE ROWID = %llu);", + task)) + { + case 0: + return target; + break; + case 1: /* Too few rows in result of query. */ + default: /* Programming error. */ + assert (0); + case -1: + return 0; + break; + } } /** @@ -4431,7 +4444,8 @@ int make_task_rcfile (task_t task) { - char *config, *target, *selector, *hosts, *rc; + target_t target; + char *config, *selector, *hosts, *rc; iterator_t prefs; GString *buffer; @@ -4439,7 +4453,7 @@ if (config == NULL) return -1; target = task_target (task); - if (target == NULL) + if (target == 0) { free (config); return -1; @@ -4449,7 +4463,6 @@ if (selector == NULL) { free (config); - free (target); return -1; } @@ -4471,7 +4484,6 @@ /* Targets for general preferences. */ hosts = target_hosts (target); - free (target); if (hosts) g_string_append_printf (buffer, "targets = %s\n\n", hosts); else @@ -5811,7 +5823,8 @@ { config_t config; - char *config_name, *target, *selector; + target_t target; + char *config_name, *selector; char *quoted_config_name, *quoted_selector; config_name = task_config_name (task); @@ -5823,7 +5836,7 @@ } target = task_target (task); - if (target == NULL) + if (target == 0) { free (config_name); g_free (rc); @@ -5835,7 +5848,6 @@ if (selector == NULL) { free (config_name); - free (target); g_free (rc); sql ("ROLLBACK"); return -1; @@ -5847,7 +5859,6 @@ { free (quoted_selector); free (config_name); - free (target); g_free (rc); sql ("ROLLBACK"); return -1; @@ -5856,7 +5867,6 @@ { free (quoted_selector); free (config_name); - free (target); g_free (rc); sql ("ROLLBACK"); return -1; @@ -6536,27 +6546,34 @@ } /** + * @brief Return the name of a target. + * + * @param[in] target Target. + * + * @return Newly allocated name if available, else NULL. + */ +char* +target_name (target_t target) +{ + return sql_string (0, 0, + "SELECT name FROM targets WHERE ROWID = %llu;", + target); +} + +/** * @brief Return the hosts associated with a target. * - * @param[in] name Target name. + * @param[in] target Target. * - * @return Comma separated list of hosts if available, else NULL. + * @return Newly allocated comma separated list of hosts if available, + * else NULL. */ char* -target_hosts (const char *name) +target_hosts (target_t target) { - char* hosts; - gchar* quoted_name = sql_nquote (name, strlen (name)); - if (user_owns ("target", quoted_name) == 0) - { - g_free (quoted_name); - return NULL; - } - hosts = sql_string (0, 0, - "SELECT hosts FROM targets WHERE name = '%s';", - quoted_name); - g_free (quoted_name); - return hosts; + return sql_string (0, 0, + "SELECT hosts FROM targets WHERE ROWID = %llu;", + target); } /** @@ -6567,25 +6584,15 @@ * @return Credential if any, else 0. */ static lsc_credential_t -target_lsc_credential (const char *name) +target_lsc_credential (target_t target) { - int ret; lsc_credential_t lsc_credential; - gchar *quoted_name = sql_quote (name); - if (user_owns ("target", quoted_name) == 0) + switch (sql_int64 (&lsc_credential, 0, 0, + "SELECT lsc_credential FROM targets" + " WHERE ROWID = %llu;", + target)) { - g_free (quoted_name); - return 0; - } - - ret = sql_int64 (&lsc_credential, 0, 0, - "SELECT lsc_credential FROM targets" - " WHERE name = '%s';", - quoted_name); - g_free (quoted_name); - switch (ret) - { case 0: break; case 1: /* Too few rows in result of query. */ @@ -6604,18 +6611,20 @@ /** * @brief Set the hosts associated with a target. * - * @param[in] name Target name. - * @param[in] name New value for hosts. + * @param[in] target Target. + * @param[in] hosts New value for hosts. */ static void -set_target_hosts (const char *name, const char *hosts) +set_target_hosts (target_t target, const char *hosts) { - gchar* quoted_name = sql_quote (name); - gchar* quoted_hosts = sql_quote (hosts); - sql ("UPDATE targets SET hosts = '%s' WHERE name = '%s';", - quoted_hosts, quoted_name); + gchar* quoted_hosts; + + assert (hosts); + + quoted_hosts = sql_quote (hosts); + sql ("UPDATE targets SET hosts = '%s' WHERE ROWID = %llu;", + quoted_hosts, target); g_free (quoted_hosts); - g_free (quoted_name); } /** From scm-commit at wald.intevation.org Tue Feb 2 19:37:53 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 2 Feb 2010 19:37:53 +0100 (CET) Subject: [Openvas-commits] r6618 - in trunk/openvas-manager: . src Message-ID: <20100202183753.4AE82865FABC@pyrosoma.intevation.org> Author: mattm Date: 2010-02-02 19:37:50 +0100 (Tue, 02 Feb 2010) New Revision: 6618 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/omp.c Log: * src/omp.c (omp_xml_handle_end_element): In CLIENT_DELETE_TARGET remove auth case from delete_target return check. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-02 18:30:03 UTC (rev 6617) +++ trunk/openvas-manager/ChangeLog 2010-02-02 18:37:50 UTC (rev 6618) @@ -1,5 +1,10 @@ 2010-02-02 Matthew Mundell + * src/omp.c (omp_xml_handle_end_element): In CLIENT_DELETE_TARGET + remove auth case from delete_target return check. + +2010-02-02 Matthew Mundell + * src/tasks_sql.h (set_target_hosts, target_hosts) (target_lsc_credential, set_target_hosts): Take target_t instead of name. (task_target): Return target_t instead of name. Modified: trunk/openvas-manager/src/omp.c =================================================================== --- trunk/openvas-manager/src/omp.c 2010-02-02 18:30:03 UTC (rev 6617) +++ trunk/openvas-manager/src/omp.c 2010-02-02 18:37:50 UTC (rev 6618) @@ -5654,10 +5654,6 @@ SEND_TO_CLIENT_OR_FAIL (XML_ERROR_SYNTAX ("delete_target", "Target is in use")); break; - case 2: - openvas_free_string_var (&modify_task_name); - SEND_TO_CLIENT_OR_FAIL (XML_ERROR_ACCESS ("delete_target")); - break; default: openvas_free_string_var (&modify_task_name); SEND_TO_CLIENT_OR_FAIL (XML_INTERNAL_ERROR ("delete_target")); From scm-commit at wald.intevation.org Tue Feb 2 21:07:08 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 2 Feb 2010 21:07:08 +0100 (CET) Subject: [Openvas-commits] r6619 - in trunk/openvas-plugins: . scripts Message-ID: <20100202200708.5D103865FADF@pyrosoma.intevation.org> Author: mime Date: 2010-02-02 21:07:02 +0100 (Tue, 02 Feb 2010) New Revision: 6619 Added: trunk/openvas-plugins/scripts/bugzilla_38025.nasl trunk/openvas-plugins/scripts/bugzilla_38026.nasl trunk/openvas-plugins/scripts/lighttpd_38036.nasl trunk/openvas-plugins/scripts/xampp_multiple_vuln_jun_09.nasl Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/cpe_inventory.nasl Log: Added new plugins Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2010-02-02 18:37:50 UTC (rev 6618) +++ trunk/openvas-plugins/ChangeLog 2010-02-02 20:07:02 UTC (rev 6619) @@ -1,5 +1,16 @@ 2010-02-02 Michael Meyer + * scripts/lighttpd_38036.nasl, + scripts/bugzilla_38026.nasl, + scripts/xampp_multiple_vuln_jun_09.nasl, + scripts/bugzilla_38025.nasl: + Added new plugins. + + * scripts/cpe_inventory.nasl: + Added newline to report. + +2010-02-02 Michael Meyer + * scripts/portscan-strobe.nasl: Bugfix. Added: trunk/openvas-plugins/scripts/bugzilla_38025.nasl =================================================================== --- trunk/openvas-plugins/scripts/bugzilla_38025.nasl 2010-02-02 18:37:50 UTC (rev 6618) +++ trunk/openvas-plugins/scripts/bugzilla_38025.nasl 2010-02-02 20:07:02 UTC (rev 6619) @@ -0,0 +1,92 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# Bugzilla Directory Access Information Disclosure Vulnerability +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100482); + script_bugtraq_id(38025); + script_cve_id("CVE-2009-3989"); + script_version ("1.0-$Revision$"); + + script_name("Bugzilla Directory Access Information Disclosure Vulnerability"); + +desc = "Overview: +Bugzilla is prone to an information-disclosure vulnerability. + +Exploits may allow attackers to obtain potentially sensitive +information that may aid in other attacks. + +Versions prior to Bugzilla 3.0.11, 3.2.6, 3.4.5, and 3.5.3 are +affected. + +Solution: +Updates are available. Please see the references for details. + +References: +http://www.securityfocus.com/bid/38025 +http://www.bugzilla.org +http://www.bugzilla.org/security/3.0.10/ + +Risk factor : Low"; + + script_description(desc); + script_summary("Determine if installed Bugzilla version is vulnerable"); + script_category(ACT_GATHER_INFO); + script_family("Web application abuses"); + script_copyright("This script is Copyright (C) 2010 Greenbone Networks GmbH"); + script_dependencies("bugzilla_detect.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + +include("http_func.inc"); +include("http_keepalive.inc"); +include("version_func.inc"); + +port = get_http_port(default:80); +if(!get_port_state(port))exit(0); + +if (!can_host_php(port:port)) exit(0); + +if(!version = get_kb_item(string("www/", port, "/bugzilla")))exit(0); +if(!matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$"))exit(0); + +vers = matches[1]; + +if(!isnull(vers) && vers >!< "unknown") { + + if(version_is_less(version: vers, test_version: "3.0.11") || + version_in_range(version: vers, test_version: "3.1", test_version2: "3.2.5") || + version_in_range(version: vers, test_version: "3.3", test_version2: "3.4.4") || + version_in_range(version: vers, test_version: "3.5", test_version2: "3.5.2")) { + security_warning(port:port); + exit(0); + } + +} + +exit(0); Property changes on: trunk/openvas-plugins/scripts/bugzilla_38025.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Added: trunk/openvas-plugins/scripts/bugzilla_38026.nasl =================================================================== --- trunk/openvas-plugins/scripts/bugzilla_38026.nasl 2010-02-02 18:37:50 UTC (rev 6618) +++ trunk/openvas-plugins/scripts/bugzilla_38026.nasl 2010-02-02 20:07:02 UTC (rev 6619) @@ -0,0 +1,92 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# Bugzilla Group Selection During Bug Move Information Disclosure Vulnerability +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100481); + script_bugtraq_id(38026); + script_cve_id("CVE-2009-3387"); + script_version ("1.0-$Revision$"); + + script_name("Bugzilla Group Selection During Bug Move Information Disclosure Vulnerability"); + +desc = "Overview: +Bugzilla is prone to an information-disclosure vulnerability. + +Exploits may allow attackers to obtain potentially sensitive +information that may aid in other attacks. + +This issue affects the following: + +Bugzilla 3.3.1 through 3.4.4 Bugzilla 3.5.1 Bugzilla 3.5.2 + +Solution: +Updates are available. Please see the references for details. + +References: +http://www.securityfocus.com/bid/38026 +https://bugzilla.mozilla.org/show_bug.cgi?id=532493 +http://www.bugzilla.org +http://www.bugzilla.org/security/3.0.10/ + +Risk factor : Low"; + + script_description(desc); + script_summary("Determine if installed Bugzilla version is vulbnerable"); + script_category(ACT_GATHER_INFO); + script_family("Web application abuses"); + script_copyright("This script is Copyright (C) 2010 Greenbone Networks GmbH"); + script_dependencies("bugzilla_detect.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + +include("http_func.inc"); +include("http_keepalive.inc"); +include("version_func.inc"); + +port = get_http_port(default:80); +if(!get_port_state(port))exit(0); + +if (!can_host_php(port:port)) exit(0); + +if(!version = get_kb_item(string("www/", port, "/bugzilla")))exit(0); +if(!matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$"))exit(0); + +vers = matches[1]; + +if(!isnull(vers) && vers >!< "unknown") { + + if(version_in_range(version: vers, test_version: "3.3", test_version2: "3.4.4") || + version_in_range(version: vers, test_version: "3.5", test_version2: "3.5.2")) { + security_warning(port:port); + exit(0); + } + +} + +exit(0); Property changes on: trunk/openvas-plugins/scripts/bugzilla_38026.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Modified: trunk/openvas-plugins/scripts/cpe_inventory.nasl =================================================================== --- trunk/openvas-plugins/scripts/cpe_inventory.nasl 2010-02-02 18:37:50 UTC (rev 6618) +++ trunk/openvas-plugins/scripts/cpe_inventory.nasl 2010-02-02 20:07:02 UTC (rev 6619) @@ -58,7 +58,7 @@ else { report = 'The following products were identified during the scan and related to CPE (http://cpe.mitre.org/) identities.\n\n'; - report = report + 'This list supports verification of software inventories. It may be incomplete and contains the best guesses based on various indiciators during operating system, service and application detection routines.\n\n'; + report = report + 'This list supports verification of software inventories. It may be incomplete and contains the best guesses\nbased on various indiciators during operating system, service and application detection routines.\n\n'; report = report + 'IP|CPE\n'; ip = get_host_ip (); Added: trunk/openvas-plugins/scripts/lighttpd_38036.nasl =================================================================== --- trunk/openvas-plugins/scripts/lighttpd_38036.nasl 2010-02-02 18:37:50 UTC (rev 6618) +++ trunk/openvas-plugins/scripts/lighttpd_38036.nasl 2010-02-02 20:07:02 UTC (rev 6619) @@ -0,0 +1,83 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# lighttpd Slow Request Handling Remote Denial Of Service Vulnerability +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100480); + script_bugtraq_id(38036); + script_cve_id("CVE-2010-0295"); + script_version ("1.0-$Revision$"); + + script_name("lighttpd Slow Request Handling Remote Denial Of Service Vulnerability"); + +desc = "Overview: +lighttpd is prone to a denial-of-service vulnerability. + +Remote attackers can exploit this issue to cause the application to +hang, denying service to legitimate users. + +Solution: +SVN fixes and patches are available. Please see the references +for details. + +References: +http://www.securityfocus.com/bid/38036 +http://www.lighttpd.net/ +http://redmine.lighttpd.net/issues/2147 +http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2010_01.txt + +Risk factor : Medium"; + + script_description(desc); + script_summary("Determine if lighttpd version is <= 1.4.26"); + script_category(ACT_GATHER_INFO); + script_family("Web Servers"); + script_copyright("This script is Copyright (C) 2010 Greenbone Networks GmbH"); + script_dependencies("find_service.nes"); + script_require_ports("Services/www", 80); + exit(0); +} + +include("http_func.inc"); +include("version_func.inc"); + +port = get_http_port(default:80); +if(!get_port_state(port))exit(0); + +banner = get_http_banner(port: port); +if(!banner)exit(0); + +if("lighttpd/" >!< banner)exit(0); + +version = eregmatch(pattern: "Server: lighttpd/([0-9.]+)", string: banner); +if(isnull(version[1]))exit(0); + +if(version_is_less_equal(version: version[1], test_version: "1.4.26")) { + security_warning(port:port); + exit(0); +} + +exit(0); Property changes on: trunk/openvas-plugins/scripts/lighttpd_38036.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Added: trunk/openvas-plugins/scripts/xampp_multiple_vuln_jun_09.nasl =================================================================== --- trunk/openvas-plugins/scripts/xampp_multiple_vuln_jun_09.nasl 2010-02-02 18:37:50 UTC (rev 6618) +++ trunk/openvas-plugins/scripts/xampp_multiple_vuln_jun_09.nasl 2010-02-02 20:07:02 UTC (rev 6619) @@ -0,0 +1,100 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# XAMPP Multiple Vulnerabilities June 2009 +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100483); + script_bugtraq_id(37997,37998,37999); + script_version ("1.0-$Revision$"); + + script_name("XAMPP Multiple Vulnerabilities June 2009"); + +desc = "Overview: +XAMPP is prone to multiple vulnerabilities. + +1. showcode.php Local File Include Vulnerability + +An attacker can exploit this vulnerability to view files and execute +local scripts in the context of the webserver process. This may aid +in further attacks. + +2. Multiple Cross Site Scripting Vulnerabilities + +An attacker may leverage these issues to execute arbitrary script code +in the browser of an unsuspecting user in the context of the affected +site. This may allow the attacker to steal cookie-based authentication +credentials and to launch other attacks. + +3. Multiple SQL Injection Vulnerabilities + +Exploiting these issues could allow an attacker to compromise the +application, access or modify data, or exploit latent vulnerabilities +in the underlying database. + +These issues affect XAMPP 1.6.8 and prior; other versions may be +affected as well. + +References: +http://www.securityfocus.com/bid/37997 +http://www.securityfocus.com/bid/37998 +http://www.securityfocus.com/bid/37999 +http://websecurity.com.ua/3230/ +http://websecurity.com.ua/3220/ +http://websecurity.com.ua/3257/ +http://www.apachefriends.org/en/xampp.html + +Risk factor : High"; + + script_description(desc); + script_summary("Determine if XAMPP version is <= 1.6.8"); + script_category(ACT_GATHER_INFO); + script_family("Web application abuses"); + script_copyright("This script is Copyright (C) 2010 Greenbone Networks GmbH"); + script_dependencies("secpod_xampp_detect.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + +include("http_func.inc"); +include("http_keepalive.inc"); +include("version_func.inc"); + +port = get_http_port(default:80); +if(!get_port_state(port))exit(0); + +if(!version = get_kb_item(string("www/", port, "/XAMPP")))exit(0); + +if(!isnull(version)) { + + if(version_is_less_equal(version: version, test_version: "1.6.8")) { + security_warning(port:port); + exit(0); + } + +} + +exit(0); Property changes on: trunk/openvas-plugins/scripts/xampp_multiple_vuln_jun_09.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision From scm-commit at wald.intevation.org Wed Feb 3 07:26:31 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 3 Feb 2010 07:26:31 +0100 (CET) Subject: [Openvas-commits] r6620 - in trunk/openvas-administrator: . src Message-ID: <20100203062631.B6EBA865F480@pyrosoma.intevation.org> Author: ckuerste Date: 2010-02-03 07:26:30 +0100 (Wed, 03 Feb 2010) New Revision: 6620 Modified: trunk/openvas-administrator/ChangeLog trunk/openvas-administrator/src/admin.c Log: * src/admin.c (openvas_admin_list_users): Add format string for g_warnings. Modified: trunk/openvas-administrator/ChangeLog =================================================================== --- trunk/openvas-administrator/ChangeLog 2010-02-02 20:07:02 UTC (rev 6619) +++ trunk/openvas-administrator/ChangeLog 2010-02-03 06:26:30 UTC (rev 6620) @@ -1,3 +1,7 @@ +2010-02-03 Christian Kuersteiner + + * src/admin.c (openvas_admin_list_users): Add format string for g_warnings. + 2010-02-01 Matthew Mundell * src/tracef.h (tracef) [TRACE]: Remove UTF-8 conversion. Modified: trunk/openvas-administrator/src/admin.c =================================================================== --- trunk/openvas-administrator/src/admin.c 2010-02-02 20:07:02 UTC (rev 6619) +++ trunk/openvas-administrator/src/admin.c 2010-02-03 06:26:30 UTC (rev 6620) @@ -297,7 +297,7 @@ users_dir = g_dir_open (directory, 0, &error); if (users_dir == NULL) { - g_warning (error->message); + g_warning ("%s", error->message); g_error_free (error); } else From scm-commit at wald.intevation.org Wed Feb 3 12:37:55 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 3 Feb 2010 12:37:55 +0100 (CET) Subject: [Openvas-commits] r6621 - in trunk/openvas-manager: . src Message-ID: <20100203113755.4EE6D865FABC@pyrosoma.intevation.org> Author: mattm Date: 2010-02-03 12:37:50 +0100 (Wed, 03 Feb 2010) New Revision: 6621 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/manage.h trunk/openvas-manager/src/omp.c trunk/openvas-manager/src/tasks_sql.h Log: * src/tasks_sql.h (delete_config): Take config_t instead of name. * src/manage.h: Update header accordingly. * src/omp.c (omp_xml_handle_end_element): In CLIENT_DELETE_CONFIG pass config_t instead of config name to delete_config. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-03 06:26:30 UTC (rev 6620) +++ trunk/openvas-manager/ChangeLog 2010-02-03 11:37:50 UTC (rev 6621) @@ -1,3 +1,12 @@ +2010-02-03 Matthew Mundell + + * src/tasks_sql.h (delete_config): Take config_t instead of name. + + * src/manage.h: Update header accordingly. + + * src/omp.c (omp_xml_handle_end_element): In CLIENT_DELETE_CONFIG + pass config_t instead of config name to delete_config. + 2010-02-02 Matthew Mundell * src/omp.c (omp_xml_handle_end_element): In CLIENT_DELETE_TARGET Modified: trunk/openvas-manager/src/manage.h =================================================================== --- trunk/openvas-manager/src/manage.h 2010-02-03 06:26:30 UTC (rev 6620) +++ trunk/openvas-manager/src/manage.h 2010-02-03 11:37:50 UTC (rev 6621) @@ -779,7 +779,7 @@ copy_config (const char*, const char*, const char*); int -delete_config (const char*); +delete_config (config_t); gboolean find_config (const char*, config_t*); Modified: trunk/openvas-manager/src/omp.c =================================================================== --- trunk/openvas-manager/src/omp.c 2010-02-03 06:26:30 UTC (rev 6620) +++ trunk/openvas-manager/src/omp.c 2010-02-03 11:37:50 UTC (rev 6621) @@ -5485,6 +5485,8 @@ case CLIENT_DELETE_CONFIG: { + config_t config = 0; + assert (strcasecmp ("DELETE_CONFIG", element_name) == 0); assert (modify_task_name != NULL); @@ -5496,8 +5498,20 @@ "DELETE_CONFIG name must be at least one" " character long")); } - else switch (delete_config (modify_task_name)) + else if (find_config (modify_task_name, &config)) + SEND_TO_CLIENT_OR_FAIL (XML_INTERNAL_ERROR ("delete_config")); + else if (config == 0) { + if (send_find_error_to_client ("delete_config", + "config", + modify_task_name)) + { + error_send_to_client (error); + return; + } + } + else switch (delete_config (config)) + { case 0: openvas_free_string_var (&modify_task_name); SEND_TO_CLIENT_OR_FAIL (XML_OK ("delete_config")); @@ -5507,10 +5521,6 @@ SEND_TO_CLIENT_OR_FAIL (XML_ERROR_SYNTAX ("delete_config", "Config is in use")); break; - case 2: - openvas_free_string_var (&modify_task_name); - SEND_TO_CLIENT_OR_FAIL (XML_ERROR_ACCESS ("delete_config")); - break; default: openvas_free_string_var (&modify_task_name); SEND_TO_CLIENT_OR_FAIL (XML_INTERNAL_ERROR ("delete_config")); Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2010-02-03 06:26:30 UTC (rev 6620) +++ trunk/openvas-manager/src/tasks_sql.h 2010-02-03 11:37:50 UTC (rev 6621) @@ -7608,47 +7608,39 @@ /** * @brief Delete a config. * - * @param[in] name Name of config. + * @param[in] config Config. * - * @return 0 success, 1 fail because a task refers to the config, - * 2 access forbidden, -1 error. + * @return 0 success, 1 fail because a task refers to the config, -1 error. */ int -delete_config (const char* name) +delete_config (config_t config) { - gchar* quoted_name; - - if (strcmp (name, "Full and fast") == 0 - || strcmp (name, "Full and fast ultimate") == 0 - || strcmp (name, "Full and very deep") == 0 - || strcmp (name, "Full and very deep ultimate") == 0 - || strcmp (name, "empty") == 0) + if (config == CONFIG_ID_FULL_AND_FAST + || config == CONFIG_ID_FULL_AND_FAST_ULTIMATE + || config == CONFIG_ID_FULL_AND_VERY_DEEP + || config == CONFIG_ID_FULL_AND_VERY_DEEP_ULTIMATE + || config == sql_int (0, 0, + "SELECT ROWID FROM configs WHERE name = 'empty';")) return 1; - quoted_name = sql_nquote (name, strlen (name)); sql ("BEGIN IMMEDIATE;"); - if (user_owns ("config", quoted_name) == 0) - { - g_free (quoted_name); - sql ("ROLLBACK;"); - return 2; - } if (sql_int (0, 0, - "SELECT count(*) FROM tasks WHERE config = '%s'", - quoted_name)) + "SELECT count(*) FROM tasks WHERE config =" + " (SELECT name FROM configs WHERE ROWID = %llu);", + config)) { - g_free (quoted_name); sql ("ROLLBACK;"); return 1; } - sql ("DELETE FROM nvt_selectors WHERE name = '%s';", - quoted_name); - sql ("DELETE FROM config_preferences" - " WHERE config = (SELECT ROWID from configs WHERE name = '%s');", - quoted_name); - sql ("DELETE FROM configs WHERE name = '%s';", quoted_name); + sql ("DELETE FROM nvt_selectors WHERE name =" + " (SELECT name FROM configs WHERE ROWID = %llu);", + config); + sql ("DELETE FROM config_preferences WHERE config = %llu;", + config); + sql ("DELETE FROM configs WHERE name =" + " (SELECT name FROM configs WHERE ROWID = %llu);", + config); sql ("COMMIT;"); - g_free (quoted_name); return 0; } From scm-commit at wald.intevation.org Wed Feb 3 13:03:19 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 3 Feb 2010 13:03:19 +0100 (CET) Subject: [Openvas-commits] r6622 - in trunk/openvas-manager: . src Message-ID: <20100203120319.B2A1F86607C2@pyrosoma.intevation.org> Author: mattm Date: 2010-02-03 13:03:19 +0100 (Wed, 03 Feb 2010) New Revision: 6622 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/tasks_sql.h Log: * src/tasks_sql.h (init_preference_iterator): Take config_t instead of name. (make_task_rcfile): Pass config_t to init_preference_iterator. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-03 11:37:50 UTC (rev 6621) +++ trunk/openvas-manager/ChangeLog 2010-02-03 12:03:19 UTC (rev 6622) @@ -1,5 +1,11 @@ 2010-02-03 Matthew Mundell + * src/tasks_sql.h (init_preference_iterator): Take config_t instead of + name. + (make_task_rcfile): Pass config_t to init_preference_iterator. + +2010-02-03 Matthew Mundell + * src/tasks_sql.h (delete_config): Take config_t instead of name. * src/manage.h: Update header accordingly. Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2010-02-03 11:37:50 UTC (rev 6621) +++ trunk/openvas-manager/src/tasks_sql.h 2010-02-03 12:03:19 UTC (rev 6622) @@ -46,7 +46,7 @@ /* Static headers. */ static void -init_preference_iterator (iterator_t*, const char*, const char*); +init_preference_iterator (iterator_t*, config_t, const char*); static const char* preference_iterator_name (iterator_t*); @@ -4444,25 +4444,28 @@ int make_task_rcfile (task_t task) { + config_t config; target_t target; - char *config, *selector, *hosts, *rc; + char *config_name, *selector, *hosts, *rc; iterator_t prefs; GString *buffer; - config = task_config_name (task); - if (config == NULL) return -1; + config = task_config (task); + config_name = task_config_name (task); + if (config_name == NULL) return -1; + target = task_target (task); if (target == 0) { - free (config); + free (config_name); return -1; } - selector = config_nvt_selector (config); + selector = config_nvt_selector (config_name); if (selector == NULL) { - free (config); + free (config_name); return -1; } @@ -4489,7 +4492,7 @@ else { free (hosts); - free (config); + free (config_name); free (selector); g_string_free (buffer, TRUE); return -1; @@ -4584,7 +4587,7 @@ g_string_append (buffer, "begin(SERVER_INFO)\n"); g_string_append (buffer, "end(SERVER_INFO)\n"); - free (config); + free (config_name); free (selector); rc = g_string_free (buffer, FALSE); @@ -7758,33 +7761,29 @@ * Assume the caller has permission to access the config. * * @param[in] iterator Iterator. - * @param[in] config Config name. + * @param[in] config Config. * @param[in] section Preference section, NULL for general preferences. */ static void init_preference_iterator (iterator_t* iterator, - const char* config, + config_t config, const char* section) { gchar* sql; - gchar *quoted_config = sql_nquote (config, strlen (config)); if (section) { gchar *quoted_section = sql_nquote (section, strlen (section)); sql = g_strdup_printf ("SELECT name, value FROM config_preferences" - " WHERE config =" - " (SELECT ROWID FROM configs WHERE name = '%s')" + " WHERE config = %llu" " AND type = '%s';", - quoted_config, quoted_section); + config, quoted_section); g_free (quoted_section); } else sql = g_strdup_printf ("SELECT name, value FROM config_preferences" - " WHERE config =" - " (SELECT ROWID FROM configs WHERE name = '%s')" + " WHERE config = %llu" " AND type is NULL;", - quoted_config); - g_free (quoted_config); + config); init_iterator (iterator, sql); g_free (sql); } From scm-commit at wald.intevation.org Wed Feb 3 13:11:31 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 3 Feb 2010 13:11:31 +0100 (CET) Subject: [Openvas-commits] r6623 - in trunk/openvas-manager: . src Message-ID: <20100203121131.5DA3B865FAA0@pyrosoma.intevation.org> Author: mattm Date: 2010-02-03 13:11:29 +0100 (Wed, 03 Feb 2010) New Revision: 6623 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/manage.h trunk/openvas-manager/src/tasks_sql.h Log: * src/tasks_sql.h (init_config_pref_iterator) (config_pref_iterator_name, config_pref_iterator_value): Remove, superceded by newer iterators. * src/manage.h: Remove headers accordingly. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-03 12:03:19 UTC (rev 6622) +++ trunk/openvas-manager/ChangeLog 2010-02-03 12:11:29 UTC (rev 6623) @@ -1,5 +1,13 @@ 2010-02-03 Matthew Mundell + * src/tasks_sql.h (init_config_pref_iterator) + (config_pref_iterator_name, config_pref_iterator_value): Remove, + superceded by newer iterators. + + * src/manage.h: Remove headers accordingly. + +2010-02-03 Matthew Mundell + * src/tasks_sql.h (init_preference_iterator): Take config_t instead of name. (make_task_rcfile): Pass config_t to init_preference_iterator. Modified: trunk/openvas-manager/src/manage.h =================================================================== --- trunk/openvas-manager/src/manage.h 2010-02-03 12:03:19 UTC (rev 6622) +++ trunk/openvas-manager/src/manage.h 2010-02-03 12:11:29 UTC (rev 6623) @@ -987,15 +987,6 @@ char* nvt_preference_iterator_nvt (iterator_t*); -void -init_config_pref_iterator (iterator_t*, const char*, const char*); - -const char* -config_pref_iterator_name (iterator_t*); - -const char* -config_pref_iterator_value (iterator_t*); - int nvt_preference_count (const char *); Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2010-02-03 12:03:19 UTC (rev 6622) +++ trunk/openvas-manager/src/tasks_sql.h 2010-02-03 12:11:29 UTC (rev 6623) @@ -7845,44 +7845,7 @@ static DEF_ACCESS (otp_pref_iterator_name, 0); static DEF_ACCESS (otp_pref_iterator_value, 1); -/** @todo Remove this version of the iterator. */ - /** - * @brief Initialise a config preference iterator. - * - * @param[in] iterator Iterator. - * @param[in] config Config. - * @param[in] nvt Name of NVT whose preferences to iterator over. - */ -void -init_config_pref_iterator (iterator_t* iterator, - const char* config, - const char* nvt) -{ - gchar *quoted_config = sql_nquote (config, strlen (config)); - init_iterator (iterator, - "SELECT name, value FROM config_preferences" - " WHERE config =" - " (SELECT ROWID FROM configs WHERE name = '%s')" - " AND type = 'PLUGINS_PREFS'" - " AND name LIKE '%s[%%';", - quoted_config, - nvt ? nvt : ""); - g_free (quoted_config); -} - -DEF_ACCESS (config_pref_iterator_name, 0); - -const char* -config_pref_iterator_value (iterator_t* iterator) -{ - const char *ret; - if (iterator->done) return NULL; - ret = (const char*) sqlite3_column_text (iterator->stmt, 1); - return ret ? ret : (const char*) sqlite3_column_text (iterator->stmt, 2); -} - -/** * @brief Return the NVT selector associated with a config. * * @param[in] name Config name. From scm-commit at wald.intevation.org Wed Feb 3 13:25:09 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 3 Feb 2010 13:25:09 +0100 (CET) Subject: [Openvas-commits] r6624 - in trunk/openvas-plugins: . scripts Message-ID: <20100203122509.95787865FABE@pyrosoma.intevation.org> Author: chandra Date: 2010-02-03 13:24:57 +0100 (Wed, 03 Feb 2010) New Revision: 6624 Added: trunk/openvas-plugins/scripts/gb_solaris_112960_70.nasl trunk/openvas-plugins/scripts/gb_solaris_113329_25.nasl trunk/openvas-plugins/scripts/gb_solaris_114242_55.nasl trunk/openvas-plugins/scripts/gb_solaris_114980_26.nasl trunk/openvas-plugins/scripts/gb_solaris_116669_37.nasl trunk/openvas-plugins/scripts/gb_solaris_118777_15.nasl trunk/openvas-plugins/scripts/gb_solaris_118778_13.nasl trunk/openvas-plugins/scripts/gb_solaris_119254_72.nasl trunk/openvas-plugins/scripts/gb_solaris_119255_72.nasl trunk/openvas-plugins/scripts/gb_solaris_119280_22.nasl trunk/openvas-plugins/scripts/gb_solaris_119281_22.nasl trunk/openvas-plugins/scripts/gb_solaris_120412_11.nasl trunk/openvas-plugins/scripts/gb_solaris_120413_11.nasl trunk/openvas-plugins/scripts/gb_solaris_120414_25.nasl trunk/openvas-plugins/scripts/gb_solaris_120415_25.nasl trunk/openvas-plugins/scripts/gb_solaris_122300_48.nasl trunk/openvas-plugins/scripts/gb_solaris_122301_48.nasl trunk/openvas-plugins/scripts/gb_solaris_122371_12.nasl trunk/openvas-plugins/scripts/gb_solaris_122911_19.nasl trunk/openvas-plugins/scripts/gb_solaris_122912_19.nasl trunk/openvas-plugins/scripts/gb_solaris_123590_12.nasl trunk/openvas-plugins/scripts/gb_solaris_123591_12.nasl trunk/openvas-plugins/scripts/gb_solaris_125332_08.nasl trunk/openvas-plugins/scripts/gb_solaris_125333_08.nasl trunk/openvas-plugins/scripts/gb_solaris_136998_08.nasl trunk/openvas-plugins/scripts/gb_solaris_136999_08.nasl trunk/openvas-plugins/scripts/gb_solaris_137000_06.nasl trunk/openvas-plugins/scripts/gb_solaris_137001_06.nasl trunk/openvas-plugins/scripts/gb_solaris_137004_07.nasl trunk/openvas-plugins/scripts/gb_solaris_137005_07.nasl trunk/openvas-plugins/scripts/gb_solaris_138822_06.nasl trunk/openvas-plugins/scripts/gb_solaris_138823_06.nasl trunk/openvas-plugins/scripts/gb_solaris_138824_06.nasl trunk/openvas-plugins/scripts/gb_solaris_138825_06.nasl trunk/openvas-plugins/scripts/gb_solaris_138826_06.nasl trunk/openvas-plugins/scripts/gb_solaris_138827_06.nasl trunk/openvas-plugins/scripts/gb_solaris_141026_08.nasl trunk/openvas-plugins/scripts/gb_solaris_141500_05.nasl trunk/openvas-plugins/scripts/gb_solaris_141501_06.nasl trunk/openvas-plugins/scripts/gb_solaris_141590_02.nasl trunk/openvas-plugins/scripts/gb_solaris_141591_02.nasl trunk/openvas-plugins/scripts/gb_solaris_142048_06.nasl trunk/openvas-plugins/scripts/gb_solaris_142242_04.nasl trunk/openvas-plugins/scripts/gb_solaris_143317_01.nasl trunk/openvas-plugins/scripts/gb_solaris_143318_01.nasl trunk/openvas-plugins/scripts/gb_solaris_143502_01.nasl trunk/openvas-plugins/scripts/gb_solaris_143503_01.nasl trunk/openvas-plugins/scripts/gb_solaris_143506_01.nasl trunk/openvas-plugins/scripts/gb_solaris_143507_01.nasl trunk/openvas-plugins/scripts/gb_solaris_143510_01.nasl trunk/openvas-plugins/scripts/gb_solaris_143511_01.nasl trunk/openvas-plugins/scripts/gb_solaris_143913_01.nasl Modified: trunk/openvas-plugins/ChangeLog Log: Added new LSC's Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/ChangeLog 2010-02-03 12:24:57 UTC (rev 6624) @@ -1,3 +1,59 @@ +2110-02-03 Chandrashekhar B + + * scripts/gb_solaris_138825_06.nasl, + scripts/gb_solaris_118777_15.nasl, + scripts/gb_solaris_120412_11.nasl, + scripts/gb_solaris_119281_22.nasl, + scripts/gb_solaris_119255_72.nasl, + scripts/gb_solaris_120414_25.nasl, + scripts/gb_solaris_143510_01.nasl, + scripts/gb_solaris_143503_01.nasl, + scripts/gb_solaris_136999_08.nasl, + scripts/gb_solaris_143507_01.nasl, + scripts/gb_solaris_137004_07.nasl, + scripts/gb_solaris_122912_19.nasl, + scripts/gb_solaris_114242_55.nasl, + scripts/gb_solaris_138824_06.nasl, + scripts/gb_solaris_123591_12.nasl, + scripts/gb_solaris_137001_06.nasl, + scripts/gb_solaris_119280_22.nasl, + scripts/gb_solaris_119254_72.nasl, + scripts/gb_solaris_141026_08.nasl, + scripts/gb_solaris_125333_08.nasl, + scripts/gb_solaris_143502_01.nasl, + scripts/gb_solaris_136998_08.nasl, + scripts/gb_solaris_142242_04.nasl, + scripts/gb_solaris_114980_26.nasl, + scripts/gb_solaris_122301_48.nasl, + scripts/gb_solaris_143506_01.nasl, + scripts/gb_solaris_141500_05.nasl, + scripts/gb_solaris_122911_19.nasl, + scripts/gb_solaris_138823_06.nasl, + scripts/gb_solaris_123590_12.nasl, + scripts/gb_solaris_137000_06.nasl, + scripts/gb_solaris_138827_06.nasl, + scripts/gb_solaris_143318_01.nasl, + scripts/gb_solaris_118778_13.nasl, + scripts/gb_solaris_125332_08.nasl, + scripts/gb_solaris_142048_06.nasl, + scripts/gb_solaris_113329_25.nasl, + scripts/gb_solaris_122371_12.nasl, + scripts/gb_solaris_122300_48.nasl, + scripts/gb_solaris_138822_06.nasl, + scripts/gb_solaris_141591_02.nasl, + scripts/gb_solaris_143913_01.nasl, + scripts/gb_solaris_116669_37.nasl, + scripts/gb_solaris_138826_06.nasl, + scripts/gb_solaris_143317_01.nasl, + scripts/gb_solaris_120413_11.nasl, + scripts/gb_solaris_141501_06.nasl, + scripts/gb_solaris_120415_25.nasl, + scripts/gb_solaris_143511_01.nasl, + scripts/gb_solaris_112960_70.nasl, + scripts/gb_solaris_141590_02.nasl, + scripts/gb_solaris_137005_07.nasl: + Added Solaris LSC's. + 2010-02-02 Michael Meyer * scripts/lighttpd_38036.nasl, Added: trunk/openvas-plugins/scripts/gb_solaris_112960_70.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_112960_70.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_112960_70.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,73 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for ldap library 112960-70 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855815); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "112960-70"); + script_name("Solaris Update for ldap library 112960-70"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + ldap library + For more information please visit the below reference link. + + Affected Software/OS: + ldap library on solaris_5.9_sparc + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-112960-70-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of ldap library"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.9", arch:"sparc", patch:"112960-70", package:"SUNWarc SUNWarcx SUNWcsl SUNWnisu SUNWhea SUNWcslx SUNWcstlx SUNWcsu SUNWcstl") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_112960_70.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_113329_25.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_113329_25.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_113329_25.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,73 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for lp 113329-25 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855848); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "113329-25"); + script_name("Solaris Update for lp 113329-25"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + lp + For more information please visit the below reference link. + + Affected Software/OS: + lp on solaris_5.9_sparc + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-113329-25-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of lp"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.9", arch:"sparc", patch:"113329-25", package:"SUNWpsu SUNWscplp SUNWpsf SUNWppm SUNWcsr SUNWpcu SUNWpsr") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_113329_25.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_114242_55.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_114242_55.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_114242_55.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,73 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for ldap library 114242-55 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855850); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "114242-55"); + script_name("Solaris Update for ldap library 114242-55"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + ldap library + For more information please visit the below reference link. + + Affected Software/OS: + ldap library on solaris_5.9_x86 + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-114242-55-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of ldap library"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.9", arch:"i386", patch:"114242-55", package:"SUNWarc SUNWcsl SUNWnisu SUNWhea SUNWcsu SUNWcstl") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_114242_55.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_114980_26.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_114980_26.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_114980_26.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,73 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for lp 114980-26 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855834); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "114980-26"); + script_name("Solaris Update for lp 114980-26"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + lp + For more information please visit the below reference link. + + Affected Software/OS: + lp on solaris_5.9_x86 + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-114980-26-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of lp"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.9", arch:"i386", patch:"114980-26", package:"SUNWpsu SUNWscplp SUNWpsf SUNWppm SUNWcsr SUNWpcu SUNWpsr") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_114980_26.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_116669_37.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_116669_37.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_116669_37.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,73 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for md 116669-37 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855818); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "116669-37"); + script_name("Solaris Update for md 116669-37"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + md + For more information please visit the below reference link. + + Affected Software/OS: + md on solaris_5.9_sparc + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-116669-37-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of md"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.9", arch:"sparc", patch:"116669-37", package:"SUNWmdx SUNWmddr SUNWmdr SUNWmdu SUNWhea") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_116669_37.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_118777_15.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_118777_15.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_118777_15.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,73 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for Sun GigaSwift Ethernet 1.0 driver 118777-15 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855828); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "118777-15"); + script_name("Solaris Update for Sun GigaSwift Ethernet 1.0 driver 118777-15"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + Sun GigaSwift Ethernet 1.0 driver + For more information please visit the below reference link. + + Affected Software/OS: + Sun GigaSwift Ethernet 1.0 driver on solaris_5.10_sparc + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-118777-15-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of Sun GigaSwift Ethernet 1.0 driver"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.10", arch:"sparc", patch:"118777-15", package:"SUNWced.u SUNWcea SUNWcedu SUNWced.us SUNWced.v") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_118777_15.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_118778_13.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_118778_13.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_118778_13.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,73 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for Sun GigaSwift Ethernet 1.0 driver 118778-13 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855813); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "118778-13"); + script_name("Solaris Update for Sun GigaSwift Ethernet 1.0 driver 118778-13"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + Sun GigaSwift Ethernet 1.0 driver + For more information please visit the below reference link. + + Affected Software/OS: + Sun GigaSwift Ethernet 1.0 driver on solaris_5.10_x86 + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-118778-13-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of Sun GigaSwift Ethernet 1.0 driver"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.10", arch:"i386", patch:"118778-13", package:"SUNWcea SUNWcedu SUNWced") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_118778_13.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_119254_72.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_119254_72.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_119254_72.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,73 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for Install and Utilities 119254-72 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855810); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "119254-72"); + script_name("Solaris Update for Install and Utilities 119254-72"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + Install and Utilities + For more information please visit the below reference link. + + Affected Software/OS: + Install and Utilities on solaris_5.10_sparc + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-119254-72-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of Install and Utilities"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.10", arch:"sparc", patch:"119254-72", package:"SUNWpkgcmdsr SUNWswmt SUNWpkgcmdsu SUNWinstall-patch-utils-root") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_119254_72.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_119255_72.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_119255_72.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_119255_72.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,73 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for Install and Utilities 119255-72 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855847); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "119255-72"); + script_name("Solaris Update for Install and Utilities 119255-72"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + Install and Utilities + For more information please visit the below reference link. + + Affected Software/OS: + Install and Utilities on solaris_5.10_x86 + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-119255-72-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of Install and Utilities"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.10", arch:"i386", patch:"119255-72", package:"SUNWpkgcmdsr SUNWswmt SUNWpkgcmdsu SUNWinstall-patch-utils-root") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_119255_72.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_119280_22.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_119280_22.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_119280_22.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,74 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for CDE 1.6 119280-22 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855820); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "119280-22"); + script_cve_id("CAN-2005-0605"); + script_name("Solaris Update for CDE 1.6 119280-22"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + CDE 1.6 + For more information please visit the below reference link. + + Affected Software/OS: + CDE 1.6 on solaris_5.10_sparc + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-119280-22-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of CDE 1.6"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.10", arch:"sparc", patch:"119280-22", package:"SUNWdtdst SUNWdtma SUNWdtmad SUNWdtbas SUNWmfrun SUNWdtinc") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_119280_22.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_119281_22.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_119281_22.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_119281_22.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,74 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for Runtime library for Solaris 10 119281-22 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855829); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "119281-22"); + script_cve_id("CAN-2005-0605"); + script_name("Solaris Update for Runtime library for Solaris 10 119281-22"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + Runtime library for Solaris 10 + For more information please visit the below reference link. + + Affected Software/OS: + Runtime library for Solaris 10 on solaris_5.10_x86 + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-119281-22-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of Runtime library for Solaris 10"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.10", arch:"i386", patch:"119281-22", package:"SUNWdtdst SUNWdtma SUNWdtmad SUNWdtbas SUNWmfrun SUNWdtinc") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_119281_22.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_120412_11.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_120412_11.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_120412_11.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,73 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for Simplified Chinese locale 120412-11 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855843); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "120412-11"); + script_name("Solaris Update for Simplified Chinese locale 120412-11"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + Simplified Chinese locale + For more information please visit the below reference link. + + Affected Software/OS: + Simplified Chinese locale on solaris_5.10_sparc + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-120412-11-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of Simplified Chinese locale"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.10", arch:"sparc", patch:"120412-11", package:"SUNWcleu2") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_120412_11.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_120413_11.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_120413_11.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_120413_11.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,73 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for Simplified Chinese locale 120413-11 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855807); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "120413-11"); + script_name("Solaris Update for Simplified Chinese locale 120413-11"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + Simplified Chinese locale + For more information please visit the below reference link. + + Affected Software/OS: + Simplified Chinese locale on solaris_5.10_x86 + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-120413-11-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of Simplified Chinese locale"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.10", arch:"i386", patch:"120413-11", package:"SUNWcleu2") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_120413_11.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_120414_25.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_120414_25.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_120414_25.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,73 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for Asian CCK locales 120414-25 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855855); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "120414-25"); + script_name("Solaris Update for Asian CCK locales 120414-25"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + Asian CCK locales + For more information please visit the below reference link. + + Affected Software/OS: + Asian CCK locales on solaris_5.10_sparc + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-120414-25-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of Asian CCK locales"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.10", arch:"sparc", patch:"120414-25", package:"SUNWhkleu SUNWinleu SUNWhleu2 SUNWkleu SUNWinplt SUNWhleu SUNWcxplt SUNWtleu SUNWhxplt SUNWsunpinyin SUNWhkplt SUNWtxplt SUNWkxplt") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_120414_25.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_120415_25.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_120415_25.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_120415_25.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,73 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for Asian CCK locales 120415-25 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855824); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "120415-25"); + script_name("Solaris Update for Asian CCK locales 120415-25"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + Asian CCK locales + For more information please visit the below reference link. + + Affected Software/OS: + Asian CCK locales on solaris_5.10_x86 + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-120415-25-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of Asian CCK locales"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.10", arch:"i386", patch:"120415-25", package:"SUNWhkleu SUNWinleu SUNWhleu2 SUNWkleu SUNWinplt SUNWhleu SUNWcxplt SUNWtleu SUNWhxplt SUNWsunpinyin SUNWhkplt SUNWtxplt SUNWkxplt") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_120415_25.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_122300_48.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_122300_48.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_122300_48.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,74 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for Kernel 122300-48 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855835); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "122300-48"); + script_cve_id("CVE-2008-1483", "CVE-2006-3738", "CVE-2006-4343", "CVE-2006-4339", "CVE-2006-2937", "CVE-2006-2940", "CVE-2006-0225"); + script_name("Solaris Update for Kernel 122300-48"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + Kernel + For more information please visit the below reference link. + + Affected Software/OS: + Kernel on solaris_5.9_sparc + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-122300-48-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of Kernel"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.9", arch:"sparc", patch:"122300-48", package:"SUNWcar.us SUNWatfsu SUNWarc SUNWnfssx SUNWcar.m SUNWudfrx SUNWpdx SUNWmdb SUNWaudit SUNWsshdu SUNWnfscx SUNWnfssu FJSVhea SUNWcsl SUNWrsg SUNWrsgx SUNWrsgk SUNWsshdr SUNWses SUNWefcx.u SUNWvolu SUNWsshr SUNWdrr.u SUNWdrrx.us SUNWssadx SUNWcsxu SUNWcarx.us SUNWpiclu SUNWmdbx SUNWnfssr SUNWvolr SUNWdrr.us SUNWcsr SUNWefcx.us SUNWpd SUNWhea SUNWcslx SUNWcstlx SUNWcarx.u SUNWatfsr SUNWsshu SUNWcsu SUNWcar.u SUNWnfscu SUNWdrcrx.u SUNWdrrx.u SUNWssad SUNWpdu SUNWnfscr SUNWcstl SUNWudfr") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_122300_48.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_122301_48.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_122301_48.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_122301_48.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,74 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for Kernel 122301-48 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855853); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "122301-48"); + script_cve_id("CVE-2008-1483", "CVE-2006-3738", "CVE-2006-4343", "CVE-2006-4339", "CVE-2006-2937", "CVE-2006-2940", "CVE-2006-0225"); + script_name("Solaris Update for Kernel 122301-48"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + Kernel + For more information please visit the below reference link. + + Affected Software/OS: + Kernel on solaris_5.9_x86 + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-122301-48-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of Kernel"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.9", arch:"i386", patch:"122301-48", package:"SUNWsshcu SUNWcar.i SUNWatfsu SUNWarc SUNWmdb SUNWaudit SUNWsshdu SUNWnfssu SUNWcsl SUNWrsg SUNWrsgk SUNWsshdr SUNWvolu SUNWsshr SUNWnfssr SUNWcsr SUNWhea SUNWatfsr SUNWsshu SUNWcsu SUNWnfscu SUNWnfscr SUNWcstl SUNWudfr") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_122301_48.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_122371_12.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_122371_12.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_122371_12.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,73 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for md 122371-12 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855814); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "122371-12"); + script_name("Solaris Update for md 122371-12"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + md + For more information please visit the below reference link. + + Affected Software/OS: + md on solaris_5.9_x86 + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-122371-12-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of md"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.9", arch:"i386", patch:"122371-12", package:"SUNWmdr SUNWmdu SUNWhea") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_122371_12.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_122911_19.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_122911_19.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_122911_19.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,74 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for Apache 1.3 122911-19 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855812); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "122911-19"); + script_cve_id("CVE-2009-0796", "CVE-2008-5519", "CVE-2007-5000", "CVE-2007-6388", "CVE-2006-5752", "CVE-2007-3304", "CVE-2005-3352", "CVE-2006-3747", "CAN-2005-2700", "CAN-2005-2088"); + script_name("Solaris Update for Apache 1.3 122911-19"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + Apache 1.3 + For more information please visit the below reference link. + + Affected Software/OS: + Apache 1.3 on solaris_5.10_sparc + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-122911-19-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of Apache 1.3"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.10", arch:"sparc", patch:"122911-19", package:"SUNWapchS SUNWtcatu SUNWapchr SUNWtcatr SUNWapchd SUNWapchu") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_122911_19.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_122912_19.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_122912_19.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_122912_19.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,74 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for Apache 1.3 122912-19 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855821); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "122912-19"); + script_cve_id("CVE-2009-0796", "CVE-2008-5519", "CVE-2007-5000", "CVE-2007-6388", "CVE-2006-5752", "CVE-2007-3304", "CVE-2005-3352", "CVE-2006-3747", "CAN-2005-2700", "CAN-2005-2088"); + script_name("Solaris Update for Apache 1.3 122912-19"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + Apache 1.3 + For more information please visit the below reference link. + + Affected Software/OS: + Apache 1.3 on solaris_5.10_x86 + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-122912-19-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of Apache 1.3"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.10", arch:"i386", patch:"122912-19", package:"SUNWapchS SUNWtcatu SUNWapchr SUNWtcatr SUNWapchd SUNWapchu") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_122912_19.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_123590_12.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_123590_12.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_123590_12.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,74 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for PostgresSQL 123590-12 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855826); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "123590-12"); + script_cve_id("CVE-2007-0555", "CVE-2007-0556"); + script_name("Solaris Update for PostgresSQL 123590-12"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + PostgresSQL + For more information please visit the below reference link. + + Affected Software/OS: + PostgresSQL on solaris_5.10_sparc + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-123590-12-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of PostgresSQL"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.10", arch:"sparc", patch:"123590-12", package:"SUNWpostgr-jdbcS SUNWpostgr-contrib SUNWpostgrS SUNWpostgr-tclS SUNWpostgr-server-data SUNWpostgr-devel SUNWpostgr-libs SUNWpostgr-jdbc SUNWpostgr-tcl SUNWpostgr-server SUNWpostgr-pl SUNWpostgr-docs SUNWpostgr") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_123590_12.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_123591_12.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_123591_12.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_123591_12.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,74 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for PostgresSQL 123591-12 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855849); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "123591-12"); + script_cve_id("CVE-2007-0555", "CVE-2007-0556"); + script_name("Solaris Update for PostgresSQL 123591-12"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + PostgresSQL + For more information please visit the below reference link. + + Affected Software/OS: + PostgresSQL on solaris_5.10_x86 + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-123591-12-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of PostgresSQL"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.10", arch:"i386", patch:"123591-12", package:"SUNWpostgr-jdbcS SUNWpostgr-contrib SUNWpostgrS SUNWpostgr-tclS SUNWpostgr-server-data SUNWpostgr-devel SUNWpostgr-libs SUNWpostgr-jdbc SUNWpostgr-tcl SUNWpostgr-server SUNWpostgr-pl SUNWpostgr-docs SUNWpostgr") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_123591_12.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_125332_08.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_125332_08.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_125332_08.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,73 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for JDS 3 125332-08 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855841); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "125332-08"); + script_name("Solaris Update for JDS 3 125332-08"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + JDS 3 + For more information please visit the below reference link. + + Affected Software/OS: + JDS 3 on solaris_5.10_sparc + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-125332-08-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of JDS 3"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.10", arch:"sparc", patch:"125332-08", package:"SUNWflash-player-plugin") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_125332_08.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_125333_08.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_125333_08.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_125333_08.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,73 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for Macromedia Flash Player Plugin 125333-08 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855832); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "125333-08"); + script_name("Solaris Update for Macromedia Flash Player Plugin 125333-08"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + Macromedia Flash Player Plugin + For more information please visit the below reference link. + + Affected Software/OS: + Macromedia Flash Player Plugin on solaris_5.10_x86 + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-125333-08-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of Macromedia Flash Player Plugin"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.10", arch:"i386", patch:"125333-08", package:"SUNWflash-player-plugin") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_125333_08.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_136998_08.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_136998_08.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_136998_08.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,73 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for PostgreSQL 8.2 core 136998-08 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855833); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "136998-08"); + script_name("Solaris Update for PostgreSQL 8.2 core 136998-08"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + PostgreSQL 8.2 core + For more information please visit the below reference link. + + Affected Software/OS: + PostgreSQL 8.2 core on solaris_5.10_sparc + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-136998-08-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of PostgreSQL 8.2 core"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.10", arch:"sparc", patch:"136998-08", package:"SUNWpostgr-82-pl SUNWpostgr-82-server SUNWpostgr-82-contrib SUNWpostgr-82-client SUNWpostgr-82-libs SUNWpostgr-82-devel SUNWpostgr-82-server-data-root") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_136998_08.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_136999_08.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_136999_08.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_136999_08.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,73 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for PostgreSQL 8.2 core 136999-08 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855822); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "136999-08"); + script_name("Solaris Update for PostgreSQL 8.2 core 136999-08"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + PostgreSQL 8.2 core + For more information please visit the below reference link. + + Affected Software/OS: + PostgreSQL 8.2 core on solaris_5.10_x86 + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-136999-08-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of PostgreSQL 8.2 core"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.10", arch:"i386", patch:"136999-08", package:"SUNWpostgr-82-pl SUNWpostgr-82-server SUNWpostgr-82-contrib SUNWpostgr-82-client SUNWpostgr-82-libs SUNWpostgr-82-devel SUNWpostgr-82-server-data-root") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_136999_08.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_137000_06.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_137000_06.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_137000_06.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,73 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for PostgreSQL 8.2 documentation 137000-06 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855852); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "137000-06"); + script_name("Solaris Update for PostgreSQL 8.2 documentation 137000-06"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + PostgreSQL 8.2 documentation + For more information please visit the below reference link. + + Affected Software/OS: + PostgreSQL 8.2 documentation on solaris_5.10_sparc + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-137000-06-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of PostgreSQL 8.2 documentation"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.10", arch:"sparc", patch:"137000-06", package:"SUNWpostgr-82-docs") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_137000_06.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_137001_06.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_137001_06.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_137001_06.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,73 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for PostgreSQL 8.2 documentation 137001-06 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855830); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "137001-06"); + script_name("Solaris Update for PostgreSQL 8.2 documentation 137001-06"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + PostgreSQL 8.2 documentation + For more information please visit the below reference link. + + Affected Software/OS: + PostgreSQL 8.2 documentation on solaris_5.10_x86 + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-137001-06-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of PostgreSQL 8.2 documentation"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.10", arch:"i386", patch:"137001-06", package:"SUNWpostgr-82-docs") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_137001_06.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_137004_07.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_137004_07.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_137004_07.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,73 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for PostgreSQL 8.2 source code 137004-07 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855806); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "137004-07"); + script_name("Solaris Update for PostgreSQL 8.2 source code 137004-07"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + PostgreSQL 8.2 source code + For more information please visit the below reference link. + + Affected Software/OS: + PostgreSQL 8.2 source code on solaris_5.10_sparc + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-137004-07-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of PostgreSQL 8.2 source code"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.10", arch:"sparc", patch:"137004-07", package:"SUNWpostgr-82S") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_137004_07.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_137005_07.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_137005_07.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_137005_07.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,73 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for PostgreSQL 8.2 source code 137005-07 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855838); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "137005-07"); + script_name("Solaris Update for PostgreSQL 8.2 source code 137005-07"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + PostgreSQL 8.2 source code + For more information please visit the below reference link. + + Affected Software/OS: + PostgreSQL 8.2 source code on solaris_5.10_x86 + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-137005-07-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of PostgreSQL 8.2 source code"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.10", arch:"i386", patch:"137005-07", package:"SUNWpostgr-82S") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_137005_07.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_138822_06.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_138822_06.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_138822_06.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,73 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for PostgreSQL 8.3 documentation 138822-06 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855842); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "138822-06"); + script_name("Solaris Update for PostgreSQL 8.3 documentation 138822-06"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + PostgreSQL 8.3 documentation + For more information please visit the below reference link. + + Affected Software/OS: + PostgreSQL 8.3 documentation on solaris_5.10_sparc + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-138822-06-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of PostgreSQL 8.3 documentation"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.10", arch:"sparc", patch:"138822-06", package:"SUNWpostgr-83-docs") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_138822_06.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_138823_06.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_138823_06.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_138823_06.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,73 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for PostgreSQL 8.3 documentation 138823-06 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855817); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "138823-06"); + script_name("Solaris Update for PostgreSQL 8.3 documentation 138823-06"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + PostgreSQL 8.3 documentation + For more information please visit the below reference link. + + Affected Software/OS: + PostgreSQL 8.3 documentation on solaris_5.10_x86 + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-138823-06-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of PostgreSQL 8.3 documentation"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.10", arch:"i386", patch:"138823-06", package:"SUNWpostgr-83-docs") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_138823_06.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_138824_06.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_138824_06.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_138824_06.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,73 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for PostgreSQL 8.3 source code 138824-06 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855809); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "138824-06"); + script_name("Solaris Update for PostgreSQL 8.3 source code 138824-06"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + PostgreSQL 8.3 source code + For more information please visit the below reference link. + + Affected Software/OS: + PostgreSQL 8.3 source code on solaris_5.10_sparc + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-138824-06-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of PostgreSQL 8.3 source code"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.10", arch:"sparc", patch:"138824-06", package:"SUNWpostgr-83S") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_138824_06.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_138825_06.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_138825_06.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_138825_06.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,73 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for PostgreSQL 8.3 source code 138825-06 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855811); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "138825-06"); + script_name("Solaris Update for PostgreSQL 8.3 source code 138825-06"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + PostgreSQL 8.3 source code + For more information please visit the below reference link. + + Affected Software/OS: + PostgreSQL 8.3 source code on solaris_5.10_x86 + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-138825-06-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of PostgreSQL 8.3 source code"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.10", arch:"i386", patch:"138825-06", package:"SUNWpostgr-83S") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_138825_06.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_138826_06.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_138826_06.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_138826_06.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,73 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for PostgreSQL 8.3 core 138826-06 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855836); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "138826-06"); + script_name("Solaris Update for PostgreSQL 8.3 core 138826-06"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + PostgreSQL 8.3 core + For more information please visit the below reference link. + + Affected Software/OS: + PostgreSQL 8.3 core on solaris_5.10_sparc + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-138826-06-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of PostgreSQL 8.3 core"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.10", arch:"sparc", patch:"138826-06", package:"SUNWpostgr-83-devel SUNWpostgr-83-tcl SUNWpostgr-83-libs SUNWpostgr-83-server SUNWpostgr-83-pl SUNWpostgr-83-client SUNWpostgr-83-contrib") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_138826_06.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_138827_06.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_138827_06.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_138827_06.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,73 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for PostgreSQL 8.3 core 138827-06 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855837); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "138827-06"); + script_name("Solaris Update for PostgreSQL 8.3 core 138827-06"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + PostgreSQL 8.3 core + For more information please visit the below reference link. + + Affected Software/OS: + PostgreSQL 8.3 core on solaris_5.10_x86 + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-138827-06-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of PostgreSQL 8.3 core"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.10", arch:"i386", patch:"138827-06", package:"SUNWpostgr-83-devel SUNWpostgr-83-tcl SUNWpostgr-83-libs SUNWpostgr-83-server SUNWpostgr-83-pl SUNWpostgr-83-client SUNWpostgr-83-contrib") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_138827_06.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_141026_08.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_141026_08.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_141026_08.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,73 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for print 141026-08 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855844); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "141026-08"); + script_name("Solaris Update for print 141026-08"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + print + For more information please visit the below reference link. + + Affected Software/OS: + print on solaris_5.10_sparc + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-141026-08-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of print"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.10", arch:"sparc", patch:"141026-08", package:"SUNWpsu SUNWpapi SUNWppm SUNWpcu SUNWippcore SUNWpsm-lpd SUNWpsm-ipp") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_141026_08.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_141500_05.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_141500_05.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_141500_05.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,74 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for kinit 141500-05 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855823); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "141500-05"); + script_cve_id("CVE-2009-0847", "CVE-2009-0845", "CVE-2009-0844", "CVE-2009-0846"); + script_name("Solaris Update for kinit 141500-05"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + kinit + For more information please visit the below reference link. + + Affected Software/OS: + kinit on solaris_5.10_sparc + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-141500-05-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of kinit"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.10", arch:"sparc", patch:"141500-05", package:"SUNWcakr.u SUNWkrbu SUNWgssk SUNWcakr.us SUNWkdcu SUNWgssc SUNWgss SUNWkrbr SUNWhea SUNWspnego SUNWcslr") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_141500_05.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_141501_06.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_141501_06.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_141501_06.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,74 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for kinit 141501-06 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855840); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "141501-06"); + script_cve_id("CVE-2009-0847", "CVE-2009-0845", "CVE-2009-0844", "CVE-2009-0846"); + script_name("Solaris Update for kinit 141501-06"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + kinit + For more information please visit the below reference link. + + Affected Software/OS: + kinit on solaris_5.10_x86 + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-141501-06-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of kinit"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.10", arch:"i386", patch:"141501-06", package:"SUNWkrbu SUNWgssk SUNWkdcu SUNWgssc SUNWgss SUNWkrbr SUNWhea SUNWspnego SUNWcslr") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_141501_06.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_141590_02.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_141590_02.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_141590_02.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,73 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for dtrace fasttrap 141590-02 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855845); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "141590-02"); + script_name("Solaris Update for dtrace fasttrap 141590-02"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + dtrace fasttrap + For more information please visit the below reference link. + + Affected Software/OS: + dtrace fasttrap on solaris_5.10_sparc + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-141590-02-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of dtrace fasttrap"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.10", arch:"sparc", patch:"141590-02", package:"SUNWdtrc SUNWdtrp") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_141590_02.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_141591_02.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_141591_02.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_141591_02.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,73 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for dtrace fasttrap 141591-02 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855827); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "141591-02"); + script_name("Solaris Update for dtrace fasttrap 141591-02"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + dtrace fasttrap + For more information please visit the below reference link. + + Affected Software/OS: + dtrace fasttrap on solaris_5.10_x86 + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-141591-02-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of dtrace fasttrap"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.10", arch:"i386", patch:"141591-02", package:"SUNWdtrc SUNWdtrp") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_141591_02.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_142048_06.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_142048_06.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_142048_06.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,73 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for arcfour and rsa 142048-06 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855846); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "142048-06"); + script_name("Solaris Update for arcfour and rsa 142048-06"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + arcfour and rsa + For more information please visit the below reference link. + + Affected Software/OS: + arcfour and rsa on solaris_5.10_x86 + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-142048-06-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of arcfour and rsa"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.10", arch:"i386", patch:"142048-06", package:"SUNWcry SUNWcsl SUNWcryr SUNWckr") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_142048_06.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_142242_04.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_142242_04.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_142242_04.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,73 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for libpkcs11.so.1 142242-04 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855854); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "142242-04"); + script_name("Solaris Update for libpkcs11.so.1 142242-04"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + libpkcs11.so.1 + For more information please visit the below reference link. + + Affected Software/OS: + libpkcs11.so.1 on solaris_5.10_sparc + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-142242-04-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of libpkcs11.so.1"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.10", arch:"sparc", patch:"142242-04", package:"SUNWcry SUNWcsl") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_142242_04.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_143317_01.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_143317_01.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_143317_01.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,74 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for GNOME 2.6.0 143317-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855831); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "143317-01"); + script_cve_id("CVE-2009-3615"); + script_name("Solaris Update for GNOME 2.6.0 143317-01"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + GNOME 2.6.0 + For more information please visit the below reference link. + + Affected Software/OS: + GNOME 2.6.0 on solaris_5.10_sparc + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-143317-01-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of GNOME 2.6.0"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.10", arch:"sparc", patch:"143317-01", package:"SUNWgnome-im-client") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_143317_01.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_143318_01.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_143318_01.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_143318_01.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,74 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for Instant Messaging 143318-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855851); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "143318-01"); + script_cve_id("CVE-2009-3615"); + script_name("Solaris Update for Instant Messaging 143318-01"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + Instant Messaging + For more information please visit the below reference link. + + Affected Software/OS: + Instant Messaging on solaris_5.10_x86 + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-143318-01-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of Instant Messaging"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.10", arch:"i386", patch:"143318-01", package:"SUNWgnome-im-client") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_143318_01.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_143502_01.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_143502_01.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_143502_01.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,73 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for GNOME 2.6.0 143502-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855816); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "143502-01"); + script_name("Solaris Update for GNOME 2.6.0 143502-01"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + GNOME 2.6.0 + For more information please visit the below reference link. + + Affected Software/OS: + GNOME 2.6.0 on solaris_5.10_sparc + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-143502-01-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of GNOME 2.6.0"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.10", arch:"sparc", patch:"143502-01", package:"SUNWgnome-base-libs") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_143502_01.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_143503_01.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_143503_01.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_143503_01.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,73 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for Trusted Extensions 143503-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855819); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "143503-01"); + script_name("Solaris Update for Trusted Extensions 143503-01"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + Trusted Extensions + For more information please visit the below reference link. + + Affected Software/OS: + Trusted Extensions on solaris_5.10_x86 + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-143503-01-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of Trusted Extensions"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.10", arch:"i386", patch:"143503-01", package:"SUNWgnome-base-libs") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_143503_01.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_143506_01.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_143506_01.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_143506_01.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,73 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for GNOME 2.6.0 143506-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855825); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "143506-01"); + script_name("Solaris Update for GNOME 2.6.0 143506-01"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + GNOME 2.6.0 + For more information please visit the below reference link. + + Affected Software/OS: + GNOME 2.6.0 on solaris_5.10_sparc + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-143506-01-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of GNOME 2.6.0"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.10", arch:"sparc", patch:"143506-01", package:"SUNWPython SUNWPython-devel") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_143506_01.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_143507_01.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_143507_01.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_143507_01.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,73 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for Python 143507-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855856); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "143507-01"); + script_name("Solaris Update for Python 143507-01"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + Python + For more information please visit the below reference link. + + Affected Software/OS: + Python on solaris_5.10_x86 + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-143507-01-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of Python"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.10", arch:"i386", patch:"143507-01", package:"SUNWPython SUNWPython-devel") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_143507_01.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_143510_01.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_143510_01.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_143510_01.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,74 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for GNOME 2.6.0 143510-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855805); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "143510-01"); + script_cve_id("CVE-2009-1570"); + script_name("Solaris Update for GNOME 2.6.0 143510-01"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + GNOME 2.6.0 + For more information please visit the below reference link. + + Affected Software/OS: + GNOME 2.6.0 on solaris_5.10_sparc + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-143510-01-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of GNOME 2.6.0"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.10", arch:"sparc", patch:"143510-01", package:"SUNWgnome-img-editor") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_143510_01.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_143511_01.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_143511_01.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_143511_01.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,74 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for GIMP 143511-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855839); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "143511-01"); + script_cve_id("CVE-2009-1570"); + script_name("Solaris Update for GIMP 143511-01"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + GIMP + For more information please visit the below reference link. + + Affected Software/OS: + GIMP on solaris_5.10_x86 + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-143511-01-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of GIMP"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.10", arch:"i386", patch:"143511-01", package:"SUNWgnome-img-editor") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_143511_01.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_solaris_143913_01.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_solaris_143913_01.nasl 2010-02-03 12:11:29 UTC (rev 6623) +++ trunk/openvas-plugins/scripts/gb_solaris_143913_01.nasl 2010-02-03 12:24:57 UTC (rev 6624) @@ -0,0 +1,73 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Solaris Update for ucode driver 143913-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(855808); + script_version("$Revision$: 1.0"); + script_xref(name: "SUNSolve", value: "143913-01"); + script_name("Solaris Update for ucode driver 143913-01"); + desc = " + + Vulnerability Insight: + The remote host is missing a patch containing a security fix, + which affects the following component(s): + ucode driver + For more information please visit the below reference link. + + Affected Software/OS: + ucode driver on solaris_5.10_x86 + + Fix: Please Install the Updated Packages. + + References: + http://sunsolve.sun.com/search/document.do?assetkey=1-21-143913-01-1 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of ucode driver"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Solaris Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/solosversion"); + exit(0); +} + + +include("solaris.inc"); + +release = get_kb_item("ssh/login/solosversion"); + +if(release == NULL){ + exit(0); +} + +if(solaris_check_patch(release:"5.10", arch:"i386", patch:"143913-01", package:"SUNWckr") < 0) +{ + security_hole(0); + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_solaris_143913_01.nasl ___________________________________________________________________ Name: svn:keywords + Revision From scm-commit at wald.intevation.org Wed Feb 3 13:53:22 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 3 Feb 2010 13:53:22 +0100 (CET) Subject: [Openvas-commits] r6625 - in trunk/openvas-manager: . src Message-ID: <20100203125322.EAA1B865FAA0@pyrosoma.intevation.org> Author: mattm Date: 2010-02-03 13:53:17 +0100 (Wed, 03 Feb 2010) New Revision: 6625 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/manage.c trunk/openvas-manager/src/tasks_sql.h Log: * src/tasks_sql.h (init_otp_pref_iterator): Take config_t instead of name. * src/manage.c (send_config_preferences): Take config_t instead of name. Pass config_t to init_otp_pref_iterator. (start_task): Pass config_t to send_config_preferences. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-03 12:24:57 UTC (rev 6624) +++ trunk/openvas-manager/ChangeLog 2010-02-03 12:53:17 UTC (rev 6625) @@ -1,5 +1,14 @@ 2010-02-03 Matthew Mundell + * src/tasks_sql.h (init_otp_pref_iterator): Take config_t instead of + name. + + * src/manage.c (send_config_preferences): Take config_t instead of + name. Pass config_t to init_otp_pref_iterator. + (start_task): Pass config_t to send_config_preferences. + +2010-02-03 Matthew Mundell + * src/tasks_sql.h (init_config_pref_iterator) (config_pref_iterator_name, config_pref_iterator_value): Remove, superceded by newer iterators. Modified: trunk/openvas-manager/src/manage.c =================================================================== --- trunk/openvas-manager/src/manage.c 2010-02-03 12:24:57 UTC (rev 6624) +++ trunk/openvas-manager/src/manage.c 2010-02-03 12:53:17 UTC (rev 6625) @@ -693,14 +693,13 @@ /** * @brief Send the preferences from a config to the scanner. * - * @param[in] task Task. + * @param[in] config Config. * @param[in] section_name Name of preference section to send. * * @return 0 on success, -1 on failure. */ static int -send_config_preferences (const char* config, - const char* section_name) +send_config_preferences (config_t config, const char* section_name) { iterator_t prefs; @@ -1027,11 +1026,13 @@ if (find_config (config, &config_id) || (config_id == 0)) { + free (config); free (hosts); set_task_run_status (task, run_status); current_report = (report_t) 0; return -10; } + free (config); /* Send the plugin list. */ @@ -1044,7 +1045,6 @@ if (fail) { free (hosts); - free (config); set_task_run_status (task, run_status); current_report = (report_t) 0; return -10; @@ -1055,7 +1055,6 @@ if (send_to_server ("ntp_keep_communication_alive <|> yes\n")) { free (hosts); - free (config); set_task_run_status (task, run_status); current_report = (report_t) 0; return -10; @@ -1063,7 +1062,6 @@ if (send_to_server ("ntp_client_accepts_notes <|> yes\n")) { free (hosts); - free (config); set_task_run_status (task, run_status); current_report = (report_t) 0; return -10; @@ -1072,7 +1070,6 @@ if (send_to_server ("ntp_opt_show_end <|> no\n")) { free (hosts); - free (config); set_task_run_status (task, run_status); current_report = (report_t) 0; return -10; @@ -1080,7 +1077,6 @@ if (send_to_server ("ntp_short_status <|> no\n")) { free (hosts); - free (config); set_task_run_status (task, run_status); current_report = (report_t) 0; return -10; @@ -1088,18 +1084,16 @@ /* Send the scanner and plugins preferences. */ - if (send_config_preferences (config, "SERVER_PREFS")) + if (send_config_preferences (config_id, "SERVER_PREFS")) { free (hosts); - free (config); set_task_run_status (task, run_status); current_report = (report_t) 0; return -10; } - if (send_config_preferences (config, "PLUGINS_PREFS")) + if (send_config_preferences (config_id, "PLUGINS_PREFS")) { free (hosts); - free (config); set_task_run_status (task, run_status); current_report = (report_t) 0; return -10; @@ -1131,7 +1125,6 @@ password)) { free (hosts); - free (config); cleanup_iterator (&credentials); set_task_run_status (task, run_status); current_report = (report_t) 0; @@ -1144,7 +1137,6 @@ if (send_to_server ("<|> CLIENT\n")) { free (hosts); - free (config); set_task_run_status (task, run_status); current_report = (report_t) 0; return -10; @@ -1162,7 +1154,6 @@ if (send_task_file (task, files->data)) { free (hosts); - free (config); /* Free the data. */ while (files) { @@ -1185,12 +1176,10 @@ if (send_to_server ("CLIENT <|> RULES <|>\n")) { free (hosts); - free (config); set_task_run_status (task, run_status); current_report = (report_t) 0; return -10; } - free (config); if (send_user_rules ()) { Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2010-02-03 12:24:57 UTC (rev 6624) +++ trunk/openvas-manager/src/tasks_sql.h 2010-02-03 12:53:17 UTC (rev 6625) @@ -55,7 +55,7 @@ preference_iterator_value (iterator_t*); static void -init_otp_pref_iterator (iterator_t*, const char*, const char*); +init_otp_pref_iterator (iterator_t*, config_t, const char*); static const char* otp_pref_iterator_name (iterator_t*); @@ -7805,24 +7805,22 @@ */ static void init_otp_pref_iterator (iterator_t* iterator, - const char* config, + config_t config, const char* section) { - gchar *quoted_config, *quoted_section; + gchar *quoted_section; assert (config); assert (section); assert ((strcmp (section, "PLUGINS_PREFS") == 0) || (strcmp (section, "SERVER_PREFS") == 0)); - quoted_config = sql_quote (config); quoted_section = sql_quote (section); init_iterator (iterator, "SELECT config_preferences.name, config_preferences.value" " FROM config_preferences, nvt_preferences" - " WHERE config_preferences.config =" - " (SELECT ROWID FROM configs WHERE name = '%s')" + " WHERE config_preferences.config = %llu" " AND config_preferences.type = '%s'" " AND config_preferences.name = nvt_preferences.name" " UNION" @@ -7830,16 +7828,14 @@ " FROM nvt_preferences" " WHERE nvt_preferences.name %s" " AND (SELECT COUNT(*) FROM config_preferences" - " WHERE config =" - " (SELECT ROWID FROM configs WHERE name = '%s')" + " WHERE config = %llu" " AND config_preferences.name = nvt_preferences.name) = 0;", - quoted_config, + config, quoted_section, strcmp (quoted_section, "SERVER_PREFS") == 0 ? "NOT LIKE '%[%]%'" : "LIKE '%[%]%'", - quoted_config); + config); g_free (quoted_section); - g_free (quoted_config); } static DEF_ACCESS (otp_pref_iterator_name, 0); From scm-commit at wald.intevation.org Wed Feb 3 13:58:52 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 3 Feb 2010 13:58:52 +0100 (CET) Subject: [Openvas-commits] r6626 - in trunk/openvas-manager: . src Message-ID: <20100203125852.6B566865FABE@pyrosoma.intevation.org> Author: mattm Date: 2010-02-03 13:58:51 +0100 (Wed, 03 Feb 2010) New Revision: 6626 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/manage.c Log: * src/manage.c (start_task): Get the config directly, instead of via the config name. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-03 12:53:17 UTC (rev 6625) +++ trunk/openvas-manager/ChangeLog 2010-02-03 12:58:51 UTC (rev 6626) @@ -1,5 +1,10 @@ 2010-02-03 Matthew Mundell + * src/manage.c (start_task): Get the config directly, instead of via the + config name. + +2010-02-03 Matthew Mundell + * src/tasks_sql.h (init_otp_pref_iterator): Take config_t instead of name. Modified: trunk/openvas-manager/src/manage.c =================================================================== --- trunk/openvas-manager/src/manage.c 2010-02-03 12:53:17 UTC (rev 6625) +++ trunk/openvas-manager/src/manage.c 2010-02-03 12:58:51 UTC (rev 6626) @@ -902,12 +902,12 @@ start_task (task_t task, char **report_id) { target_t target; - char *hosts, *config; + char *hosts; gchar *plugins; int fail, pid; GSList *files = NULL; task_status_t run_status; - config_t config_id; + config_t config; lsc_credential_t credential; tracef (" start task %u\n", task_id (task)); @@ -1014,29 +1014,19 @@ /* Get the config and selector. */ - config = task_config_name (task); - if (config == NULL) + config = task_config (task); + if (config == 0) { free (hosts); - tracef (" task config is NULL.\n"); + tracef (" task config is 0.\n"); set_task_run_status (task, run_status); current_report = (report_t) 0; return -10; } - if (find_config (config, &config_id) || (config_id == 0)) - { - free (config); - free (hosts); - set_task_run_status (task, run_status); - current_report = (report_t) 0; - return -10; - } - free (config); - /* Send the plugin list. */ - plugins = nvt_selector_plugins (config_id); + plugins = nvt_selector_plugins (config); if (plugins) fail = sendf_to_server ("plugin_set <|> %s\n", plugins); else @@ -1084,14 +1074,14 @@ /* Send the scanner and plugins preferences. */ - if (send_config_preferences (config_id, "SERVER_PREFS")) + if (send_config_preferences (config, "SERVER_PREFS")) { free (hosts); set_task_run_status (task, run_status); current_report = (report_t) 0; return -10; } - if (send_config_preferences (config_id, "PLUGINS_PREFS")) + if (send_config_preferences (config, "PLUGINS_PREFS")) { free (hosts); set_task_run_status (task, run_status); From scm-commit at wald.intevation.org Wed Feb 3 14:13:44 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 3 Feb 2010 14:13:44 +0100 (CET) Subject: [Openvas-commits] r6627 - in trunk/openvas-manager: . src Message-ID: <20100203131344.8D213865FAA0@pyrosoma.intevation.org> Author: mattm Date: 2010-02-03 14:13:42 +0100 (Wed, 03 Feb 2010) New Revision: 6627 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/manage.h trunk/openvas-manager/src/omp.c trunk/openvas-manager/src/tasks_sql.h Log: * src/tasks_sql.h (copy_config): Take config_t instead of name. * src/manage.h: Update header accordingly. * src/omp.c (omp_xml_handle_end_element): In CLIENT_CREATE_CONFIG pass config_t instead of config name to copy_config. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-03 12:58:51 UTC (rev 6626) +++ trunk/openvas-manager/ChangeLog 2010-02-03 13:13:42 UTC (rev 6627) @@ -1,5 +1,14 @@ 2010-02-03 Matthew Mundell + * src/tasks_sql.h (copy_config): Take config_t instead of name. + + * src/manage.h: Update header accordingly. + + * src/omp.c (omp_xml_handle_end_element): In CLIENT_CREATE_CONFIG + pass config_t instead of config name to copy_config. + +2010-02-03 Matthew Mundell + * src/manage.c (start_task): Get the config directly, instead of via the config name. Modified: trunk/openvas-manager/src/manage.h =================================================================== --- trunk/openvas-manager/src/manage.h 2010-02-03 12:58:51 UTC (rev 6626) +++ trunk/openvas-manager/src/manage.h 2010-02-03 13:13:42 UTC (rev 6627) @@ -776,7 +776,7 @@ create_config_rc (const char*, const char*, char*); int -copy_config (const char*, const char*, const char*); +copy_config (const char*, const char*, config_t); int delete_config (config_t); Modified: trunk/openvas-manager/src/omp.c =================================================================== --- trunk/openvas-manager/src/omp.c 2010-02-03 12:58:51 UTC (rev 6626) +++ trunk/openvas-manager/src/omp.c 2010-02-03 13:13:42 UTC (rev 6627) @@ -6324,6 +6324,8 @@ case CLIENT_CREATE_CONFIG: { + config_t config = 0; + assert (strcasecmp ("CREATE_CONFIG", element_name) == 0); assert (modify_task_name != NULL); @@ -6428,33 +6430,35 @@ break; } } - else + else if (find_config (current_name, &config)) + SEND_TO_CLIENT_OR_FAIL (XML_INTERNAL_ERROR ("create_config")); + else if (config == 0) { - assert (current_name); - - switch (copy_config (modify_task_name, - modify_task_comment, - current_name)) + if (send_find_error_to_client ("create_config", + "config", + current_name)) { - case 0: - SEND_TO_CLIENT_OR_FAIL (XML_OK_CREATED ("create_config")); - break; - case 1: - SEND_TO_CLIENT_OR_FAIL - (XML_ERROR_SYNTAX ("create_config", - "Config exists already")); - break; - case 2: - SEND_TO_CLIENT_OR_FAIL - (XML_ERROR_SYNTAX ("create_config", - "Copied config must exist")); - break; - case -1: - SEND_TO_CLIENT_OR_FAIL - (XML_INTERNAL_ERROR ("create_config")); - break; + error_send_to_client (error); + return; } } + else switch (copy_config (modify_task_name, + modify_task_comment, + config)) + { + case 0: + SEND_TO_CLIENT_OR_FAIL (XML_OK_CREATED ("create_config")); + break; + case 1: + SEND_TO_CLIENT_OR_FAIL + (XML_ERROR_SYNTAX ("create_config", + "Config exists already")); + break; + case -1: + SEND_TO_CLIENT_OR_FAIL + (XML_INTERNAL_ERROR ("create_config")); + break; + } create_config_data_reset (create_config_data); openvas_free_string_var (&modify_task_comment); openvas_free_string_var (&modify_task_name); Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2010-02-03 12:58:51 UTC (rev 6626) +++ trunk/openvas-manager/src/tasks_sql.h 2010-02-03 13:13:42 UTC (rev 6627) @@ -7498,17 +7498,16 @@ * config, -1 error. */ int -copy_config (const char* name, const char* comment, const char* config) +copy_config (const char* name, const char* comment, config_t config) { char* config_selector; config_t id; gchar *quoted_name = sql_quote (name); - gchar *quoted_config = sql_quote (config); gchar *quoted_comment, *quoted_config_selector; assert (current_credentials.uuid); - config_selector = config_nvt_selector (config); + config_selector = config_id_nvt_selector (config); if (config_selector == NULL) return -1; quoted_config_selector = sql_quote (config_selector); @@ -7522,23 +7521,21 @@ tracef (" config \"%s\" already exists\n", name); sql ("ROLLBACK;"); g_free (quoted_name); - g_free (quoted_config); g_free (quoted_config_selector); return 1; } if (sql_int (0, 0, "SELECT COUNT(*) FROM configs" - " WHERE name = '%s'" + " WHERE ROWID = %llu" " AND ((owner IS NULL) OR (owner =" " (SELECT ROWID FROM users WHERE users.uuid = '%s')))", - quoted_config, + config, current_credentials.uuid) == 0) { sql ("ROLLBACK;"); g_free (quoted_name); - g_free (quoted_config); g_free (quoted_config_selector); return 2; } @@ -7550,7 +7547,6 @@ tracef (" NVT selector \"%s\" already exists\n", name); sql ("ROLLBACK;"); g_free (quoted_name); - g_free (quoted_config); g_free (quoted_config_selector); return -1; } @@ -7566,12 +7562,12 @@ " SELECT '%s', (SELECT ROWID FROM users where users.uuid = '%s')," " '%s', '%s', family_count, nvt_count," " families_growing, nvts_growing" - " FROM configs WHERE name = '%s'", + " FROM configs WHERE ROWID = %llu;", quoted_name, current_credentials.uuid, quoted_name, quoted_comment, - quoted_config); + config); g_free (quoted_comment); } else @@ -7581,19 +7577,19 @@ " SELECT '%s', (SELECT ROWID FROM users where users.uuid = '%s')," " '%s', '', family_count, nvt_count," " families_growing, nvts_growing" - " FROM configs WHERE name = '%s'", + " FROM configs WHERE ROWID = %llu", quoted_name, current_credentials.uuid, quoted_name, - quoted_config); + config); id = sqlite3_last_insert_rowid (task_db); sql ("INSERT INTO config_preferences (config, type, name, value)" " SELECT %llu, type, name, value FROM config_preferences" - " WHERE config = (SELECT ROWID from configs where name = '%s');", + " WHERE config = %llu;", id, - quoted_config); + config); sql ("INSERT INTO nvt_selectors (name, exclude, type, family_or_nvt, family)" " SELECT '%s', exclude, type, family_or_nvt, family FROM nvt_selectors" @@ -7603,7 +7599,6 @@ sql ("COMMIT;"); g_free (quoted_name); - g_free (quoted_config); g_free (quoted_config_selector); return 0; } From scm-commit at wald.intevation.org Wed Feb 3 14:33:27 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 3 Feb 2010 14:33:27 +0100 (CET) Subject: [Openvas-commits] r6628 - in trunk/openvas-manager: . src Message-ID: <20100203133327.A7975865FABE@pyrosoma.intevation.org> Author: mattm Date: 2010-02-03 14:33:25 +0100 (Wed, 03 Feb 2010) New Revision: 6628 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/tasks_sql.h Log: * src/tasks_sql.h (config_nvt_selector): Remove. (make_task_rcfile, set_task_parameter): Get selector via config_t instead of via name. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-03 13:13:42 UTC (rev 6627) +++ trunk/openvas-manager/ChangeLog 2010-02-03 13:33:25 UTC (rev 6628) @@ -1,5 +1,11 @@ 2010-02-03 Matthew Mundell + * src/tasks_sql.h (config_nvt_selector): Remove. + (make_task_rcfile, set_task_parameter): Get selector via config_t instead + of via name. + +2010-02-03 Matthew Mundell + * src/tasks_sql.h (copy_config): Take config_t instead of name. * src/manage.h: Update header accordingly. Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2010-02-03 13:13:42 UTC (rev 6627) +++ trunk/openvas-manager/src/tasks_sql.h 2010-02-03 13:33:25 UTC (rev 6628) @@ -103,9 +103,6 @@ task_threat_level (task_t); static char* -config_nvt_selector (const char*); - -static char* task_owner_uuid (task_t); @@ -4462,7 +4459,7 @@ return -1; } - selector = config_nvt_selector (config_name); + selector = config_id_nvt_selector (config); if (selector == NULL) { free (config_name); @@ -5827,7 +5824,7 @@ { config_t config; target_t target; - char *config_name, *selector; + char *config_name; char *quoted_config_name, *quoted_selector; config_name = task_config_name (task); @@ -5847,20 +5844,8 @@ return -1; } - selector = config_nvt_selector (config_name); - if (selector == NULL) - { - free (config_name); - g_free (rc); - sql ("ROLLBACK"); - return -1; - } - quoted_selector = sql_quote (selector); - free (selector); - if (find_config (config_name, &config)) { - free (quoted_selector); free (config_name); g_free (rc); sql ("ROLLBACK"); @@ -5868,7 +5853,6 @@ } else if (config == 0) { - free (quoted_selector); free (config_name); g_free (rc); sql ("ROLLBACK"); @@ -5876,8 +5860,19 @@ } else { - char *hosts; + char *hosts, *selector; + selector = config_id_nvt_selector (config); + if (selector == NULL) + { + free (config_name); + g_free (rc); + sql ("ROLLBACK"); + return -1; + } + quoted_selector = sql_quote (selector); + free (selector); + /* Flush config preferences. */ sql ("DELETE FROM config_preferences WHERE config = %llu;", @@ -7836,32 +7831,6 @@ static DEF_ACCESS (otp_pref_iterator_name, 0); static DEF_ACCESS (otp_pref_iterator_value, 1); -/** - * @brief Return the NVT selector associated with a config. - * - * @param[in] name Config name. - * - * @return Name of NVT selector if config exists and NVT selector is set, else - * NULL. - */ -static char* -config_nvt_selector (const char *name) -{ - char *selector; - gchar* quoted_name = sql_nquote (name, strlen (name)); - if (user_owns ("config", quoted_name) == 0) - { - g_free (quoted_name); - return NULL; - } - selector = sql_string (0, 0, - "SELECT nvt_selector FROM configs" - " WHERE name = '%s';", - quoted_name); - g_free (quoted_name); - return selector; -} - /** @todo Rename to config_nvt_selector. */ /** * @brief Return the NVT selector associated with a config. From scm-commit at wald.intevation.org Wed Feb 3 14:42:27 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 3 Feb 2010 14:42:27 +0100 (CET) Subject: [Openvas-commits] r6629 - in trunk/openvas-manager: . src Message-ID: <20100203134227.E2493865FAA0@pyrosoma.intevation.org> Author: mattm Date: 2010-02-03 14:42:26 +0100 (Wed, 03 Feb 2010) New Revision: 6629 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/manage.h trunk/openvas-manager/src/omp.c trunk/openvas-manager/src/tasks_sql.h Log: * src/tasks_sql.h (config_id_nvt_selector): Remove. Rename config_nvt_selector. Update callers. (config_nvt_selector): New function. Was config_id_nvt_selector. * src/manage.h: Update header accordingly. * src/omp.c (omp_xml_handle_end_element): In CLIENT_CREATE_TASK update config_id_nvt_selector call name. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-03 13:33:25 UTC (rev 6628) +++ trunk/openvas-manager/ChangeLog 2010-02-03 13:42:26 UTC (rev 6629) @@ -1,9 +1,14 @@ 2010-02-03 Matthew Mundell - * src/tasks_sql.h (config_nvt_selector): Remove. - (make_task_rcfile, set_task_parameter): Get selector via config_t instead - of via name. + * src/tasks_sql.h (config_id_nvt_selector): Remove. Rename + config_nvt_selector. Update callers. + (config_nvt_selector): New function. Was config_id_nvt_selector. + * src/manage.h: Update header accordingly. + + * src/omp.c (omp_xml_handle_end_element): In CLIENT_CREATE_TASK update + config_id_nvt_selector call name. + 2010-02-03 Matthew Mundell * src/tasks_sql.h (copy_config): Take config_t instead of name. Modified: trunk/openvas-manager/src/manage.h =================================================================== --- trunk/openvas-manager/src/manage.h 2010-02-03 13:33:25 UTC (rev 6628) +++ trunk/openvas-manager/src/manage.h 2010-02-03 13:42:26 UTC (rev 6629) @@ -809,7 +809,7 @@ config_iterator_families_growing (iterator_t*); char* -config_id_nvt_selector (config_t); +config_nvt_selector (config_t); int config_in_use (config_t); Modified: trunk/openvas-manager/src/omp.c =================================================================== --- trunk/openvas-manager/src/omp.c 2010-02-03 13:33:25 UTC (rev 6628) +++ trunk/openvas-manager/src/omp.c 2010-02-03 13:42:26 UTC (rev 6629) @@ -7093,7 +7093,7 @@ set_client_state (CLIENT_AUTHENTIC); break; } - if (config_id_nvt_selector (config) == NULL) + if (config_nvt_selector (config) == NULL) { request_delete_task (¤t_client_task); free (tsk_uuid); Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2010-02-03 13:33:25 UTC (rev 6628) +++ trunk/openvas-manager/src/tasks_sql.h 2010-02-03 13:42:26 UTC (rev 6629) @@ -4459,7 +4459,7 @@ return -1; } - selector = config_id_nvt_selector (config); + selector = config_nvt_selector (config); if (selector == NULL) { free (config_name); @@ -5862,7 +5862,7 @@ { char *hosts, *selector; - selector = config_id_nvt_selector (config); + selector = config_nvt_selector (config); if (selector == NULL) { free (config_name); @@ -7502,7 +7502,7 @@ assert (current_credentials.uuid); - config_selector = config_id_nvt_selector (config); + config_selector = config_nvt_selector (config); if (config_selector == NULL) return -1; quoted_config_selector = sql_quote (config_selector); @@ -7831,7 +7831,6 @@ static DEF_ACCESS (otp_pref_iterator_name, 0); static DEF_ACCESS (otp_pref_iterator_value, 1); -/** @todo Rename to config_nvt_selector. */ /** * @brief Return the NVT selector associated with a config. * @@ -7841,7 +7840,7 @@ * NULL. */ char* -config_id_nvt_selector (config_t config) +config_nvt_selector (config_t config) { return sql_string (0, 0, "SELECT nvt_selector FROM configs WHERE ROWID = %llu;", @@ -8072,7 +8071,7 @@ quoted_family = sql_quote (family); - selector = config_id_nvt_selector (config); + selector = config_nvt_selector (config); if (selector == NULL) /* The config should always have a selector. */ return -1; @@ -8204,7 +8203,7 @@ char* selector; gchar *quoted_selector; - selector = config_id_nvt_selector (config); + selector = config_nvt_selector (config); if (selector == NULL) return -1; free (selector); @@ -9282,7 +9281,7 @@ const char* sort_field) { gchar *quoted_selector; - char *selector = config_id_nvt_selector (config); + char *selector = config_nvt_selector (config); if (selector == NULL) /* The config should always have a selector. */ return NULL; @@ -9671,7 +9670,7 @@ constraining = constraining == 0; } - selector = config_id_nvt_selector (config); + selector = config_nvt_selector (config); if (selector == NULL) { /* The config should always have a selector. */ From scm-commit at wald.intevation.org Wed Feb 3 15:04:15 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 3 Feb 2010 15:04:15 +0100 (CET) Subject: [Openvas-commits] r6630 - in trunk/openvas-manager: . src Message-ID: <20100203140415.2B92686607BE@pyrosoma.intevation.org> Author: mattm Date: 2010-02-03 15:04:13 +0100 (Wed, 03 Feb 2010) New Revision: 6630 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/tasks_sql.h Log: * src/tasks_sql.h (insert_nvt_selectors): Move to NVT selectors page. (find_config): Move to top of page like on other pages. (insert_rc_into_config): Doc config_name param. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-03 13:42:26 UTC (rev 6629) +++ trunk/openvas-manager/ChangeLog 2010-02-03 14:04:13 UTC (rev 6630) @@ -1,5 +1,11 @@ 2010-02-03 Matthew Mundell + * src/tasks_sql.h (insert_nvt_selectors): Move to NVT selectors page. + (find_config): Move to top of page like on other pages. + (insert_rc_into_config): Doc config_name param. + +2010-02-03 Matthew Mundell + * src/tasks_sql.h (config_id_nvt_selector): Remove. Rename config_nvt_selector. Update callers. (config_nvt_selector): New function. Was config_id_nvt_selector. Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2010-02-03 13:42:26 UTC (rev 6629) +++ trunk/openvas-manager/src/tasks_sql.h 2010-02-03 14:04:13 UTC (rev 6630) @@ -105,6 +105,9 @@ static char* task_owner_uuid (task_t); +static int +insert_nvt_selectors (const char *, const array_t*); + /* Variables. */ @@ -6674,131 +6677,41 @@ /* Configs. */ -/** @todo Access the config via config_t where possible. - * - * As noted in todos below, the permission check are easier and more solid - * when the config user accesses these functions via config_t. - */ - /** - * @brief Insert NVT selectors. + * @brief Find a config given a name. * - * @param[in] quoted_name Name of NVT selector. - * @param[in] selectors NVT selectors. + * @param[in] name Config name. + * @param[out] config Config return, 0 if succesfully failed to find config. * - * @return 0 success, -1 error, -3 input error. + * @return FALSE on success (including if failed to find config), TRUE on error. */ -static int -insert_nvt_selectors (const char *quoted_name, - const array_t* selectors /* nvt_selector_t. */) +gboolean +find_config (const char* name, config_t* config) { - int index = 0; - const nvt_selector_t *selector; - if (selectors == NULL) return -3; - while ((selector = (nvt_selector_t*) g_ptr_array_index (selectors, index++))) + gchar *quoted_name = sql_quote (name); + if (user_owns ("config", quoted_name) == 0) { - int type; - - if (selector->type == NULL) return -3; - - /** @todo Check that selector->type is actually an integer. */ - type = atoi (selector->type); - - if ((selector->family_or_nvt != NULL) - && (type == NVT_SELECTOR_TYPE_NVT)) - { - gchar *quoted_family_or_nvt, *quoted_family, *family = NULL; - nvti_t *nvti = nvtis_lookup (nvti_cache, selector->family_or_nvt); - - /* An NVT selector. */ - - if (nvti) - { - family = nvti_family (nvti); - - if (family == NULL) - { - g_warning ("%s: skipping NVT '%s' from import of config '%s'" - " because the NVT is missing a family in the" - " cache", - __FUNCTION__, - selector->family_or_nvt, - quoted_name); - continue; - } - } - else - { - g_warning ("%s: skipping NVT '%s' from import of config '%s'" - " because the NVT is missing from the cache", - __FUNCTION__, - selector->family_or_nvt, - quoted_name); - continue; - } - - quoted_family_or_nvt = sql_quote (selector->family_or_nvt); - quoted_family = sql_quote (family); - sql ("INSERT into nvt_selectors (name, exclude, type, family_or_nvt," - " family)" - " VALUES ('%s', %i, %i, '%s', '%s');", - quoted_name, - selector->include ? 0 : 1, - type, - quoted_family_or_nvt, - quoted_family); - g_free (quoted_family_or_nvt); - g_free (quoted_family); - } - else if (selector->family_or_nvt) - { - gchar *quoted_family_or_nvt; - - /* A family selector. */ - - if (type != NVT_SELECTOR_TYPE_FAMILY) - { - g_warning ("%s: skipping NVT '%s' from import of config '%s'" - " because the type is wrong (expected family)", - __FUNCTION__, - selector->family_or_nvt, - quoted_name); - continue; - } - - quoted_family_or_nvt = sql_quote (selector->family_or_nvt); - - sql ("INSERT into nvt_selectors (name, exclude, type, family_or_nvt," - " family)" - " VALUES ('%s', %i, %i, '%s', NULL);", - quoted_name, - selector->include ? 0 : 1, - type, - quoted_family_or_nvt); - g_free (quoted_family_or_nvt); - } - else - { - /* An "all" selector. */ - - if (type != NVT_SELECTOR_TYPE_ALL) - { - g_warning ("%s: skipping NVT from import of config '%s'" - " because the type is wrong (expected all)", - __FUNCTION__, - quoted_name); - continue; - } - - sql ("INSERT into nvt_selectors (name, exclude, type, family_or_nvt," - " family)" - " VALUES ('%s', %i, %i, NULL, NULL);", - quoted_name, - selector->include ? 0 : 1, - type); - } + g_free (quoted_name); + *config = 0; + return FALSE; } - return 0; + switch (sql_int64 (config, 0, 0, + "SELECT ROWID FROM configs WHERE name = '%s';", + quoted_name)) + { + case 0: + break; + case 1: /* Too few rows in result of query. */ + *config = 0; + break; + default: /* Programming error. */ + assert (0); + case -1: + return TRUE; + break; + } + g_free (quoted_name); + return FALSE; } /** @@ -7191,8 +7104,9 @@ /** * @brief Copy the preferences and nvt selector from an RC file to a config. * - * @param[in] config Config. - * @param[in] rc Text of RC file. + * @param[in] config Config to copy into. + * @param[in] config_name Name of config to copy into, SQL quoted. + * @param[in] rc Text of RC file. * * @return 0 success, -1 error. */ @@ -7848,43 +7762,6 @@ } /** - * @brief Find a config given a name. - * - * @param[in] name Config name. - * @param[out] config Config return, 0 if succesfully failed to find config. - * - * @return FALSE on success (including if failed to find config), TRUE on error. - */ -gboolean -find_config (const char* name, config_t* config) -{ - gchar *quoted_name = sql_quote (name); - if (user_owns ("config", quoted_name) == 0) - { - g_free (quoted_name); - *config = 0; - return FALSE; - } - switch (sql_int64 (config, 0, 0, - "SELECT ROWID FROM configs WHERE name = '%s';", - quoted_name)) - { - case 0: - break; - case 1: /* Too few rows in result of query. */ - *config = 0; - break; - default: /* Programming error. */ - assert (0); - case -1: - return TRUE; - break; - } - g_free (quoted_name); - return FALSE; -} - -/** * @brief Set a preference of a config. * * @param[in] config Config. @@ -9973,6 +9850,127 @@ return 0; } +/** + * @brief Insert NVT selectors. + * + * @param[in] quoted_name Name of NVT selector. + * @param[in] selectors NVT selectors. + * + * @return 0 success, -1 error, -3 input error. + */ +static int +insert_nvt_selectors (const char *quoted_name, + const array_t* selectors /* nvt_selector_t. */) +{ + int index = 0; + const nvt_selector_t *selector; + if (selectors == NULL) return -3; + while ((selector = (nvt_selector_t*) g_ptr_array_index (selectors, index++))) + { + int type; + + if (selector->type == NULL) return -3; + + /** @todo Check that selector->type is actually an integer. */ + type = atoi (selector->type); + + if ((selector->family_or_nvt != NULL) + && (type == NVT_SELECTOR_TYPE_NVT)) + { + gchar *quoted_family_or_nvt, *quoted_family, *family = NULL; + nvti_t *nvti = nvtis_lookup (nvti_cache, selector->family_or_nvt); + + /* An NVT selector. */ + + if (nvti) + { + family = nvti_family (nvti); + + if (family == NULL) + { + g_warning ("%s: skipping NVT '%s' from import of config '%s'" + " because the NVT is missing a family in the" + " cache", + __FUNCTION__, + selector->family_or_nvt, + quoted_name); + continue; + } + } + else + { + g_warning ("%s: skipping NVT '%s' from import of config '%s'" + " because the NVT is missing from the cache", + __FUNCTION__, + selector->family_or_nvt, + quoted_name); + continue; + } + + quoted_family_or_nvt = sql_quote (selector->family_or_nvt); + quoted_family = sql_quote (family); + sql ("INSERT into nvt_selectors (name, exclude, type, family_or_nvt," + " family)" + " VALUES ('%s', %i, %i, '%s', '%s');", + quoted_name, + selector->include ? 0 : 1, + type, + quoted_family_or_nvt, + quoted_family); + g_free (quoted_family_or_nvt); + g_free (quoted_family); + } + else if (selector->family_or_nvt) + { + gchar *quoted_family_or_nvt; + + /* A family selector. */ + + if (type != NVT_SELECTOR_TYPE_FAMILY) + { + g_warning ("%s: skipping NVT '%s' from import of config '%s'" + " because the type is wrong (expected family)", + __FUNCTION__, + selector->family_or_nvt, + quoted_name); + continue; + } + + quoted_family_or_nvt = sql_quote (selector->family_or_nvt); + + sql ("INSERT into nvt_selectors (name, exclude, type, family_or_nvt," + " family)" + " VALUES ('%s', %i, %i, '%s', NULL);", + quoted_name, + selector->include ? 0 : 1, + type, + quoted_family_or_nvt); + g_free (quoted_family_or_nvt); + } + else + { + /* An "all" selector. */ + + if (type != NVT_SELECTOR_TYPE_ALL) + { + g_warning ("%s: skipping NVT from import of config '%s'" + " because the type is wrong (expected all)", + __FUNCTION__, + quoted_name); + continue; + } + + sql ("INSERT into nvt_selectors (name, exclude, type, family_or_nvt," + " family)" + " VALUES ('%s', %i, %i, NULL, NULL);", + quoted_name, + selector->include ? 0 : 1, + type); + } + } + return 0; +} + /* NVT preferences. */ From scm-commit at wald.intevation.org Wed Feb 3 23:43:23 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 3 Feb 2010 23:43:23 +0100 (CET) Subject: [Openvas-commits] r6631 - in trunk/gsa: . src/html/src Message-ID: <20100203224323.8A10C865FAA0@pyrosoma.intevation.org> Author: mattm Date: 2010-02-03 23:43:21 +0100 (Wed, 03 Feb 2010) New Revision: 6631 Modified: trunk/gsa/ChangeLog trunk/gsa/src/html/src/gsa-style.css trunk/gsa/src/html/src/omp.xsl Log: * src/html/src/omp.xsl (result) [detailed]: Remove PRE from description. * src/html/src/gsa-style.css (.issue_box_box): Add line wrapping, space preservation and PRE like font. Modified: trunk/gsa/ChangeLog =================================================================== --- trunk/gsa/ChangeLog 2010-02-03 14:04:13 UTC (rev 6630) +++ trunk/gsa/ChangeLog 2010-02-03 22:43:21 UTC (rev 6631) @@ -1,3 +1,10 @@ +2010-02-03 Matthew Mundell + + * src/html/src/omp.xsl (result) [detailed]: Remove PRE from description. + + * src/html/src/gsa-style.css (.issue_box_box): Add line wrapping, space + preservation and PRE like font. + 2010-02-01 Matthew Mundell * src/html/src/omp.xsl (lsc_credential) [details]: Remove colon from Modified: trunk/gsa/src/html/src/gsa-style.css =================================================================== --- trunk/gsa/src/html/src/gsa-style.css 2010-02-03 14:04:13 UTC (rev 6630) +++ trunk/gsa/src/html/src/gsa-style.css 2010-02-03 22:43:21 UTC (rev 6631) @@ -482,4 +482,6 @@ margin:3px; margin-top:0px; padding:3px; + white-space:pre-line; + font-family:monospace; } Modified: trunk/gsa/src/html/src/omp.xsl =================================================================== --- trunk/gsa/src/html/src/omp.xsl 2010-02-03 14:04:13 UTC (rev 6630) +++ trunk/gsa/src/html/src/omp.xsl 2010-02-03 22:43:21 UTC (rev 6631) @@ -3904,7 +3904,7 @@

From scm-commit at wald.intevation.org Thu Feb 4 00:47:57 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 4 Feb 2010 00:47:57 +0100 (CET) Subject: [Openvas-commits] r6632 - in trunk/openvas-manager: . src Message-ID: <20100203234757.C33A3865FAC2@pyrosoma.intevation.org> Author: mattm Date: 2010-02-04 00:47:56 +0100 (Thu, 04 Feb 2010) New Revision: 6632 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/omp.c Log: * src/omp.c (latex_header): Switch encoding to UTF-8. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-03 22:43:21 UTC (rev 6631) +++ trunk/openvas-manager/ChangeLog 2010-02-03 23:47:56 UTC (rev 6632) @@ -1,5 +1,9 @@ 2010-02-03 Matthew Mundell + * src/omp.c (latex_header): Switch encoding to UTF-8. + +2010-02-03 Matthew Mundell + * src/tasks_sql.h (insert_nvt_selectors): Move to NVT selectors page. (find_config): Move to top of page like on other pages. (insert_rc_into_config): Doc config_name param. Modified: trunk/openvas-manager/src/omp.c =================================================================== --- trunk/openvas-manager/src/omp.c 2010-02-03 22:43:21 UTC (rev 6631) +++ trunk/openvas-manager/src/omp.c 2010-02-03 23:47:56 UTC (rev 6632) @@ -3623,11 +3623,7 @@ "\\usepackage{chngpage}\n" "\\usepackage{calc}\n" "\\usepackage{url}\n" - // FIX encoding issue - /** @todo Following line is a fix to include special characters, including - * umlauts, in the verbatim sections of the latex/pdf reports. - * Handling of the encoding should be done at a different point. */ - "\\usepackage[latin1]{inputenc}\n" + "\\usepackage[utf8x]{inputenc}\n" "\n" "\\usepackage{colortbl}\n" "\n" From scm-commit at wald.intevation.org Thu Feb 4 08:12:29 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 4 Feb 2010 08:12:29 +0100 (CET) Subject: [Openvas-commits] r6633 - in trunk/gsa: . src/html/src Message-ID: <20100204071229.AFEDB865FAA0@pyrosoma.intevation.org> Author: mwiegand Date: 2010-02-04 08:12:28 +0100 (Thu, 04 Feb 2010) New Revision: 6633 Modified: trunk/gsa/ChangeLog trunk/gsa/src/html/src/omp.xsl Log: * src/html/src/omp.xsl: Reconciled value of of increment with max value in exec_omp_get in gsad.c to repair pagination. Modified: trunk/gsa/ChangeLog =================================================================== --- trunk/gsa/ChangeLog 2010-02-03 23:47:56 UTC (rev 6632) +++ trunk/gsa/ChangeLog 2010-02-04 07:12:28 UTC (rev 6633) @@ -1,3 +1,8 @@ +2010-02-04 Michael Wiegand + + * src/html/src/omp.xsl: Reconciled value of of increment with max value + in exec_omp_get in gsad.c to repair pagination. + 2010-02-03 Matthew Mundell * src/html/src/omp.xsl (result) [detailed]: Remove PRE from description. Modified: trunk/gsa/src/html/src/omp.xsl =================================================================== --- trunk/gsa/src/html/src/omp.xsl 2010-02-03 23:47:56 UTC (rev 6632) +++ trunk/gsa/src/html/src/omp.xsl 2010-02-04 07:12:28 UTC (rev 6633) @@ -310,7 +310,7 @@ - 10 + 1000 << From scm-commit at wald.intevation.org Thu Feb 4 10:37:40 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 4 Feb 2010 10:37:40 +0100 (CET) Subject: [Openvas-commits] r6634 - in trunk/openvas-plugins: . scripts Message-ID: <20100204093740.CEB95865FAD8@pyrosoma.intevation.org> Author: mwiegand Date: 2010-02-04 10:37:37 +0100 (Thu, 04 Feb 2010) New Revision: 6634 Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/wmi_misc.inc Log: * scripts/wmi_misc.inc: Incorporated fixes suggested by Thomas Rotter. Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2010-02-04 07:12:28 UTC (rev 6633) +++ trunk/openvas-plugins/ChangeLog 2010-02-04 09:37:37 UTC (rev 6634) @@ -1,5 +1,9 @@ -2110-02-03 Chandrashekhar B +2010-02-04 Michael Wiegand + * scripts/wmi_misc.inc: Incorporated fixes suggested by Thomas Rotter. + +2010-02-03 Chandrashekhar B + * scripts/gb_solaris_138825_06.nasl, scripts/gb_solaris_118777_15.nasl, scripts/gb_solaris_120412_11.nasl, Modified: trunk/openvas-plugins/scripts/wmi_misc.inc =================================================================== --- trunk/openvas-plugins/scripts/wmi_misc.inc 2010-02-04 07:12:28 UTC (rev 6633) +++ trunk/openvas-plugins/scripts/wmi_misc.inc 2010-02-04 09:37:37 UTC (rev 6634) @@ -51,6 +51,7 @@ "DD", "NULL, DOMAIN_RID_DCS", "DU", "NULL, DOMAIN_RID_USERS", "CA", "NULL, DOMAIN_RID_CERT_ADMINS", + "TI", "SID_TRUSTED_INSTALLER", "S-1-0-0", "SID_NULL", "WORLD", "NAME_WORLD", "S-1-1", "SID_WORLD_DOMAIN", @@ -89,8 +90,8 @@ "S-1-5-32-551", "SID_BUILTIN_BACKUP_OPERATORS", "S-1-5-32-552", "SID_BUILTIN_REPLICATOR", "S-1-5-32-553", "SID_BUILTIN_RAS_SERVERS", - "S-1-5-32-554", "SID_BUILTIN_PREW2K" -]; + "S-1-5-32-554", "SID_BUILTIN_PREW2K", + "S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464", "SID_TRUSTED_INSTALLER"]; ace_types = [ "AU", "SEC_ACE_TYPE_SYSTEM_AUDIT", @@ -172,7 +173,7 @@ "0x00000004", "SEC_REG_CREATE_SUBKEY", "0x00000008", "SEC_REG_ENUM_SUBKEYS", "0x00000010", "SEC_REG_NOTIFY", - "x00000020", "SEC_REG_CREATE_LINK", + "0x00000020", "SEC_REG_CREATE_LINK", "0x00000001", "SEC_ADS_CREATE_CHILD", "0x00000002", "SEC_ADS_DELETE_CHILD", "0x00000004", "SEC_ADS_LIST", @@ -229,17 +230,22 @@ if (sddl == NULL) return NULL; - sddl_owner_sid = eregmatch(string:sddl, pattern:"O:[a-zA-Z]{2}", icase:TRUE); - sddl_owner_sid_code = split(sddl_owner_sid[0], sep:":"); + sddl_owner_sid = eregmatch(string:sddl, pattern:"O:[a-zA-Z0-9-]{0,}:", icase:TRUE); + sddl_owner_sid_code = split(sddl_owner_sid[0], sep:":", keep:0); + sid_length = strlen(sddl_owner_sid_code[1]); + sddl_owner_sid_code_cut = substr(sddl_owner_sid_code[1],0,cut=sid_length-2); for(i = 0; i >= 0; i++) { if(sid_codes[i] == NULL) break; - if(sid_codes[i] >< sddl_owner_sid_code[1]) - return sddl_owner_sid[i + 1]; + if(sid_codes[i] == sddl_owner_sid_code_cut) + val = sid_codes[i + 1]; + } + if (val) return val; + else return sddl_owner_sid_code_cut; } @@ -251,17 +257,22 @@ if (sddl == NULL) return NULL; - sddl_owner_sid = eregmatch(string:sddl, pattern:"G:[a-zA-Z]{2}", icase:TRUE); - sddl_owner_sid_code = split(sddl_owner_sid[0], sep:":"); + sddl_owner_sid = eregmatch(string:sddl, pattern:"G:[a-zA-Z0-9-]{0,}:", icase:TRUE); + sddl_owner_sid_code = split(sddl_owner_sid[0], sep:":", keep:0); + sid_length = strlen(sddl_owner_sid_code[1]); + sddl_owner_sid_code_cut = substr(sddl_owner_sid_code[1],0,cut=sid_length-2); for(i = 0; i >= 0; i++) { if(sid_codes[i] == NULL) break; - if(sid_codes[i] >< sddl_owner_sid_code[1]) - return sddl_owner_sid[i + 1]; + if(sid_codes[i] == sddl_owner_sid_code_cut) + val = sid_codes[i + 1]; + } + if (val) return val; + else return sddl_owner_sid_code_cut; } # From scm-commit at wald.intevation.org Thu Feb 4 10:55:22 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 4 Feb 2010 10:55:22 +0100 (CET) Subject: [Openvas-commits] r6635 - in trunk/openvas-scanner: . openvassd Message-ID: <20100204095522.83250865FAD3@pyrosoma.intevation.org> Author: mwiegand Date: 2010-02-04 10:55:19 +0100 (Thu, 04 Feb 2010) New Revision: 6635 Modified: trunk/openvas-scanner/ChangeLog trunk/openvas-scanner/openvassd/pluginload.c Log: * openvassd/pluginload.c: Removed superfluous include of users.h. Modified: trunk/openvas-scanner/ChangeLog =================================================================== --- trunk/openvas-scanner/ChangeLog 2010-02-04 09:37:37 UTC (rev 6634) +++ trunk/openvas-scanner/ChangeLog 2010-02-04 09:55:19 UTC (rev 6635) @@ -1,3 +1,7 @@ +2010-02-04 Michael Wiegand + + * openvassd/pluginload.c: Removed superfluous include of users.h. + 2010-01-26 Michael Wiegand Post-release version bump. Modified: trunk/openvas-scanner/openvassd/pluginload.c =================================================================== --- trunk/openvas-scanner/openvassd/pluginload.c 2010-02-04 09:37:37 UTC (rev 6634) +++ trunk/openvas-scanner/openvassd/pluginload.c 2010-02-04 09:55:19 UTC (rev 6635) @@ -38,7 +38,6 @@ #include "pluginload.h" #include "log.h" #include "preferences.h" -#include "users.h" static pl_class_t* plugin_classes = NULL; From scm-commit at wald.intevation.org Thu Feb 4 11:03:07 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 4 Feb 2010 11:03:07 +0100 (CET) Subject: [Openvas-commits] r6636 - in trunk/openvas-scanner: . openvassd Message-ID: <20100204100307.A661D865FAD3@pyrosoma.intevation.org> Author: mwiegand Date: 2010-02-04 11:03:07 +0100 (Thu, 04 Feb 2010) New Revision: 6636 Modified: trunk/openvas-scanner/ChangeLog trunk/openvas-scanner/openvassd/plugs_hash.c Log: * openvassd/plugs_hash.c: Removed superfluous include of users.h. Modified: trunk/openvas-scanner/ChangeLog =================================================================== --- trunk/openvas-scanner/ChangeLog 2010-02-04 09:55:19 UTC (rev 6635) +++ trunk/openvas-scanner/ChangeLog 2010-02-04 10:03:07 UTC (rev 6636) @@ -1,5 +1,9 @@ 2010-02-04 Michael Wiegand + * openvassd/plugs_hash.c: Removed superfluous include of users.h. + +2010-02-04 Michael Wiegand + * openvassd/pluginload.c: Removed superfluous include of users.h. 2010-01-26 Michael Wiegand Modified: trunk/openvas-scanner/openvassd/plugs_hash.c =================================================================== --- trunk/openvas-scanner/openvassd/plugs_hash.c 2010-02-04 09:55:19 UTC (rev 6635) +++ trunk/openvas-scanner/openvassd/plugs_hash.c 2010-02-04 10:03:07 UTC (rev 6636) @@ -36,7 +36,6 @@ #include /* for efree */ #include -#include "users.h" #include "log.h" /* From scm-commit at wald.intevation.org Thu Feb 4 11:32:07 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 4 Feb 2010 11:32:07 +0100 (CET) Subject: [Openvas-commits] r6637 - in trunk/openvas-libraries: . misc Message-ID: <20100204103207.D818D865F48F@pyrosoma.intevation.org> Author: felix Date: 2010-02-04 11:32:07 +0100 (Thu, 04 Feb 2010) New Revision: 6637 Modified: trunk/openvas-libraries/ChangeLog trunk/openvas-libraries/misc/openvas_auth.c Log: * misc/openvas_auth.c (openvas_authenticate): Minor doc, added TODO about possible memleak. Modified: trunk/openvas-libraries/ChangeLog =================================================================== --- trunk/openvas-libraries/ChangeLog 2010-02-04 10:03:07 UTC (rev 6636) +++ trunk/openvas-libraries/ChangeLog 2010-02-04 10:32:07 UTC (rev 6637) @@ -1,3 +1,8 @@ +2010-02-04 Felix Wolfsteller + + * misc/openvas_auth.c (openvas_authenticate): Minor doc, added TODO + about possible memleak. + 2010-01-29 Chandrashekhar B * nasl/nasl_crypto.c (nasl_ntlmv1_hash, nasl_lm_owf_gen) Modified: trunk/openvas-libraries/misc/openvas_auth.c =================================================================== --- trunk/openvas-libraries/misc/openvas_auth.c 2010-02-04 10:03:07 UTC (rev 6636) +++ trunk/openvas-libraries/misc/openvas_auth.c 2010-02-04 10:32:07 UTC (rev 6637) @@ -123,7 +123,7 @@ } /** - * @brief Authenticate a credential pair. + * @brief Authenticate a credential pair against openvas user file contents. * * @param username Username. * @param password Password. @@ -165,6 +165,7 @@ g_warning ("Failed to split auth contents."); g_free (hash); g_strfreev (split); + /** @todo evaluate poss. memleak: actual */ return -1; } From scm-commit at wald.intevation.org Thu Feb 4 11:59:24 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 4 Feb 2010 11:59:24 +0100 (CET) Subject: [Openvas-commits] r6638 - in trunk/openvas-manager: . src Message-ID: <20100204105924.7C782865FAD3@pyrosoma.intevation.org> Author: felix Date: 2010-02-04 11:59:22 +0100 (Thu, 04 Feb 2010) New Revision: 6638 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/tasks_sql.h Log: * src/task_sql.h (openvas_user_uuid, authenticate): Minor doc. (openvas_authenticate_uuid): Added comments. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-04 10:32:07 UTC (rev 6637) +++ trunk/openvas-manager/ChangeLog 2010-02-04 10:59:22 UTC (rev 6638) @@ -1,3 +1,8 @@ +2010-02-04 Felix Wolfsteller + + * src/task_sql.h (openvas_user_uuid, authenticate): Minor doc. + (openvas_authenticate_uuid): Added comments. + 2010-02-03 Matthew Mundell * src/omp.c (latex_header): Switch encoding to UTF-8. Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2010-02-04 10:32:07 UTC (rev 6637) +++ trunk/openvas-manager/src/tasks_sql.h 2010-02-04 10:59:22 UTC (rev 6638) @@ -484,7 +484,7 @@ } /** - * @brief Return the UUID of a user. + * @brief Return the UUID of a user from openvas user uuid file. * * If the user exists, ensure that the user has a UUID. * @@ -564,10 +564,12 @@ { int ret; + // Authenticate against file. ret = openvas_authenticate (username, password); if (ret) return ret; + // Get the uuid from file (or create it). *uuid = openvas_user_uuid (username); if (*uuid) return 0; @@ -3899,6 +3901,8 @@ /** * @brief Authenticate credentials. * + * The user "om" will never be authenticated with success. + * * @param[in] credentials Credentials. * * @return 0 authentication success, 1 authentication failure, -1 error. From scm-commit at wald.intevation.org Thu Feb 4 12:53:45 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 4 Feb 2010 12:53:45 +0100 (CET) Subject: [Openvas-commits] r6639 - in trunk/openvas-plugins: . scripts Message-ID: <20100204115345.F0CA8865FAAA@pyrosoma.intevation.org> Author: chandra Date: 2010-02-04 12:53:38 +0100 (Thu, 04 Feb 2010) New Revision: 6639 Added: trunk/openvas-plugins/scripts/gb_gzip_detect_lin.nasl trunk/openvas-plugins/scripts/gb_gzip_detect_win.nasl trunk/openvas-plugins/scripts/gb_gzip_inflate_dos_vuln_lin.nasl trunk/openvas-plugins/scripts/gb_gzip_inflate_dos_vuln_win.nasl trunk/openvas-plugins/scripts/gb_horde_imp_info_disc_vuln.nasl trunk/openvas-plugins/scripts/gb_ibm_db2_bof_vuln_lin_feb10.nasl trunk/openvas-plugins/scripts/gb_mozilla_prdts_dns_info_disc_vuln_win.nasl trunk/openvas-plugins/scripts/gb_mozilla_prdts_necko_dns_info_disc_vuln_lin.nasl trunk/openvas-plugins/scripts/gb_mozilla_prdts_necko_dns_info_disc_vuln_win.nasl trunk/openvas-plugins/scripts/gb_sun_java_sys_web_serv_mult_vuln_lin.nasl trunk/openvas-plugins/scripts/gb_sun_java_sys_web_serv_mult_vuln_win.nasl Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/apache_tomcat_multiple_vulnerabilities_jan_10.nasl trunk/openvas-plugins/scripts/bind_37865.nasl trunk/openvas-plugins/scripts/cpe.inc trunk/openvas-plugins/scripts/postgresql_37973.nasl trunk/openvas-plugins/scripts/viewvc_37518.nasl Log: Added new plugins Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2010-02-04 10:59:22 UTC (rev 6638) +++ trunk/openvas-plugins/ChangeLog 2010-02-04 11:53:38 UTC (rev 6639) @@ -1,3 +1,26 @@ +2010-02-04 Chandrashekhar B + + * scripts/gb_ibm_db2_bof_vuln_lin_feb10.nasl, + scripts/gb_gzip_inflate_dos_vuln_lin.nasl, + scripts/gb_sun_java_sys_web_serv_mult_vuln_lin.nasl, + scripts/gb_gzip_detect_lin.nasl, + scripts/gb_mozilla_prdts_necko_dns_info_disc_vuln_win.nasl, + scripts/gb_gzip_inflate_dos_vuln_win.nasl, + scripts/gb_mozilla_prdts_dns_info_disc_vuln_win.nasl, + scripts/gb_horde_imp_info_disc_vuln.nasl, + scripts/gb_mozilla_prdts_necko_dns_info_disc_vuln_lin.nasl, + scripts/gb_sun_java_sys_web_serv_mult_vuln_win.nasl, + scripts/gb_gzip_detect_win.nasl: + Added new plugins. + + * scripts/bind_37865.nasl, + scripts/apache_tomcat_multiple_vulnerabilities_jan_10.nasl, + scripts/viewvc_37518.nasl, + scripts/postgresql_37973.nasl: + Added CVE's. + + * scripts/cpe.inc: Added new CPE entries. + 2010-02-04 Michael Wiegand * scripts/wmi_misc.inc: Incorporated fixes suggested by Thomas Rotter. Modified: trunk/openvas-plugins/scripts/apache_tomcat_multiple_vulnerabilities_jan_10.nasl =================================================================== --- trunk/openvas-plugins/scripts/apache_tomcat_multiple_vulnerabilities_jan_10.nasl 2010-02-04 10:59:22 UTC (rev 6638) +++ trunk/openvas-plugins/scripts/apache_tomcat_multiple_vulnerabilities_jan_10.nasl 2010-02-04 11:53:38 UTC (rev 6639) @@ -28,7 +28,7 @@ { script_id(100474); script_bugtraq_id(37945,37942,37944); - script_cve_id("CVE-2009-2901","CVE-2009-2902"); + script_cve_id("CVE-2009-2901","CVE-2009-2902","CVE-2009-2693"); script_version ("1.0-$Revision$"); script_name("Apache Tomcat Multiple Vulnerabilities January 2010"); Modified: trunk/openvas-plugins/scripts/bind_37865.nasl =================================================================== --- trunk/openvas-plugins/scripts/bind_37865.nasl 2010-02-04 10:59:22 UTC (rev 6638) +++ trunk/openvas-plugins/scripts/bind_37865.nasl 2010-02-04 11:53:38 UTC (rev 6639) @@ -7,6 +7,9 @@ # Authors: # Michael Meyer # +# Updated By : Antu Sanadi 2010-01-129 #6962 +# Added the CVE-2010-0290 and CVE-2010-0382 +# # Copyright: # Copyright (c) 2010 Greenbone Networks GmbH # @@ -28,7 +31,7 @@ { script_id(100458); script_bugtraq_id(37865); - script_cve_id("CVE-2010-0097"); + script_cve_id("CVE-2010-0097", "CVE-2010-0290","CVE-2010-0382"); script_version ("1.0-$Revision$"); script_name("ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability"); Modified: trunk/openvas-plugins/scripts/cpe.inc =================================================================== --- trunk/openvas-plugins/scripts/cpe.inc 2010-02-04 10:59:22 UTC (rev 6638) +++ trunk/openvas-plugins/scripts/cpe.inc 2010-02-04 11:53:38 UTC (rev 6639) @@ -784,7 +784,9 @@ "Google/SketchUp/Win/Ver", "^([0-9.]+)", "cpe:/a:google:google_sketchup:", "www/*/phpNagios", "^([0-9.]+)", "cpe:/a:phpnagios:phpnagios:", "SouthRiverWebDrive/Win/Ver", "^([0-9.]+)", "cpe:/a:south_river_technologies:webdrive:", -"Varnish/Ver", "^([0-9.]+)", "cpe:/a:varnish.projects.linpro:varnish:" +"Varnish/Ver", "^([0-9.]+)", "cpe:/a:varnish.projects.linpro:varnish:", +"GZip/Win/Ver", "^([0-9.]+)", "cpe:/a:gnu:gzip:", +"GZip/Linux/Ver", "^([0-9.]+)", "cpe:/a:gnu:gzip:" ); Added: trunk/openvas-plugins/scripts/gb_gzip_detect_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_gzip_detect_lin.nasl 2010-02-04 10:59:22 UTC (rev 6638) +++ trunk/openvas-plugins/scripts/gb_gzip_detect_lin.nasl 2010-02-04 11:53:38 UTC (rev 6639) @@ -0,0 +1,68 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_gzip_detect_lin.nasl 7064 2010-02-02 15:21:24Z feb $ +# +# GZip Version Detection (Linux) +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800450); + script_version("$Revision$: 1.0"); + script_name("GZip Version Detection (Linux)"); + desc = " + Overview: This script detect the installed version of GZip and sets the + result in KB. + + Risk factor: Informational"; + + script_description(desc); + script_summary("Set KB for the version of GZip"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Service detection"); + exit(0); +} + + +include("ssh_func.inc"); +include("version_func.inc"); + +sock = ssh_login_or_reuse_connection(); +if(!sock){ + exit(0); +} + +paths = find_bin(prog_name:"gzip", sock:sock); +foreach gzipbin (paths) +{ + gzipVer = get_bin_version(full_prog_name:chomp(gzipbin), sock:sock, + version_argv:"--version", + ver_pattern:"gzip ([0-9.]+)"); + if(gzipVer[1] != NULL) + { + set_kb_item(name:"GZip/Linux/Ver", value:gzipVer[1]); + ssh_close_connection(); + exit(0); + } +} +ssh_close_connection(); Added: trunk/openvas-plugins/scripts/gb_gzip_detect_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_gzip_detect_win.nasl 2010-02-04 10:59:22 UTC (rev 6638) +++ trunk/openvas-plugins/scripts/gb_gzip_detect_win.nasl 2010-02-04 11:53:38 UTC (rev 6639) @@ -0,0 +1,75 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_gzip_detect_win.nasl 7064 2010-02-02 19:50:24Z feb $ +# +# GZip Version Detection (Win) +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800451); + script_version("$Revision$: 1.0"); + script_name("GZip Version Detection (Win)"); + desc = " + Overview : This script finds the installed version of GZip and saves + the version in KB. + + Risk factor : Informational"; + + script_description(desc); + script_summary("Set Version of GZip in KB"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Service detection"); + script_dependencies("secpod_reg_enum.nasl"); + script_require_keys("SMB/WindowsVersion"); + script_require_ports(139, 445); + exit(0); +} + + +include("smb_nt.inc"); +include("secpod_smb_func.inc"); + +if(!get_kb_item("SMB/WindowsVersion")){ + exit(0); +} + +if(!registry_key_exists(key:"SOFTWARE\GnuWin32\Gzip")){ + exit(0); +} + +key ="SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; +foreach item (registry_enum_keys(key:key)) +{ + gzipName = registry_get_sz(key:key + item, item:"DisplayName"); + if(" Gzip" >< gzipName) + { + gzipVer = registry_get_sz(key:key + item, item:"DisplayVersion"); + if(gzipName != NULL) + { + gzipVer = ereg_replace(pattern:"-", string:gzipVer, replace: "."); + set_kb_item(name:"GZip/Win/Ver", value:gzipVer); + } + exit(0); + } +} Added: trunk/openvas-plugins/scripts/gb_gzip_inflate_dos_vuln_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_gzip_inflate_dos_vuln_lin.nasl 2010-02-04 10:59:22 UTC (rev 6638) +++ trunk/openvas-plugins/scripts/gb_gzip_inflate_dos_vuln_lin.nasl 2010-02-04 11:53:38 UTC (rev 6639) @@ -0,0 +1,91 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_gzip_inflate_dos_vuln_lin.nasl 7064 2010-02-02 18:09:24Z feb $ +# +# GZip 'huft_build()' in 'inflate.c' Input Validation Vulnerability (Linux) +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800453); + script_version("$Revision$: 1.0"); + script_cve_id("CVE-2009-2624"); + script_bugtraq_id(37888); + script_name("GZip 'huft_build()' in 'inflate.c' Input Validation Vulnerability (Linux)"); + desc = " + Overview: This host is installed with GZip and is prone to Input Validation + Vulnerability + + Vulnerability Insight: + The flaw is due to error in 'huft_build()' function in 'inflate.c', creates + a hufts table that is too small. + + Impact: + Successful exploitation could result in Denial of Serivce (application + crash or infinite loop) or possibly execute arbitrary code via a crafted + archive. + + Impact Level: Application + + Affected Software/OS: + GZip version prior to 1.3.13 on Linux. + + Fix: Apply the patch or Upgrade to GZip version 1.3.13, + http://www.gzip.org/index-f.html#sources + http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=39a362ae9d9b007473381dba5032f4dfc1744cf2 + + ***** + NOTE: Ignore this warning, if above mentioned patch is already applied. + ***** + + References: + http://secunia.com/advisories/38132 + http://www.vupen.com/english/advisories/2010/0185 + https://bugzilla.redhat.com/show_bug.cgi?id=514711 + + CVSS Score: + CVSS Base Score : 6.8 (AV:N/AC:M/Au:NR/C:P/I:P/A:P) + CVSS Temporal Score : 5.0 + Risk factor : Medium"; + + script_description(desc); + script_summary("Check for the version of GZip"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Denial of Service"); + script_dependencies("gb_gzip_detect_lin.nasl"); + script_require_keys("GZip/Win/Ver"); + exit(0); +} + + +include("version_func.inc"); + +gzipVer = get_kb_item("GZip/Linux/Ver"); +if(!gzipVer){ + exit(0); +} + +# Grep for GZip version prior to 1.3.13 +if(version_is_less(version:gzipVer, test_version:"1.3.13")){ + security_warning(0); +} Added: trunk/openvas-plugins/scripts/gb_gzip_inflate_dos_vuln_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_gzip_inflate_dos_vuln_win.nasl 2010-02-04 10:59:22 UTC (rev 6638) +++ trunk/openvas-plugins/scripts/gb_gzip_inflate_dos_vuln_win.nasl 2010-02-04 11:53:38 UTC (rev 6639) @@ -0,0 +1,91 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_gzip_inflate_dos_vuln_win.nasl 7064 2010-02-02 13:09:24Z feb $ +# +# GZip 'huft_build()' in 'inflate.c' Input Validation Vulnerability (Win) +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800452); + script_version("$Revision$: 1.0"); + script_cve_id("CVE-2009-2624"); + script_bugtraq_id(37888); + script_name("GZip 'huft_build()' in 'inflate.c' Input Validation Vulnerability (Win)"); + desc = " + Overview: This host is installed with GZip and is prone to Input Validation + Vulnerability + + Vulnerability Insight: + The flaw is due to error in 'huft_build()' function in 'inflate.c', creates + a hufts table that is too small. + + Impact: + Successful exploitation could result in Denial of Serivce (application + crash or infinite loop) or possibly execute arbitrary code via a crafted + archive. + + Impact Level: Application + + Affected Software/OS: + GZip version prior to 1.3.13 on Windows + + Fix: Apply the patch or Upgrade to GZip version 1.3.13 + http://www.gzip.org/index-f.html#sources + http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=39a362ae9d9b007473381dba5032f4dfc1744cf2 + + ***** + NOTE: Ignore this warning, if above mentioned patch is already applied. + ***** + + References: + http://secunia.com/advisories/38132 + http://www.vupen.com/english/advisories/2010/0185 + https://bugzilla.redhat.com/show_bug.cgi?id=514711 + + CVSS Score: + CVSS Base Score : 6.8 (AV:N/AC:M/Au:NR/C:P/I:P/A:P) + CVSS Temporal Score : 5.0 + Risk factor : Medium"; + + script_description(desc); + script_summary("Check for the version of GZip"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Denial of Service"); + script_dependencies("gb_gzip_detect_win.nasl"); + script_require_keys("GZip/Win/Ver"); + exit(0); +} + + +include("version_func.inc"); + +gzipVer = get_kb_item("GZip/Win/Ver"); +if(!gzipVer){ + exit(0); +} + +# Grep for GZip version prior to 1.3.13 +if(version_is_less(version:gzipVer, test_version:"1.3.13")){ + security_warning(0); +} Added: trunk/openvas-plugins/scripts/gb_horde_imp_info_disc_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_horde_imp_info_disc_vuln.nasl 2010-02-04 10:59:22 UTC (rev 6638) +++ trunk/openvas-plugins/scripts/gb_horde_imp_info_disc_vuln.nasl 2010-02-04 11:53:38 UTC (rev 6639) @@ -0,0 +1,107 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_horde_imp_info_disc_vuln.nasl 7066 2010-02-03 12:33:29 feb $ +# +# Horde IMP Information Disclosure Vulnerability +# +# Authors: +# Madhuri D +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800288); + script_version("$Revision$: 1.0"); + script_cve_id("CVE-2010-0463"); + script_name("Horde IMP Information Disclosure Vulnerability"); + desc = " + Overview: This host is running Horde IMP and is prone to Information Disclosure + vulnerability + + Vulnerability Insight: + The flaw exists when DNS prefetching of domain names contained in links within + e-mail messages. + + Impact: + Successful exploitation allows remote attackers to determine the network location + of the webmail user by logging DNS requests. + + Impact Level: Application. + + Affected Software/OS: + Horde IMP version 4.3.6 and prior. + + Fix: + No solution or patch is available as on 03rd, February 2010. Information + regarding this issue will be updated once the solution details are available. + For updates refer, http://www.horde.org/download/ + + References: + http://bugs.horde.org/ticket/8836 + http://www.security-database.com/detail.php?alert=CVE-2010-0463 + https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_Webmail + + CVSS Score: + CVSS Base Score : 5.0 (AV:N/AC:L/Au:NR/C:P/I:N/A:N) + CVSS Temporal Score : 4.2 + Risk factor : Medium"; + + script_description(desc); + script_summary("Check for the version of Horde IMP"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2010 Greenbone Networks GmbH"); + script_dependencies("horde_detect.nasl"); + script_family("General"); + script_require_ports("Services/www", 80); + exit(0); +} + + +include("http_func.inc"); +include("version_func.inc"); +include("http_keepalive.inc"); + +hordePort = get_http_port(default:80); +if(!hordePort){ + exit(0); +} + +hordeVer = get_kb_item("www/" + hordePort + "/horde"); +if(!hordeVer){ + exit(0); +} + +foreach dir (make_list("/horde/imp", "/Horde/IMP", cgi_dirs())) +{ + sndReq = http_get(item:string(dir , "/test.php"), port:hordePort ); + rcvRes = http_keepalive_send_recv(port:hordePort, data:sndReq); + + if("imp" >< rcvRes || "IMP" >< rcvRes) + { + impVer = eregmatch(pattern:"IMP: H3 .([0-9.]+)" , string:rcvRes); + if(impVer[1] != NULL) + { + if(version_is_less_equal(version:impVer[1], test_version:"4.3.6")) + { + security_warning(hordePort); + exit(0); + } + } + } +} Added: trunk/openvas-plugins/scripts/gb_ibm_db2_bof_vuln_lin_feb10.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_ibm_db2_bof_vuln_lin_feb10.nasl 2010-02-04 10:59:22 UTC (rev 6638) +++ trunk/openvas-plugins/scripts/gb_ibm_db2_bof_vuln_lin_feb10.nasl 2010-02-04 11:53:38 UTC (rev 6639) @@ -0,0 +1,87 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_ibm_db2_bof_vuln_lin_feb10.nasl 7041 2010-02-01 20:11:27Z feb $ +# +# IBM DB2 'REPEAT()' Heap Buffer Overflow Vulnerability +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800448); + script_version("$Revision$:1.0"); + script_cve_id("CVE-2010-0462"); + script_bugtraq_id(37976); + script_name("IBM DB2 'REPEAT()' Heap Buffer Overflow Vulnerability"); + desc = " + Overview: The host is installed with IBM DB2 and is prone to Buffer Overflow + vulnerability. + + Vulnerability Insight: + The flaw is due to error in 'REPEAT()' function when processing SELECT statement + that has a long column name generated. + + Impact: + Successful exploitation will let the attacker to execute arbitrary code with + elevated privileges or crash the affected application. + + Impact Level: System/Application + + Affected Software/OS: + IBM DB2 version 9.7.1 and prior. + + Fix: + No solution or patch is available as on 01st February, 2010. Information + regarding this issue will be updated once the solution details are available. + For updates refer, http://www-01.ibm.com/software/data/db2/express/download.html + + References: + httphttp://xforce.iss.net/xforce/xfdb/55899 + http://securitytracker.com/alerts/2010/Jan/1023509.html + http://intevydis.blogspot.com/2010/01/ibm-db2-97-heap-overflow.html + + CVSS Score: + CVSS Base Score : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P) + CVSS Temporal Score : 6.7 + Risk factor : High"; + + script_description(desc); + script_summary("Check for the version of IBM DB2"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Databases"); + script_dependencies("secpod_ibm_db2_detect_linux_900217.nasl"); + script_require_keys("Linux/IBM_db2/Ver"); + exit(0); +} + + +include("version_func.inc"); + +ibmVer = get_kb_item("Linux/IBM_db2/Ver"); +if(!ibmVer){ + exit(0); +} + +# Check for IBM DB2 Version 9.7.1(9.7.0.1)and prior. +if(version_in_range(version:ibmVer, test_version:"9.7", test_version2:"9.7.0.1")){ + security_hole(0); +} Added: trunk/openvas-plugins/scripts/gb_mozilla_prdts_dns_info_disc_vuln_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_mozilla_prdts_dns_info_disc_vuln_win.nasl 2010-02-04 10:59:22 UTC (rev 6638) +++ trunk/openvas-plugins/scripts/gb_mozilla_prdts_dns_info_disc_vuln_win.nasl 2010-02-04 11:53:38 UTC (rev 6639) @@ -0,0 +1,130 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_mozilla_prdts_dns_info_disc_vuln_win.nasl 7065 2010-02-03 11:06:33Z feb $ +# +# Mozilla Products Information Disclosure Vulnerability (Win) +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800454); + script_version("$Revision$: 1.0"); + script_cve_id("CVE-2009-4630"); + script_name("Mozilla Products Information Disclosure Vulnerability (Win)"); + desc = " + Overview: The host is installed with Firefox/Seamonkey and is prone to + Information Disclosure vulnerability. + + Vulnerability Insight: + The flaw exists when DNS prefetching of domain names contained in links within + local HTML documents. + + Impact: + Successful exploitation will let the attackes obtain the network location of + the applications user by logging DNS requests. + + Impact Level: Application + + Affected Software/OS: + Mozilla Firefox and Seamonkey with Mozilla Necko version 1.9.0 and prior + on Windows. + + Fix: Apply the patch or Upgrade to Mozilla Necko version 1.9.1, + https://bug453403.bugzilla.mozilla.org/attachment.cgi?id=346274 + http://www.mozilla.com/en-US/products/ + + ***** + NOTE: Ignore this warning, if above mentioned patch is already applied. + ***** + + References: + https://bugzilla.mozilla.org/show_bug.cgi?id=453403 + https://bugzilla.mozilla.org/show_bug.cgi?id=492196 + + CVSS Score: + CVSS Base Score : 5.0 (AV:N/AC:L/Au:NR/C:P/I:N/A:N) + CVSS Temporal Score : 3.7 + Risk factor : Medium"; + + script_description(desc); + script_summary("Check for the version of Firefox/Seamonkey"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("General"); + script_dependencies("gb_seamonkey_detect_win.nasl", "gb_firefox_detect_win.nasl"); + script_require_keys("Firefox/Win/Ver", "Seamonkey/Win/Ver"); + exit(0); +} + + +include("smb_nt.inc"); +include("version_func.inc"); +include("secpod_smb_func.inc"); + +# Seamonkey Check +smVer = get_kb_item("Seamonkey/Win/Ver"); +if(!isnullsmVer) +{ + + path = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion" + + "\App Paths\seamonkey.exe", item:"path"); + if(!isnull(path)) + { + path = path + "\seamonkey.exe"; + share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:path); + file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:path); + + seaVer = GetVer(file:file, share:share); + if(!isnull(seaVer)) + { + if(version_is_less(version:seaVer, test_version:"1.9.1")) + { + security_warning(0); + exit(0); + } + } + } +} + +# Firefox Check +fpVer = get_kb_item("Firefox/Win/Ver"); +if(!isnull(fpVer)) +{ + path = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion" + + "\App Paths\firefox.exe", item:"path"); + if(!isnull(path)) + { + path = path + "\firefox.exe"; + share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:path); + file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:path); + + seaVer = GetVer(file:file, share:share); + if(!isnull(seaVer)) + { + if(version_is_less(version:seaVer, test_version:"1.9.1")) + { + security_warning(0); + exit(0); + } + } + } +} Added: trunk/openvas-plugins/scripts/gb_mozilla_prdts_necko_dns_info_disc_vuln_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_mozilla_prdts_necko_dns_info_disc_vuln_lin.nasl 2010-02-04 10:59:22 UTC (rev 6638) +++ trunk/openvas-plugins/scripts/gb_mozilla_prdts_necko_dns_info_disc_vuln_lin.nasl 2010-02-04 11:53:38 UTC (rev 6639) @@ -0,0 +1,126 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_mozilla_prdts_necko_dns_info_disc_vuln_lin.nasl 7065 2010-02-03 13:06:33Z feb $ +# +# Mozilla Products Necko DNS Information Disclosure Vulnerability (Linux) +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800456); + script_version("$Revision$: 1.0"); + script_cve_id("CVE-2009-4629"); + script_name("Mozilla Products Necko DNS Information Disclosure Vulnerability (Linux)"); + desc = " + Overview: The host is installed with Thundebird/Seamonkey and is prone to + Information Disclosure vulnerability. + + Vulnerability Insight: + The flaw exists while DNS prefetching, when the app type is 'APP_TYPE_MAIL' + or 'APP_TYPE_EDITOR' + + Impact: + Successful exploitation will let the attackes obtain the network location of + the applications user by logging DNS requests. + + Impact Level: Application + + Affected Software/OS: + Mozilla Thunderbird version 3.0.1 and + Seamonkey with Mozilla Necko version 1.9.0 and prior on Linux. + + Fix: Apply the patch or Upgrade to Mozilla Necko version 1.9.1 + http://www.mozilla.com/en-US/products/ + https://bug492196.bugzilla.mozilla.org/attachment.cgi?id=377824 + + ***** + NOTE: Ignore this warning, if above mentioned patch is already applied. + ***** + + References: + https://bugzilla.mozilla.org/show_bug.cgi?id=492196 + https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_Webmail + + CVSS Score: + CVSS Base Score : 5.0 (AV:N/AC:L/Au:NR/C:P/I:N/A:N) + CVSS Temporal Score : 3.7 + Risk factor : Medium"; + + script_description(desc); + script_summary("Check for the version of Thunderbird/Seamonkey"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("General"); + script_dependencies("gb_seamonkey_detect_lin.nasl", "gb_thunderbird_detect_lin.nasl"); + script_require_keys("Seamonkey/Linux/Ver", "Thunderbird/Linux/Ver"); + exit(0); +} + + +include("ssh_func.inc"); +include("version_func.inc"); + +# Thunderbird Check +fpVer = get_kb_item("Thunderbird/Linux/Ver"); +if(!isnull(fpVer)) +{ + if(version_is_less_equal(version:fpVer, test_version:"3.0.1")) + { + security_warning(0); + exit(0); + } +} + +# Seamonkey Check +seaVer = get_kb_item("Seamonkey/Linux/Ver"); +if(!seaVer){ + exit(0); +} + +grep = find_bin(prog_name:"grep", sock:sock); +grep = chomp(grep[0]); +garg[0] = "-o"; +garg[1] = "-m1"; +garg[2] = "-a"; +garg[3] = string("rv:[0-9.].\\+"); + +modName = find_file(file_name:"libnecko.so", file_path:"/", + useregex:TRUE, regexpar:"$", sock:sock); + +foreach binaryName (modName) +{ + binaryName = chomp(binaryName); + arg = garg[0] + " " + garg[1] + " " + garg[2] + " " + raw_string(0x22) + + garg[3] + raw_string(0x22) + " " + binaryName; + + seaVer = get_bin_version(full_prog_name:grep, version_argv:arg, + ver_pattern:"([0-9.]+)", sock:sock); + if(seaVer[1] != NULL) + { + if(version_is_less(version:seaver[1], test_version:"1.9.1")) + { + security_warning(0); + ssh_close_connection(); + exit(0); + } + } +} Added: trunk/openvas-plugins/scripts/gb_mozilla_prdts_necko_dns_info_disc_vuln_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_mozilla_prdts_necko_dns_info_disc_vuln_win.nasl 2010-02-04 10:59:22 UTC (rev 6638) +++ trunk/openvas-plugins/scripts/gb_mozilla_prdts_necko_dns_info_disc_vuln_win.nasl 2010-02-04 11:53:38 UTC (rev 6639) @@ -0,0 +1,114 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_mozilla_prdts_necko_dns_info_disc_vuln_win.nasl 7065 2010-02-03 11:06:33Z feb $ +# +# Mozilla Products Necko DNS Information Disclosure Vulnerability (Win) +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800455); + script_version("$Revision$: 1.0"); + script_cve_id("CVE-2009-4629"); + script_name("Mozilla Products Necko DNS Information Disclosure Vulnerability (Win)"); + desc = " + Overview: The host is installed with Thundebird/Seamonkey and is prone to + Information Disclosure vulnerability. + + Vulnerability Insight: + The flaw exists while DNS prefetching, when the app type is 'APP_TYPE_MAIL' + or 'APP_TYPE_EDITOR' + + Impact: + Successful exploitation will let the attackes obtain the network location of + the applications user by logging DNS requests. + + Impact Level: Application + + Affected Software/OS: + Mozilla Thunderbird version 3.0.1 and + Seamonkey with Mozilla Necko version 1.9.0 and prior on Windows. + + Fix: Apply the patch or Upgrade to Mozilla Necko version 1.9.1 + http://www.mozilla.com/en-US/products/ + https://bug492196.bugzilla.mozilla.org/attachment.cgi?id=377824 + + ***** + NOTE: Ignore this warning, if above mentioned patch is already applied. + ***** + + References: + https://bugzilla.mozilla.org/show_bug.cgi?id=492196 + https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_Webmail + + CVSS Score: + CVSS Base Score : 5.0 (AV:N/AC:L/Au:NR/C:P/I:N/A:N) + CVSS Temporal Score : 3.7 + Risk factor : Medium"; + + script_description(desc); + script_summary("Check for the version of Firefox/Seamonkey"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("General"); + script_dependencies("gb_seamonkey_detect_win.nasl", "gb_thunderbird_detect_win.nasl"); + script_require_keys("Thunderbird/Win/Ver", "Seamonkey/Win/Ver"); + exit(0); +} + + +include("smb_nt.inc"); +include("version_func.inc"); +include("secpod_smb_func.inc"); + +# Seamonkey Check +smVer = get_kb_item("Seamonkey/Win/Ver"); +if(!isnullsmVer) +{ + + path = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion" + + "\App Paths\seamonkey.exe", item:"path"); + path = path + "\seamonkey.exe"; + + share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:path); + file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:path); + + seaVer = GetVer(file:file, share:share); + if(!isnull(seaVer)) + { + if(version_is_less(version:seaVer, test_version:"1.9.1")) + { + security_warning(0); + exit(0); + } + } +} + +# Thunderbird Check +fpVer = get_kb_item("Thunderbird/Win/Ver"); +if(!isnull(fpVer)) +{ + if(version_is_less_equal(version:fpVer, test_version:"3.0.1")){ + security_warning(0); + } +} + Added: trunk/openvas-plugins/scripts/gb_sun_java_sys_web_serv_mult_vuln_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_sun_java_sys_web_serv_mult_vuln_lin.nasl 2010-02-04 10:59:22 UTC (rev 6638) +++ trunk/openvas-plugins/scripts/gb_sun_java_sys_web_serv_mult_vuln_lin.nasl 2010-02-04 11:53:38 UTC (rev 6639) @@ -0,0 +1,138 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_sun_java_sys_web_serv_mult_vuln_lin.nasl 6721 2010-01-25 17:57:42Z jan $ +# +# Sun Java System Web Server Multiple Vulnerabilities (Linux) +# +# Authors: +# Veerendra G +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800156); + script_version("$Revision$: 1.0"); + script_cve_id("CVE-2010-0272","CVE-2010-0273", "CVE-2010-0360", "CVE-2010-0361", + "CVE-2010-0388", "CVE-2010-0389"); + script_bugtraq_id(37910); + script_name("Sun Java System Web Server Multiple Vulnerabilities (Linux)"); + desc = " + Overview: This host has Sun Java Web Server running which is prone to + Multiple Vulnerabilities. + + Vulnerability Insight: + - An error exists in WebDAV implementation in webservd and can be exploited + to cause Stack-based buffer overflow via long URI in an HTTP OPTIONS + request. + - An unspecified error that can be exploited to cause a heap-based buffer + overflow which allows remote attackers to discover process memory + locations and execute arbitrary code by sending a process memory address + via crafted data. + - Format string vulnerability in the WebDAV implementation in webservd that + can be exploited to cause denial of service via format string specifiers + in the encoding attribute of the XML declaration in a PROPFIND request. + - An unspecified error in admin server that can be exploited to cause + denial of service via an HTTP request that lacks a method token. + + Impact: + Successful exploitation lets the attackers to discover process memory + locations or execute arbitrary code in the context of an affected system + or cause the application to crash via a long URI in an HTTP OPTIONS request. + + Impact Level: System/Application + + Affected Software/OS: + Sun Java System Web Server version 7.0 update 6 on Linux. + Sun Java System Web Server version 7.0 update 7 on Linux. + + Fix: + No solution or patch is available as on 29th January, 2010. Information + regarding this issue will be updated once the solution details are available. + For updates refer, http://www.sun.com/ + + References: + http://intevydis.com/sjws_demo.html + http://xforce.iss.net/xforce/xfdb/55812 + http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70-admin.html + http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70-webdav.html + http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-trace.html + http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-webdav.html + + CVSS Score: + CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 9.0 + Risk factor: Critical"; + + script_description(desc); + script_summary("Check for the version of Java System Web Server"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2010 Greenbone Networks GmbH"); + script_family("Buffer overflow"); + script_dependencies("gb_sun_java_sys_web_serv_detect.nasl"); + script_require_keys("Sun/Java/SysWebServ/Ver","Sun/JavaSysWebServ/Port"); + exit(0); +} + + +include("ssh_func.inc"); +include("version_func.inc"); + +## Check for Sun Java System Web Server 7.0 +if( get_kb_item("Sun/JavaSysWebServ/Ver") != "7.0"){ + exit(0); +} + +sock = ssh_login_or_reuse_connection(); +if(!sock){ + exit(0); +} + +## Find path of the given file +paths = find_file(file_name:"webservd", file_path:"/", useregex:TRUE, + regexpar:"$", sock:jswsSock); + +## Iterate over all paths +foreach sjswsBin (paths) +{ + ## Extract version from the file + sjswsVer = get_bin_version(full_prog_name:chomp(sjswsBin), sock:jswsSock, + version_argv:"-v", + ver_pattern:"Sun (ONE |Java System )Web Server " + + "([0-9.]+)(SP|U)?([0-9]+)?([^0-9.]|$)"); + ## Construct proper file version + if(sjswsVer[2] != NULL) + { + if(sjswsVer[4] != NULL) + sjswsVer = sjswsVer[2] + "." + sjswsVer[4]; + else + sjswsVer = sjswsVer[2]; + + ## Check for Web Server version 7.0 Update 6 and Update 7 + if(version_is_equal(version:sjswsVer, test_version:"7.0.6") || + version_is_equal(version:sjswsVer, test_version:"7.0.7")) + { + sjswsPort = get_kb_item("Sun/JavaSysWebServ/Port"); + security_hole(sjswsPort); + ssh_close_connection(); + exit(0); + } + } +} + +ssh_close_connection(); Added: trunk/openvas-plugins/scripts/gb_sun_java_sys_web_serv_mult_vuln_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_sun_java_sys_web_serv_mult_vuln_win.nasl 2010-02-04 10:59:22 UTC (rev 6638) +++ trunk/openvas-plugins/scripts/gb_sun_java_sys_web_serv_mult_vuln_win.nasl 2010-02-04 11:53:38 UTC (rev 6639) @@ -0,0 +1,146 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_sun_java_sys_web_serv_mult_vuln_win.nasl 6721 2010-01-25 17:57:42Z jan $ +# +# Sun Java System Web Server Multiple Vulnerabilities (Win) +# +# Authors: +# Veerendra G +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800157); + script_version("$Revision$: 1.0"); + script_cve_id("CVE-2010-0360", "CVE-2010-0361", "CVE-2010-0387"); + script_bugtraq_id(37896); + script_name("Sun Java System Web Server Multiple Vulnerabilities (Win)"); + desc = " + Overview: This host has Sun Java Web Server running which is prone to + multiple vulnerabilities. + + Vulnerability Insight: + - An error exists in WebDAV implementation in webservd and can be exploited + to cause Stack-based buffer overflow via long URI in an HTTP OPTIONS + request. + - An unspecified error that can be exploited to cause a heap-based buffer + overflow which allows remote attackers to discover process memory + locations and execute arbitrary code by sending a process memory address + via crafted data. + - An error exists in in webservd and admin server that can be exploited to + overflow a buffer and execute arbitrary code on the system or cause + the server to crash via a long string in an 'Authorization: Digest' HTTP + header. + + Impact: + Successful exploitation lets the attackers to discover process memory + locations or execute arbitrary code in the context of an affected system + or cause the application to crash via a long URI in an HTTP OPTIONS request. + + Impact Level: System/Application + + Affected Software/OS: + Sun Java System Web Server version 7.0 update 7 on Windows. + + Fix: + No solution or patch is available as on 29th January, 2010. Information + regarding this issue will be updated once the solution details are available. + For updates refer, http://www.sun.com/ + + References: + http://intevydis.com/sjws_demo.html + http://xforce.iss.net/xforce/xfdb/55792 + http://securitytracker.com/alerts/2010/Jan/1023488.html + http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-webdav.html + http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-digest.html + + CVSS Score: + CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 9.0 + Risk factor: Critical"; + + script_description(desc); + script_summary("Check for the version of Java System Web Server"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2010 Greenbone Networks GmbH"); + script_family("Buffer overflow"); + script_dependencies("gb_sun_java_sys_web_serv_detect.nasl", + "secpod_reg_enum.nasl"); + script_require_keys("Sun/Java/SysWebServ/Ver", "Sun/JavaSysWebServ/Port", + "SMB/WindowsVersion"); + exit(0); +} + + +include("smb_nt.inc"); +include("secpod_reg.inc"); +include("version_func.inc"); +include("secpod_smb_func.inc"); + +## Check for Windows +if(!get_kb_item("SMB/WindowsVersion")){ + exit(0); +} + +## Check for Sun Java System Web Server 7.0 +if( get_kb_item("Sun/JavaSysWebServ/Ver") != "7.0"){ + exit(0); +} + +## Get Application Installed Path +key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; +sjswsPath = registry_get_sz(key:key + "Sun Java System Web Server", + item:"UninstallString"); + +if(sjswsPath != NULL) +{ + ## Construct path to point "WebServer.inf" file + sjswsPath = ereg_replace(pattern:'\"(.*)\"', replace:"\1", string:sjswsPath); + sjswsPath = sjswsPath - "\bin\uninstall.exe" + "\setup\WebServer.inf"; + + share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:sjswsPath); + file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1",string:sjswsPath); + + ## Get file contents + fileData = read_file(share:share, file:file, offset:0, count:500); + + ## Extract Product Version and Update Version + sjswsVer = eregmatch(pattern:"PRODUCT_VERSION=([0-9.]+)", string:fileData); + sjswsUpdateVer = eregmatch(pattern:"PRODUCT_SP_VERSION=([0-9]+)", string:fileData); + + ## Construct Full Product Version + if(sjswsVer[1] != NULL){ + if(sjswsUpdateVer != NULL) + sjswsFullVer = sjswsVer[1] + "." + sjswsUpdateVer[1]; + else + sjswsFullVer = sjswsVer[1] + "." + "0"; + } + + if(sjswsFullVer != NULL) + { + ## Check Sun Java System Web Server is equal to 7.0.7 + ## i.e Sun Java System Web Server 7 Update 7 + if(version_is_equal(version:sjswsFullVer, test_version:"7.0.7")) + { + sjswsPort = get_kb_item("Sun/JavaSysWebServ/Port"); + security_hole(sjswsPort); + exit(0); + } + } +} Modified: trunk/openvas-plugins/scripts/postgresql_37973.nasl =================================================================== --- trunk/openvas-plugins/scripts/postgresql_37973.nasl 2010-02-04 10:59:22 UTC (rev 6638) +++ trunk/openvas-plugins/scripts/postgresql_37973.nasl 2010-02-04 11:53:38 UTC (rev 6639) @@ -7,6 +7,9 @@ # Authors: # Michael Meyer # +# Update By : Antu Sanadi 2010-02-04 #7085 +# Updated the CVE-2010-0442 and version check according to CVE. +# # Copyright: # Copyright (c) 2010 Greenbone Networks GmbH # @@ -27,11 +30,10 @@ if (description) { script_id(100470); + script_cve_id("CVE-2010-0442"); script_bugtraq_id(37973); script_version ("1.0-$Revision$"); - script_name("PostgreSQL 'bitsubstr' Buffer Overflow Vulnerability"); - desc = "Overview: PostgreSQL is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user- @@ -40,17 +42,18 @@ Attackers can exploit this issue to execute arbitrary code with elevated privileges or crash the affected application. -PostgreSQL 8.0.23 is vulnerable; other versions may also be affected. +PostgreSQL version 8.0.x, 8.1.x, 8.3.x is vulnerable; other versions may also be affected. References: +http://www.postgresql.org/ http://www.securityfocus.com/bid/37973 +http://xforce.iss.net/xforce/xfdb/55902 http://intevydis.blogspot.com/2010/01/postgresql-8023-bitsubstr-overflow.html -http://www.postgresql.org/ Risk factor : Medium"; script_description(desc); - script_summary("Determine if PostgreSQL version is 8.0.23"); + script_summary("Determine if PostgreSQL version"); script_category(ACT_GATHER_INFO); script_family("Databases"); script_copyright("This script is Copyright (C) 2010 Greenbone Networks GmbH"); @@ -63,13 +66,16 @@ include("misc_func.inc"); port = get_kb_item("Services/postgresql"); + if(!port)port = 5432; + if(!get_tcp_port_state(port))exit(0); if(!ver = get_kb_list(string("PostgreSQL/Remote/", port, "/Ver")))exit(0); -if(version_is_equal(version:ver, test_version:"8.0.23")) -{ +if(version_in_range(version:ver, test_version:"8.0", test_version2:"8.0.23") || + version_in_range(version:ver, test_version:"8.1", test_version2:"8.1.11") || + version_in_range(version:ver, test_version:"8.3", test_version2:"8.3.8")){ security_warning(port:port); exit(0); } Modified: trunk/openvas-plugins/scripts/viewvc_37518.nasl =================================================================== --- trunk/openvas-plugins/scripts/viewvc_37518.nasl 2010-02-04 10:59:22 UTC (rev 6638) +++ trunk/openvas-plugins/scripts/viewvc_37518.nasl 2010-02-04 11:53:38 UTC (rev 6639) @@ -7,6 +7,9 @@ # Authors: # Michael Meyer # +# Updated the CVE. +# - Rachana Shetty on 2010-02-03 #7067 +# # Copyright: # Copyright (c) 2010 Greenbone Networks GmbH # @@ -27,8 +30,10 @@ if (description) { script_id(100414); + script_cve_id("CVE-2010-0004", "CVE-2010-0005"); script_bugtraq_id(37518); script_version ("1.0-$Revision$"); + script_name("ViewVC Versions Prior to 1.1.3 Multiple Remote Vulnerabilities"); From scm-commit at wald.intevation.org Thu Feb 4 13:45:33 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 4 Feb 2010 13:45:33 +0100 (CET) Subject: [Openvas-commits] r6640 - trunk/doc/website Message-ID: <20100204124533.B180B865FAB8@pyrosoma.intevation.org> Author: chandra Date: 2010-02-04 13:45:32 +0100 (Thu, 04 Feb 2010) New Revision: 6640 Added: trunk/doc/website/openvas-cr-41.htm4 trunk/doc/website/openvas-cr-42.htm4 Modified: trunk/doc/website/openvas-crs.htm4 Log: Added new CR's - #41 and #42 Added: trunk/doc/website/openvas-cr-41.htm4 =================================================================== --- trunk/doc/website/openvas-cr-41.htm4 2010-02-04 11:53:38 UTC (rev 6639) +++ trunk/doc/website/openvas-cr-41.htm4 2010-02-04 12:45:32 UTC (rev 6640) @@ -0,0 +1,100 @@ +m4_dnl -*-html-*- +m4_include(`template.m4') + +m4_dnl OpenVAS +m4_dnl $Id$ +m4_dnl Description: OpenVAS Change Request #41 +m4_dnl +m4_dnl Authors: +m4_dnl Chandrashekhar B +m4_dnl +m4_dnl Copyright: +m4_dnl Copyright (C) 2010 SecPod Technologies. +m4_dnl +m4_dnl This program is free software; you can redistribute it and/or modify +m4_dnl it under the terms of the GNU General Public License version 2, +m4_dnl as published by the Free Software Foundation. +m4_dnl +m4_dnl This program is distributed in the hope that it will be useful, +m4_dnl but WITHOUT ANY WARRANTY; without even the implied warranty of +m4_dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +m4_dnl GNU General Public License for more details. +m4_dnl +m4_dnl You should have received a copy of the GNU General Public License +m4_dnl along with this program; if not, write to the Free Software +m4_dnl Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + + +PAGE_START +

OpenVAS Change Request #41: Adoption of CVSS Standard

+ +

+Status: In Progress. +

+ +

Purpose

+To adopt CVSS as vulnerability severity scoring system and represent the CVSS +scores through script_tag(). +

+ +

References

+CVSS Standard +

+ +

Rationale

+CVSS (Common Vulnerability Scoring System) provides universal open and +standardized method for rating vulnerabilities. Currently, CVSS is used by +some of the NVT Developers to rate the severity. And majority of the NVT's do +not use this method of scoring. The minimal set of NVT's that are using CVSS +for scoring embed the score as part of the description and not in a standard +way. +

+ +

+The general goal is to rate the vulnerabilities through CVSS Score and also to +indicate these scores in a standard way, through script_tag() function like other +attributes of NVT. +

+ +

Effects

All the existing NVT's that are using CVSS Scoring in the description text +will be moved to script_tag() function inside if(description) section of NVT. +Hence the CVSS score will not appear as part of the report text in the Client +but instead it'll be listed as one of the NVT's attribute like script_cve_id +and others. + +
All the other NVT's will also be updated with an additional script_tag() +attribute like above. +

+ +

Design and Implementation

+ +

+The implementation needs to incorporate the following changes: +

+ +

Update all NVT's that are currently using CVSS score to use, +script_tag("cvss_base", x.y) and script_tag("cvss_temporal", x.y) format, where +x and y are score indicators from 0 and upto 10. Also remove the CVSS Score +that is currently embedded in the description. + +
Update all NVT's that refere to CVE through script_cve_id() to also +include CVSS score through script_tag("cvss_base", x.y) and +script_tag("cvss_temporal", x.y). + +
Update the compendium describing the procedure to add CVSS scores in +NVT's. +

+ +

History

+ +

2010-02-04 Chandrashekhar B <bchandra at secpod.com>:
+ Initial Text. +

Added: trunk/doc/website/openvas-cr-42.htm4 =================================================================== --- trunk/doc/website/openvas-cr-42.htm4 2010-02-04 11:53:38 UTC (rev 6639) +++ trunk/doc/website/openvas-cr-42.htm4 2010-02-04 12:45:32 UTC (rev 6640) @@ -0,0 +1,107 @@ +m4_dnl -*-html-*- +m4_include(`template.m4') + +m4_dnl OpenVAS +m4_dnl $Id$ +m4_dnl Description: OpenVAS Change Request #42 +m4_dnl +m4_dnl Authors: +m4_dnl Chandrashekhar B +m4_dnl +m4_dnl Copyright: +m4_dnl Copyright (C) 2010 SecPod Technologies. +m4_dnl +m4_dnl This program is free software; you can redistribute it and/or modify +m4_dnl it under the terms of the GNU General Public License version 2, +m4_dnl as published by the Free Software Foundation. +m4_dnl +m4_dnl This program is distributed in the hope that it will be useful, +m4_dnl but WITHOUT ANY WARRANTY; without even the implied warranty of +m4_dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +m4_dnl GNU General Public License for more details. +m4_dnl +m4_dnl You should have received a copy of the GNU General Public License +m4_dnl along with this program; if not, write to the Free Software +m4_dnl Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + + +PAGE_START +

OpenVAS Change Request #42: Adoption of Risk Factor standard for NVT's

+ +

+Status: In Progress. +

+ +

Purpose

+To indicate Risk Factor in a standard way in NVT's through script_tag() +instead of embedding inside the description. +

+ +

References

+ +

Rationale

+Currently Risk Factor is being set in some of the NVT's as part of the +description text to indicate the severity of the vulnerability. There's no +standard format being followed by NVT developers. + +

+ +

+The general goal is to to indicate Risk Factor in a standard way, through +script_tag() function like other attributes of NVT. +

+ +

Effects

All the existing NVT's that are using Risk Factor in the description text +will be moved to script_tag() function inside if(description) section of NVT. +Hence the Risk Factor will not appear as part of the report text in the Client +but instead it'll be listed as one of the NVT's attribute like script_cve_id +and others. + +
All the other NVT's will also be updated with an additional script_tag() +attribute like above. +

+ +

Design and Implementation

+ +

+The implementation needs to incorporate the following changes: +

+ +

Update all NVT's that are currently using Risk Factor to use, +script_tag("risk_factor", SEVERITY) format, where SEVERITY indicates the +likelihood of the vulnerability being exploited. Also remove the Risk Factor +that is currently embedded in the description. + +

+The SEVERITY can be one of the following, +

+  - Informational: The NVT is only gathering information about the target
+    system and not reporting any vulnerability.
+  - Low: The chances of the vulnerability being exploited is very low. In
+    other words, CVSS Base score between 0 - 2
+  - Medium: The chances of the vulnerability being exploited is moderate. 
+    In other words, CVSS Base score between 2 - 5.
+  - High: The chances of the vulnerability being exploited is high. In
+    other words, CVSS Base score between 5 - 8
+  - Critical: CVSS Base score between 8 - 10
+

+ +

Update the compendium describing the procedure to add Risk Factor in +NVT's. +

+ +

History

+ +

2010-02-04 Chandrashekhar B <bchandra at secpod.com>:
+ Initial Text. +

Modified: trunk/doc/website/openvas-crs.htm4 =================================================================== --- trunk/doc/website/openvas-crs.htm4 2010-02-04 11:53:38 UTC (rev 6639) +++ trunk/doc/website/openvas-crs.htm4 2010-02-04 12:45:32 UTC (rev 6640) @@ -84,6 +84,8 @@

OpenVAS Change Request #38: Reorganize OpenVAS libraries (done)

OpenVAS Change Request #39: Mandatory KB keys (done)

OpenVAS Change Request #40: find_service.c and NMAP service detection (done) +

OpenVAS Change Request #41: Adoption of CVSS Standard (in discussion) +

OpenVAS Change Request #42: Adoption of Risk Factor standard for NVT's (in discussion)

How to write a change request

From scm-commit at wald.intevation.org Thu Feb 4 13:58:48 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 4 Feb 2010 13:58:48 +0100 (CET) Subject: [Openvas-commits] r6641 - in trunk/openvas-manager: . src Message-ID: <20100204125848.0C87C865FAB0@pyrosoma.intevation.org> Author: mattm Date: 2010-02-04 13:58:43 +0100 (Thu, 04 Feb 2010) New Revision: 6641 Modified: trunk/openvas-manager/CMakeLists.txt trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/manage.h trunk/openvas-manager/src/omp.c trunk/openvas-manager/src/tasks_sql.h Log: Reference targets and configs by ID in the tasks table, instead of by name. Hence increase database version to 11. Add database migration from 10 to 11. * CMakeLists.txt (OPENVASMD_DATABASE_VERSION): Increase to 11. * src/tasks_sql.h (create_tables): Make config and target in table tasks INTEGERs. (migrate_10_to_11): New function. (database_migrators): Add migrate_10_to_11. (task_config, task_config_name, delete_config, config_in_use) (manage_set_config_preference, manage_set_config_preference) (manage_set_config_nvts, init_config_task_iterator): Treat task config reference as integer. (set_task_config): Change config from name to integer. (task_target, delete_target, target_in_use) (init_target_task_iterator): Treat task target reference as integer. (set_task_target): Change target from name to integer. (append_to_task_config, append_to_task_target): Remove. (create_target): Return created target via arg. (create_config_rc): Return created config via arg. * src/manage.h: Update headers accordingly. * src/omp.c (omp_xml_handle_end_element): In CLIENT_CREATE_CONFIG and CLIENT_CREATE_TARGET add dummy return args to create_target and create_config_rc calls. In CLIENT_CREATE_TASK set the task config and target from the given names. (omp_xml_handle_text): In CLIENT_CREATE_TASK_CONFIG and CLIENT_CREATE_TASK_TARGET append to global instead of appending into task. Modified: trunk/openvas-manager/CMakeLists.txt =================================================================== --- trunk/openvas-manager/CMakeLists.txt 2010-02-04 12:45:32 UTC (rev 6640) +++ trunk/openvas-manager/CMakeLists.txt 2010-02-04 12:58:43 UTC (rev 6641) @@ -94,7 +94,7 @@ ## Variables -set (OPENVASMD_DATABASE_VERSION 10) +set (OPENVASMD_DATABASE_VERSION 11) set (CMAKE_BUILD Debug) set (CMAKE_VERBOSE_MAKEFILE ON) Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-04 12:45:32 UTC (rev 6640) +++ trunk/openvas-manager/ChangeLog 2010-02-04 12:58:43 UTC (rev 6641) @@ -1,3 +1,37 @@ +2010-02-04 Matthew Mundell + + Reference targets and configs by ID in the tasks table, instead of by + name. Hence increase database version to 11. Add database migration + from 10 to 11. + + * CMakeLists.txt (OPENVASMD_DATABASE_VERSION): Increase to 11. + + * src/tasks_sql.h (create_tables): Make config and target in table tasks + INTEGERs. + (migrate_10_to_11): New function. + (database_migrators): Add migrate_10_to_11. + (task_config, task_config_name, delete_config, config_in_use) + (manage_set_config_preference, manage_set_config_preference) + (manage_set_config_nvts, init_config_task_iterator): Treat task config + reference as integer. + (set_task_config): Change config from name to integer. + (task_target, delete_target, target_in_use) + (init_target_task_iterator): Treat task target reference as integer. + (set_task_target): Change target from name to integer. + (append_to_task_config, append_to_task_target): Remove. + (create_target): Return created target via arg. + (create_config_rc): Return created config via arg. + + * src/manage.h: Update headers accordingly. + + * src/omp.c (omp_xml_handle_end_element): In CLIENT_CREATE_CONFIG and + CLIENT_CREATE_TARGET add dummy return args to create_target and + create_config_rc calls. In CLIENT_CREATE_TASK set the task config and + target from the given names. + (omp_xml_handle_text): In CLIENT_CREATE_TASK_CONFIG and + CLIENT_CREATE_TASK_TARGET append to global instead of appending into + task. + 2010-02-04 Felix Wolfsteller * src/task_sql.h (openvas_user_uuid, authenticate): Minor doc. Modified: trunk/openvas-manager/src/manage.h =================================================================== --- trunk/openvas-manager/src/manage.h 2010-02-04 12:45:32 UTC (rev 6640) +++ trunk/openvas-manager/src/manage.h 2010-02-04 12:58:43 UTC (rev 6641) @@ -374,13 +374,13 @@ task_config_name (task_t); void -set_task_config (task_t, const char*); +set_task_config (task_t, config_t); target_t task_target (task_t); void -set_task_target (task_t, const char*); +set_task_target (task_t, config_t); char* task_description (task_t); @@ -476,15 +476,9 @@ append_to_task_comment (task_t, const char*, int); int -append_to_task_config (task_t, const char*, int); - -int append_to_task_name (task_t, const char*, int); int -append_to_task_target (task_t, const char*, int); - -int add_task_description_line (task_t, const char*, size_t); void @@ -703,7 +697,7 @@ find_target (const char*, target_t*); int -create_target (const char*, const char*, const char*, const char*); +create_target (const char*, const char*, const char*, const char*, target_t*); int delete_target (target_t); @@ -773,7 +767,7 @@ char**); int -create_config_rc (const char*, const char*, char*); +create_config_rc (const char*, const char*, char*, config_t*); int copy_config (const char*, const char*, config_t); Modified: trunk/openvas-manager/src/omp.c =================================================================== --- trunk/openvas-manager/src/omp.c 2010-02-04 12:45:32 UTC (rev 6640) +++ trunk/openvas-manager/src/omp.c 2010-02-04 12:58:43 UTC (rev 6641) @@ -1646,6 +1646,8 @@ { assert (current_client_task == (task_t) 0); assert (modify_task_name == NULL); + assert (current_name == NULL); + assert (current_uuid == NULL); current_client_task = make_task (NULL, 0, NULL); if (current_client_task == (task_t) 0) abort (); // FIX openvas_append_string (&modify_task_name, ""); @@ -6408,7 +6410,8 @@ ret = create_config_rc (modify_task_name, modify_task_comment, - (char*) base64); + (char*) base64, + NULL); g_free (base64); switch (ret) { @@ -6884,7 +6887,8 @@ else if (create_target (modify_task_name, modify_task_value, modify_task_comment, - modify_task_parameter)) + modify_task_parameter, + NULL)) { openvas_free_string_var (&modify_task_comment); openvas_free_string_var (&modify_task_name); @@ -6925,8 +6929,8 @@ case CLIENT_CREATE_TASK: { gchar* msg; - config_t config; - target_t target; + config_t config = 0; + target_t target = 0; char *tsk_uuid, *name, *description; assert (strcasecmp ("CREATE_TASK", element_name) == 0); @@ -6952,6 +6956,8 @@ } current_client_task = (task_t) 0; openvas_free_string_var (&modify_task_name); + openvas_free_string_var (¤t_uuid); + openvas_free_string_var (¤t_name); set_client_state (CLIENT_AUTHENTIC); break; } @@ -6959,11 +6965,10 @@ /* Check for the right combination of rcfile, target and config. */ description = task_description (current_client_task); - config = task_config (current_client_task); - target = task_target (current_client_task); - if ((description && (config || target)) + /* Config name is current_uuid. Target name is current_name. */ + if ((description && (current_uuid || current_name)) || (description == NULL - && (config == 0 || target == 0))) + && (current_uuid == NULL || current_name == NULL))) { request_delete_task (¤t_client_task); free (tsk_uuid); @@ -6973,10 +6978,14 @@ " or both a config and a target")); current_client_task = (task_t) 0; openvas_free_string_var (&modify_task_name); + openvas_free_string_var (¤t_uuid); + openvas_free_string_var (¤t_name); set_client_state (CLIENT_AUTHENTIC); break; } + assert (description || (current_uuid && current_name)); + /* Set any escalator. */ if (strlen (modify_task_name)) @@ -6986,6 +6995,9 @@ { SEND_TO_CLIENT_OR_FAIL (XML_INTERNAL_ERROR ("create_task")); openvas_free_string_var (&modify_task_name); + openvas_free_string_var (¤t_uuid); + openvas_free_string_var (¤t_name); + set_client_state (CLIENT_AUTHENTIC); break; } if (escalator == 0) @@ -6994,6 +7006,9 @@ (XML_ERROR_SYNTAX ("create_task", "CREATE_TASK escalator must exist")); openvas_free_string_var (&modify_task_name); + openvas_free_string_var (¤t_uuid); + openvas_free_string_var (¤t_name); + set_client_state (CLIENT_AUTHENTIC); break; } add_task_escalator (current_client_task, modify_task_name); @@ -7012,6 +7027,8 @@ (XML_ERROR_SYNTAX ("create_task", "CREATE_TASK requires a name attribute")); current_client_task = (task_t) 0; + openvas_free_string_var (¤t_uuid); + openvas_free_string_var (¤t_name); set_client_state (CLIENT_AUTHENTIC); break; } @@ -7029,8 +7046,9 @@ config_name = g_strdup_printf ("Imported config for task %s", tsk_uuid); - ret = create_config_rc (config_name, NULL, (char*) description); - set_task_config (current_client_task, config_name); + ret = create_config_rc (config_name, NULL, (char*) description, + &config); + set_task_config (current_client_task, config); g_free (config_name); if (ret) { @@ -7038,6 +7056,8 @@ free (description); SEND_TO_CLIENT_OR_FAIL (XML_INTERNAL_ERROR ("create_task")); current_client_task = (task_t) 0; + openvas_free_string_var (¤t_uuid); + openvas_free_string_var (¤t_name); set_client_state (CLIENT_AUTHENTIC); break; } @@ -7055,6 +7075,8 @@ ("create_task", "CREATE_TASK rcfile must have targets")); current_client_task = (task_t) 0; + openvas_free_string_var (¤t_uuid); + openvas_free_string_var (¤t_name); set_client_state (CLIENT_AUTHENTIC); break; } @@ -7062,8 +7084,7 @@ target_name = g_strdup_printf ("Imported target for task %s", tsk_uuid); - set_task_target (current_client_task, target_name); - if (create_target (target_name, hosts, NULL, NULL)) + if (create_target (target_name, hosts, NULL, NULL, &target)) { request_delete_task (¤t_client_task); g_free (target_name); @@ -7071,35 +7092,58 @@ SEND_TO_CLIENT_OR_FAIL (XML_INTERNAL_ERROR ("create_task")); current_client_task = (task_t) 0; + openvas_free_string_var (¤t_uuid); + openvas_free_string_var (¤t_name); set_client_state (CLIENT_AUTHENTIC); break; } + set_task_target (current_client_task, target); g_free (target_name); } - else + else if (find_config (current_uuid, &config)) { - if (target_hosts (target) == NULL) + request_delete_task (¤t_client_task); + free (tsk_uuid); + current_client_task = (task_t) 0; + SEND_TO_CLIENT_OR_FAIL (XML_INTERNAL_ERROR ("create_task")); + } + else if (config == 0) + { + request_delete_task (¤t_client_task); + free (tsk_uuid); + current_client_task = (task_t) 0; + if (send_find_error_to_client ("create_task", + "config", + current_uuid)) { - request_delete_task (¤t_client_task); - free (tsk_uuid); - SEND_TO_CLIENT_OR_FAIL - (XML_ERROR_SYNTAX ("create_task", - "CREATE_TASK target must exist")); - current_client_task = (task_t) 0; - set_client_state (CLIENT_AUTHENTIC); - break; + error_send_to_client (error); + return; } - if (config_nvt_selector (config) == NULL) + } + else if (find_target (current_name, &target)) + { + request_delete_task (¤t_client_task); + free (tsk_uuid); + current_client_task = (task_t) 0; + SEND_TO_CLIENT_OR_FAIL (XML_INTERNAL_ERROR ("create_task")); + } + else if (target == 0) + { + request_delete_task (¤t_client_task); + free (tsk_uuid); + current_client_task = (task_t) 0; + if (send_find_error_to_client ("create_task", + "target", + current_name)) { - request_delete_task (¤t_client_task); - free (tsk_uuid); - SEND_TO_CLIENT_OR_FAIL - (XML_ERROR_SYNTAX ("create_task", - "CREATE_TASK config must exist")); - current_client_task = (task_t) 0; - set_client_state (CLIENT_AUTHENTIC); - break; + error_send_to_client (error); + return; } + } + else + { + set_task_config (current_client_task, config); + set_task_target (current_client_task, target); /* Generate the rcfile in the task. */ @@ -7111,6 +7155,8 @@ (XML_ERROR_SYNTAX ("create_task", "Failed to generate task rcfile")); current_client_task = (task_t) 0; + openvas_free_string_var (¤t_uuid); + openvas_free_string_var (¤t_name); set_client_state (CLIENT_AUTHENTIC); break; } @@ -7134,6 +7180,8 @@ } g_free (msg); current_client_task = (task_t) 0; + openvas_free_string_var (¤t_uuid); + openvas_free_string_var (¤t_name); set_client_state (CLIENT_AUTHENTIC); break; } @@ -9069,7 +9117,7 @@ append_to_task_comment (current_client_task, text, text_len); break; case CLIENT_CREATE_TASK_CONFIG: - append_to_task_config (current_client_task, text, text_len); + openvas_append_text (¤t_uuid, text, text_len); break; case CLIENT_CREATE_TASK_ESCALATOR: openvas_append_text (&modify_task_name, text, text_len); @@ -9085,7 +9133,7 @@ abort (); // FIX out of mem break; case CLIENT_CREATE_TASK_TARGET: - append_to_task_target (current_client_task, text, text_len); + openvas_append_text (¤t_name, text, text_len); break; case CLIENT_DELETE_AGENT_NAME: Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2010-02-04 12:45:32 UTC (rev 6640) +++ trunk/openvas-manager/src/tasks_sql.h 2010-02-04 12:58:43 UTC (rev 6641) @@ -484,7 +484,7 @@ } /** - * @brief Return the UUID of a user from openvas user uuid file. + * @brief Return the UUID of a user from the OpenVAS user UUID file. * * If the user exists, ensure that the user has a UUID. * @@ -610,7 +610,7 @@ sql ("CREATE TABLE IF NOT EXISTS targets (id INTEGER PRIMARY KEY, owner INTEGER, name, hosts, comment, lsc_credential INTEGER);"); sql ("CREATE TABLE IF NOT EXISTS task_files (id INTEGER PRIMARY KEY, task INTEGER, name, content);"); sql ("CREATE TABLE IF NOT EXISTS task_escalators (id INTEGER PRIMARY KEY, task INTEGER, escalator INTEGER);"); - sql ("CREATE TABLE IF NOT EXISTS tasks (id INTEGER PRIMARY KEY, uuid, owner INTEGER, name, hidden INTEGER, time, comment, description, run_status INTEGER, start_time, end_time, config, target);"); + sql ("CREATE TABLE IF NOT EXISTS tasks (id INTEGER PRIMARY KEY, uuid, owner INTEGER, name, hidden INTEGER, time, comment, description, run_status INTEGER, start_time, end_time, config INTEGER, target INTEGER);"); sql ("CREATE TABLE IF NOT EXISTS users (id INTEGER PRIMARY KEY, uuid UNIQUE, name, password);"); sql ("ANALYZE;"); @@ -783,7 +783,10 @@ * * - Add the migrator function in the style of the others. In particular, * the function must check the version, do the modification and then set - * the new version, all inside an exclusive transaction. + * the new version, all inside an exclusive transaction. Use the generic + * iterator (init_iterator, iterator_string, iterator_int64...) because the + * specialised iterators (like init_target_iterator) can change behaviour + * across Manager SVN versions. * * - Remember to ensure that tables exist in the migrator before the migrator * modifies them. If a migrator modifies a table then the table must either @@ -2027,6 +2030,61 @@ } /** + * @brief Migrate the database from version 10 to version 11. + * + * @return 0 success, -1 error. + */ +static int +migrate_10_to_11 () +{ + sql ("BEGIN EXCLUSIVE;"); + + /* Ensure that the database is currently version 10. */ + + if (manage_db_version () != 10) + { + sql ("ROLLBACK;"); + return -1; + } + + /* Update the database. */ + + /* The config and target columns of the tasks table changed from the name + * of the config/target to the ROWID of the config/target. + * + * Recreate the table, in order to add INTEGER to the column definitions. */ + + /** @todo ROLLBACK on failure. */ + + sql ("ALTER TABLE tasks RENAME TO tasks_10;"); + + sql ("CREATE TABLE tasks" + " (id INTEGER PRIMARY KEY, uuid, owner INTEGER, name, hidden INTEGER," + " time, comment, description, run_status INTEGER, start_time," + " end_time, config INTEGER, target INTEGER);"); + + sql ("INSERT into tasks" + " (id, uuid, owner, name, hidden, time, comment, description," + " run_status, start_time, end_time, config, target)" + " SELECT" + " id, uuid, owner, name, hidden, time, comment, description," + " run_status, start_time, end_time," + " (SELECT ROWID FROM configs WHERE configs.name = tasks_10.config)," + " (SELECT ROWID FROM targets WHERE targets.name = tasks_10.target)" + " FROM tasks_10;"); + + sql ("DROP TABLE tasks_10;"); + + /* Set the database version to 11. */ + + set_db_version (11); + + sql ("COMMIT;"); + + return 0; +} + +/** * @brief Array of database version migrators. */ static migrator_t database_migrators[] @@ -2041,6 +2099,7 @@ {8, migrate_7_to_8}, {9, migrate_8_to_9}, {10, migrate_9_to_10}, + {11, migrate_10_to_11}, /* End marker. */ {-1, NULL}}; @@ -4064,9 +4123,7 @@ { config_t config; switch (sql_int64 (&config, 0, 0, - "SELECT ROWID FROM configs WHERE name =" - " (SELECT config FROM tasks" - " WHERE ROWID = %llu);", + "SELECT config FROM tasks WHERE ROWID = %llu;", task)) { case 0: @@ -4092,7 +4149,8 @@ task_config_name (task_t task) { return sql_string (0, 0, - "SELECT config FROM tasks WHERE ROWID = %llu;", + "SELECT name FROM configs WHERE ROWID =" + " (SELECT config FROM tasks WHERE ROWID = %llu);", task); } @@ -4103,13 +4161,9 @@ * @param[in] config Config. */ void -set_task_config (task_t task, const char* config) +set_task_config (task_t task, config_t config) { - gchar* quote = sql_nquote (config, strlen (config)); - sql ("UPDATE tasks SET config = '%s' WHERE ROWID = %llu;", - quote, - task); - g_free (quote); + sql ("UPDATE tasks SET config = %llu WHERE ROWID = %llu;", config, task); } /** @@ -4124,8 +4178,7 @@ { target_t target = 0; switch (sql_int64 (&target, 0, 0, - "SELECT ROWID FROM targets WHERE name =" - " (SELECT target FROM tasks WHERE ROWID = %llu);", + "SELECT target FROM tasks WHERE ROWID = %llu;", task)) { case 0: @@ -4147,13 +4200,9 @@ * @param[in] target Target. */ void -set_task_target (task_t task, const char* target) +set_task_target (task_t task, target_t target) { - gchar* quote = sql_nquote (target, strlen (target)); - sql ("UPDATE tasks SET target = '%s' WHERE ROWID = %llu;", - quote, - task); - g_free (quote); + sql ("UPDATE tasks SET target = %llu WHERE ROWID = %llu;", target, task); } /** @@ -6039,22 +6088,6 @@ } /** - * @brief Append text to the config associated with a task. - * - * @param[in] task A pointer to the task. - * @param[in] text The text to append. - * @param[in] length Length of the text. - * - * @return 0 on success, -1 if out of memory. - */ -int -append_to_task_config (task_t task, const char* text, /*@unused@*/ int length) -{ - append_to_task_string (task, "config", text); - return 0; -} - -/** * @brief Append text to the name associated with a task. * * @param[in] task A pointer to the task. @@ -6071,22 +6104,6 @@ } /** - * @brief Append text to the target associated with a task. - * - * @param[in] task A pointer to the task. - * @param[in] text The text to append. - * @param[in] length Length of the text. - * - * @return 0 on success, -1 if out of memory. - */ -int -append_to_task_target (task_t task, const char* text, /*@unused@*/ int length) -{ - append_to_task_string (task, "target", text); - return 0; -} - -/** * @brief Add a line to a task description. * * @param[in] task A pointer to the task. @@ -6380,16 +6397,17 @@ /** * @brief Create a target. * - * @param[in] name Name of target. - * @param[in] hosts Host list of target. - * @param[in] comment Comment on target. - * @param[in] credential Credential. + * @param[in] name Name of target. + * @param[in] hosts Host list of target. + * @param[in] comment Comment on target. + * @param[in] credential Credential. + * @param[out] target Created target. * * @return 0 success, 1 target exists already. */ int create_target (const char* name, const char* hosts, const char* comment, - const char* credential) + const char* credential, target_t* target) { gchar *quoted_name = sql_nquote (name, strlen (name)); gchar *quoted_hosts, *quoted_comment; @@ -6452,6 +6470,9 @@ " '%s', '', %llu);", quoted_name, current_credentials.uuid, quoted_hosts, lsc_credential); + if (target) + *target = sqlite3_last_insert_rowid (task_db); + g_free (quoted_name); g_free (quoted_hosts); @@ -6472,8 +6493,7 @@ { sql ("BEGIN IMMEDIATE;"); if (sql_int (0, 0, - "SELECT count(*) FROM tasks WHERE target =" - " (SELECT name FROM targets WHERE ROWID = %llu);", + "SELECT count(*) FROM tasks WHERE target = %llu;", target)) { sql ("ROLLBACK;"); @@ -6643,8 +6663,7 @@ target_in_use (target_t target) { return sql_int (0, 0, - "SELECT count(*) FROM tasks WHERE target =" - " (SELECT name FROM targets WHERE ROWID = %llu);", + "SELECT count(*) FROM tasks WHERE target = %llu;", target); } @@ -6665,7 +6684,7 @@ init_iterator (iterator, "SELECT name, uuid FROM tasks" - " WHERE target = (SELECT name FROM targets WHERE ROWID = %llu)" + " WHERE target = %llu" " AND hidden = 0" " AND ((owner IS NULL) OR (owner =" " (SELECT ROWID FROM users WHERE users.uuid = '%s')))" @@ -7332,18 +7351,20 @@ /** * @brief Create a config from an RC file. * - * @param[in] name Name of config and NVT selector. - * @param[in] comment Comment on config. - * @param[in] rc RC file text. + * @param[in] name Name of config and NVT selector. + * @param[in] comment Comment on config. + * @param[in] rc RC file text. + * @param[out] config Created config. * * @return 0 success, 1 config exists already, -1 error. */ int -create_config_rc (const char* name, const char* comment, char* rc) +create_config_rc (const char* name, const char* comment, char* rc, + config_t *config) { gchar *quoted_name = sql_nquote (name, strlen (name)); gchar *quoted_comment; - config_t config; + config_t new_config; assert (current_credentials.uuid); @@ -7387,8 +7408,8 @@ /* Insert the RC into the config_preferences table. */ - config = sqlite3_last_insert_rowid (task_db); - if (insert_rc_into_config (config, quoted_name, rc)) + new_config = sqlite3_last_insert_rowid (task_db); + if (insert_rc_into_config (new_config, quoted_name, rc)) { sql ("ROLLBACK;"); g_free (quoted_name); @@ -7397,6 +7418,8 @@ sql ("COMMIT;"); g_free (quoted_name); + if (config) + *config = new_config; return 0; } @@ -7536,8 +7559,7 @@ sql ("BEGIN IMMEDIATE;"); if (sql_int (0, 0, - "SELECT count(*) FROM tasks WHERE config =" - " (SELECT name FROM configs WHERE ROWID = %llu);", + "SELECT count(*) FROM tasks WHERE config = %llu;", config)) { sql ("ROLLBACK;"); @@ -7658,8 +7680,7 @@ return 1; return sql_int (0, 0, - "SELECT count(*) FROM tasks WHERE config =" - " (SELECT name FROM configs WHERE ROWID = %llu);", + "SELECT count(*) FROM tasks WHERE config = %llu;", config); } @@ -7791,8 +7812,7 @@ sql ("BEGIN IMMEDIATE;"); if (sql_int (0, 0, - "SELECT count(*) FROM tasks WHERE config =" - " (SELECT name FROM configs WHERE ROWID = %llu);", + "SELECT count(*) FROM tasks WHERE config = %llu;", config)) { sql ("ROLLBACK;"); @@ -7825,8 +7845,7 @@ sql ("BEGIN IMMEDIATE;"); if (sql_int (0, 0, - "SELECT count(*) FROM tasks WHERE config =" - " (SELECT name FROM configs WHERE ROWID = %llu);", + "SELECT count(*) FROM tasks WHERE config = %llu;", config)) { sql ("ROLLBACK;"); @@ -7942,8 +7961,7 @@ sql ("BEGIN EXCLUSIVE;"); if (sql_int (0, 0, - "SELECT count(*) FROM tasks WHERE config =" - " (SELECT name FROM configs WHERE ROWID = %llu);", + "SELECT count(*) FROM tasks WHERE config = %llu;", config)) { sql ("ROLLBACK;"); @@ -8195,7 +8213,7 @@ { init_iterator (iterator, "SELECT name, uuid FROM tasks" - " WHERE config = (SELECT name FROM configs WHERE ROWID = %llu)" + " WHERE config = %llu" " AND hidden = 0" " ORDER BY name %s;", config, From scm-commit at wald.intevation.org Thu Feb 4 14:14:20 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 4 Feb 2010 14:14:20 +0100 (CET) Subject: [Openvas-commits] r6642 - in trunk/openvas-manager: . src Message-ID: <20100204131420.B16EE865FAB0@pyrosoma.intevation.org> Author: mattm Date: 2010-02-04 14:14:17 +0100 (Thu, 04 Feb 2010) New Revision: 6642 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/manage.h trunk/openvas-manager/src/omp.c trunk/openvas-manager/src/tasks_sql.h Log: * src/tasks_sql.h (init_agent_iterator): Take config_t instead of name. * src/manage.h: Update header accordingly. * src/omp.c (omp_xml_handle_end_element): In CLIENT_GET_AGENTS pass agent_t to init_agent_iterator instead of passing name. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-04 12:58:43 UTC (rev 6641) +++ trunk/openvas-manager/ChangeLog 2010-02-04 13:14:17 UTC (rev 6642) @@ -1,5 +1,14 @@ 2010-02-04 Matthew Mundell + * src/tasks_sql.h (init_agent_iterator): Take config_t instead of name. + + * src/manage.h: Update header accordingly. + + * src/omp.c (omp_xml_handle_end_element): In CLIENT_GET_AGENTS pass + agent_t to init_agent_iterator instead of passing name. + +2010-02-04 Matthew Mundell + Reference targets and configs by ID in the tasks table, instead of by name. Hence increase database version to 11. Add database migration from 10 to 11. Modified: trunk/openvas-manager/src/manage.h =================================================================== --- trunk/openvas-manager/src/manage.h 2010-02-04 12:58:43 UTC (rev 6641) +++ trunk/openvas-manager/src/manage.h 2010-02-04 13:14:17 UTC (rev 6642) @@ -1051,7 +1051,7 @@ delete_agent (agent_t); void -init_agent_iterator (iterator_t*, const char*, int, const char*); +init_agent_iterator (iterator_t*, agent_t, int, const char*); const char* agent_iterator_name (iterator_t*); Modified: trunk/openvas-manager/src/omp.c =================================================================== --- trunk/openvas-manager/src/omp.c 2010-02-04 12:58:43 UTC (rev 6641) +++ trunk/openvas-manager/src/omp.c 2010-02-04 13:14:17 UTC (rev 6642) @@ -8038,6 +8038,8 @@ { iterator_t targets; int format; + agent_t agent = 0; + assert (strcasecmp ("GET_AGENTS", element_name) == 0); if (current_format) @@ -8064,14 +8066,25 @@ (XML_ERROR_SYNTAX ("get_agents", "GET_AGENTS format attribute should" " be \"installer\", \"howto_install\" or \"howto_use\".")); + else if (current_uuid && find_agent (current_uuid, &agent)) + SEND_TO_CLIENT_OR_FAIL (XML_INTERNAL_ERROR ("get_agents")); + else if (current_uuid && agent == 0) + { + if (send_find_error_to_client ("get_agents", + "agent", + current_uuid)) + { + error_send_to_client (error); + return; + } + } else { - /** @todo if (current_uuid && strlen (...)) find_agent... */ SEND_TO_CLIENT_OR_FAIL (""); init_agent_iterator (&targets, - current_uuid, + agent, /* Attribute sort_order. */ current_int_2, /* Attribute sort_field. */ Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2010-02-04 12:58:43 UTC (rev 6641) +++ trunk/openvas-manager/src/tasks_sql.h 2010-02-04 13:14:17 UTC (rev 6642) @@ -10917,38 +10917,33 @@ return 0; } -/** @todo Adjust omp.c caller, replace name with a agent_t. */ /** * @brief Initialise an agent iterator. * * @param[in] iterator Iterator. - * @param[in] name Name of single agent to iterate, NULL for all. + * @param[in] agent Single agent to iterate, 0 for all. * @param[in] ascending Whether to sort ascending or descending. * @param[in] sort_field Field to sort on, or NULL for "ROWID". */ void -init_agent_iterator (iterator_t* iterator, const char *name, +init_agent_iterator (iterator_t* iterator, agent_t agent, int ascending, const char* sort_field) { assert (current_credentials.uuid); - if (name && strlen (name)) - { - gchar *quoted_name = sql_quote (name); - init_iterator (iterator, - "SELECT name, comment, installer," - " howto_install, howto_use" - " FROM agents" - " WHERE name = '%s'" - " AND ((owner IS NULL) OR (owner =" - " (SELECT ROWID FROM users WHERE users.uuid = '%s')))" - " ORDER BY %s %s;", - quoted_name, - current_credentials.uuid, - sort_field ? sort_field : "ROWID", - ascending ? "ASC" : "DESC"); - g_free (quoted_name); - } + if (agent) + init_iterator (iterator, + "SELECT name, comment, installer," + " howto_install, howto_use" + " FROM agents" + " WHERE ROWID = %llu" + " AND ((owner IS NULL) OR (owner =" + " (SELECT ROWID FROM users WHERE users.uuid = '%s')))" + " ORDER BY %s %s;", + agent, + current_credentials.uuid, + sort_field ? sort_field : "ROWID", + ascending ? "ASC" : "DESC"); else init_iterator (iterator, "SELECT name, comment, installer," From scm-commit at wald.intevation.org Thu Feb 4 14:29:17 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 4 Feb 2010 14:29:17 +0100 (CET) Subject: [Openvas-commits] r6643 - in trunk/openvas-libraries: . doc Message-ID: <20100204132917.30FD1865F464@pyrosoma.intevation.org> Author: mwiegand Date: 2010-02-04 14:29:15 +0100 (Thu, 04 Feb 2010) New Revision: 6643 Modified: trunk/openvas-libraries/CHANGES trunk/openvas-libraries/ChangeLog trunk/openvas-libraries/VERSION trunk/openvas-libraries/doc/Doxyfile trunk/openvas-libraries/doc/Doxyfile_full Log: Preparing the openvas-libraries 3.0.3 release. * CHANGES: Updated. * VERSION: Set to 3.0.3. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. Modified: trunk/openvas-libraries/CHANGES =================================================================== --- trunk/openvas-libraries/CHANGES 2010-02-04 13:14:17 UTC (rev 6642) +++ trunk/openvas-libraries/CHANGES 2010-02-04 13:29:15 UTC (rev 6643) @@ -1,3 +1,21 @@ +openvas-libraries 3.0.3 (2010-02-04) + +This is the third maintenance release of the openvas-libraries module for the +Open Vulnerability Assessment System (OpenVAS) 3.0 series. + +It improves support for OMP parsing, adds initial support for dropping +privileges, and adds new crypto functions and support for SMB NTLMv1 and NTLMv2. + +Many thanks to everyone who has contributed to this release: +Chandrashekhar B, Tim Brown, Matthew Mundell, Michael Wiegand and Felix +Wolfsteller. + +Main changes compared to 3.0.2: + +* Initial support for dropping privileges. +* New crypto functions and support for SMB NTLMv1 and NTLMv2. + + openvas-libraries 3.0.2 (2010-01-19) This is the second maintenance release of the openvas-libraries module for the Modified: trunk/openvas-libraries/ChangeLog =================================================================== --- trunk/openvas-libraries/ChangeLog 2010-02-04 13:14:17 UTC (rev 6642) +++ trunk/openvas-libraries/ChangeLog 2010-02-04 13:29:15 UTC (rev 6643) @@ -1,3 +1,13 @@ +2010-02-04 Michael Wiegand + + Preparing the openvas-libraries 3.0.3 release. + + * CHANGES: Updated. + + * VERSION: Set to 3.0.3. + + * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. + 2010-02-04 Felix Wolfsteller * misc/openvas_auth.c (openvas_authenticate): Minor doc, added TODO Modified: trunk/openvas-libraries/VERSION =================================================================== --- trunk/openvas-libraries/VERSION 2010-02-04 13:14:17 UTC (rev 6642) +++ trunk/openvas-libraries/VERSION 2010-02-04 13:29:15 UTC (rev 6643) @@ -1 +1 @@ -3.0.3.SVN +3.0.3 Modified: trunk/openvas-libraries/doc/Doxyfile =================================================================== --- trunk/openvas-libraries/doc/Doxyfile 2010-02-04 13:14:17 UTC (rev 6642) +++ trunk/openvas-libraries/doc/Doxyfile 2010-02-04 13:29:15 UTC (rev 6643) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 3.0.3.SVN +PROJECT_NUMBER = 3.0.3 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. Modified: trunk/openvas-libraries/doc/Doxyfile_full =================================================================== --- trunk/openvas-libraries/doc/Doxyfile_full 2010-02-04 13:14:17 UTC (rev 6642) +++ trunk/openvas-libraries/doc/Doxyfile_full 2010-02-04 13:29:15 UTC (rev 6643) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 3.0.3.SVN +PROJECT_NUMBER = 3.0.3 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. From scm-commit at wald.intevation.org Thu Feb 4 14:48:33 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 4 Feb 2010 14:48:33 +0100 (CET) Subject: [Openvas-commits] r6644 - trunk/openvas-libraries Message-ID: <20100204134833.79D62802D3BB@pyrosoma.intevation.org> Author: mwiegand Date: 2010-02-04 14:48:32 +0100 (Thu, 04 Feb 2010) New Revision: 6644 Modified: trunk/openvas-libraries/ChangeLog trunk/openvas-libraries/MANIFEST Log: * MANIFEST: Added missing files. Modified: trunk/openvas-libraries/ChangeLog =================================================================== --- trunk/openvas-libraries/ChangeLog 2010-02-04 13:29:15 UTC (rev 6643) +++ trunk/openvas-libraries/ChangeLog 2010-02-04 13:48:32 UTC (rev 6644) @@ -1,5 +1,9 @@ 2010-02-04 Michael Wiegand + * MANIFEST: Added missing files. + +2010-02-04 Michael Wiegand + Preparing the openvas-libraries 3.0.3 release. * CHANGES: Updated. Modified: trunk/openvas-libraries/MANIFEST =================================================================== --- trunk/openvas-libraries/MANIFEST 2010-02-04 13:29:15 UTC (rev 6643) +++ trunk/openvas-libraries/MANIFEST 2010-02-04 13:48:32 UTC (rev 6644) @@ -184,6 +184,9 @@ nasl/preparse.h nasl/regex.c nasl/smb_interface_stub.c +nasl/smb_crypt.c +nasl/smb_crypt.h +nasl/smb_crypt2.c nasl/strutils.c nasl/strutils.h nasl/tests/ From scm-commit at wald.intevation.org Thu Feb 4 14:57:57 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 4 Feb 2010 14:57:57 +0100 (CET) Subject: [Openvas-commits] r6645 - tags Message-ID: <20100204135757.7016C802D3A6@pyrosoma.intevation.org> Author: mwiegand Date: 2010-02-04 14:57:56 +0100 (Thu, 04 Feb 2010) New Revision: 6645 Added: tags/openvas-libraries-release-3.0.3/ Log: Tagging the openvas-libraries 3.0.3 release. Copied: tags/openvas-libraries-release-3.0.3 (from rev 6644, trunk/openvas-libraries) From scm-commit at wald.intevation.org Thu Feb 4 14:59:42 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 4 Feb 2010 14:59:42 +0100 (CET) Subject: [Openvas-commits] r6646 - in trunk/openvas-libraries: . doc Message-ID: <20100204135942.D61EF802D3A6@pyrosoma.intevation.org> Author: mwiegand Date: 2010-02-04 14:59:42 +0100 (Thu, 04 Feb 2010) New Revision: 6646 Modified: trunk/openvas-libraries/ChangeLog trunk/openvas-libraries/VERSION trunk/openvas-libraries/doc/Doxyfile trunk/openvas-libraries/doc/Doxyfile_full Log: Post-release version bump. * VERSION: Set to 3.0.4.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. Modified: trunk/openvas-libraries/ChangeLog =================================================================== --- trunk/openvas-libraries/ChangeLog 2010-02-04 13:57:56 UTC (rev 6645) +++ trunk/openvas-libraries/ChangeLog 2010-02-04 13:59:42 UTC (rev 6646) @@ -1,5 +1,13 @@ 2010-02-04 Michael Wiegand + Post-release version bump. + + * VERSION: Set to 3.0.4.SVN. + + * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. + +2010-02-04 Michael Wiegand + * MANIFEST: Added missing files. 2010-02-04 Michael Wiegand Modified: trunk/openvas-libraries/VERSION =================================================================== --- trunk/openvas-libraries/VERSION 2010-02-04 13:57:56 UTC (rev 6645) +++ trunk/openvas-libraries/VERSION 2010-02-04 13:59:42 UTC (rev 6646) @@ -1 +1 @@ -3.0.3 +3.0.4.SVN Modified: trunk/openvas-libraries/doc/Doxyfile =================================================================== --- trunk/openvas-libraries/doc/Doxyfile 2010-02-04 13:57:56 UTC (rev 6645) +++ trunk/openvas-libraries/doc/Doxyfile 2010-02-04 13:59:42 UTC (rev 6646) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 3.0.3 +PROJECT_NUMBER = 3.0.4.SVN # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. Modified: trunk/openvas-libraries/doc/Doxyfile_full =================================================================== --- trunk/openvas-libraries/doc/Doxyfile_full 2010-02-04 13:57:56 UTC (rev 6645) +++ trunk/openvas-libraries/doc/Doxyfile_full 2010-02-04 13:59:42 UTC (rev 6646) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 3.0.3 +PROJECT_NUMBER = 3.0.4.SVN # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. From scm-commit at wald.intevation.org Thu Feb 4 15:08:09 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 4 Feb 2010 15:08:09 +0100 (CET) Subject: [Openvas-commits] r6647 - trunk/doc/website Message-ID: <20100204140809.D890D8041152@pyrosoma.intevation.org> Author: mwiegand Date: 2010-02-04 15:08:08 +0100 (Thu, 04 Feb 2010) New Revision: 6647 Modified: trunk/doc/website/template_header.m4 Log: Updated download link for openvas-libraries release. Modified: trunk/doc/website/template_header.m4 =================================================================== --- trunk/doc/website/template_header.m4 2010-02-04 13:59:42 UTC (rev 6646) +++ trunk/doc/website/template_header.m4 2010-02-04 14:08:08 UTC (rev 6647) @@ -150,7 +150,7 @@

OpenVAS 3.0:
- openvas-libraries 3.0.2
+ openvas-libraries 3.0.3
openvas-scanner 3.0.1
openvas-client 3.0.0
Optional:
From scm-commit at wald.intevation.org Thu Feb 4 16:16:33 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 4 Feb 2010 16:16:33 +0100 (CET) Subject: [Openvas-commits] r6648 - in trunk/openvas-manager: . doc src Message-ID: <20100204151633.9CC318041F1F@pyrosoma.intevation.org> Author: mattm Date: 2010-02-04 16:16:31 +0100 (Thu, 04 Feb 2010) New Revision: 6648 Modified: trunk/openvas-manager/CMakeLists.txt trunk/openvas-manager/ChangeLog trunk/openvas-manager/doc/db_postgres.sql trunk/openvas-manager/src/tasks_sql.h Log: Remove UNIQUE constraint from name of user resource tables. Hence increase database version to 12. Add database migration from 11 to 12. * src/tasks_sql.h (create_tables): Remove UNIQUE from name column of tables agents, configs and escalators. (migrate_11_to_12): New function. (database_migrators): Add migrate_11_to_12. * CMakeLists.txt (OPENVASMD_DATABASE_VERSION): Increase to 12. * doc/db_postgres.sql (agents, escalators, targets, configs) (lsc_credentials): Remove UNIQUE from name. Modified: trunk/openvas-manager/CMakeLists.txt =================================================================== --- trunk/openvas-manager/CMakeLists.txt 2010-02-04 14:08:08 UTC (rev 6647) +++ trunk/openvas-manager/CMakeLists.txt 2010-02-04 15:16:31 UTC (rev 6648) @@ -94,7 +94,7 @@ ## Variables -set (OPENVASMD_DATABASE_VERSION 11) +set (OPENVASMD_DATABASE_VERSION 12) set (CMAKE_BUILD Debug) set (CMAKE_VERBOSE_MAKEFILE ON) Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-04 14:08:08 UTC (rev 6647) +++ trunk/openvas-manager/ChangeLog 2010-02-04 15:16:31 UTC (rev 6648) @@ -1,5 +1,20 @@ 2010-02-04 Matthew Mundell + Remove UNIQUE constraint from name of user resource tables. Hence + increase database version to 12. Add database migration from 11 to 12. + + * src/tasks_sql.h (create_tables): Remove UNIQUE from name column of + tables agents, configs and escalators. + (migrate_11_to_12): New function. + (database_migrators): Add migrate_11_to_12. + + * CMakeLists.txt (OPENVASMD_DATABASE_VERSION): Increase to 12. + + * doc/db_postgres.sql (agents, escalators, targets, configs) + (lsc_credentials): Remove UNIQUE from name. + +2010-02-04 Matthew Mundell + * src/tasks_sql.h (init_agent_iterator): Take config_t instead of name. * src/manage.h: Update header accordingly. Modified: trunk/openvas-manager/doc/db_postgres.sql =================================================================== --- trunk/openvas-manager/doc/db_postgres.sql 2010-02-04 14:08:08 UTC (rev 6647) +++ trunk/openvas-manager/doc/db_postgres.sql 2010-02-04 15:16:31 UTC (rev 6648) @@ -6,7 +6,7 @@ CREATE TABLE agents ( id integer PRIMARY KEY, owner integer REFERENCES users (id) ON DELETE RESTRICT, - name text UNIQUE NOT NULL, + name text NOT NULL, comment text, installer text, howto_install text, @@ -33,7 +33,7 @@ CREATE TABLE escalators ( id integer PRIMARY KEY, owner integer REFERENCES users (id) ON DELETE RESTRICT, - name text UNIQUE NOT NULL, + name text NOT NULL, comment text, event integer, condition integer, @@ -56,7 +56,7 @@ CREATE TABLE targets ( id integer PRIMARY KEY, owner integer REFERENCES users (id) ON DELETE RESTRICT, - name text UNIQUE NOT NULL, + name text NOT NULL, hosts text, comment text, lsc_credential integer REFERENCES lsc_credentials (id) ON DELETE RESTRICT); @@ -64,7 +64,7 @@ CREATE TABLE configs ( id integer PRIMARY KEY, owner integer REFERENCES users (id) ON DELETE RESTRICT, - name text UNIQUE NOT NULL, + name text NOT NULL, nvt_selector text REFERENCES nvt_selectors (name) ON DELETE RESTRICT, comment text, family_count integer, @@ -164,7 +164,7 @@ CREATE TABLE lsc_credentials ( id integer PRIMARY KEY, owner integer REFERENCES users (id) ON DELETE RESTRICT, - name text UNIQUE NOT NULL, + name text NOT NULL, login text, password text, comment text, Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2010-02-04 14:08:08 UTC (rev 6647) +++ trunk/openvas-manager/src/tasks_sql.h 2010-02-04 15:16:31 UTC (rev 6648) @@ -585,13 +585,13 @@ static void create_tables () { - sql ("CREATE TABLE IF NOT EXISTS agents (id INTEGER PRIMARY KEY, owner INTEGER, name UNIQUE, comment, installer TEXT, howto_install TEXT, howto_use TEXT);"); + sql ("CREATE TABLE IF NOT EXISTS agents (id INTEGER PRIMARY KEY, owner INTEGER, name, comment, installer TEXT, howto_install TEXT, howto_use TEXT);"); sql ("CREATE TABLE IF NOT EXISTS config_preferences (id INTEGER PRIMARY KEY, config INTEGER, type, name, value);"); - sql ("CREATE TABLE IF NOT EXISTS configs (id INTEGER PRIMARY KEY, owner INTEGER, name UNIQUE, nvt_selector, comment, family_count INTEGER, nvt_count INTEGER, families_growing INTEGER, nvts_growing INTEGER);"); + sql ("CREATE TABLE IF NOT EXISTS configs (id INTEGER PRIMARY KEY, owner INTEGER, name, nvt_selector, comment, family_count INTEGER, nvt_count INTEGER, families_growing INTEGER, nvts_growing INTEGER);"); sql ("CREATE TABLE IF NOT EXISTS escalator_condition_data (id INTEGER PRIMARY KEY, escalator INTEGER, name, data);"); sql ("CREATE TABLE IF NOT EXISTS escalator_event_data (id INTEGER PRIMARY KEY, escalator INTEGER, name, data);"); sql ("CREATE TABLE IF NOT EXISTS escalator_method_data (id INTEGER PRIMARY KEY, escalator INTEGER, name, data);"); - sql ("CREATE TABLE IF NOT EXISTS escalators (id INTEGER PRIMARY KEY, owner INTEGER, name UNIQUE, comment, event INTEGER, condition INTEGER, method INTEGER);"); + sql ("CREATE TABLE IF NOT EXISTS escalators (id INTEGER PRIMARY KEY, owner INTEGER, name, comment, event INTEGER, condition INTEGER, method INTEGER);"); sql ("CREATE TABLE IF NOT EXISTS lsc_credentials (id INTEGER PRIMARY KEY, owner INTEGER, name, login, password, comment, public_key TEXT, private_key TEXT, rpm TEXT, deb TEXT, exe TEXT);"); sql ("CREATE TABLE IF NOT EXISTS meta (id INTEGER PRIMARY KEY, name UNIQUE, value);"); sql ("CREATE TABLE IF NOT EXISTS nvt_preferences (id INTEGER PRIMARY KEY, name, value);"); @@ -2085,6 +2085,87 @@ } /** + * @brief Migrate the database from version 11 to version 12. + * + * @return 0 success, -1 error. + */ +static int +migrate_11_to_12 () +{ + sql ("BEGIN EXCLUSIVE;"); + + /* Ensure that the database is currently version 11. */ + + if (manage_db_version () != 11) + { + sql ("ROLLBACK;"); + return -1; + } + + /* Update the database. */ + + /* Tables agents, configs and escalators were relieved of the UNIQUE + * constraint on the name column. + * + * Recreate the tables, in order to remove the contraint. */ + + /** @todo ROLLBACK on failure. */ + + sql ("ALTER TABLE agents RENAME TO agents_11;"); + + sql ("CREATE TABLE agents" + " (id INTEGER PRIMARY KEY, owner INTEGER, name, comment," + " installer TEXT, howto_install TEXT, howto_use TEXT);"); + + sql ("INSERT into agents" + " (id, owner, name, comment, installer, howto_install, howto_use)" + " SELECT" + " id, owner, name, comment, installer, howto_install, howto_use" + " FROM agents_11;"); + + sql ("DROP TABLE agents_11;"); + + sql ("ALTER TABLE configs RENAME TO configs_11;"); + + sql ("CREATE TABLE configs" + " (id INTEGER PRIMARY KEY, owner INTEGER, name, nvt_selector, comment," + " family_count INTEGER, nvt_count INTEGER, families_growing INTEGER," + " nvts_growing INTEGER);"); + + sql ("INSERT into configs" + " (id, owner, name, nvt_selector, comment, family_count, nvt_count," + " families_growing, nvts_growing)" + " SELECT" + " id, owner, name, nvt_selector, comment, family_count, nvt_count," + " families_growing, nvts_growing" + " FROM configs_11;"); + + sql ("DROP TABLE configs_11;"); + + sql ("ALTER TABLE escalators RENAME TO escalators_11;"); + + sql ("CREATE TABLE escalators" + " (id INTEGER PRIMARY KEY, owner INTEGER, name, comment, event INTEGER," + " condition INTEGER, method INTEGER);"); + + sql ("INSERT into escalators" + " (id, owner, name, comment, event, condition, method)" + " SELECT" + " id, owner, name, comment, event, condition, method" + " FROM escalators_11;"); + + sql ("DROP TABLE escalators_11;"); + + /* Set the database version to 12. */ + + set_db_version (12); + + sql ("COMMIT;"); + + return 0; +} + +/** * @brief Array of database version migrators. */ static migrator_t database_migrators[] @@ -2100,6 +2181,7 @@ {9, migrate_8_to_9}, {10, migrate_9_to_10}, {11, migrate_10_to_11}, + {12, migrate_11_to_12}, /* End marker. */ {-1, NULL}}; @@ -6394,6 +6476,7 @@ return FALSE; } +/** @todo Take credential_t instead of credential name, adjust omp.c callers. */ /** * @brief Create a target. * From scm-commit at wald.intevation.org Thu Feb 4 18:02:27 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 4 Feb 2010 18:02:27 +0100 (CET) Subject: [Openvas-commits] r6649 - in trunk/openvas-manager: . src Message-ID: <20100204170227.6D7B7865FAB7@pyrosoma.intevation.org> Author: mattm Date: 2010-02-04 18:02:26 +0100 (Thu, 04 Feb 2010) New Revision: 6649 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/tasks_sql.h Log: * src/tasks_sql.h (config_insert_preferences): Init quoted_nvt_name from NVT name instead of preference name. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-04 15:16:31 UTC (rev 6648) +++ trunk/openvas-manager/ChangeLog 2010-02-04 17:02:26 UTC (rev 6649) @@ -1,5 +1,10 @@ 2010-02-04 Matthew Mundell + * src/tasks_sql.h (config_insert_preferences): Init quoted_nvt_name from + NVT name instead of preference name. + +2010-02-04 Matthew Mundell + Remove UNIQUE constraint from name of user resource tables. Hence increase database version to 12. Add database migration from 11 to 12. Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2010-02-04 15:16:31 UTC (rev 6648) +++ trunk/openvas-manager/src/tasks_sql.h 2010-02-04 17:02:26 UTC (rev 6649) @@ -6858,7 +6858,7 @@ while ((alt = (gchar*) g_ptr_array_index (preference->alts, alt_index++))) g_string_append_printf (value, ";%s", alt); - quoted_nvt_name = sql_quote (preference->name); + quoted_nvt_name = sql_quote (preference->nvt_name); quoted_preference_name = sql_quote (preference->name); quoted_type = sql_quote (preference->type); quoted_value = sql_quote (value->str); From scm-commit at wald.intevation.org Thu Feb 4 20:50:31 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 4 Feb 2010 20:50:31 +0100 (CET) Subject: [Openvas-commits] r6650 - in trunk/gsa: . src/html/src Message-ID: <20100204195031.A194F86607B2@pyrosoma.intevation.org> Author: mattm Date: 2010-02-04 20:50:30 +0100 (Thu, 04 Feb 2010) New Revision: 6650 Modified: trunk/gsa/ChangeLog trunk/gsa/src/html/src/gsa-style.css trunk/gsa/src/html/src/omp.xsl Log: Wrap lines of result descriptions during the XSL transform. * src/html/src/omp.xsl (wrap): New template. (result) [detailed]: Add PRE around description. Filter description through wrap template. * src/html/src/gsa-style.css (.issue_box_box): Remove white-space and font-family. Modified: trunk/gsa/ChangeLog =================================================================== --- trunk/gsa/ChangeLog 2010-02-04 17:02:26 UTC (rev 6649) +++ trunk/gsa/ChangeLog 2010-02-04 19:50:30 UTC (rev 6650) @@ -1,3 +1,14 @@ +2010-02-04 Matthew Mundell + + Wrap lines of result descriptions during the XSL transform. + + * src/html/src/omp.xsl (wrap): New template. + (result) [detailed]: Add PRE around description. Filter description + through wrap template. + + * src/html/src/gsa-style.css (.issue_box_box): Remove white-space and + font-family. + 2010-02-04 Michael Wiegand * src/html/src/omp.xsl: Reconciled value of of increment with max value Modified: trunk/gsa/src/html/src/gsa-style.css =================================================================== --- trunk/gsa/src/html/src/gsa-style.css 2010-02-04 17:02:26 UTC (rev 6649) +++ trunk/gsa/src/html/src/gsa-style.css 2010-02-04 19:50:30 UTC (rev 6650) @@ -482,6 +482,4 @@ margin:3px; margin-top:0px; padding:3px; - white-space:pre-line; - font-family:monospace; } Modified: trunk/gsa/src/html/src/omp.xsl =================================================================== --- trunk/gsa/src/html/src/omp.xsl 2010-02-04 17:02:26 UTC (rev 6649) +++ trunk/gsa/src/html/src/omp.xsl 2010-02-04 19:50:30 UTC (rev 6650) @@ -38,6 +38,38 @@ + + + + + + + + + + + + + + + + + + + + + + + ↵ + + + + + + + + + @@ -3904,7 +3936,11 @@

- +

+	  
+		
+	  
+

From scm-commit at wald.intevation.org Fri Feb 5 08:29:11 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Feb 2010 08:29:11 +0100 (CET) Subject: [Openvas-commits] r6651 - trunk/openvas-administrator Message-ID: <20100205072911.38560865FAA0@pyrosoma.intevation.org> Author: mwiegand Date: 2010-02-05 08:29:09 +0100 (Fri, 05 Feb 2010) New Revision: 6651 Modified: trunk/openvas-administrator/CHANGES trunk/openvas-administrator/CMakeLists.txt trunk/openvas-administrator/ChangeLog Log: Preparing for the 0.7.0 release. * CMakeLists.txt: Updated version number. * CHANGES: Updated. Modified: trunk/openvas-administrator/CHANGES =================================================================== --- trunk/openvas-administrator/CHANGES 2010-02-04 19:50:30 UTC (rev 6650) +++ trunk/openvas-administrator/CHANGES 2010-02-05 07:29:09 UTC (rev 6651) @@ -1,3 +1,18 @@ +openvas-administrator 0.7.0 (2010-02-05) + +This is the 11th development release of the openvas-administrator module for +the Open Vulnerability Assessment System (OpenVAS). + +Many thanks to everyone who has contributed to this release: +Christian Kuersteiner and Matthew Mundell. + +Main changes since 0.6.0: + +* When synchronizing with an NVT feed, the administrator now simply starts the + synchronization script in the background instead of waiting for it to finish + before continuing. + + openvas-administrator 0.6.0 (2010-01-26) This is the 10th development release of the openvas-administrator module for Modified: trunk/openvas-administrator/CMakeLists.txt =================================================================== --- trunk/openvas-administrator/CMakeLists.txt 2010-02-04 19:50:30 UTC (rev 6650) +++ trunk/openvas-administrator/CMakeLists.txt 2010-02-05 07:29:09 UTC (rev 6651) @@ -71,8 +71,8 @@ set (CPACK_SYSTEM_NAME "") set (CPACK_TOPLEVEL_TAG "") set (CPACK_PACKAGE_VERSION_MAJOR "0") -set (CPACK_PACKAGE_VERSION_MINOR "6") -set (CPACK_PACKAGE_VERSION_PATCH "1${SVN_REVISION}") +set (CPACK_PACKAGE_VERSION_MINOR "7") +set (CPACK_PACKAGE_VERSION_PATCH "0${SVN_REVISION}") set (CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.${CPACK_PACKAGE_VERSION_PATCH}") set (CPACK_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}") set (CPACK_SOURCE_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}") Modified: trunk/openvas-administrator/ChangeLog =================================================================== --- trunk/openvas-administrator/ChangeLog 2010-02-04 19:50:30 UTC (rev 6650) +++ trunk/openvas-administrator/ChangeLog 2010-02-05 07:29:09 UTC (rev 6651) @@ -1,3 +1,11 @@ +2010-02-05 Michael Wiegand + + Preparing for the 0.7.0 release. + + * CMakeLists.txt: Updated version number. + + * CHANGES: Updated. + 2010-02-03 Christian Kuersteiner * src/admin.c (openvas_admin_list_users): Add format string for g_warnings. From scm-commit at wald.intevation.org Fri Feb 5 08:49:08 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Feb 2010 08:49:08 +0100 (CET) Subject: [Openvas-commits] r6652 - tags Message-ID: <20100205074908.6E57F865FAB3@pyrosoma.intevation.org> Author: mwiegand Date: 2010-02-05 08:49:07 +0100 (Fri, 05 Feb 2010) New Revision: 6652 Added: tags/openvas-administrator-release-0.7.0/ Log: Tagging the openvas-administrator 0.7.0 release. Copied: tags/openvas-administrator-release-0.7.0 (from rev 6651, trunk/openvas-administrator) From scm-commit at wald.intevation.org Fri Feb 5 08:52:11 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Feb 2010 08:52:11 +0100 (CET) Subject: [Openvas-commits] r6653 - trunk/openvas-administrator Message-ID: <20100205075211.DD2C6865FAA0@pyrosoma.intevation.org> Author: mwiegand Date: 2010-02-05 08:52:11 +0100 (Fri, 05 Feb 2010) New Revision: 6653 Modified: trunk/openvas-administrator/CMakeLists.txt trunk/openvas-administrator/ChangeLog Log: Post release version bump. * CMakeLists.txt: Updated version number. Modified: trunk/openvas-administrator/CMakeLists.txt =================================================================== --- trunk/openvas-administrator/CMakeLists.txt 2010-02-05 07:49:07 UTC (rev 6652) +++ trunk/openvas-administrator/CMakeLists.txt 2010-02-05 07:52:11 UTC (rev 6653) @@ -72,7 +72,7 @@ set (CPACK_TOPLEVEL_TAG "") set (CPACK_PACKAGE_VERSION_MAJOR "0") set (CPACK_PACKAGE_VERSION_MINOR "7") -set (CPACK_PACKAGE_VERSION_PATCH "0${SVN_REVISION}") +set (CPACK_PACKAGE_VERSION_PATCH "1${SVN_REVISION}") set (CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.${CPACK_PACKAGE_VERSION_PATCH}") set (CPACK_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}") set (CPACK_SOURCE_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}") Modified: trunk/openvas-administrator/ChangeLog =================================================================== --- trunk/openvas-administrator/ChangeLog 2010-02-05 07:49:07 UTC (rev 6652) +++ trunk/openvas-administrator/ChangeLog 2010-02-05 07:52:11 UTC (rev 6653) @@ -1,5 +1,11 @@ 2010-02-05 Michael Wiegand + Post release version bump. + + * CMakeLists.txt: Updated version number. + +2010-02-05 Michael Wiegand + Preparing for the 0.7.0 release. * CMakeLists.txt: Updated version number. From scm-commit at wald.intevation.org Fri Feb 5 09:28:10 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Feb 2010 09:28:10 +0100 (CET) Subject: [Openvas-commits] r6654 - in trunk/openvas-libraries: . misc Message-ID: <20100205082810.2744A865FAAD@pyrosoma.intevation.org> Author: felix Date: 2010-02-05 09:28:07 +0100 (Fri, 05 Feb 2010) New Revision: 6654 Modified: trunk/openvas-libraries/ChangeLog trunk/openvas-libraries/misc/openvas_logging.c Log: * misc/openvas_logging.c (openvas_syslog_func): Applying patch from Stephan Kleine, fixing bug #1272 (http://bugs.openvas.org/1272). Modified: trunk/openvas-libraries/ChangeLog =================================================================== --- trunk/openvas-libraries/ChangeLog 2010-02-05 07:52:11 UTC (rev 6653) +++ trunk/openvas-libraries/ChangeLog 2010-02-05 08:28:07 UTC (rev 6654) @@ -1,3 +1,8 @@ +2010-02-04 Felix Wolfsteller + + * misc/openvas_logging.c (openvas_syslog_func): Applying patch from + Stephan Kleine, fixing bug #1272 (http://bugs.openvas.org/1272). + 2010-02-04 Michael Wiegand Post-release version bump. Modified: trunk/openvas-libraries/misc/openvas_logging.c =================================================================== --- trunk/openvas-libraries/misc/openvas_logging.c 2010-02-05 07:52:11 UTC (rev 6653) +++ trunk/openvas-libraries/misc/openvas_logging.c 2010-02-05 08:28:07 UTC (rev 6654) @@ -305,28 +305,28 @@ switch (log_level) { case G_LOG_FLAG_FATAL: - syslog (LOG_ALERT, message); + syslog (LOG_ALERT, "%s", message); break; case G_LOG_LEVEL_ERROR: - syslog (LOG_ERR, message); + syslog (LOG_ERR, "%s", message); break; case G_LOG_LEVEL_CRITICAL: - syslog (LOG_CRIT, message); + syslog (LOG_CRIT, "%s", message); break; case G_LOG_LEVEL_WARNING: - syslog (LOG_WARNING, message); + syslog (LOG_WARNING, "%s", message); break; case G_LOG_LEVEL_MESSAGE: - syslog (LOG_NOTICE, message); + syslog (LOG_NOTICE, "%s", message); break; case G_LOG_LEVEL_INFO: - syslog (LOG_INFO, message); + syslog (LOG_INFO, "%s", message); break; case G_LOG_LEVEL_DEBUG: - syslog (LOG_DEBUG, message); + syslog (LOG_DEBUG, "%s", message); break; default: - syslog (LOG_INFO, message); + syslog (LOG_INFO, "%s", message); break; } } From scm-commit at wald.intevation.org Fri Feb 5 09:35:54 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Feb 2010 09:35:54 +0100 (CET) Subject: [Openvas-commits] r6655 - trunk/doc/website Message-ID: <20100205083554.56350865FACC@pyrosoma.intevation.org> Author: mwiegand Date: 2010-02-05 09:35:50 +0100 (Fri, 05 Feb 2010) New Revision: 6655 Modified: trunk/doc/website/template_header.m4 Log: Updated download link for openvas-administrator. Modified: trunk/doc/website/template_header.m4 =================================================================== --- trunk/doc/website/template_header.m4 2010-02-05 08:28:07 UTC (rev 6654) +++ trunk/doc/website/template_header.m4 2010-02-05 08:35:50 UTC (rev 6655) @@ -155,7 +155,7 @@ openvas-client 3.0.0
Optional:
openvas-manager 1.0.0-beta2
- openvas-administrator 0.6.0
+ openvas-administrator 0.7.0
gsa 1.0.0-beta3

From scm-commit at wald.intevation.org Fri Feb 5 10:54:58 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Feb 2010 10:54:58 +0100 (CET) Subject: [Openvas-commits] r6656 - in trunk/openvas-plugins: . scripts Message-ID: <20100205095458.05F5C86607C2@pyrosoma.intevation.org> Author: felix Date: 2010-02-05 10:54:52 +0100 (Fri, 05 Feb 2010) New Revision: 6656 Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/ldap.inc trunk/openvas-plugins/scripts/ldap_detect.nasl trunk/openvas-plugins/scripts/ldap_null_base.nasl trunk/openvas-plugins/scripts/ldap_null_bind.nasl trunk/openvas-plugins/scripts/ldapsearch.nasl Log: * scripts/ldap_detect.nasl, scripts/ldap.inc, scripts/ldap_null_base.nasl, scripts/ldap_null_bind.nasl, scripts/ldapsearch.nasl: Removed trailing whitespaces and dangling newlines. Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2010-02-05 08:35:50 UTC (rev 6655) +++ trunk/openvas-plugins/ChangeLog 2010-02-05 09:54:52 UTC (rev 6656) @@ -1,3 +1,10 @@ +2010-02-05 Felix Wolfsteller + + * scripts/ldap_detect.nasl, scripts/ldap.inc, + scripts/ldap_null_base.nasl, scripts/ldap_null_bind.nasl, + scripts/ldapsearch.nasl: Removed trailing whitespaces and dangling + newlines. + 2010-02-04 Chandrashekhar B * scripts/gb_ibm_db2_bof_vuln_lin_feb10.nasl, Modified: trunk/openvas-plugins/scripts/ldap.inc =================================================================== --- trunk/openvas-plugins/scripts/ldap.inc 2010-02-05 08:35:50 UTC (rev 6655) +++ trunk/openvas-plugins/scripts/ldap.inc 2010-02-05 09:54:52 UTC (rev 6656) @@ -39,7 +39,7 @@ soc = open_sock_tcp(port); if(!soc)return NULL; - + send(socket:soc, data:req); buf = recv(socket:soc, length:1); if( buf == NULL )return NULL; @@ -47,6 +47,6 @@ if(strlen(buf) == 1) { response = hexstr(buf); if(response =~ "^30$" )return TRUE; - } + } return NULL; } Modified: trunk/openvas-plugins/scripts/ldap_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/ldap_detect.nasl 2010-02-05 08:35:50 UTC (rev 6655) +++ trunk/openvas-plugins/scripts/ldap_detect.nasl 2010-02-05 09:54:52 UTC (rev 6656) @@ -39,7 +39,7 @@ Risk factor : None"; - script_name("LDAP Detection"); + script_name("LDAP Detection"); script_description(desc); script_summary("Check for LDAP"); Modified: trunk/openvas-plugins/scripts/ldap_null_base.nasl =================================================================== --- trunk/openvas-plugins/scripts/ldap_null_base.nasl 2010-02-05 08:35:50 UTC (rev 6655) +++ trunk/openvas-plugins/scripts/ldap_null_base.nasl 2010-02-05 09:54:52 UTC (rev 6656) @@ -75,9 +75,6 @@ security_note(port); set_kb_item(name: string("LDAP/", port, "/NULL_BASE"), value: TRUE); exit(0); - } + } } } - - - Modified: trunk/openvas-plugins/scripts/ldap_null_bind.nasl =================================================================== --- trunk/openvas-plugins/scripts/ldap_null_bind.nasl 2010-02-05 08:35:50 UTC (rev 6655) +++ trunk/openvas-plugins/scripts/ldap_null_bind.nasl 2010-02-05 09:54:52 UTC (rev 6656) @@ -28,8 +28,6 @@ Low / CVSS Base Score : 2 (AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)"; - - script_description(desc); script_summary("Check for LDAP null bind"); script_category(ACT_GATHER_INFO); @@ -76,11 +74,6 @@ security_note(port); set_kb_item(name: string("LDAP/", port, "/NULL_BIND"), value: TRUE); exit(0); - } + } } } - - - - - Modified: trunk/openvas-plugins/scripts/ldapsearch.nasl =================================================================== --- trunk/openvas-plugins/scripts/ldapsearch.nasl 2010-02-05 08:35:50 UTC (rev 6655) +++ trunk/openvas-plugins/scripts/ldapsearch.nasl 2010-02-05 09:54:52 UTC (rev 6656) @@ -9,7 +9,7 @@ # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. -# +# # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA @@ -38,7 +38,7 @@ script_add_preference(name:"Timeout value", type:"entry", value:"3"); script_add_preference(name:"Buffersize", type:"entry", value:"500"); exit(0); -} +} port = get_kb_item("Services/ldap"); @@ -48,14 +48,14 @@ if(! null_base = get_kb_item(string("LDAP/", port, "/NULL_BASE")) && ! null_bind = get_kb_item(string("LDAP/", port, "/NULL_BIND"))) { exit(0); -} +} if (! find_in_path("ldapsearch")) { log_message(port:port, data: 'Command "ldapsearch" not available to scan server (not in search path).\nTherefore this test was not executed.'); exit(0); } - + timeout = script_get_preference("Timeout value"); buffer = script_get_preference("Buffersize"); @@ -66,18 +66,18 @@ argv[i++] = "-h"; argv[i++] = get_host_ip(); argv[i++] = "-p"; - argv[i++] = port; + argv[i++] = port; argv[i++] = "-x"; #do not authenticate argv[i++] = "-C"; #we like to chase referals - argv[i++] = "-b"; + argv[i++] = "-b"; argv[i++] = value; argv[i++] = "-s"; - argv[i++] = "base"; + argv[i++] = "base"; - if(type=="null-bind") + if(type=="null-bind") { - argv[i++] = "objectclass=*"; - argv[i++] = "-P3"; + argv[i++] = "objectclass=*"; + argv[i++] = "-P3"; } return(argv); @@ -113,19 +113,19 @@ } } } - if (!value) exit(0); + if (!value) exit(0); return(value); } -function makereport(res, buffer, port, type) +function makereport(res, buffer, port, type) { if(! res) exit(0); results = substr(res, 0, buffer-1); if (results) - { + { s = ''; - + foreach x (args) s = s + x + ' '; result = string("(Command was:'", s ,"')\n\n",results,"\n"); return result; @@ -173,20 +173,20 @@ bind_report = makereport(res, type); } } - + if(bind_report || base_report) { - + data = string("Grabbed the following information with a null-bind, null-base request:\n"); if(bind_report == base_report) { data += bind_report; } else { data += bind_report + base_report; - } + } security_note(port:port,data:data); exit(0); -} +} exit(0); From scm-commit at wald.intevation.org Fri Feb 5 11:22:21 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Feb 2010 11:22:21 +0100 (CET) Subject: [Openvas-commits] r6657 - in trunk/gsa: . src/html/src Message-ID: <20100205102221.0BCE086607AD@pyrosoma.intevation.org> Author: mwiegand Date: 2010-02-05 11:22:20 +0100 (Fri, 05 Feb 2010) New Revision: 6657 Modified: trunk/gsa/CHANGES trunk/gsa/ChangeLog trunk/gsa/src/html/src/about.htm4 Log: Preparing the gsa 1.0.0-beta4 release. * src/html/src/about.htm4: Updated version number. * CHANGES: Updated. Modified: trunk/gsa/CHANGES =================================================================== --- trunk/gsa/CHANGES 2010-02-05 09:54:52 UTC (rev 6656) +++ trunk/gsa/CHANGES 2010-02-05 10:22:20 UTC (rev 6657) @@ -1,3 +1,19 @@ +gsa 1.0.0-beta4 (2010-02-05) + +This is the fourth beta release of the optional gsa module for the Open +Vulnerability Assessment System (OpenVAS) leading up to the upcoming gsa 1.0. + +Many thanks to everyone who has contributed to this release: +Matthew Mundell, Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller. + +Main changes since 1.0.0-beta3: + +* Improved HTTP conformity. +* Improved Feed synchronization support. +* Improved line wrapping in reports. +* A bug in the report pagination has been fixed. + + gsa 1.0.0-beta3 (2010-01-27) This is the third beta release of the optional gsa module Modified: trunk/gsa/ChangeLog =================================================================== --- trunk/gsa/ChangeLog 2010-02-05 09:54:52 UTC (rev 6656) +++ trunk/gsa/ChangeLog 2010-02-05 10:22:20 UTC (rev 6657) @@ -1,3 +1,11 @@ +2010-02-05 Michael Wiegand + + Preparing the gsa 1.0.0-beta4 release. + + * src/html/src/about.htm4: Updated version number. + + * CHANGES: Updated. + 2010-02-04 Matthew Mundell Wrap lines of result descriptions during the XSL transform. Modified: trunk/gsa/src/html/src/about.htm4 =================================================================== --- trunk/gsa/src/html/src/about.htm4 2010-02-05 09:54:52 UTC (rev 6656) +++ trunk/gsa/src/html/src/about.htm4 2010-02-05 10:22:20 UTC (rev 6657) @@ -4,7 +4,7 @@

Greenbone Security Assistant Version 1.0.0-beta4.SVN

Greenbone Security Assistant Version 1.0.0-beta4

The Greenbone Security Assistant is a web-based graphical From scm-commit at wald.intevation.org Fri Feb 5 11:27:15 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Feb 2010 11:27:15 +0100 (CET) Subject: [Openvas-commits] r6658 - tags Message-ID: <20100205102715.DC313865FAAD@pyrosoma.intevation.org> Author: mwiegand Date: 2010-02-05 11:27:13 +0100 (Fri, 05 Feb 2010) New Revision: 6658 Added: tags/gsa-release-1.0.0-beta4/ Log: Tagging the gsa 1.0.0-beta4 release. Copied: tags/gsa-release-1.0.0-beta4 (from rev 6657, trunk/gsa) From scm-commit at wald.intevation.org Fri Feb 5 11:29:24 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Feb 2010 11:29:24 +0100 (CET) Subject: [Openvas-commits] r6659 - in trunk/gsa: . src/html/src Message-ID: <20100205102924.D7F47865FAB7@pyrosoma.intevation.org> Author: mwiegand Date: 2010-02-05 11:29:24 +0100 (Fri, 05 Feb 2010) New Revision: 6659 Modified: trunk/gsa/CMakeLists.txt trunk/gsa/ChangeLog trunk/gsa/src/html/src/about.htm4 Log: Post release version bump. * CMakeLists.txt: Updated version number. * src/html/src/about.htm4: Updated version number. Modified: trunk/gsa/CMakeLists.txt =================================================================== --- trunk/gsa/CMakeLists.txt 2010-02-05 10:27:13 UTC (rev 6658) +++ trunk/gsa/CMakeLists.txt 2010-02-05 10:29:24 UTC (rev 6659) @@ -154,7 +154,7 @@ SET(CPACK_TOPLEVEL_TAG "") SET(CPACK_PACKAGE_VERSION_MAJOR "1") SET(CPACK_PACKAGE_VERSION_MINOR "0") -SET(CPACK_PACKAGE_VERSION_PATCH "0-beta4${SVN_REVISION}") +SET(CPACK_PACKAGE_VERSION_PATCH "0-beta5${SVN_REVISION}") SET(CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.${CPACK_PACKAGE_VERSION_PATCH}") SET(CPACK_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}") SET(CPACK_SOURCE_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}") Modified: trunk/gsa/ChangeLog =================================================================== --- trunk/gsa/ChangeLog 2010-02-05 10:27:13 UTC (rev 6658) +++ trunk/gsa/ChangeLog 2010-02-05 10:29:24 UTC (rev 6659) @@ -1,5 +1,13 @@ 2010-02-05 Michael Wiegand + Post release version bump. + + * CMakeLists.txt: Updated version number. + + * src/html/src/about.htm4: Updated version number. + +2010-02-05 Michael Wiegand + Preparing the gsa 1.0.0-beta4 release. * src/html/src/about.htm4: Updated version number. Modified: trunk/gsa/src/html/src/about.htm4 =================================================================== --- trunk/gsa/src/html/src/about.htm4 2010-02-05 10:27:13 UTC (rev 6658) +++ trunk/gsa/src/html/src/about.htm4 2010-02-05 10:29:24 UTC (rev 6659) @@ -4,7 +4,7 @@ -

Greenbone Security Assistant Version 1.0.0-beta4

Greenbone Security Assistant Version 1.0.0-beta5.SVN

The Greenbone Security Assistant is a web-based graphical From scm-commit at wald.intevation.org Fri Feb 5 11:30:05 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Feb 2010 11:30:05 +0100 (CET) Subject: [Openvas-commits] r6660 - trunk/openvas-manager Message-ID: <20100205103005.AFDE9865FAB7@pyrosoma.intevation.org> Author: mwiegand Date: 2010-02-05 11:30:04 +0100 (Fri, 05 Feb 2010) New Revision: 6660 Modified: trunk/openvas-manager/CHANGES trunk/openvas-manager/ChangeLog Log: Preparing the openvas-manager 1.0.0-beta3 release. * CHANGES: Updated. Modified: trunk/openvas-manager/CHANGES =================================================================== --- trunk/openvas-manager/CHANGES 2010-02-05 10:29:24 UTC (rev 6659) +++ trunk/openvas-manager/CHANGES 2010-02-05 10:30:04 UTC (rev 6660) @@ -1,3 +1,25 @@ +openvas-manager 1.0.0-beta3 (2010-02-05) + +This is the third beta release of the openvas-manager module for the Open +Vulnerability Assessment System (OpenVAS) leading up to the upcoming +openvas-manager 1.0. + +Many thanks to everyone who has contributed to this release: +Matthew Mundell and Felix Wolfsteller. + +Main changes since 1.0.0-beta2: + +* Nmap is now the default port scanner for predefined configurations. +* The man page has been updated. +* LSC credential management has been improved. +* A number of internal data structures are now identified by UUID and not by + name. +* The manager now converts all input from the scanner to UTF-8. +* The encoding of the LaTeX report has been switch to UTF-8. +* A bug that caused some settings to be ignored during scan configuration import + has been fixed. + + openvas-manager 1.0.0-beta2 (2010-01-26) This is the second beta release of the openvas-manager module Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-05 10:29:24 UTC (rev 6659) +++ trunk/openvas-manager/ChangeLog 2010-02-05 10:30:04 UTC (rev 6660) @@ -1,3 +1,9 @@ +2010-02-05 Michael Wiegand + + Preparing the openvas-manager 1.0.0-beta3 release. + + * CHANGES: Updated. + 2010-02-04 Matthew Mundell * src/tasks_sql.h (config_insert_preferences): Init quoted_nvt_name from From scm-commit at wald.intevation.org Fri Feb 5 11:33:20 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Feb 2010 11:33:20 +0100 (CET) Subject: [Openvas-commits] r6661 - tags Message-ID: <20100205103320.9A719865FAB7@pyrosoma.intevation.org> Author: mwiegand Date: 2010-02-05 11:33:19 +0100 (Fri, 05 Feb 2010) New Revision: 6661 Added: tags/openvas-manager-release-1.0.0-beta3/ Log: Tagging the openvas-manager 1.0.0-beta3 release. Copied: tags/openvas-manager-release-1.0.0-beta3 (from rev 6660, trunk/openvas-manager) From scm-commit at wald.intevation.org Fri Feb 5 11:34:51 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Feb 2010 11:34:51 +0100 (CET) Subject: [Openvas-commits] r6662 - trunk/openvas-manager Message-ID: <20100205103451.A96C2865FAB7@pyrosoma.intevation.org> Author: mwiegand Date: 2010-02-05 11:34:50 +0100 (Fri, 05 Feb 2010) New Revision: 6662 Modified: trunk/openvas-manager/CMakeLists.txt trunk/openvas-manager/ChangeLog Log: Post-release version bump. * CMakeLists.txt: Updated version number. Modified: trunk/openvas-manager/CMakeLists.txt =================================================================== --- trunk/openvas-manager/CMakeLists.txt 2010-02-05 10:33:19 UTC (rev 6661) +++ trunk/openvas-manager/CMakeLists.txt 2010-02-05 10:34:50 UTC (rev 6662) @@ -72,7 +72,7 @@ set (CPACK_TOPLEVEL_TAG "") set (CPACK_PACKAGE_VERSION_MAJOR "1") set (CPACK_PACKAGE_VERSION_MINOR "0") -set (CPACK_PACKAGE_VERSION_PATCH "0-beta3${SVN_REVISION}") +set (CPACK_PACKAGE_VERSION_PATCH "0-beta4${SVN_REVISION}") set (CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.${CPACK_PACKAGE_VERSION_PATCH}") set (CPACK_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}") set (CPACK_SOURCE_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}") Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-05 10:33:19 UTC (rev 6661) +++ trunk/openvas-manager/ChangeLog 2010-02-05 10:34:50 UTC (rev 6662) @@ -1,5 +1,11 @@ 2010-02-05 Michael Wiegand + Post-release version bump. + + * CMakeLists.txt: Updated version number. + +2010-02-05 Michael Wiegand + Preparing the openvas-manager 1.0.0-beta3 release. * CHANGES: Updated. From scm-commit at wald.intevation.org Fri Feb 5 11:39:36 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Feb 2010 11:39:36 +0100 (CET) Subject: [Openvas-commits] r6663 - trunk/doc/website Message-ID: <20100205103936.D7D11865FAB7@pyrosoma.intevation.org> Author: mwiegand Date: 2010-02-05 11:39:36 +0100 (Fri, 05 Feb 2010) New Revision: 6663 Modified: trunk/doc/website/template_header.m4 Log: Update download links for openvas-manager and gsa. Modified: trunk/doc/website/template_header.m4 =================================================================== --- trunk/doc/website/template_header.m4 2010-02-05 10:34:50 UTC (rev 6662) +++ trunk/doc/website/template_header.m4 2010-02-05 10:39:36 UTC (rev 6663) @@ -154,9 +154,9 @@ openvas-scanner 3.0.1
openvas-client 3.0.0
Optional:
- openvas-manager 1.0.0-beta2
+ openvas-manager 1.0.0-beta3
openvas-administrator 0.7.0
- gsa 1.0.0-beta3
+ gsa 1.0.0-beta4

From scm-commit at wald.intevation.org Fri Feb 5 11:40:23 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Feb 2010 11:40:23 +0100 (CET) Subject: [Openvas-commits] r6664 - in trunk/openvas-manager: . src Message-ID: <20100205104023.7A203865FAB7@pyrosoma.intevation.org> Author: mattm Date: 2010-02-05 11:40:22 +0100 (Fri, 05 Feb 2010) New Revision: 6664 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/manage.h trunk/openvas-manager/src/omp.c trunk/openvas-manager/src/tasks_sql.h Log: * src/tasks_sql.h (find_escalator): Move to top of page like on other pages. (delete_escalator): Take escalator_t instead of name. * src/manage.h: Update header accordingly. * src/omp.c (omp_xml_handle_end_element): In CLIENT_DELETE_ESCALATOR pass escalator_t instead of escalator name to delete_escalator. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-05 10:39:36 UTC (rev 6663) +++ trunk/openvas-manager/ChangeLog 2010-02-05 10:40:22 UTC (rev 6664) @@ -1,3 +1,14 @@ +2010-02-05 Matthew Mundell + + * src/tasks_sql.h (find_escalator): Move to top of page like on other + pages. + (delete_escalator): Take escalator_t instead of name. + + * src/manage.h: Update header accordingly. + + * src/omp.c (omp_xml_handle_end_element): In CLIENT_DELETE_ESCALATOR + pass escalator_t instead of escalator name to delete_escalator. + 2010-02-05 Michael Wiegand Post-release version bump. Modified: trunk/openvas-manager/src/manage.h =================================================================== --- trunk/openvas-manager/src/manage.h 2010-02-05 10:39:36 UTC (rev 6663) +++ trunk/openvas-manager/src/manage.h 2010-02-05 10:40:22 UTC (rev 6664) @@ -250,7 +250,7 @@ GPtrArray*); int -delete_escalator (const char*); +delete_escalator (escalator_t); gboolean find_escalator (const char*, escalator_t*); Modified: trunk/openvas-manager/src/omp.c =================================================================== --- trunk/openvas-manager/src/omp.c 2010-02-05 10:39:36 UTC (rev 6663) +++ trunk/openvas-manager/src/omp.c 2010-02-05 10:40:22 UTC (rev 6664) @@ -5533,6 +5533,8 @@ case CLIENT_DELETE_ESCALATOR: { + escalator_t escalator; + assert (strcasecmp ("DELETE_ESCALATOR", element_name) == 0); assert (modify_task_name != NULL); @@ -5544,8 +5546,21 @@ "DELETE_ESCALATOR name must be at least one" " character long")); } - else switch (delete_escalator (modify_task_name)) + else if (find_escalator (modify_task_name, &escalator)) + SEND_TO_CLIENT_OR_FAIL + (XML_INTERNAL_ERROR ("delete_escalator")); + else if (escalator == 0) { + if (send_find_error_to_client ("delete_escalator", + "escalator", + modify_task_name)) + { + error_send_to_client (error); + return; + } + } + else switch (delete_escalator (escalator)) + { case 0: openvas_free_string_var (&modify_task_name); SEND_TO_CLIENT_OR_FAIL (XML_OK ("delete_escalator")); @@ -5555,10 +5570,6 @@ SEND_TO_CLIENT_OR_FAIL (XML_ERROR_SYNTAX ("delete_escalator", "Escalator is in use")); break; - case 2: - openvas_free_string_var (&modify_task_name); - SEND_TO_CLIENT_OR_FAIL (XML_ERROR_ACCESS ("delete_escalator")); - break; default: openvas_free_string_var (&modify_task_name); SEND_TO_CLIENT_OR_FAIL (XML_INTERNAL_ERROR ("delete_escalator")); Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2010-02-05 10:39:36 UTC (rev 6663) +++ trunk/openvas-manager/src/tasks_sql.h 2010-02-05 10:40:22 UTC (rev 6664) @@ -2497,6 +2497,45 @@ /* Events and Escalators. */ /** + * @brief Find an escalator given a name. + * + * @param[in] name Escalator name. + * @param[out] escalator Return. 0 if succesfully failed to find escalator. + * + * @return FALSE on success (including if failed to find escalator), TRUE on + * error. + */ +gboolean +find_escalator (const char* name, escalator_t* escalator) +{ + gchar *quoted_name = sql_quote (name); + if (user_owns ("escalator", quoted_name) == 0) + { + g_free (quoted_name); + *escalator = 0; + return FALSE; + } + switch (sql_int64 (escalator, 0, 0, + "SELECT ROWID FROM escalators WHERE name = '%s';", + quoted_name)) + { + case 0: + break; + case 1: /* Too few rows in result of query. */ + *escalator = 0; + break; + default: /* Programming error. */ + assert (0); + case -1: + g_free (quoted_name); + return TRUE; + break; + } + g_free (quoted_name); + return FALSE; +} + +/** * @brief Create an escalator. * * @param[in] name Name of escalator. @@ -2600,86 +2639,31 @@ /** * @brief Delete an escalator. * - * @param[in] name Name of escalator. + * @param[in] escalator Escalator. * - * @return 0 success, 1 fail because a task refers to the escalator, - * 2 access forbidden, -1 error. + * @return 0 success, 1 fail because a task refers to the escalator, -1 error. */ int -delete_escalator (const char* name) +delete_escalator (escalator_t escalator) { - gchar* quoted_name = sql_quote (name); sql ("BEGIN IMMEDIATE;"); if (sql_int (0, 0, - "SELECT count(*) FROM task_escalators WHERE escalator =" - " (SELECT ROWID FROM escalators where name = '%s');", - quoted_name)) + "SELECT count(*) FROM task_escalators WHERE escalator = %llu;", + escalator)) { - g_free (quoted_name); sql ("ROLLBACK;"); return 1; } - if (user_owns ("escalator", quoted_name) == 0) - { - g_free (quoted_name); - sql ("ROLLBACK;"); - return 2; - } - sql ("DELETE FROM escalator_condition_data" - " WHERE escalator = (SELECT ROWID FROM escalators WHERE name = '%s');", - quoted_name); - sql ("DELETE FROM escalator_event_data" - " WHERE escalator = (SELECT ROWID FROM escalators WHERE name = '%s');", - quoted_name); - sql ("DELETE FROM escalator_method_data" - " WHERE escalator = (SELECT ROWID FROM escalators WHERE name = '%s');", - quoted_name); - sql ("DELETE FROM escalators WHERE name = '%s';", quoted_name); + sql ("DELETE FROM escalator_condition_data WHERE escalator = %llu;", + escalator); + sql ("DELETE FROM escalator_event_data WHERE escalator = %llu;", escalator); + sql ("DELETE FROM escalator_method_data WHERE escalator = %llu;", escalator); + sql ("DELETE FROM escalators WHERE ROWID = %llu;", escalator); sql ("COMMIT;"); - g_free (quoted_name); return 0; } /** - * @brief Find an escalator given a name. - * - * @param[in] name Escalator name. - * @param[out] escalator Return. 0 if succesfully failed to find escalator. - * - * @return FALSE on success (including if failed to find escalator), TRUE on - * error. - */ -gboolean -find_escalator (const char* name, escalator_t* escalator) -{ - gchar *quoted_name = sql_quote (name); - if (user_owns ("escalator", quoted_name) == 0) - { - g_free (quoted_name); - *escalator = 0; - return FALSE; - } - switch (sql_int64 (escalator, 0, 0, - "SELECT ROWID FROM escalators WHERE name = '%s';", - quoted_name)) - { - case 0: - break; - case 1: /* Too few rows in result of query. */ - *escalator = 0; - break; - default: /* Programming error. */ - assert (0); - case -1: - g_free (quoted_name); - return TRUE; - break; - } - g_free (quoted_name); - return FALSE; -} - -/** * @brief Return the condition associated with an escalator. * * @param[in] escalator Escalator. From scm-commit at wald.intevation.org Fri Feb 5 11:44:27 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Feb 2010 11:44:27 +0100 (CET) Subject: [Openvas-commits] r6665 - in trunk/openvas-manager: . src Message-ID: <20100205104427.A183E86607AD@pyrosoma.intevation.org> Author: mattm Date: 2010-02-05 11:44:26 +0100 (Fri, 05 Feb 2010) New Revision: 6665 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/manage.h trunk/openvas-manager/src/omp.c trunk/openvas-manager/src/tasks_sql.h Log: * src/tasks_sql.h (init_escalator_iterator): Take escalator_t instead of name. Update caller. * src/manage.h: Update header accordingly. * src/omp.c (omp_xml_handle_end_element): In CLIENT_GET_ESCALATORS pass escalator_t instead of escalator name to init_escalator_iterator. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-05 10:40:22 UTC (rev 6664) +++ trunk/openvas-manager/ChangeLog 2010-02-05 10:44:26 UTC (rev 6665) @@ -1,5 +1,15 @@ 2010-02-05 Matthew Mundell + * src/tasks_sql.h (init_escalator_iterator): Take escalator_t instead of + name. Update caller. + + * src/manage.h: Update header accordingly. + + * src/omp.c (omp_xml_handle_end_element): In CLIENT_GET_ESCALATORS + pass escalator_t instead of escalator name to init_escalator_iterator. + +2010-02-05 Matthew Mundell + * src/tasks_sql.h (find_escalator): Move to top of page like on other pages. (delete_escalator): Take escalator_t instead of name. Modified: trunk/openvas-manager/src/manage.h =================================================================== --- trunk/openvas-manager/src/manage.h 2010-02-05 10:40:22 UTC (rev 6664) +++ trunk/openvas-manager/src/manage.h 2010-02-05 10:44:26 UTC (rev 6665) @@ -259,7 +259,7 @@ escalate (escalator_t, task_t, event_t, const void*); void -init_escalator_iterator (iterator_t*, const char*, task_t, event_t, int, +init_escalator_iterator (iterator_t*, escalator_t, task_t, event_t, int, const char*); escalator_t Modified: trunk/openvas-manager/src/omp.c =================================================================== --- trunk/openvas-manager/src/omp.c 2010-02-05 10:40:22 UTC (rev 6664) +++ trunk/openvas-manager/src/omp.c 2010-02-05 10:44:26 UTC (rev 6665) @@ -8442,121 +8442,139 @@ case CLIENT_GET_ESCALATORS: { - iterator_t escalators; + escalator_t escalator = 0; + assert (strcasecmp ("GET_ESCALATORS", element_name) == 0); - SEND_TO_CLIENT_OR_FAIL (""); - init_escalator_iterator (&escalators, - current_name, - (task_t) 0, - (event_t) 0, - current_int_2, /* Attribute sort_order. */ - current_format); /* Attribute sort_field. */ - while (next (&escalators)) + if (current_name && find_escalator (current_name, &escalator)) + SEND_TO_CLIENT_OR_FAIL (XML_INTERNAL_ERROR ("get_escalators")); + else if (current_name && escalator == 0) { - iterator_t data; + if (send_find_error_to_client ("get_escalators", + "escalator", + current_name)) + { + error_send_to_client (error); + return; + } + } + else + { + iterator_t escalators; - SENDF_TO_CLIENT_OR_FAIL ("" - "%s" - "%s" - "%i", - escalator_iterator_name (&escalators), - escalator_iterator_comment (&escalators), - escalator_iterator_in_use (&escalators)); + SEND_TO_CLIENT_OR_FAIL (""); + init_escalator_iterator (&escalators, + escalator, + (task_t) 0, + (event_t) 0, + current_int_2, /* Attribute sort_order. */ + current_format); /* Attribute sort_field. */ + while (next (&escalators)) + { + iterator_t data; - /* Condition. */ + SENDF_TO_CLIENT_OR_FAIL ("" + "%s" + "%s" + "%i", + escalator_iterator_name (&escalators), + escalator_iterator_comment (&escalators), + escalator_iterator_in_use (&escalators)); - SENDF_TO_CLIENT_OR_FAIL ("%s", - escalator_condition_name - (escalator_iterator_condition - (&escalators))); - init_escalator_data_iterator (&data, - escalator_iterator_escalator - (&escalators), - "condition"); - while (next (&data)) - SENDF_TO_CLIENT_OR_FAIL ("" - "%s" - "%s" - "", - escalator_data_iterator_name (&data), - escalator_data_iterator_data (&data)); - cleanup_iterator (&data); - SEND_TO_CLIENT_OR_FAIL (""); + /* Condition. */ - /* Event. */ + SENDF_TO_CLIENT_OR_FAIL ("%s", + escalator_condition_name + (escalator_iterator_condition + (&escalators))); + init_escalator_data_iterator (&data, + escalator_iterator_escalator + (&escalators), + "condition"); + while (next (&data)) + SENDF_TO_CLIENT_OR_FAIL ("" + "%s" + "%s" + "", + escalator_data_iterator_name (&data), + escalator_data_iterator_data (&data)); + cleanup_iterator (&data); + SEND_TO_CLIENT_OR_FAIL (""); - SENDF_TO_CLIENT_OR_FAIL ("%s", - event_name (escalator_iterator_event - (&escalators))); - init_escalator_data_iterator (&data, - escalator_iterator_escalator - (&escalators), - "event"); - while (next (&data)) - SENDF_TO_CLIENT_OR_FAIL ("" - "%s" - "%s" - "", - escalator_data_iterator_name (&data), - escalator_data_iterator_data (&data)); - cleanup_iterator (&data); - SEND_TO_CLIENT_OR_FAIL (""); + /* Event. */ - /* Method. */ + SENDF_TO_CLIENT_OR_FAIL ("%s", + event_name (escalator_iterator_event + (&escalators))); + init_escalator_data_iterator (&data, + escalator_iterator_escalator + (&escalators), + "event"); + while (next (&data)) + SENDF_TO_CLIENT_OR_FAIL ("" + "%s" + "%s" + "", + escalator_data_iterator_name (&data), + escalator_data_iterator_data (&data)); + cleanup_iterator (&data); + SEND_TO_CLIENT_OR_FAIL (""); - SENDF_TO_CLIENT_OR_FAIL ("%s", - escalator_method_name - (escalator_iterator_method - (&escalators))); - init_escalator_data_iterator (&data, - escalator_iterator_escalator - (&escalators), - "method"); - while (next (&data)) - SENDF_TO_CLIENT_OR_FAIL ("" - "%s" - "%s" - "", - escalator_data_iterator_name (&data), - escalator_data_iterator_data (&data)); - cleanup_iterator (&data); - SEND_TO_CLIENT_OR_FAIL (""); + /* Method. */ - /** - * @todo - * (OMP) For consistency, the operations should respond the - * same way if one, some or all elements are requested. The - * level of details in the response should instead be controlled - * by some other mechanism, like a details flag. - */ + SENDF_TO_CLIENT_OR_FAIL ("%s", + escalator_method_name + (escalator_iterator_method + (&escalators))); + init_escalator_data_iterator (&data, + escalator_iterator_escalator + (&escalators), + "method"); + while (next (&data)) + SENDF_TO_CLIENT_OR_FAIL ("" + "%s" + "%s" + "", + escalator_data_iterator_name (&data), + escalator_data_iterator_data (&data)); + cleanup_iterator (&data); + SEND_TO_CLIENT_OR_FAIL (""); - if (current_name) - { - iterator_t tasks; + /** + * @todo + * (OMP) For consistency, the operations should respond the + * same way if one, some or all elements are requested. The + * level of details in the response should instead be controlled + * by some other mechanism, like a details flag. + */ - SEND_TO_CLIENT_OR_FAIL (""); - init_escalator_task_iterator (&tasks, - current_name, - /* Attribute sort_order. */ - current_int_2); - while (next (&tasks)) - SENDF_TO_CLIENT_OR_FAIL - ("" - "%s" - "", - escalator_task_iterator_uuid (&tasks), - escalator_task_iterator_name (&tasks)); - cleanup_iterator (&tasks); - SEND_TO_CLIENT_OR_FAIL (""); + if (escalator) + { + iterator_t tasks; + + SEND_TO_CLIENT_OR_FAIL (""); + init_escalator_task_iterator (&tasks, + current_name, + /* Attribute sort_order. */ + current_int_2); + while (next (&tasks)) + SENDF_TO_CLIENT_OR_FAIL + ("" + "%s" + "", + escalator_task_iterator_uuid (&tasks), + escalator_task_iterator_name (&tasks)); + cleanup_iterator (&tasks); + SEND_TO_CLIENT_OR_FAIL (""); + } + + SEND_TO_CLIENT_OR_FAIL (""); } - - SEND_TO_CLIENT_OR_FAIL (""); + cleanup_iterator (&escalators); + SEND_TO_CLIENT_OR_FAIL (""); } - cleanup_iterator (&escalators); - SEND_TO_CLIENT_OR_FAIL (""); openvas_free_string_var (¤t_format); openvas_free_string_var (¤t_name); set_client_state (CLIENT_AUTHENTIC); Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2010-02-05 10:40:22 UTC (rev 6664) +++ trunk/openvas-manager/src/tasks_sql.h 2010-02-05 10:44:26 UTC (rev 6665) @@ -2697,8 +2697,7 @@ * @brief Initialise an escalator iterator. * * @param[in] iterator Iterator. - * @param[in] name Name of single escalator to iterator over, NULL for - * all. + * @param[in] escalator Single escalator to iterator over, 0 for all. * @param[in] task Iterate over escalators for this task. 0 for all. * @param[in] event Iterate over escalators handling this event. 0 for * all. @@ -2706,33 +2705,30 @@ * @param[in] sort_field Field to sort on, or NULL for "ROWID". */ void -init_escalator_iterator (iterator_t *iterator, const char *name, task_t task, - event_t event, int ascending, const char *sort_field) +init_escalator_iterator (iterator_t *iterator, escalator_t escalator, + task_t task, event_t event, int ascending, + const char *sort_field) { - assert (name ? task == 0 : (task ? name == NULL : 1)); - assert (name ? event == 0 : (event ? name == NULL : 1)); + assert (escalator ? task == 0 : (task ? escalator == 0 : 1)); + assert (escalator ? event == 0 : (event ? escalator == 0 : 1)); assert (event ? task : 1); assert (current_credentials.uuid); - if (name) - { - gchar *quoted_name = sql_quote (name); - init_iterator (iterator, - "SELECT escalators.ROWID, name, comment," - " 0, event, condition, method," - " (SELECT count(*) > 0 FROM task_escalators" - " WHERE task_escalators.escalator = escalators.ROWID)" - " FROM escalators" - " WHERE name = '%s'" - " AND ((owner IS NULL) OR (owner =" - " (SELECT ROWID FROM users WHERE users.uuid = '%s')))" - " ORDER BY %s %s;", - quoted_name, - current_credentials.uuid, - sort_field ? sort_field : "escalators.ROWID", - ascending ? "ASC" : "DESC"); - g_free (quoted_name); - } + if (escalator) + init_iterator (iterator, + "SELECT escalators.ROWID, name, comment," + " 0, event, condition, method," + " (SELECT count(*) > 0 FROM task_escalators" + " WHERE task_escalators.escalator = escalators.ROWID)" + " FROM escalators" + " WHERE ROWID = %llu" + " AND ((owner IS NULL) OR (owner =" + " (SELECT ROWID FROM users WHERE users.uuid = '%s')))" + " ORDER BY %s %s;", + escalator, + current_credentials.uuid, + sort_field ? sort_field : "escalators.ROWID", + ascending ? "ASC" : "DESC"); else if (task) init_iterator (iterator, "SELECT escalators.ROWID, name, comment," @@ -3193,7 +3189,7 @@ { iterator_t escalators; tracef (" EVENT %i on task %llu", event, task); - init_escalator_iterator (&escalators, NULL, task, event, 1, NULL); + init_escalator_iterator (&escalators, 0, task, event, 1, NULL); while (next (&escalators)) { escalator_t escalator = escalator_iterator_escalator (&escalators); From scm-commit at wald.intevation.org Fri Feb 5 12:03:46 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Feb 2010 12:03:46 +0100 (CET) Subject: [Openvas-commits] r6666 - in trunk/openvas-manager: . src Message-ID: <20100205110346.772AE865FAAA@pyrosoma.intevation.org> Author: mattm Date: 2010-02-05 12:03:44 +0100 (Fri, 05 Feb 2010) New Revision: 6666 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/manage.h trunk/openvas-manager/src/omp.c trunk/openvas-manager/src/tasks_sql.h Log: * src/tasks_sql.h (init_escalator_task_iterator): Take escalator_t instead of name. * src/manage.h: Update header accordingly. * src/omp.c (omp_xml_handle_end_element): In CLIENT_GET_ESCALATORS pass escalator_t instead of escalator name to init_escalator_task_iterator. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-05 10:44:26 UTC (rev 6665) +++ trunk/openvas-manager/ChangeLog 2010-02-05 11:03:44 UTC (rev 6666) @@ -1,5 +1,15 @@ 2010-02-05 Matthew Mundell + * src/tasks_sql.h (init_escalator_task_iterator): Take escalator_t instead + of name. + + * src/manage.h: Update header accordingly. + + * src/omp.c (omp_xml_handle_end_element): In CLIENT_GET_ESCALATORS + pass escalator_t instead of escalator name to init_escalator_task_iterator. + +2010-02-05 Matthew Mundell + * src/tasks_sql.h (init_escalator_iterator): Take escalator_t instead of name. Update caller. Modified: trunk/openvas-manager/src/manage.h =================================================================== --- trunk/openvas-manager/src/manage.h 2010-02-05 10:44:26 UTC (rev 6665) +++ trunk/openvas-manager/src/manage.h 2010-02-05 11:03:44 UTC (rev 6666) @@ -317,7 +317,7 @@ escalator_data_iterator_data (iterator_t*); void -init_escalator_task_iterator (iterator_t*, const char *, int); +init_escalator_task_iterator (iterator_t*, escalator_t, int); const char* escalator_task_iterator_name (iterator_t*); Modified: trunk/openvas-manager/src/omp.c =================================================================== --- trunk/openvas-manager/src/omp.c 2010-02-05 10:44:26 UTC (rev 6665) +++ trunk/openvas-manager/src/omp.c 2010-02-05 11:03:44 UTC (rev 6666) @@ -8556,7 +8556,7 @@ SEND_TO_CLIENT_OR_FAIL (""); init_escalator_task_iterator (&tasks, - current_name, + escalator, /* Attribute sort_order. */ current_int_2); while (next (&tasks)) Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2010-02-05 10:44:26 UTC (rev 6665) +++ trunk/openvas-manager/src/tasks_sql.h 2010-02-05 11:03:44 UTC (rev 6666) @@ -3216,32 +3216,27 @@ * Iterate over all tasks that use the escalator. * * @param[in] iterator Iterator. - * @param[in] name Name of escalator. + * @param[in] escalator Escalator. * @param[in] ascending Whether to sort ascending or descending. */ void -init_escalator_task_iterator (iterator_t* iterator, const char *name, +init_escalator_task_iterator (iterator_t* iterator, escalator_t escalator, int ascending) { - gchar *quoted_name; - - assert (name); + assert (escalator); assert (current_credentials.uuid); - quoted_name = sql_quote (name); init_iterator (iterator, "SELECT tasks.name, tasks.uuid FROM tasks, task_escalators" " WHERE tasks.ROWID = task_escalators.task" - " AND task_escalators.escalator =" - " (SELECT ROWID FROM escalators WHERE escalators.name = '%s')" + " AND task_escalators.escalator = %llu" " AND hidden = 0" " AND ((tasks.owner IS NULL) OR (tasks.owner =" " (SELECT ROWID FROM users WHERE users.uuid = '%s')))" " ORDER BY tasks.name %s;", - quoted_name, + escalator, current_credentials.uuid, ascending ? "ASC" : "DESC"); - g_free (quoted_name); } /** From scm-commit at wald.intevation.org Fri Feb 5 12:52:25 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Feb 2010 12:52:25 +0100 (CET) Subject: [Openvas-commits] r6667 - in trunk/openvas-manager: . src Message-ID: <20100205115225.F0BA1865FAA0@pyrosoma.intevation.org> Author: mattm Date: 2010-02-05 12:52:23 +0100 (Fri, 05 Feb 2010) New Revision: 6667 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/ompd.c trunk/openvas-manager/src/tasks_sql.h Log: * src/tasks_sql.h (manage_set_config_nvts): Init new_nvt_count. * src/ompd.c (serve_omp): Ensure client_input_stalled in always initialised. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-05 11:03:44 UTC (rev 6666) +++ trunk/openvas-manager/ChangeLog 2010-02-05 11:52:23 UTC (rev 6667) @@ -1,5 +1,12 @@ 2010-02-05 Matthew Mundell + * src/tasks_sql.h (manage_set_config_nvts): Init new_nvt_count. + + * src/ompd.c (serve_omp): Ensure client_input_stalled in always + initialised. + +2010-02-05 Matthew Mundell + * src/tasks_sql.h (init_escalator_task_iterator): Take escalator_t instead of name. Modified: trunk/openvas-manager/src/ompd.c =================================================================== --- trunk/openvas-manager/src/ompd.c 2010-02-05 11:03:44 UTC (rev 6666) +++ trunk/openvas-manager/src/ompd.c 2010-02-05 11:52:23 UTC (rev 6667) @@ -589,6 +589,7 @@ return -1; } *scanner_socket_addr = scanner_socket; + client_input_stalled = 0; } else if (ret == 2) { @@ -603,6 +604,7 @@ *client_credentials); #endif client_active = 0; + client_input_stalled = 0; } else if (ret == -10) { @@ -658,6 +660,8 @@ return -1; } } + else + client_input_stalled = 0; /* Loop handling input from the sockets. * @@ -923,6 +927,7 @@ nfds = 1 + (client_socket > scanner_socket ? client_socket : scanner_socket); *scanner_socket_addr = scanner_socket; + client_input_stalled = 0; /* Skip the rest of the loop because the scanner socket is * a new socket. This is asking for select trouble, really. */ continue; @@ -940,6 +945,7 @@ *client_credentials); #endif client_active = 0; + client_input_stalled = 0; } else if (ret == -10) { @@ -981,8 +987,11 @@ break; } else - /* Programming error. */ - assert (0); + { + /* Programming error. */ + assert (0); + client_input_stalled = 0; + } } if ((fds & FD_SCANNER_READ) == FD_SCANNER_READ @@ -1239,8 +1248,11 @@ client_input_stalled = 2; } else - /* Programming error. */ - assert (0); + { + /* Programming error. */ + assert (0); + client_input_stalled = 0; + } } if (scanner_input_stalled) Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2010-02-05 11:03:44 UTC (rev 6666) +++ trunk/openvas-manager/src/tasks_sql.h 2010-02-05 11:52:23 UTC (rev 6667) @@ -8014,7 +8014,7 @@ { char *selector; gchar *quoted_family, *quoted_selector; - int new_nvt_count, old_nvt_count; + int new_nvt_count = 0, old_nvt_count; sql ("BEGIN EXCLUSIVE;"); From scm-commit at wald.intevation.org Fri Feb 5 13:01:40 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Feb 2010 13:01:40 +0100 (CET) Subject: [Openvas-commits] r6668 - in trunk/openvas-manager: . src Message-ID: <20100205120140.425DA865F478@pyrosoma.intevation.org> Author: mattm Date: 2010-02-05 13:01:34 +0100 (Fri, 05 Feb 2010) New Revision: 6668 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/manage.h trunk/openvas-manager/src/omp.c trunk/openvas-manager/src/tasks_sql.h Log: * src/tasks_sql.h (create_target): Take lsc_credential_t instead of name. * src/manage.h: Update header accordingly. * src/omp.c (omp_xml_handle_end_element): In CLIENT_CREATE_TARGET pass lsc_credential_t instead of credential name to create_target. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-05 11:52:23 UTC (rev 6667) +++ trunk/openvas-manager/ChangeLog 2010-02-05 12:01:34 UTC (rev 6668) @@ -1,5 +1,14 @@ 2010-02-05 Matthew Mundell + * src/tasks_sql.h (create_target): Take lsc_credential_t instead of name. + + * src/manage.h: Update header accordingly. + + * src/omp.c (omp_xml_handle_end_element): In CLIENT_CREATE_TARGET + pass lsc_credential_t instead of credential name to create_target. + +2010-02-05 Matthew Mundell + * src/tasks_sql.h (manage_set_config_nvts): Init new_nvt_count. * src/ompd.c (serve_omp): Ensure client_input_stalled in always Modified: trunk/openvas-manager/src/manage.h =================================================================== --- trunk/openvas-manager/src/manage.h 2010-02-05 11:52:23 UTC (rev 6667) +++ trunk/openvas-manager/src/manage.h 2010-02-05 12:01:34 UTC (rev 6668) @@ -697,7 +697,8 @@ find_target (const char*, target_t*); int -create_target (const char*, const char*, const char*, const char*, target_t*); +create_target (const char*, const char*, const char*, lsc_credential_t, + target_t*); int delete_target (target_t); Modified: trunk/openvas-manager/src/omp.c =================================================================== --- trunk/openvas-manager/src/omp.c 2010-02-05 11:52:23 UTC (rev 6667) +++ trunk/openvas-manager/src/omp.c 2010-02-05 12:01:34 UTC (rev 6668) @@ -6878,6 +6878,8 @@ case CLIENT_CREATE_TARGET: { + lsc_credential_t lsc_credential = 0; + assert (strcasecmp ("CREATE_TARGET", element_name) == 0); assert (modify_task_name != NULL); assert (modify_task_value != NULL); @@ -6895,10 +6897,24 @@ "CREATE_TARGET name and hosts must both be at" " least one character long")); } + else if (modify_task_parameter + && find_lsc_credential (modify_task_parameter, &lsc_credential)) + SEND_TO_CLIENT_OR_FAIL + (XML_INTERNAL_ERROR ("create_target")); + else if (modify_task_parameter && lsc_credential == 0) + { + if (send_find_error_to_client ("create_target", + "lsc_credential", + modify_task_parameter)) + { + error_send_to_client (error); + return; + } + } else if (create_target (modify_task_name, modify_task_value, modify_task_comment, - modify_task_parameter, + lsc_credential, NULL)) { openvas_free_string_var (&modify_task_comment); @@ -7095,7 +7111,7 @@ target_name = g_strdup_printf ("Imported target for task %s", tsk_uuid); - if (create_target (target_name, hosts, NULL, NULL, &target)) + if (create_target (target_name, hosts, NULL, 0, &target)) { request_delete_task (¤t_client_task); g_free (target_name); Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2010-02-05 11:52:23 UTC (rev 6667) +++ trunk/openvas-manager/src/tasks_sql.h 2010-02-05 12:01:34 UTC (rev 6668) @@ -6451,25 +6451,23 @@ return FALSE; } -/** @todo Take credential_t instead of credential name, adjust omp.c callers. */ /** * @brief Create a target. * - * @param[in] name Name of target. - * @param[in] hosts Host list of target. - * @param[in] comment Comment on target. - * @param[in] credential Credential. - * @param[out] target Created target. + * @param[in] name Name of target. + * @param[in] hosts Host list of target. + * @param[in] comment Comment on target. + * @param[in] lsc_credential LSC credential. + * @param[out] target Created target. * * @return 0 success, 1 target exists already. */ int create_target (const char* name, const char* hosts, const char* comment, - const char* credential, target_t* target) + lsc_credential_t lsc_credential, target_t* target) { gchar *quoted_name = sql_nquote (name, strlen (name)); gchar *quoted_hosts, *quoted_comment; - lsc_credential_t lsc_credential; sql ("BEGIN IMMEDIATE;"); @@ -6485,31 +6483,6 @@ quoted_hosts = sql_nquote (hosts, strlen (hosts)); - if (credential) - { - gchar *quoted_credential = sql_quote (credential); - int ret = sql_int64 (&lsc_credential, 0, 0, - "SELECT ROWID FROM lsc_credentials" - " WHERE name = '%s';", - quoted_credential); - g_free (quoted_credential); - switch (ret) - { - case 0: - break; - case 1: /* Too few rows in result of query. */ - lsc_credential = 0; - break; - default: /* Programming error. */ - assert (0); - case -1: - return -1; - break; - } - } - else - lsc_credential = 0; - if (comment) { quoted_comment = sql_nquote (comment, strlen (comment)); From scm-commit at wald.intevation.org Fri Feb 5 17:36:06 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Feb 2010 17:36:06 +0100 (CET) Subject: [Openvas-commits] r6669 - in trunk/openvas-administrator: . src Message-ID: <20100205163606.08191865FACC@pyrosoma.intevation.org> Author: mattm Date: 2010-02-05 17:36:06 +0100 (Fri, 05 Feb 2010) New Revision: 6669 Modified: trunk/openvas-administrator/ChangeLog trunk/openvas-administrator/src/admin.c Log: * src/admin.c (openvas_sync_feed): Prevent descendants from becoming zombies. Modified: trunk/openvas-administrator/ChangeLog =================================================================== --- trunk/openvas-administrator/ChangeLog 2010-02-05 12:01:34 UTC (rev 6668) +++ trunk/openvas-administrator/ChangeLog 2010-02-05 16:36:06 UTC (rev 6669) @@ -1,3 +1,8 @@ +2010-02-05 Matthew Mundell + + * src/admin.c (openvas_sync_feed): Prevent descendants from becoming + zombies. + 2010-02-05 Michael Wiegand Post release version bump. Modified: trunk/openvas-administrator/src/admin.c =================================================================== --- trunk/openvas-administrator/src/admin.c 2010-02-05 12:01:34 UTC (rev 6668) +++ trunk/openvas-administrator/src/admin.c 2010-02-05 16:36:06 UTC (rev 6669) @@ -42,6 +42,7 @@ #include #include #include +#include #include #include #include @@ -1267,6 +1268,15 @@ return -1; } + /* Prevent descendants from becoming zombies. */ + + /* RATS: ignore, this is SIG_IGN damnit. */ + if (signal (SIGCHLD, SIG_IGN) == SIG_ERR) + { + g_warning ("Failed to set SIG_IGN"); + return -1; + } + /* Fork a child to run the sync while the parent responds to * the client. */ @@ -1284,7 +1294,16 @@ return -1; break; default: - /* Parent. Return, in order to respond to client. */ + /* Parent. Restore SIGCHLD handler then return in order to + * respond to client. */ + + /* RATS: ignore, this is SIG_DFL damnit. */ + if (signal (SIGCHLD, SIG_DFL) == SIG_ERR) + { + g_warning ("Failed to set SIG_DFL"); + return -1; + } + return 0; break; } From scm-commit at wald.intevation.org Fri Feb 5 19:25:23 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Feb 2010 19:25:23 +0100 (CET) Subject: [Openvas-commits] r6670 - in trunk/openvas-manager: . src Message-ID: <20100205182523.AE20B865F491@pyrosoma.intevation.org> Author: mattm Date: 2010-02-05 19:25:19 +0100 (Fri, 05 Feb 2010) New Revision: 6670 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/omp.c Log: * src/omp.c (latex_escape_text): New function. (print_report_latex): Put close paren on line with code. Pass port in summary table column and subsubsection through latex_escape_text. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-05 16:36:06 UTC (rev 6669) +++ trunk/openvas-manager/ChangeLog 2010-02-05 18:25:19 UTC (rev 6670) @@ -1,5 +1,11 @@ 2010-02-05 Matthew Mundell + * src/omp.c (latex_escape_text): New function. + (print_report_latex): Put close paren on line with code. Pass port in + summary table column and subsubsection through latex_escape_text. + +2010-02-05 Matthew Mundell + * src/tasks_sql.h (create_target): Take lsc_credential_t instead of name. * src/manage.h: Update header accordingly. Modified: trunk/openvas-manager/src/omp.c =================================================================== --- trunk/openvas-manager/src/omp.c 2010-02-05 16:36:06 UTC (rev 6669) +++ trunk/openvas-manager/src/omp.c 2010-02-05 18:25:19 UTC (rev 6670) @@ -3511,6 +3511,88 @@ } /** + * @brief Make text safe for LaTeX. + * + * Replace LaTeX special characters with LaTeX equivalents. + * + * @return A newly allocated version of text. + */ +static gchar* +latex_escape_text (const char *text) +{ + // TODO: Do this better. + + gsize left = strlen (text); + gchar *new, *ch; + + /* Allocate buffer of a safe length. */ + { + int bs = 0; + const char *c = text; + while (*c) { if (*c == '\\') bs++; c++; } + new = g_strndup (text, + (left - bs) * 2 + bs * (strlen ("$\\backslash$") - 1) + 1); + } + + ch = new; + while (*ch) + { + /* FIX \~ becomes \verb{~} or \~{} */ + if (*ch == '\\') + { + ch++; + switch (*ch) + { + case 'r': + { + /* \r is flushed */ + memmove (ch - 1, ch + 1, left); + left--; + ch -= 2; + break; + } + case 'n': + { + /* \n becomes "\n\n" (two newlines) */ + left--; + *(ch - 1) = '\n'; + *ch = '\n'; + break; + } + default: + { + /* \ becomes $\backslash$ */ + memmove (ch - 1 + strlen ("$\\backslash$"), ch, left); + strncpy (ch - 1, "$\\backslash$", strlen ("$\\backslash$")); + /* Get back to the position of the original backslash. */ + ch--; + /* Move over the newly inserted characters. */ + ch += (strlen ("$\\backslash$") - 1); + break; + } + } + } + else if ( *ch == '#' || *ch == '$' || *ch == '%' + || *ch == '&' || *ch == '_' || *ch == '^' + || *ch == '{' || *ch == '}') + { + ch++; + switch (*ch) + { + case '\0': + break; + default: + /* & becomes \& */ + memmove (ch, ch - 1, left); + *(ch - 1) = '\\'; + } + } + ch++; left--; + } + return new; +} + +/** * @brief Convert \n's to real newline's. * * @return A newly allocated version of text. @@ -3897,8 +3979,7 @@ "\\multicolumn{2}{l}{\\ldots (continues) \\ldots}\\\\\n" "\\endfoot\n" "\\hline\n" - "\\endlastfoot\n" - ); + "\\endlastfoot\n"); init_result_iterator (&results, report, host, get_report_data->first_result, @@ -3914,13 +3995,13 @@ && (strcmp (last_port, result_iterator_port (&results)) == 0)) continue; if (last_port) g_free (last_port); - last_port = g_strdup (result_iterator_port (&results)); + last_port = latex_escape_text (result_iterator_port (&results)); fprintf (out, "\\hyperref[port:%s %s]{%s}&%s\\\\\n" "\\hline\n", host_iterator_host (&hosts), + result_iterator_port (&results), last_port, - last_port, result_type_threat (result_iterator_type (&results))); } cleanup_iterator (&results); @@ -3952,6 +4033,7 @@ if (last_port == NULL || strcmp (last_port, result_iterator_port (&results))) { + gchar *result_port; if (last_port) { fprintf (out, @@ -3964,13 +4046,15 @@ g_free (last_port); last_port = NULL; } + result_port = latex_escape_text (result_iterator_port (&results)); fprintf (out, "\\subsubsection{%s}\n" "\\label{port:%s %s}\n\n" "\\begin{longtable}{|p{\\textwidth * 1}|}\n", - result_iterator_port (&results), + result_port, host_iterator_host (&hosts), result_iterator_port (&results)); + g_free (result_port); } if (last_port == NULL) last_port = g_strdup (result_iterator_port (&results)); From scm-commit at wald.intevation.org Fri Feb 5 19:33:30 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Feb 2010 19:33:30 +0100 (CET) Subject: [Openvas-commits] r6671 - in trunk/gsa: . src/html/src Message-ID: <20100205183330.4015A865F491@pyrosoma.intevation.org> Author: mattm Date: 2010-02-05 19:33:29 +0100 (Fri, 05 Feb 2010) New Revision: 6671 Modified: trunk/gsa/ChangeLog trunk/gsa/src/html/src/omp.xsl Log: * src/html/src/omp.xsl (wrap): Lower wrap column to 90. Modified: trunk/gsa/ChangeLog =================================================================== --- trunk/gsa/ChangeLog 2010-02-05 18:25:19 UTC (rev 6670) +++ trunk/gsa/ChangeLog 2010-02-05 18:33:29 UTC (rev 6671) @@ -1,3 +1,7 @@ +2010-02-05 Matthew Mundell + + * src/html/src/omp.xsl (wrap): Lower wrap column to 90. + 2010-02-05 Michael Wiegand Post release version bump. Modified: trunk/gsa/src/html/src/omp.xsl =================================================================== --- trunk/gsa/src/html/src/omp.xsl 2010-02-05 18:25:19 UTC (rev 6670) +++ trunk/gsa/src/html/src/omp.xsl 2010-02-05 18:33:29 UTC (rev 6671) @@ -50,7 +50,7 @@ - + @@ -59,10 +59,10 @@ - - ↵ + + ↵ - + From scm-commit at wald.intevation.org Fri Feb 5 21:38:04 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Feb 2010 21:38:04 +0100 (CET) Subject: [Openvas-commits] r6672 - in trunk/openvas-administrator: . src Message-ID: <20100205203804.69769852AF99@pyrosoma.intevation.org> Author: mattm Date: 2010-02-05 21:38:02 +0100 (Fri, 05 Feb 2010) New Revision: 6672 Modified: trunk/openvas-administrator/ChangeLog trunk/openvas-administrator/src/oap.c trunk/openvas-administrator/src/oxpd.c Log: Thanks to Stephan Kleine. * src/oap.c (send_to_client): Use %zu for size_t. * src/oxpd.c (read_protocol): Cast precision arg to int. Modified: trunk/openvas-administrator/ChangeLog =================================================================== --- trunk/openvas-administrator/ChangeLog 2010-02-05 18:33:29 UTC (rev 6671) +++ trunk/openvas-administrator/ChangeLog 2010-02-05 20:38:02 UTC (rev 6672) @@ -1,5 +1,13 @@ 2010-02-05 Matthew Mundell + Thanks to Stephan Kleine. + + * src/oap.c (send_to_client): Use %zu for size_t. + + * src/oxpd.c (read_protocol): Cast precision arg to int. + +2010-02-05 Matthew Mundell + * src/admin.c (openvas_sync_feed): Prevent descendants from becoming zombies. Modified: trunk/openvas-administrator/src/oap.c =================================================================== --- trunk/openvas-administrator/src/oap.c 2010-02-05 18:33:29 UTC (rev 6671) +++ trunk/openvas-administrator/src/oap.c 2010-02-05 20:38:02 UTC (rev 6672) @@ -633,7 +633,7 @@ if (((buffer_size_t) TO_CLIENT_BUFFER_SIZE) - to_client_end < strlen (msg)) { - tracef (" send_to_client out of space (%i < %i)\n", + tracef (" send_to_client out of space (%i < %zu)\n", ((buffer_size_t) TO_CLIENT_BUFFER_SIZE) - to_client_end, strlen (msg)); return TRUE; Modified: trunk/openvas-administrator/src/oxpd.c =================================================================== --- trunk/openvas-administrator/src/oxpd.c 2010-02-05 18:33:29 UTC (rev 6671) +++ trunk/openvas-administrator/src/oxpd.c 2010-02-05 20:38:02 UTC (rev 6672) @@ -247,7 +247,8 @@ tracef ("<= client Input may contain password, suppressed.\n"); else tracef ("<= client \"%.*s\"\n", - count, + /* Cast is safe because count is bounded by from_client size. */ + (int) count, from_client + from_client_end); #else tracef ("<= client %i bytes\n", count); From scm-commit at wald.intevation.org Fri Feb 5 22:18:32 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Feb 2010 22:18:32 +0100 (CET) Subject: [Openvas-commits] r6673 - in trunk/openvas-manager: . src Message-ID: <20100205211832.78F3594C0E72@pyrosoma.intevation.org> Author: mattm Date: 2010-02-05 22:18:29 +0100 (Fri, 05 Feb 2010) New Revision: 6673 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/lsc_user.c trunk/openvas-manager/src/omp.c trunk/openvas-manager/src/oxpd.c trunk/openvas-manager/src/tasks_sql.h Log: Thanks to Stephan Kleine for reporting these. * src/omp.c (send_to_client, send_certificate): Use %zu for size_t. * src/oxpd.c (read_protocol): Cast precision arg to int. * src/lsc_user.c (file_utils_copy_file): Use the right format specifiers. * src/tasks_sql.h (escalate_1): Return -1 if to_address is NULL. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-05 20:38:02 UTC (rev 6672) +++ trunk/openvas-manager/ChangeLog 2010-02-05 21:18:29 UTC (rev 6673) @@ -1,5 +1,17 @@ 2010-02-05 Matthew Mundell + Thanks to Stephan Kleine for reporting these. + + * src/omp.c (send_to_client, send_certificate): Use %zu for size_t. + + * src/oxpd.c (read_protocol): Cast precision arg to int. + + * src/lsc_user.c (file_utils_copy_file): Use the right format specifiers. + + * src/tasks_sql.h (escalate_1): Return -1 if to_address is NULL. + +2010-02-05 Matthew Mundell + * src/omp.c (latex_escape_text): New function. (print_report_latex): Put close paren on line with code. Pass port in summary table column and subsubsection through latex_escape_text. Modified: trunk/openvas-manager/src/lsc_user.c =================================================================== --- trunk/openvas-manager/src/lsc_user.c 2010-02-05 20:38:02 UTC (rev 6672) +++ trunk/openvas-manager/src/lsc_user.c 2010-02-05 21:18:29 UTC (rev 6673) @@ -221,7 +221,8 @@ if (bytes_written != (size_t) src_file_size) { - g_debug ("%s: failed to write to %s (%d/%d)", + g_debug ("%s: failed to write to %s" + " (%zu/%" G_GSIZE_MODIFIER G_GSIZE_FORMAT ")", __FUNCTION__, dest_file, bytes_written, src_file_size); g_free (src_file_content); return FALSE; Modified: trunk/openvas-manager/src/omp.c =================================================================== --- trunk/openvas-manager/src/omp.c 2010-02-05 20:38:02 UTC (rev 6672) +++ trunk/openvas-manager/src/omp.c 2010-02-05 21:18:29 UTC (rev 6673) @@ -902,7 +902,7 @@ if (((buffer_size_t) TO_CLIENT_BUFFER_SIZE) - to_client_end < strlen (msg)) { - tracef (" send_to_client out of space (%i < %i)\n", + tracef (" send_to_client out of space (%i < %zu)\n", ((buffer_size_t) TO_CLIENT_BUFFER_SIZE) - to_client_end, strlen (msg)); return TRUE; @@ -2906,7 +2906,7 @@ "%s" "%s" "%s" - "%u" + "%zu" "%s" "", certificate_fingerprint (cert), Modified: trunk/openvas-manager/src/oxpd.c =================================================================== --- trunk/openvas-manager/src/oxpd.c 2010-02-05 20:38:02 UTC (rev 6672) +++ trunk/openvas-manager/src/oxpd.c 2010-02-05 21:18:29 UTC (rev 6673) @@ -236,7 +236,11 @@ } #if TRACE || LOG - logf ("<= client %.*s\n", count, from_client + from_client_end); + logf ("<= client %.*s\n", + /* Cast is safe because count is bounded by from_client + * size. */ + (int) count, + from_client + from_client_end); #if TRACE_TEXT if (g_strstr_len (from_client + from_client_end, count, @@ -244,7 +248,9 @@ tracef ("<= client Input may contain password, suppressed.\n"); else tracef ("<= client \"%.*s\"\n", - count, + /* Cast is safe because count is bounded by + * from_client size. */ + (int) count, from_client + from_client_end); #else tracef ("<= client %i bytes\n", count); Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2010-02-05 20:38:02 UTC (rev 6672) +++ trunk/openvas-manager/src/tasks_sql.h 2010-02-05 21:18:29 UTC (rev 6673) @@ -3006,17 +3006,20 @@ { case ESCALATOR_METHOD_EMAIL: { - int ret; - char *to_address, *from_address; + char *to_address; to_address = escalator_data (escalator, "method", "to_address"); - from_address = escalator_data (escalator, "method", "from_address"); if (to_address) { + int ret; gchar *body, *subject; - char *name, *notice; + char *name, *notice, *from_address; + from_address = escalator_data (escalator, + "method", + "from_address"); + notice = escalator_data (escalator, "method", "notice"); name = task_name (task); if (notice && strcmp (notice, "0") == 0) @@ -3060,8 +3063,9 @@ free (from_address); g_free (subject); g_free (body); + return ret; } - return ret; + return -1; break; } case ESCALATOR_METHOD_ERROR: From scm-commit at wald.intevation.org Fri Feb 5 22:20:37 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Feb 2010 22:20:37 +0100 (CET) Subject: [Openvas-commits] r6674 - in trunk/openvas-administrator: . src Message-ID: <20100205212037.95C1C8F3020E@pyrosoma.intevation.org> Author: mattm Date: 2010-02-05 22:20:37 +0100 (Fri, 05 Feb 2010) New Revision: 6674 Modified: trunk/openvas-administrator/ChangeLog trunk/openvas-administrator/src/oxpd.c Log: * src/oxpd.c (read_protocol) [TRACE || LOG]: Cast precision arg to int. Modified: trunk/openvas-administrator/ChangeLog =================================================================== --- trunk/openvas-administrator/ChangeLog 2010-02-05 21:18:29 UTC (rev 6673) +++ trunk/openvas-administrator/ChangeLog 2010-02-05 21:20:37 UTC (rev 6674) @@ -1,5 +1,9 @@ 2010-02-05 Matthew Mundell + * src/oxpd.c (read_protocol) [TRACE || LOG]: Cast precision arg to int. + +2010-02-05 Matthew Mundell + Thanks to Stephan Kleine. * src/oap.c (send_to_client): Use %zu for size_t. Modified: trunk/openvas-administrator/src/oxpd.c =================================================================== --- trunk/openvas-administrator/src/oxpd.c 2010-02-05 21:18:29 UTC (rev 6673) +++ trunk/openvas-administrator/src/oxpd.c 2010-02-05 21:20:37 UTC (rev 6674) @@ -239,7 +239,11 @@ } #if TRACE || LOG - logf ("<= client %.*s\n", count, from_client + from_client_end); + logf ("<= client %.*s\n", + /* Cast is safe because count is bounded by from_client + * size. */ + (int) count, + from_client + from_client_end); #if TRACE_TEXT if (g_strstr_len (from_client + from_client_end, count, @@ -247,7 +251,8 @@ tracef ("<= client Input may contain password, suppressed.\n"); else tracef ("<= client \"%.*s\"\n", - /* Cast is safe because count is bounded by from_client size. */ + /* Cast is safe because count is bounded by + * from_client size. */ (int) count, from_client + from_client_end); #else From scm-commit at wald.intevation.org Fri Feb 5 22:48:46 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Feb 2010 22:48:46 +0100 (CET) Subject: [Openvas-commits] r6675 - in trunk/openvas-manager: . src Message-ID: <20100205214846.CB745852AF8E@pyrosoma.intevation.org> Author: mattm Date: 2010-02-05 22:48:45 +0100 (Fri, 05 Feb 2010) New Revision: 6675 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/tasks_sql.h Log: * src/tasks_sql.h (restore_db): Add missing argument. Thanks to Stephan Kleine for reporting. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-05 21:20:37 UTC (rev 6674) +++ trunk/openvas-manager/ChangeLog 2010-02-05 21:48:45 UTC (rev 6675) @@ -1,5 +1,10 @@ 2010-02-05 Matthew Mundell + * src/tasks_sql.h (restore_db): Add missing argument. Thanks to + Stephan Kleine for reporting. + +2010-02-05 Matthew Mundell + Thanks to Stephan Kleine for reporting these. * src/omp.c (send_to_client, send_certificate): Use %zu for size_t. Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2010-02-05 21:20:37 UTC (rev 6674) +++ trunk/openvas-manager/src/tasks_sql.h 2010-02-05 21:48:45 UTC (rev 6675) @@ -865,10 +865,12 @@ /** * @brief Restore the database from a file. * + * @param[in] backup_file File to restore from. + * * @return 0 success, -1 fail. */ int -restore_db () +restore_db (const gchar *backup_file) { // FIX ensure lock on db and db synced first return -1; From scm-commit at wald.intevation.org Fri Feb 5 22:51:26 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Feb 2010 22:51:26 +0100 (CET) Subject: [Openvas-commits] r6676 - in trunk/openvas-manager: . doc Message-ID: <20100205215126.609B8852859A@pyrosoma.intevation.org> Author: mattm Date: 2010-02-05 22:51:25 +0100 (Fri, 05 Feb 2010) New Revision: 6676 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/TODO trunk/openvas-manager/doc/openvasmd.8 trunk/openvas-manager/doc/openvasmd.html Log: * TODO: Flush tabs from within entries. * doc/openvasmd.8, doc/openvasmd.html: Sync with generated version. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-05 21:48:45 UTC (rev 6675) +++ trunk/openvas-manager/ChangeLog 2010-02-05 21:51:25 UTC (rev 6676) @@ -1,5 +1,11 @@ 2010-02-05 Matthew Mundell + * TODO: Flush tabs from within entries. + + * doc/openvasmd.8, doc/openvasmd.html: Sync with generated version. + +2010-02-05 Matthew Mundell + * src/tasks_sql.h (restore_db): Add missing argument. Thanks to Stephan Kleine for reporting. Modified: trunk/openvas-manager/TODO =================================================================== --- trunk/openvas-manager/TODO 2010-02-05 21:48:45 UTC (rev 6675) +++ trunk/openvas-manager/TODO 2010-02-05 21:51:25 UTC (rev 6676) @@ -73,7 +73,7 @@ Consider dropping the file system based task storage backend entirely, as the file system tasks are already out of date (nvti*, initial run state) and would need considerable additional work to handle - simultaneous access to the task information. Looking at the openvasd + simultaneous access to the task information. Looking at the openvasd storage/backend/IPC may be a source of inspiration. In either case use a better mechanism than including tasks_sql.h and tasks_fs.h in manage.c. @@ -106,7 +106,7 @@ that is running. OMP specifies special output in this case. The manager simply responds as usual. - Consider using separate words for the task STATUS (the state of the task, + Consider using separate words for the task STATUS (the state of the task, like "Done") and the request STATUS (like "404"). Perhaps the request status could be called CODE, as in "HTTP error code". Modified: trunk/openvas-manager/doc/openvasmd.8 =================================================================== --- trunk/openvas-manager/doc/openvasmd.8 2010-02-05 21:48:45 UTC (rev 6675) +++ trunk/openvas-manager/doc/openvasmd.8 2010-02-05 21:51:25 UTC (rev 6676) @@ -16,9 +16,15 @@ \fB-l, --slisten=\fIADDRESS\fB\f1 Connect to server (openvassd) at address ADDRESS. .TP +\fB-u, --update\f1 +Updates the database with information from a running scanner (openvassd) and exits. +.TP \fB-p, --port=\fINUMBER\fB\f1 Listen on port number \fINUMBER\f1. .TP +\fB--rebuild\f1 +Rebuild the database with information from a running scanner (openvassd) and exits. +.TP \fB-s, --sport=\fINUMBER\fB\f1 Connect to server (openvassd) on port number \fINUMBER\f1. .TP Modified: trunk/openvas-manager/doc/openvasmd.html =================================================================== --- trunk/openvas-manager/doc/openvasmd.html 2010-02-05 21:48:45 UTC (rev 6675) +++ trunk/openvas-manager/doc/openvasmd.html 2010-02-05 21:51:25 UTC (rev 6676) @@ -40,14 +40,30 @@ + +

-u, --update

+ +

Updates the database with information from a running + scanner (openvassd) and exits.

+ + +

-p, --port=NUMBER

Listen on port number NUMBER.

+ +

--rebuild

+ +

Rebuild the database with information from a running + scanner (openvassd) and exits.

+ + +

-s, --sport=NUMBER

Connect to server (openvassd) on port number NUMBER.

From scm-commit at wald.intevation.org Mon Feb 8 09:20:07 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 8 Feb 2010 09:20:07 +0100 (CET) Subject: [Openvas-commits] r6677 - trunk/openvas-manager Message-ID: <20100208082007.0ABED86607B9@pyrosoma.intevation.org> Author: mwiegand Date: 2010-02-08 09:20:05 +0100 (Mon, 08 Feb 2010) New Revision: 6677 Modified: trunk/openvas-manager/CHANGES trunk/openvas-manager/ChangeLog Log: Preparing the openvas-manager 1.0.0-beta4 release. * CHANGES: Updated. Modified: trunk/openvas-manager/CHANGES =================================================================== --- trunk/openvas-manager/CHANGES 2010-02-05 21:51:25 UTC (rev 6676) +++ trunk/openvas-manager/CHANGES 2010-02-08 08:20:05 UTC (rev 6677) @@ -1,3 +1,23 @@ +openvas-manager 1.0.0-beta4 (2010-02-08) + +This is the fourth beta release of the openvas-manager module for the Open +Vulnerability Assessment System (OpenVAS) leading up to the upcoming +openvas-manager 1.0. + +Many thanks to everyone who has contributed to this release: +Stephan Kleine and Matthew Mundell. + +Main changes since 1.0.0-beta3: + +* More internal data structures are now identified by UUID and not by + name. +* A bug which prevented PDF reports to be generated from certain results due to + unescaped LaTeX characters has been fixed. +* A number of formatting and casting issues found by Stephan Kleine have been + fixed. +* The man page has been updated. + + openvas-manager 1.0.0-beta3 (2010-02-05) This is the third beta release of the openvas-manager module for the Open Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-05 21:51:25 UTC (rev 6676) +++ trunk/openvas-manager/ChangeLog 2010-02-08 08:20:05 UTC (rev 6677) @@ -1,3 +1,9 @@ +2010-02-08 Michael Wiegand + + Preparing the openvas-manager 1.0.0-beta4 release. + + * CHANGES: Updated. + 2010-02-05 Matthew Mundell * TODO: Flush tabs from within entries. From scm-commit at wald.intevation.org Mon Feb 8 09:25:07 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 8 Feb 2010 09:25:07 +0100 (CET) Subject: [Openvas-commits] r6678 - tags Message-ID: <20100208082507.31D3286607B9@pyrosoma.intevation.org> Author: mwiegand Date: 2010-02-08 09:25:04 +0100 (Mon, 08 Feb 2010) New Revision: 6678 Added: tags/openvas-manager-release-1.0.0-beta4/ Log: Tagging the openvas-manager 1.0.0-beta4 release. Copied: tags/openvas-manager-release-1.0.0-beta4 (from rev 6677, trunk/openvas-manager) From scm-commit at wald.intevation.org Mon Feb 8 09:25:58 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 8 Feb 2010 09:25:58 +0100 (CET) Subject: [Openvas-commits] r6679 - trunk/openvas-manager Message-ID: <20100208082558.16F7986607B9@pyrosoma.intevation.org> Author: mwiegand Date: 2010-02-08 09:25:56 +0100 (Mon, 08 Feb 2010) New Revision: 6679 Modified: trunk/openvas-manager/CMakeLists.txt trunk/openvas-manager/ChangeLog Log: Post-release version bump. * CMakeLists.txt: Updated version number. Modified: trunk/openvas-manager/CMakeLists.txt =================================================================== --- trunk/openvas-manager/CMakeLists.txt 2010-02-08 08:25:04 UTC (rev 6678) +++ trunk/openvas-manager/CMakeLists.txt 2010-02-08 08:25:56 UTC (rev 6679) @@ -72,7 +72,7 @@ set (CPACK_TOPLEVEL_TAG "") set (CPACK_PACKAGE_VERSION_MAJOR "1") set (CPACK_PACKAGE_VERSION_MINOR "0") -set (CPACK_PACKAGE_VERSION_PATCH "0-beta4${SVN_REVISION}") +set (CPACK_PACKAGE_VERSION_PATCH "0-beta5${SVN_REVISION}") set (CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.${CPACK_PACKAGE_VERSION_PATCH}") set (CPACK_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}") set (CPACK_SOURCE_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}") Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-08 08:25:04 UTC (rev 6678) +++ trunk/openvas-manager/ChangeLog 2010-02-08 08:25:56 UTC (rev 6679) @@ -1,5 +1,11 @@ 2010-02-08 Michael Wiegand + Post-release version bump. + + * CMakeLists.txt: Updated version number. + +2010-02-08 Michael Wiegand + Preparing the openvas-manager 1.0.0-beta4 release. * CHANGES: Updated. From scm-commit at wald.intevation.org Mon Feb 8 09:32:38 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 8 Feb 2010 09:32:38 +0100 (CET) Subject: [Openvas-commits] r6680 - trunk/doc/website Message-ID: <20100208083238.1ED9786607B9@pyrosoma.intevation.org> Author: mwiegand Date: 2010-02-08 09:32:37 +0100 (Mon, 08 Feb 2010) New Revision: 6680 Modified: trunk/doc/website/template_header.m4 Log: Updated download link for openvas-manager 1.0.0-beta4 release. Modified: trunk/doc/website/template_header.m4 =================================================================== --- trunk/doc/website/template_header.m4 2010-02-08 08:25:56 UTC (rev 6679) +++ trunk/doc/website/template_header.m4 2010-02-08 08:32:37 UTC (rev 6680) @@ -154,7 +154,7 @@ openvas-scanner 3.0.1
openvas-client 3.0.0
Optional:
- openvas-manager 1.0.0-beta3
+ openvas-manager 1.0.0-beta4
openvas-administrator 0.7.0
gsa 1.0.0-beta4

From scm-commit at wald.intevation.org Mon Feb 8 10:53:44 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 8 Feb 2010 10:53:44 +0100 (CET) Subject: [Openvas-commits] r6681 - in trunk/openvas-plugins: . scripts Message-ID: <20100208095344.1057086607B9@pyrosoma.intevation.org> Author: chandra Date: 2010-02-08 10:53:20 +0100 (Mon, 08 Feb 2010) New Revision: 6681 Added: trunk/openvas-plugins/scripts/gb_maildrop_detect.nasl trunk/openvas-plugins/scripts/gb_maildrop_priv_esc_vuln.nasl trunk/openvas-plugins/scripts/gb_ms_ie_npl_info_disc_vuln.nasl trunk/openvas-plugins/scripts/gb_squid_dos_vuln_feb10.nasl trunk/openvas-plugins/scripts/gb_sun_java_app_serv_xst_vuln.nasl trunk/openvas-plugins/scripts/gb_wireshark_mult_bof_vuln_lin.nasl trunk/openvas-plugins/scripts/gb_wireshark_mult_bof_vuln_win.nasl Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/cpe.inc trunk/openvas-plugins/scripts/lighttpd_38036.nasl trunk/openvas-plugins/scripts/secpod_sun_java_app_serv_detect.nasl Log: Added new plugins Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2010-02-08 08:32:37 UTC (rev 6680) +++ trunk/openvas-plugins/ChangeLog 2010-02-08 09:53:20 UTC (rev 6681) @@ -1,3 +1,22 @@ +2010-02-08 Chandrashekhar B + + * scripts/gb_maildrop_detect.nasl, + scripts/gb_wireshark_mult_bof_vuln_win.nasl, + scripts/gb_squid_dos_vuln_feb10.nasl, + scripts/gb_wireshark_mult_bof_vuln_lin.nasl, + scripts/gb_ms_ie_npl_info_disc_vuln.nasl, + scripts/gb_sun_java_app_serv_xst_vuln.nasl, + scripts/gb_maildrop_priv_esc_vuln.nasl: + Added new plugins. + + * scripts/secpod_sun_java_app_serv_detect.nasl: + Added a new version check. + + * scripts/lighttpd_38036.nasl: Included new version + as vulnerable. + + * scripts/cpe.inc: Added new CPE. + 2010-02-05 Felix Wolfsteller * scripts/ldap_detect.nasl, scripts/ldap.inc, Modified: trunk/openvas-plugins/scripts/cpe.inc =================================================================== --- trunk/openvas-plugins/scripts/cpe.inc 2010-02-08 08:32:37 UTC (rev 6680) +++ trunk/openvas-plugins/scripts/cpe.inc 2010-02-08 09:53:20 UTC (rev 6681) @@ -786,7 +786,8 @@ "SouthRiverWebDrive/Win/Ver", "^([0-9.]+)", "cpe:/a:south_river_technologies:webdrive:", "Varnish/Ver", "^([0-9.]+)", "cpe:/a:varnish.projects.linpro:varnish:", "GZip/Win/Ver", "^([0-9.]+)", "cpe:/a:gnu:gzip:", -"GZip/Linux/Ver", "^([0-9.]+)", "cpe:/a:gnu:gzip:" +"GZip/Linux/Ver", "^([0-9.]+)", "cpe:/a:gnu:gzip:", +"Maildrop/Linux/Ver", "^([0-9.]+)", "cpe:/a:maildrop:maildrop:" ); Added: trunk/openvas-plugins/scripts/gb_maildrop_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_maildrop_detect.nasl 2010-02-08 08:32:37 UTC (rev 6680) +++ trunk/openvas-plugins/scripts/gb_maildrop_detect.nasl 2010-02-08 09:53:20 UTC (rev 6681) @@ -0,0 +1,65 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_maildrop_detect.nasl 7136 2010-02-08 12:20:36Z feb $ +# +# Maildrop Version Detection +# +# Authors: +# Madhuri D +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800291); + script_version("$Revision$: 1.0"); + script_name("Maildrop Version Detection"); + desc = " + Overview: This script finds the installed Maildrop version and saves + the result in KB. + + Risk factor: Informational"; + + script_description(desc); + script_summary("Set the version of Maildrop in KB"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Service detection"); + exit(0); +} + + +include("ssh_func.inc"); +include("version_func.inc"); + +sock = ssh_login_or_reuse_connection(); +if(!sock){ + exit(0); +} + +mailName = find_bin(prog_name:"maildrop", sock:sock); +foreach binary_mailName (mailName) +{ + mailVer = get_bin_version(full_prog_name:chomp(binary_mailName), + version_argv:"-version", + ver_pattern:"maildrop ([0-9.]+)", sock:sock); + if(mailVer[1]){ + set_kb_item(name:"Maildrop/Linux/Ver", value:mailVer[1]); + } +} +ssh_close_connection(); Property changes on: trunk/openvas-plugins/scripts/gb_maildrop_detect.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_maildrop_priv_esc_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_maildrop_priv_esc_vuln.nasl 2010-02-08 08:32:37 UTC (rev 6680) +++ trunk/openvas-plugins/scripts/gb_maildrop_priv_esc_vuln.nasl 2010-02-08 09:53:20 UTC (rev 6681) @@ -0,0 +1,82 @@ +############################################################################## +# OpenVAS Vulnerability Test +# $Id: gb_maildrop_priv_esc_vuln.nasl 7136 2010-02-08 12:33:29 feb $ +# +# Maildrop Privilege Escalation Vulnerability. +# +# Authors: +# Madhuri D +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +################################i############################################### + +if(description) +{ + script_id(800292); + script_version("$Revision$: 1.0"); + script_cve_id("CVE-2010-0301"); + script_name("Maildrop Privilege Escalation Vulnerability"); + desc = " + Overview: This host is installed Maildrop and is prone to Privilege Escalation + vulnerability + + Vulnerability Insight: + The flaw is caused due to the error in the 'maildrop/main.C', when run by root + with the '-d' option, uses the gid of root for execution of the mailfilter file + in a user's home directory. + + Impact: + Successful exploitation will allow local users to gain elevated privileges. + + Impact Level: Application. + + Affected Software : + Maildrop version 2.3.0 and prior. + + Fix: Upgrade to Maildrop version 2.4.0 + For Updates Refer, http://sourceforge.net/projects/courier/files/ + + References: + http://secunia.com/advisories/38367 + http://xforce.iss.net/xforce/xfdb/55980 + http://securitytracker.com/alerts/2010/Jan/1023515.html + + CVSS Score: + CVSS Base Score : 6.9 (AV:L/AC:M/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 5.1 + Risk factor : High"; + + script_description(desc); + script_summary("Check for the version of Maildrop"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2010 Greenbone Networks GmbH"); + script_family("Privilege escalation"); + script_dependencies("gb_maildrop_detect.nasl"); + exit(0); +} + + +include("version_func.inc"); + +mailVer = get_kb_item("Maildrop/Linux/Ver"); +if(!mailVer){ + exit(0); +} + +if(version_is_less_equal(version:mailVer, test_version:"2.3.0")){ + security_hole(0); +} Property changes on: trunk/openvas-plugins/scripts/gb_maildrop_priv_esc_vuln.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_ms_ie_npl_info_disc_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_ms_ie_npl_info_disc_vuln.nasl 2010-02-08 08:32:37 UTC (rev 6680) +++ trunk/openvas-plugins/scripts/gb_ms_ie_npl_info_disc_vuln.nasl 2010-02-08 09:53:20 UTC (rev 6681) @@ -0,0 +1,108 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_ms_ie_npl_info_disc_vuln.nasl 7117 2010-02-05 12:40:05Z feb $ +# +# Microsoft Internet Explorer Information Disclosure Vulnerability (980088) +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800461); + script_version("$Revision$:1.0"); + script_cve_id("CVE-2010-0255"); + script_bugtraq_id(38055, 38056); + script_name("Microsoft Internet Explorer Information Disclosure Vulnerability (980088)"); + desc = " + Overview: + The host is installed with Internet Explorer and is prone to Information + Disclosure vulnerability. + + Vulnerability Insight: + The issue is caused due to the browser failing to prevent local content from + being rendered as HTML via the 'file://' protocol, which could allow attackers + to access files with an already known filename and location on a vulnerable + system. + + Impact: + Successful exploitation will allow remote attackers to gain knowledge of + sensitive information. + + Impact Level:System/ Application + + Affected Software/OS: + Internet Explorer Version 5.x, 6.x, 7.x , 8.x + + Fix: Apply the patch from below link, + http://support.microsoft.com/kb/980088 + + Workaround: + Apply workaround as in the advisory. + + References: + http://support.microsoft.com/kb/980088 + http://www.vupen.com/english/advisories/2010/0291 + http://www.microsoft.com/technet/security/advisory/980088.mspx + + CVSS Score: + CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 7.1 + Risk factor: High"; + + script_description(desc); + script_summary("Check for the version of Internet Explorer"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("General"); + script_dependencies("gb_ms_ie_detect.nasl"); + script_require_keys("MS/IE/Version"); + script_require_ports(139, 445); + exit(0); +} + + +include("smb_nt.inc"); + +ieVer = get_kb_item("MS/IE/Version"); +if(isnull(ieVer)){ + exit(0); +} + +if(!registry_key_exists(key:"SOFTWARE\Microsoft\Windows\CurrentVersion" + + "\Internet Settings\RestrictedProtocols")) +{ + #Check for workaround + value = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion" + + "\Internet Settings\RestrictedProtocols\1", item:"file"); + if("file" >!< value) + { + #check for workaround + pValue = registry_get_dword(key:"SOFTWARE\Microsoft\Internet Explorer\Main" + + "\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN", item:"explorer.exe"); + if(pValue != "1" && (pValue == 0)) + { + #Check for version + if(ieVer =~ "^[5|6|7|8]\."){ + security_hole(0); + } + } + } +} Property changes on: trunk/openvas-plugins/scripts/gb_ms_ie_npl_info_disc_vuln.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_squid_dos_vuln_feb10.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_squid_dos_vuln_feb10.nasl 2010-02-08 08:32:37 UTC (rev 6680) +++ trunk/openvas-plugins/scripts/gb_squid_dos_vuln_feb10.nasl 2010-02-08 09:53:20 UTC (rev 6681) @@ -0,0 +1,91 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_squid_dos_vuln_feb10.nasl 7104 2010-02-04 12:45:380Z feb $ +# +# Squid 'lib/rfc1035.c' Denial Of Service Vulnerability +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800460); + script_version("$Revision$: 1.0"); + script_cve_id("CVE-2010-0308"); + script_name("Squid 'lib/rfc1035.c' Denial Of Service Vulnerability"); + desc = " + Overview: This host is running Squid and is prone to Denial of Service + vulnerability. + + Vulnerability Insight: + The flaw is due to error in 'lib/rfc1035.c' when, processing crafted DNS + packet that only contains a header. + + Impact: + Successful exploitation could allow remote attackers to cause a denial of service + via a crafted auth header. + + Affected Software/OS: + Squid Version 2.x, 3.0 to 3.0.STABLE22, and 3.1 to 3.1.0.15 + + Fix: Apply patches or upgrade to the squid version 3.0.STABLE23 or 3.1.0.16 + http://www.squid-cache.org/Download/ + http://www.squid-cache.org/Versions/v2/HEAD/changesets/12597.patch + http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9163.patch + http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-9853.patch + + ***** + NOTE : Ignore this warning, if above mentioned patch is already applied. + ***** + + References: + http://secunia.com/advisories/38455 + http://secunia.com/advisories/38451 + http://xforce.iss.net/xforce/xfdb/56001 + http://www.vupen.com/english/advisories/2010/0260 + http://www.squid-cache.org/Advisories/SQUID-2010_1.txt + + CVSS Score: + CVSS Base Score : 5.0 (AV:N/AC:L/Au:NR/C:N/I:N/A:P) + CVSS Temporal Score : 3.7 + Risk factor : Medium"; + + script_description(desc); + script_summary("Check for the version of Squid"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Denial of Service"); + script_dependencies("secpod_squid_detect.nasl"); + exit(0); +} + + +include("version_func.inc"); + +squidVer = get_kb_item(string("www/", port, "/Squid")); +if(isnull(squidVer)){ + exit(0); +} + +if((squidVer =~ "^2\.0") || + version_in_range(version:squidVer, test_version:"3.1", test_version2:"3.1.0.15") || + version_in_range(version:squidVer, test_version:"3.0", test_version2:"3.0.STABLE22")){ + security_warning(port); +} Property changes on: trunk/openvas-plugins/scripts/gb_squid_dos_vuln_feb10.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_sun_java_app_serv_xst_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_sun_java_app_serv_xst_vuln.nasl 2010-02-08 08:32:37 UTC (rev 6680) +++ trunk/openvas-plugins/scripts/gb_sun_java_app_serv_xst_vuln.nasl 2010-02-08 09:53:20 UTC (rev 6681) @@ -0,0 +1,101 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_sun_java_app_serv_xst_vuln.nasl 6970 2010-02-05 13:57:42Z feb $ +# +# Sun Java System Application Server Cross Site Tracing Vulnerability +# +# Authors: +# Veerendra G +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800162); + script_version("$Revision$: 1.0"); + script_cve_id("CVE-2010-0386"); + script_name("Sun Java System Application Server Cross Site Tracing Vulnerability"); + desc = " + Overview: This host has Sun Java System Application Server running which is + prone to Cross Site Tracing vulnerability. + + Vulnerability Insight: + An error exists while processing HTTP TRACE method and returns contents of + clients HTTP requests in the entity-body of the TRACE response. An attacker + can use this behavior to access sensitive information, such as cookies or + authentication data, contained in the HTTP headers of the request. + + Impact: + Successful exploitation lets the attackers to to get sensitive information, + such as cookies or authentication data, contained in the HTTP headers. + + Impact Level: Application + + Affected Software/OS: + Sun Java System Application Server Standard Edition 7 and later updates + Sun Java System Application Server Standard Edition 7 2004Q2 and later updates + + Fix: No solution or patch is available, + The workaround provided in the 'Workaround' section is the final resolution + to this issue. + + Workaround: + Apply the workaround as it is final resolution to this issue, + http://sunsolve.sun.com/search/document.do?assetkey=1-66-200942-1 + + ***** + NOTE : Ignore this warning, if above workaround has been applied. + ***** + + References: + http://www.kb.cert.org/vuls/id/867593 + http://sunsolve.sun.com/search/document.do?assetkey=1-66-200942-1 + + CVSS Score: + CVSS Base Score : 4.3 (AV:N/AC:M/Au:NR/C:P/I:N/A:N) + CVSS Temporal Score : 3.5 + Risk factor: Medium"; + + script_description(desc); + script_summary("Check for the version of Sun Java Application Server"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2010 Greenbone Networks GmbH"); + script_family("Web application abuses"); + script_dependencies("secpod_sun_java_app_serv_detect.nasl"); + script_require_keys("Sun/Java/AppServer/Ver"); + script_require_ports("Services/www", 80, 8080); + exit(0); +} + + +include("http_func.inc"); + +port = get_http_port(default:80); +if(!port){ + exit(0); +} + +## Get Sun Java Application Server version from KB +appservVer = get_kb_item("Sun/Java/AppServer/Ver"); +if(appservVer =~ "^7" ) +{ + ## Check for Sun Java Application Server version 7.0 and 7 2004Q2 + if(appservVer =~ "7.0|7 2004Q2"){ + security_warning(port); + } +} Property changes on: trunk/openvas-plugins/scripts/gb_sun_java_app_serv_xst_vuln.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_wireshark_mult_bof_vuln_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_wireshark_mult_bof_vuln_lin.nasl 2010-02-08 08:32:37 UTC (rev 6680) +++ trunk/openvas-plugins/scripts/gb_wireshark_mult_bof_vuln_lin.nasl 2010-02-08 09:53:20 UTC (rev 6681) @@ -0,0 +1,85 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_wireshark_mult_bof_vuln_lin.nasl 7103 2010-02-05 12:33:29 feb $ +# +# Wireshark Multiple Buffer Overflow Vulnerabilities (Linux) +# +# Authors: +# Madhuri D +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800289); + script_version("$Revision$: 1.0"); + script_cve_id("CVE-2010-0304"); + script_bugtraq_id(37985); + script_name("Wireshark Multiple Buffer Overflow Vulnerabilities (Linux)"); + desc = " + Overview: This host is installed with Wireshark and is prone to multiple Buffer + Overflow vulnerabilities. + + Vulnerability Insight: + The flaws are caused by buffer overflow errors in the LWRES dissector when + processing malformed data or packets. + + Impact: + Successful exploitation allows attackers to crash an affected application or + potentially execute arbitrary code. + + Impact Level: Application. + + Affected Software/OS: + Wireshark version 1.2.0 to 1.2.5 and 0.9.15 to 1.0.10 + + Fix: Upgrade to Wireshark 1.2.6 or 1.0.11 + For Updates Refer, http://www.wireshark.org/download.html + + References: + http://xforce.iss.net/xforce/xfdb/55951 + http://www.securityfocus.com/bid/37985/info + http://www.vupen.com/english/advisories/2010/0239 + + CVSS Score: + CVSS Base Score : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P) + CVSS Temporal Score : 5.5 + Risk factor : High"; + + script_description(desc); + script_summary("Check for the version of Wireshark"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2010 Greenbone Networks GmbH"); + script_dependencies("gb_wireshark_detect_lin.nasl"); + script_family("Buffer overflow"); + script_require_keys("Wireshark/Linux/Ver"); + exit(0); +} + + +include("version_func.inc"); + +wireVer = get_kb_item("Wireshark/Linux/Ver"); +if(!wireVer){ + exit(0); +} + +if(version_in_range(version:wireVer, test_version:"1.2.0", test_version2:"1.2.5") || + version_in_range(version:wireVer, test_version:"0.9.15", test_version2:"1.0.10")){ + security_hole(0); +} Property changes on: trunk/openvas-plugins/scripts/gb_wireshark_mult_bof_vuln_lin.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_wireshark_mult_bof_vuln_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_wireshark_mult_bof_vuln_win.nasl 2010-02-08 08:32:37 UTC (rev 6680) +++ trunk/openvas-plugins/scripts/gb_wireshark_mult_bof_vuln_win.nasl 2010-02-08 09:53:20 UTC (rev 6681) @@ -0,0 +1,86 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_wireshark_mult_bof_vuln_win.nasl 7103 2010-02-05 14:33:29 feb $ +# +# Wireshark Multiple Buffer Overflow Vulnerabilities (Win) +# +# Authors: +# Madhuri D +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800290); + script_version("$Revision$: 1.0"); + script_cve_id("CVE-2010-0304"); + script_bugtraq_id(37985); + script_name("Wireshark Multiple Buffer Overflow Vulnerabilities (Win)"); + desc = " + Overview: This host is installed with Wireshark and is prone to multiple Buffer + Overflow vulnerabilities. + + Vulnerability Insight: + The flaws are caused by buffer overflow errors in the LWRES dissector when + processing malformed data or packets. + + Impact: + Successful exploitation allows attackers to crash an affected application or + potentially execute arbitrary code. + + Impact Level: Application. + + Affected Software/OS: + Wireshark version 1.2.0 to 1.2.5 and 0.9.15 to 1.0.10 + + Fix: Upgrade to Wireshark 1.2.6 or 1.0.11 + For Updates Refer, http://www.wireshark.org/download.html + + References: + http://xforce.iss.net/xforce/xfdb/55951 + http://www.securityfocus.com/bid/37985/info + http://www.vupen.com/english/advisories/2010/0239 + + CVSS Score: + CVSS Base Score : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P) + CVSS Temporal Score : 5.5 + Risk factor : High"; + + script_description(desc); + script_summary("Check for the version of Wireshark"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2010 Greenbone Networks GmbH"); + script_dependencies("gb_wireshark_detect_win.nasl"); + script_family("Buffer overflow"); + script_require_keys("Wireshark/Win/Ver"); + script_require_ports(139, 445); + exit(0); +} + + +include("version_func.inc"); + +wireVer = get_kb_item("Wireshark/Win/Ver"); +if(!wireVer){ + exit(0); +} + +if(version_in_range(version:wireVer, test_version:"1.2.0", test_version2:"1.2.5") || + version_in_range(version:wireVer, test_version:"0.9.15", test_version2:"1.0.10")){ + security_hole(0); +} Property changes on: trunk/openvas-plugins/scripts/gb_wireshark_mult_bof_vuln_win.nasl ___________________________________________________________________ Name: svn:keywords + Revision Modified: trunk/openvas-plugins/scripts/lighttpd_38036.nasl =================================================================== --- trunk/openvas-plugins/scripts/lighttpd_38036.nasl 2010-02-08 08:32:37 UTC (rev 6680) +++ trunk/openvas-plugins/scripts/lighttpd_38036.nasl 2010-02-08 09:53:20 UTC (rev 6681) @@ -75,7 +75,7 @@ version = eregmatch(pattern: "Server: lighttpd/([0-9.]+)", string: banner); if(isnull(version[1]))exit(0); -if(version_is_less_equal(version: version[1], test_version: "1.4.26")) { +if(version_is_less_equal(version: version[1], test_version: "1.4.25")) { security_warning(port:port); exit(0); } Modified: trunk/openvas-plugins/scripts/secpod_sun_java_app_serv_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_sun_java_app_serv_detect.nasl 2010-02-08 08:32:37 UTC (rev 6680) +++ trunk/openvas-plugins/scripts/secpod_sun_java_app_serv_detect.nasl 2010-02-08 09:53:20 UTC (rev 6681) @@ -7,6 +7,11 @@ # Authors: # Sharath S # +# Updated By Veerendra G +# date update: 2010/02/05 +# Added logic to detect Sun Java System Application Server Version from +# Response headers +# # Copyright: # Copyright (c) 2009 SecPod, http://www.secpod.com # @@ -27,7 +32,7 @@ if(description) { script_id(900200); - script_version("Revision: 1.0 "); + script_version("$Revision$"); script_name("Sun Java System Application Server Version Detection"); desc = " Overview: This script detects the installed version of Application Server and @@ -36,12 +41,12 @@ Risk factor: Informational"; script_description(desc); - script_summary("Sets the KB for the version of Application Server"); + script_summary("Sets the KB for the version of Sun Java Application Server"); script_category(ACT_GATHER_INFO); script_copyright("Copyright (C) 2009 SecPod"); - script_family("General"); + script_family("Service detection"); script_dependencies("http_version.nasl"); - script_require_ports("Services/www", 8080); + script_require_ports("Services/www", 80, 8080); exit(0); } @@ -54,12 +59,34 @@ exit(0); } -sndReq = string("GET / \r\n\r\n","Host: ", get_host_name(), "\r\n\r\n"); -rcvRes = http_keepalive_send_recv(port:port, data:sndReq); +## Send Request and Receive Response +sndReq = http_get(item:"/", port:port); +rcvRes = http_keepalive_send_recv(port:port, data:sndReq, bodyonly:0); if(rcvRes == NULL){ exit(0); } +## Sun Java System Application Server Formerly known as +## Sun ONE Application Server and now it is known as +## Sun GlassFish Enterprise Server +## http://www.sun.com/software/products/appsrvr/index.jsp + +## Get Version from Response headers Sample Headers, +## Server: Sun-ONE-Application-Server/7.0.0_11 +## Server: Sun-Java-System-Application-Server/7 2004Q2UR6 +## Sun Java System Application Server Platform Edition 9.0_01 + +## Grep for Sun Java System Application Server Version from Response Headers. +appservVer = eregmatch(pattern:"Server: Sun[- a-zA-Z]+Application[- ]"+ + "Server/?([a-zA-Z0-9._ ]+)", string:rcvRes); + +if(appservVer[1] != NULL){ + appservVer = appservVer[1] - " Platform Edition "; + appservVer = chomp(appservVer); + set_kb_item(name:"Sun/Java/AppServer/Ver", value:appservVer); + exit(0); +} + if(egrep(pattern:"Sun Java System Application Server .*", string:rcvRes)) { # Grep the Java Application Server Version from response Property changes on: trunk/openvas-plugins/scripts/secpod_sun_java_app_serv_detect.nasl ___________________________________________________________________ Name: svn:keywords + Revision From scm-commit at wald.intevation.org Mon Feb 8 11:34:42 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 8 Feb 2010 11:34:42 +0100 (CET) Subject: [Openvas-commits] r6682 - in trunk/openvas-plugins: . scripts Message-ID: <20100208103442.6ECF486607B9@pyrosoma.intevation.org> Author: chandra Date: 2010-02-08 11:34:22 +0100 (Mon, 08 Feb 2010) New Revision: 6682 Added: trunk/openvas-plugins/scripts/gb_RHSA-2010_0076-01_kernel.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02464.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02479.nasl trunk/openvas-plugins/scripts/gb_mandriva_MDVA_2010_048.nasl trunk/openvas-plugins/scripts/gb_mandriva_MDVA_2010_049.nasl trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2010_030.nasl trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2010_031.nasl trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2010_032.nasl trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2010_033.nasl trunk/openvas-plugins/scripts/gb_ubuntu_USN_894_1.nasl Modified: trunk/openvas-plugins/ChangeLog Log: Added new LSC's Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2010-02-08 09:53:20 UTC (rev 6681) +++ trunk/openvas-plugins/ChangeLog 2010-02-08 10:34:22 UTC (rev 6682) @@ -1,5 +1,19 @@ 2010-02-08 Chandrashekhar B + * scripts/gb_mandriva_MDVSA_2010_031.nasl, + scripts/gb_RHSA-2010_0076-01_kernel.nasl, + scripts/gb_mandriva_MDVSA_2010_033.nasl, + scripts/gb_mandriva_MDVSA_2010_030.nasl, + scripts/gb_mandriva_MDVA_2010_049.nasl, + scripts/gb_mandriva_MDVSA_2010_032.nasl, + scripts/gb_hp_ux_HPSBUX02464.nasl, + scripts/gb_ubuntu_USN_894_1.nasl, + scripts/gb_hp_ux_HPSBUX02479.nasl, + scripts/gb_mandriva_MDVA_2010_048.nasl: + Added new LSC's. + +2010-02-08 Chandrashekhar B + * scripts/gb_maildrop_detect.nasl, scripts/gb_wireshark_mult_bof_vuln_win.nasl, scripts/gb_squid_dos_vuln_feb10.nasl, Added: trunk/openvas-plugins/scripts/gb_RHSA-2010_0076-01_kernel.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2010_0076-01_kernel.nasl 2010-02-08 09:53:20 UTC (rev 6681) +++ trunk/openvas-plugins/scripts/gb_RHSA-2010_0076-01_kernel.nasl 2010-02-08 10:34:22 UTC (rev 6682) @@ -0,0 +1,193 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for kernel RHSA-2010:0076-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870213); + script_version("$Revision$: 1.0"); + script_xref(name: "RHSA", value: "2010:0076-01"); + script_cve_id("CVE-2009-3080", "CVE-2009-3889", "CVE-2009-3939", "CVE-2009-4005", "CVE-2009-4020", "CVE-2009-4537"); + script_name("RedHat Update for kernel RHSA-2010:0076-01"); + desc = " + + Vulnerability Insight: + The kernel packages contain the Linux kernel, the core of any Linux + operating system. + + This update fixes the following security issues: + + * an array index error was found in the gdth driver in the Linux kernel. A + local user could send a specially-crafted IOCTL request that would cause a + denial of service or, possibly, privilege escalation. (CVE-2009-3080, + Important) + + * a flaw was found in the collect_rx_frame() function in the HiSax ISDN + driver (hfc_usb) in the Linux kernel. An attacker could use this flaw to + send a specially-crafted HDLC packet that could trigger a buffer out of + bounds, possibly resulting in a denial of service. (CVE-2009-4005, + Important) + + * permission issues were found in the megaraid_sas driver (for SAS based + RAID controllers) in the Linux kernel. The "dbg_lvl" and "poll_mode_io" + files on the sysfs file system ("/sys/") had world-writable permissions. + This could allow local, unprivileged users to change the behavior of the + driver. (CVE-2009-3889, CVE-2009-3939, Moderate) + + * a buffer overflow flaw was found in the hfs_bnode_read() function in the + HFS file system implementation in the Linux kernel. This could lead to a + denial of service if a user browsed a specially-crafted HFS file system, + for example, by running "ls". (CVE-2009-4020, Low) + + This update also fixes the following bugs: + + * if a process was using ptrace() to trace a multi-threaded process, and + that multi-threaded process dumped its core, the process performing the + trace could hang in wait4(). This issue could be triggered by running + "strace -f" on a multi-threaded process that was dumping its core, + resulting in the strace command hanging. (BZ#555869) + + * a bug in the ptrace() implementation could have, in some cases, caused + ptrace_detach() to create a zombie process if the process being traced + was terminated with a SIGKILL signal. (BZ#555869) + + * the RHSA-2010:0020 update resolved an issue (CVE-2009-4537) in the + Realtek r8169 Ethernet driver. This update implements a better solution for + that issue. Note: This is not a security regression. The original fix was + complete. This update is adding the official upstream fix. (BZ#556406) + + Users should upgrade to these updated packages, which contain backported + patches to correct these issues. The system must be rebooted for this + update to take effect. + + + Affected Software/OS: + kernel on Red Hat Enterprise Linux AS version 4, + Red Hat Enterprise Linux ES version 4, + Red Hat Enterprise Linux WS version 4 + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2010-February/msg00000.html + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of kernel"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_4") +{ + + if(isrpmvuln(pkg:"kernel", rpm:"kernel~2.6.9~89.0.20.EL", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-debuginfo", rpm:"kernel-debuginfo~2.6.9~89.0.20.EL", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-devel", rpm:"kernel-devel~2.6.9~89.0.20.EL", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-hugemem", rpm:"kernel-hugemem~2.6.9~89.0.20.EL", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-hugemem-devel", rpm:"kernel-hugemem-devel~2.6.9~89.0.20.EL", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-smp", rpm:"kernel-smp~2.6.9~89.0.20.EL", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-smp-devel", rpm:"kernel-smp-devel~2.6.9~89.0.20.EL", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-xenU", rpm:"kernel-xenU~2.6.9~89.0.20.EL", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-xenU-devel", rpm:"kernel-xenU-devel~2.6.9~89.0.20.EL", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-doc", rpm:"kernel-doc~2.6.9~89.0.20.EL", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-largesmp", rpm:"kernel-largesmp~2.6.9~89.0.20.EL", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-largesmp-devel", rpm:"kernel-largesmp-devel~2.6.9~89.0.20.EL", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_RHSA-2010_0076-01_kernel.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02464.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02464.nasl 2010-02-08 09:53:20 UTC (rev 6681) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02464.nasl 2010-02-08 10:34:22 UTC (rev 6682) @@ -0,0 +1,109 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for HP-UX Pkg HPSBUX02464 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835209); + script_version("$Revision$: 1.0"); + script_xref(name: "HPSBUX", value: "02464"); + script_cve_id("CVE-2009-4184"); + script_name("HP-UX Update for HP-UX Pkg HPSBUX02464"); + desc = " + + Vulnerability Insight: + A potential security vulnerability has been identified on HP Enterprise + Cluster Master Toolkit (ECMT) version B.05.00 running on HP-UX. This + vulnerability could be exploited by local users to gain unauthorized access. + + Impact: + Local unauthorized access + + Affected Software/OS: + HP-UX Pkg on + ECMT B.05.00 running on HP-UX B.11.23 (11i v2) or HP-UX B.11.31 (11i v3). + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01894850 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of HP-UX Pkg"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.31") +{ + + if(ishpuxpkgvuln(pkg:"SG-Oracle-Tool.CM-ORACLE", patch_list:['PHSS_40230'], rls:"HPUX11.31")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SG-Sybase-Tool.CM-SYBASE", patch_list:['PHSS_40230'], rls:"HPUX11.31")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.23") +{ + + if(ishpuxpkgvuln(pkg:"SG-Oracle-Tool.CM-ORACLE", patch_list:['PHSS_40229'], rls:"HPUX11.23")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SG-Sybase-Tool.CM-SYBASE", patch_list:['PHSS_40229'], rls:"HPUX11.23")) + { + security_hole(0); + exit(0); + } + + exit(0); +} Property changes on: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02464.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02479.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02479.nasl 2010-02-08 09:53:20 UTC (rev 6681) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02479.nasl 2010-02-08 10:34:22 UTC (rev 6682) @@ -0,0 +1,323 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for HP CIFS Server (Samba) HPSBUX02479 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835206); + script_version("$Revision$: 1.0"); + script_xref(name: "HPSBUX", value: "02479"); + script_cve_id("CVE-2009-2813"); + script_name("HP-UX Update for HP CIFS Server (Samba) HPSBUX02479"); + desc = " + + Vulnerability Insight: + A potential security vulnerability has been identified with HP-UX running HP + CIFS Server (Samba). The vulnerability could be exploited to gain remote + unauthorized access. + + Impact: + Remote unauthorized access + + Affected Software/OS: + HP CIFS Server (Samba) on + HP CIFS Server vA.02.03.04 and vA.02.04 running on HP-UX B.11.11, B.11.23, + or B.11.31. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01940841 + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of HP CIFS Server (Samba)"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); +if(release == NULL){ + exit(0); +} + +pkgs_rev = get_kb_item("ssh/login/hp_pkgrev"); +ver = eregmatch(pattern:"CIFS-Server.CIFS-ADMIN[ ]+(A.02.0[34])",string:pkgs_rev); + +if(ver == NULL){ + exit(0); +} + +if(release == "HPUX11.31") +{ + if (ver[1] == "A.02.04") + { + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-ADMIN", revision:"A.02.04.01", rls:"HPUX11.31")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-DOC", revision:"A.02.04.01", rls:"HPUX11.31")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-LIB", revision:"A.02.04.01", rls:"HPUX11.31")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-MAN", revision:"A.02.04.01", rls:"HPUX11.31")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-RUN", revision:"A.02.04.01", rls:"HPUX11.31")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-UTIL", revision:"A.02.04.01", rls:"HPUX11.31")) + { + security_hole(0); + exit(0); + } + } + + if (ver[1] == "A.02.03") + { + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-ADMIN", revision:"A.02.03.05", rls:"HPUX11.31")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-DOC", revision:"A.02.03.05", rls:"HPUX11.31")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-LIB", revision:"A.02.03.05", rls:"HPUX11.31")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-RUN", revision:"A.02.03.05", rls:"HPUX11.31")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-UTIL", revision:"A.02.03.05", rls:"HPUX11.31")) + { + security_hole(0); + exit(0); + } + } + + if(ishpuxpkgvuln(pkg:"CIFS-CFSM.CFSM-KRN", revision:"A.02.03.05", rls:"HPUX11.31")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-CFSM.CFSM-RUN", revision:"A.02.03.05", rls:"HPUX11.31")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.23") +{ + if (ver[1] == "A.02.04") + { + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-ADMIN", revision:"A.02.04.01", rls:"HPUX11.23")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-DOC", revision:"A.02.04.01", rls:"HPUX11.23")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-LIB", revision:"A.02.04.01", rls:"HPUX11.23")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-MAN", revision:"A.02.04.01", rls:"HPUX11.23")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-RUN", revision:"A.02.04.01", rls:"HPUX11.23")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-UTIL", revision:"A.02.04.01", rls:"HPUX11.23")) + { + security_hole(0); + exit(0); + } + } + + if (ver[1] == "A.02.03") + { + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-ADMIN", revision:"A.02.03.05", rls:"HPUX11.23")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-DOC", revision:"A.02.03.05", rls:"HPUX11.23")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-LIB", revision:"A.02.03.05", rls:"HPUX11.23")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-RUN", revision:"A.02.03.05", rls:"HPUX11.23")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-UTIL", revision:"A.02.03.05", rls:"HPUX11.23")) + { + security_hole(0); + exit(0); + } + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + if (ver[1] == "A.02.04") + { + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-ADMIN", revision:"A.02.04.01", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-DOC", revision:"A.02.04.01", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-LIB", revision:"A.02.04.01", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-MAN", revision:"A.02.04.01", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-RUN", revision:"A.02.04.01", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-UTIL", revision:"A.02.04.01", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + } + + if (ver[1] == "A.02.03") + { + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-ADMIN", revision:"A.02.03.05", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-DOC", revision:"A.02.03.05", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-LIB", revision:"A.02.03.05", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-RUN", revision:"A.02.03.05", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-UTIL", revision:"A.02.03.05", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + } + exit(0); +} Property changes on: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02479.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_mandriva_MDVA_2010_048.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_mandriva_MDVA_2010_048.nasl 2010-02-08 09:53:20 UTC (rev 6681) +++ trunk/openvas-plugins/scripts/gb_mandriva_MDVA_2010_048.nasl 2010-02-08 10:34:22 UTC (rev 6682) @@ -0,0 +1,167 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Mandriva Update for gtk MDVA-2010:048 (gtk) +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(830859); + script_version("$Revision$: 1.0"); + script_xref(name: "MDVA", value: "2010:048"); + script_name("Mandriva Update for gtk MDVA-2010:048 (gtk)"); + desc = " + + Vulnerability Insight: + + gtk+ 2.0 was not handling correctly input method in client-side + window mode. This could lead to applications crash, inkscape is a + good example of crash. This updates fixes this issues and upgrades + gtk+2.0 to latest stable release (2.18.6), which includes stability + fixes for various applications, including gnome-panel. + + Affected Software/OS: + gtk on Mandriva Linux 2010.0, + Mandriva Linux 2010.0/X86_64 + + Fix: Please Install the Updated Packages. + + References: + http://lists.mandriva.com/security-announce/2010-02/msg00000.php + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of gtk"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Mandrake Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "MNDK_2010.0") +{ + + if(isrpmvuln(pkg:"gtk+2.0", rpm:"gtk+2.0~2.18.6~1.1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libgail18", rpm:"libgail18~2.18.6~1.1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libgail-devel", rpm:"libgail-devel~2.18.6~1.1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libgdk_pixbuf2.0_0", rpm:"libgdk_pixbuf2.0_0~2.18.6~1.1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libgdk_pixbuf2.0_0-devel", rpm:"libgdk_pixbuf2.0_0-devel~2.18.6~1.1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libgtk+2.0_0", rpm:"libgtk+2.0_0~2.18.6~1.1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libgtk+2.0_0-devel", rpm:"libgtk+2.0_0-devel~2.18.6~1.1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libgtk+-x11", rpm:"libgtk+-x11~2.0_0~2.18.6~1.1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"lib64gail18", rpm:"lib64gail18~2.18.6~1.1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"lib64gail-devel", rpm:"lib64gail-devel~2.18.6~1.1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"lib64gdk_pixbuf2.0_0", rpm:"lib64gdk_pixbuf2.0_0~2.18.6~1.1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"lib64gdk_pixbuf2.0_0-devel", rpm:"lib64gdk_pixbuf2.0_0-devel~2.18.6~1.1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"lib64gtk+2.0_0", rpm:"lib64gtk+2.0_0~2.18.6~1.1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"lib64gtk+2.0_0-devel", rpm:"lib64gtk+2.0_0-devel~2.18.6~1.1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"lib64gtk+-x11", rpm:"lib64gtk+-x11~2.0_0~2.18.6~1.1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_mandriva_MDVA_2010_048.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_mandriva_MDVA_2010_049.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_mandriva_MDVA_2010_049.nasl 2010-02-08 09:53:20 UTC (rev 6681) +++ trunk/openvas-plugins/scripts/gb_mandriva_MDVA_2010_049.nasl 2010-02-08 10:34:22 UTC (rev 6682) @@ -0,0 +1,85 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Mandriva Update for mailcap MDVA-2010:049 (mailcap) +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(830861); + script_version("$Revision$: 1.0"); + script_xref(name: "MDVA", value: "2010:049"); + script_name("Mandriva Update for mailcap MDVA-2010:049 (mailcap)"); + desc = " + + Vulnerability Insight: + + It was discovered that the mailcap package needed by firefox wasn't + provided with MDVA-2010:015. + + Packages for 2008.0 are provided for Corporate Desktop 2008.0 + customers. + + This advisory addresses these problems. + + Affected Software/OS: + mailcap on Mandriva Linux 2008.0, + Mandriva Linux 2008.0/X86_64 + + Fix: Please Install the Updated Packages. + + References: + http://lists.mandriva.com/security-announce/2010-02/msg00001.php + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of mailcap"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Mandrake Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "MNDK_2008.0") +{ + + if(isrpmvuln(pkg:"mailcap", rpm:"mailcap~2.0.4~16.1mdv2008.0", rls:"MNDK_2008.0")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_mandriva_MDVA_2010_049.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2010_030.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2010_030.nasl 2010-02-08 09:53:20 UTC (rev 6681) +++ trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2010_030.nasl 2010-02-08 10:34:22 UTC (rev 6682) @@ -0,0 +1,809 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Mandriva Update for kernel MDVSA-2010:030 (kernel) +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(830860); + script_version("$Revision$: 1.0"); + script_xref(name: "MDVSA", value: "2010:030"); + script_cve_id("CVE-2009-3080", "CVE-2009-4005", "CVE-2010-0299"); + script_name("Mandriva Update for kernel MDVSA-2010:030 (kernel)"); + desc = " + + Vulnerability Insight: + + Some vulnerabilities were discovered and corrected in the Linux + 2.6 kernel: + + Array index error in the gdth_read_event function in + drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows + local users to cause a denial of service or possibly gain privileges + via a negative event index in an IOCTL request. (CVE-2009-3080) + + The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the + Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified + impact via a crafted HDLC packet that arrives over ISDN and triggers + a buffer under-read. (CVE-2009-4005) + + An issue was discovered in 2.6.32.x kernels, which sets unsecure + permission for devtmpfs file system by default. (CVE-2010-0299) + + Additionally, it was added support for Atheros AR2427 Wireless + Network Adapter. + + To update your kernel, please follow the directions located at: + + http://www.mandriva.com/en/security/kernelupdate + + Affected Software/OS: + kernel on Mandriva Linux 2010.0, + Mandriva Linux 2010.0/X86_64 + + Fix: Please Install the Updated Packages. + + References: + http://lists.mandriva.com/security-announce/2010-02/msg00002.php + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of kernel"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Mandrake Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "MNDK_2010.0") +{ + + if(isrpmvuln(pkg:"broadcom-wl-kernel", rpm:"broadcom-wl-kernel~2.6.31.12~desktop~1mnb~5.10.91.9~2mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"broadcom-wl-kernel", rpm:"broadcom-wl-kernel~2.6.31.12~desktop586~1mnb~5.10.91.9~2mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"broadcom-wl-kernel", rpm:"broadcom-wl-kernel~2.6.31.12~server~1mnb~5.10.91.9~2mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"broadcom-wl-kernel-desktop586-latest", rpm:"broadcom-wl-kernel-desktop586-latest~5.10.91.9~1.20100126.2mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"broadcom-wl-kernel-desktop-latest", rpm:"broadcom-wl-kernel-desktop-latest~5.10.91.9~1.20100126.2mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"broadcom-wl-kernel-server-latest", rpm:"broadcom-wl-kernel-server-latest~5.10.91.9~1.20100126.2mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"em8300-kernel", rpm:"em8300-kernel~2.6.31.12~desktop~1mnb~0.17.4~1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"em8300-kernel", rpm:"em8300-kernel~2.6.31.12~desktop586~1mnb~0.17.4~1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"em8300-kernel", rpm:"em8300-kernel~2.6.31.12~server~1mnb~0.17.4~1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"em8300-kernel-desktop586-latest", rpm:"em8300-kernel-desktop586-latest~0.17.4~1.20100126.1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"em8300-kernel-desktop-latest", rpm:"em8300-kernel-desktop-latest~0.17.4~1.20100126.1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"em8300-kernel-server-latest", rpm:"em8300-kernel-server-latest~0.17.4~1.20100126.1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"fglrx-kernel", rpm:"fglrx-kernel~2.6.31.12~desktop~1mnb~8.650~1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"fglrx-kernel", rpm:"fglrx-kernel~2.6.31.12~desktop586~1mnb~8.650~1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"fglrx-kernel", rpm:"fglrx-kernel~2.6.31.12~server~1mnb~8.650~1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"fglrx-kernel-desktop586-latest", rpm:"fglrx-kernel-desktop586-latest~8.650~1.20100126.1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"fglrx-kernel-desktop-latest", rpm:"fglrx-kernel-desktop-latest~8.650~1.20100126.1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"fglrx-kernel-server-latest", rpm:"fglrx-kernel-server-latest~8.650~1.20100126.1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"hcfpcimodem-kernel", rpm:"hcfpcimodem-kernel~2.6.31.12~desktop~1mnb~1.19~1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"hcfpcimodem-kernel", rpm:"hcfpcimodem-kernel~2.6.31.12~desktop586~1mnb~1.19~1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"hcfpcimodem-kernel", rpm:"hcfpcimodem-kernel~2.6.31.12~server~1mnb~1.19~1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"hcfpcimodem-kernel-desktop586-latest", rpm:"hcfpcimodem-kernel-desktop586-latest~1.19~1.20100126.1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"hcfpcimodem-kernel-desktop-latest", rpm:"hcfpcimodem-kernel-desktop-latest~1.19~1.20100126.1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"hcfpcimodem-kernel-server-latest", rpm:"hcfpcimodem-kernel-server-latest~1.19~1.20100126.1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"hsfmodem-kernel", rpm:"hsfmodem-kernel~2.6.31.12~desktop~1mnb~7.80.02.05~1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"hsfmodem-kernel", rpm:"hsfmodem-kernel~2.6.31.12~desktop586~1mnb~7.80.02.05~1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"hsfmodem-kernel", rpm:"hsfmodem-kernel~2.6.31.12~server~1mnb~7.80.02.05~1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"hsfmodem-kernel-desktop586-latest", rpm:"hsfmodem-kernel-desktop586-latest~7.80.02.05~1.20100126.1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"hsfmodem-kernel-desktop-latest", rpm:"hsfmodem-kernel-desktop-latest~7.80.02.05~1.20100126.1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"hsfmodem-kernel-server-latest", rpm:"hsfmodem-kernel-server-latest~7.80.02.05~1.20100126.1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel", rpm:"kernel~2.6.31.12~1mnb~1~1mnb2", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-desktop", rpm:"kernel-desktop~2.6.31.12~1mnb~1~1mnb2", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-desktop586", rpm:"kernel-desktop586~2.6.31.12~1mnb~1~1mnb2", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-desktop586-devel", rpm:"kernel-desktop586-devel~2.6.31.12~1mnb~1~1mnb2", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-desktop586-devel-latest", rpm:"kernel-desktop586-devel-latest~2.6.31.12~1mnb2", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-desktop586-latest", rpm:"kernel-desktop586-latest~2.6.31.12~1mnb2", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-desktop-devel", rpm:"kernel-desktop-devel~2.6.31.12~1mnb~1~1mnb2", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-desktop-devel-latest", rpm:"kernel-desktop-devel-latest~2.6.31.12~1mnb2", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-desktop-latest", rpm:"kernel-desktop-latest~2.6.31.12~1mnb2", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-doc", rpm:"kernel-doc~2.6.31.12~1mnb2", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-server", rpm:"kernel-server~2.6.31.12~1mnb~1~1mnb2", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-server-devel", rpm:"kernel-server-devel~2.6.31.12~1mnb~1~1mnb2", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-server-devel-latest", rpm:"kernel-server-devel-latest~2.6.31.12~1mnb2", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-server-latest", rpm:"kernel-server-latest~2.6.31.12~1mnb2", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-source", rpm:"kernel-source~2.6.31.12~1mnb~1~1mnb2", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-source-latest", rpm:"kernel-source-latest~2.6.31.12~1mnb2", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libafs-kernel", rpm:"libafs-kernel~2.6.31.12~desktop~1mnb~1.4.11~2mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libafs-kernel", rpm:"libafs-kernel~2.6.31.12~desktop586~1mnb~1.4.11~2mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libafs-kernel", rpm:"libafs-kernel~2.6.31.12~server~1mnb~1.4.11~2mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libafs-kernel-desktop586-latest", rpm:"libafs-kernel-desktop586-latest~1.4.11~1.20100126.2mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libafs-kernel-desktop-latest", rpm:"libafs-kernel-desktop-latest~1.4.11~1.20100126.2mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libafs-kernel-server-latest", rpm:"libafs-kernel-server-latest~1.4.11~1.20100126.2mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"lirc-kernel", rpm:"lirc-kernel~2.6.31.12~desktop~1mnb~0.8.6~2mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"lirc-kernel", rpm:"lirc-kernel~2.6.31.12~desktop586~1mnb~0.8.6~2mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"lirc-kernel", rpm:"lirc-kernel~2.6.31.12~server~1mnb~0.8.6~2mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"lirc-kernel-desktop586-latest", rpm:"lirc-kernel-desktop586-latest~0.8.6~1.20100126.2mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"lirc-kernel-desktop-latest", rpm:"lirc-kernel-desktop-latest~0.8.6~1.20100126.2mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"lirc-kernel-server-latest", rpm:"lirc-kernel-server-latest~0.8.6~1.20100126.2mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"lzma-kernel", rpm:"lzma-kernel~2.6.31.12~desktop~1mnb~4.43~28mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"lzma-kernel", rpm:"lzma-kernel~2.6.31.12~desktop586~1mnb~4.43~28mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"lzma-kernel", rpm:"lzma-kernel~2.6.31.12~server~1mnb~4.43~28mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"lzma-kernel-desktop586-latest", rpm:"lzma-kernel-desktop586-latest~4.43~1.20100126.28mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"lzma-kernel-desktop-latest", rpm:"lzma-kernel-desktop-latest~4.43~1.20100126.28mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"lzma-kernel-server-latest", rpm:"lzma-kernel-server-latest~4.43~1.20100126.28mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"madwifi-kernel", rpm:"madwifi-kernel~2.6.31.12~desktop~1mnb~0.9.4~4.r4068mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"madwifi-kernel", rpm:"madwifi-kernel~2.6.31.12~desktop586~1mnb~0.9.4~4.r4068mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"madwifi-kernel", rpm:"madwifi-kernel~2.6.31.12~server~1mnb~0.9.4~4.r4068mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"madwifi-kernel-desktop586-latest", rpm:"madwifi-kernel-desktop586-latest~0.9.4~1.20100126.4.r4068mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"madwifi-kernel-desktop-latest", rpm:"madwifi-kernel-desktop-latest~0.9.4~1.20100126.4.r4068mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"madwifi-kernel-server-latest", rpm:"madwifi-kernel-server-latest~0.9.4~1.20100126.4.r4068mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"nvidia173-kernel", rpm:"nvidia173-kernel~2.6.31.12~desktop~1mnb~173.14.20~7mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"nvidia173-kernel", rpm:"nvidia173-kernel~2.6.31.12~desktop586~1mnb~173.14.20~7mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"nvidia173-kernel", rpm:"nvidia173-kernel~2.6.31.12~server~1mnb~173.14.20~7mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"nvidia173-kernel-desktop586-latest", rpm:"nvidia173-kernel-desktop586-latest~173.14.20~1.20100126.7mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"nvidia173-kernel-desktop-latest", rpm:"nvidia173-kernel-desktop-latest~173.14.20~1.20100126.7mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"nvidia173-kernel-server-latest", rpm:"nvidia173-kernel-server-latest~173.14.20~1.20100126.7mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"nvidia96xx-kernel", rpm:"nvidia96xx-kernel~2.6.31.12~desktop~1mnb~96.43.13~7mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"nvidia96xx-kernel", rpm:"nvidia96xx-kernel~2.6.31.12~desktop586~1mnb~96.43.13~7mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"nvidia96xx-kernel", rpm:"nvidia96xx-kernel~2.6.31.12~server~1mnb~96.43.13~7mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"nvidia96xx-kernel-desktop586-latest", rpm:"nvidia96xx-kernel-desktop586-latest~96.43.13~1.20100126.7mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"nvidia96xx-kernel-desktop-latest", rpm:"nvidia96xx-kernel-desktop-latest~96.43.13~1.20100126.7mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"nvidia96xx-kernel-server-latest", rpm:"nvidia96xx-kernel-server-latest~96.43.13~1.20100126.7mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"nvidia-current-kernel", rpm:"nvidia-current-kernel~2.6.31.12~desktop~1mnb~185.18.36~4mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"nvidia-current-kernel", rpm:"nvidia-current-kernel~2.6.31.12~desktop586~1mnb~185.18.36~4mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"nvidia-current-kernel", rpm:"nvidia-current-kernel~2.6.31.12~server~1mnb~185.18.36~4mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"nvidia-current-kernel-desktop586-latest", rpm:"nvidia-current-kernel-desktop586-latest~185.18.36~1.20100126.4mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"nvidia-current-kernel-desktop-latest", rpm:"nvidia-current-kernel-desktop-latest~185.18.36~1.20100126.4mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"nvidia-current-kernel-server-latest", rpm:"nvidia-current-kernel-server-latest~185.18.36~1.20100126.4mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"slmodem-kernel", rpm:"slmodem-kernel~2.6.31.12~desktop~1mnb~2.9.11~0.20080817.4.1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"slmodem-kernel", rpm:"slmodem-kernel~2.6.31.12~desktop586~1mnb~2.9.11~0.20080817.4.1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"slmodem-kernel", rpm:"slmodem-kernel~2.6.31.12~server~1mnb~2.9.11~0.20080817.4.1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"slmodem-kernel-desktop586-latest", rpm:"slmodem-kernel-desktop586-latest~2.9.11~1.20100126.0.20080817.4.1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"slmodem-kernel-desktop-latest", rpm:"slmodem-kernel-desktop-latest~2.9.11~1.20100126.0.20080817.4.1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"slmodem-kernel-server-latest", rpm:"slmodem-kernel-server-latest~2.9.11~1.20100126.0.20080817.4.1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"squashfs-lzma-kernel", rpm:"squashfs-lzma-kernel~2.6.31.12~desktop~1mnb~3.3~11mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"squashfs-lzma-kernel", rpm:"squashfs-lzma-kernel~2.6.31.12~desktop586~1mnb~3.3~11mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"squashfs-lzma-kernel", rpm:"squashfs-lzma-kernel~2.6.31.12~server~1mnb~3.3~11mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"squashfs-lzma-kernel-desktop586-latest", rpm:"squashfs-lzma-kernel-desktop586-latest~3.3~1.20100126.11mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"squashfs-lzma-kernel-desktop-latest", rpm:"squashfs-lzma-kernel-desktop-latest~3.3~1.20100126.11mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"squashfs-lzma-kernel-server-latest", rpm:"squashfs-lzma-kernel-server-latest~3.3~1.20100126.11mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"vboxadditions-kernel", rpm:"vboxadditions-kernel~2.6.31.12~desktop~1mnb~3.0.8~1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"vboxadditions-kernel", rpm:"vboxadditions-kernel~2.6.31.12~desktop586~1mnb~3.0.8~1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"vboxadditions-kernel", rpm:"vboxadditions-kernel~2.6.31.12~server~1mnb~3.0.8~1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"vboxadditions-kernel-desktop586-latest", rpm:"vboxadditions-kernel-desktop586-latest~3.0.8~1.20100126.1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"vboxadditions-kernel-desktop-latest", rpm:"vboxadditions-kernel-desktop-latest~3.0.8~1.20100126.1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"vboxadditions-kernel-server-latest", rpm:"vboxadditions-kernel-server-latest~3.0.8~1.20100126.1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"virtualbox-kernel", rpm:"virtualbox-kernel~2.6.31.12~desktop~1mnb~3.0.8~1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"virtualbox-kernel", rpm:"virtualbox-kernel~2.6.31.12~desktop586~1mnb~3.0.8~1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"virtualbox-kernel", rpm:"virtualbox-kernel~2.6.31.12~server~1mnb~3.0.8~1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"virtualbox-kernel-desktop586-latest", rpm:"virtualbox-kernel-desktop586-latest~3.0.8~1.20100126.1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"virtualbox-kernel-desktop-latest", rpm:"virtualbox-kernel-desktop-latest~3.0.8~1.20100126.1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"virtualbox-kernel-server-latest", rpm:"virtualbox-kernel-server-latest~3.0.8~1.20100126.1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"vpnclient-kernel", rpm:"vpnclient-kernel~2.6.31.12~desktop~1mnb~4.8.02.0030~1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"vpnclient-kernel", rpm:"vpnclient-kernel~2.6.31.12~desktop586~1mnb~4.8.02.0030~1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"vpnclient-kernel", rpm:"vpnclient-kernel~2.6.31.12~server~1mnb~4.8.02.0030~1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"vpnclient-kernel-desktop586-latest", rpm:"vpnclient-kernel-desktop586-latest~4.8.02.0030~1.20100126.1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"vpnclient-kernel-desktop-latest", rpm:"vpnclient-kernel-desktop-latest~4.8.02.0030~1.20100126.1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"vpnclient-kernel-server-latest", rpm:"vpnclient-kernel-server-latest~4.8.02.0030~1.20100126.1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel", rpm:"kernel~2.6.31.12~1mnb2", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2010_030.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2010_031.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2010_031.nasl 2010-02-08 09:53:20 UTC (rev 6681) +++ trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2010_031.nasl 2010-02-08 10:34:22 UTC (rev 6682) @@ -0,0 +1,260 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Mandriva Update for wireshark MDVSA-2010:031 (wireshark) +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(830858); + script_version("$Revision$: 1.0"); + script_xref(name: "MDVSA", value: "2010:031"); + script_cve_id("CVE-2009-4377", "CVE-2009-2563"); + script_name("Mandriva Update for wireshark MDVSA-2010:031 (wireshark)"); + desc = " + + Vulnerability Insight: + + This advisory updates Wireshark to the version 1.0.11, which fixes + the following vulnerabilities: + + The SMB and SMB2 dissectors could crash (CVE-2009-4377). + The Infiniband dissector could crash on some platforms (CVE-2009-2563). + Several buffer overflows were discovered and fixed in the LWRES + dissector. + + Affected Software/OS: + wireshark on Mandriva Linux 2008.0, + Mandriva Linux 2008.0/X86_64, + Mandriva Linux 2009.1, + Mandriva Linux 2009.1/X86_64, + Mandriva Enterprise Server 5, + Mandriva Enterprise Server 5/X86_64 + + Fix: Please Install the Updated Packages. + + References: + http://lists.mandriva.com/security-announce/2010-02/msg00003.php + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of wireshark"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Mandrake Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "MNDK_2008.0") +{ + + if(isrpmvuln(pkg:"dumpcap", rpm:"dumpcap~1.0.11~0.1mdv2008.0", rls:"MNDK_2008.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libwireshark0", rpm:"libwireshark0~1.0.11~0.1mdv2008.0", rls:"MNDK_2008.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libwireshark-devel", rpm:"libwireshark-devel~1.0.11~0.1mdv2008.0", rls:"MNDK_2008.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"rawshark", rpm:"rawshark~1.0.11~0.1mdv2008.0", rls:"MNDK_2008.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"tshark", rpm:"tshark~1.0.11~0.1mdv2008.0", rls:"MNDK_2008.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"wireshark", rpm:"wireshark~1.0.11~0.1mdv2008.0", rls:"MNDK_2008.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"wireshark-tools", rpm:"wireshark-tools~1.0.11~0.1mdv2008.0", rls:"MNDK_2008.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"lib64wireshark0", rpm:"lib64wireshark0~1.0.11~0.1mdv2008.0", rls:"MNDK_2008.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"lib64wireshark-devel", rpm:"lib64wireshark-devel~1.0.11~0.1mdv2008.0", rls:"MNDK_2008.0")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "MNDK_mes5") +{ + + if(isrpmvuln(pkg:"dumpcap", rpm:"dumpcap~1.0.11~0.1mdvmes5", rls:"MNDK_mes5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libwireshark0", rpm:"libwireshark0~1.0.11~0.1mdvmes5", rls:"MNDK_mes5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libwireshark-devel", rpm:"libwireshark-devel~1.0.11~0.1mdvmes5", rls:"MNDK_mes5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"rawshark", rpm:"rawshark~1.0.11~0.1mdvmes5", rls:"MNDK_mes5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"tshark", rpm:"tshark~1.0.11~0.1mdvmes5", rls:"MNDK_mes5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"wireshark", rpm:"wireshark~1.0.11~0.1mdvmes5", rls:"MNDK_mes5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"wireshark-tools", rpm:"wireshark-tools~1.0.11~0.1mdvmes5", rls:"MNDK_mes5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"lib64wireshark0", rpm:"lib64wireshark0~1.0.11~0.1mdvmes5", rls:"MNDK_mes5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"lib64wireshark-devel", rpm:"lib64wireshark-devel~1.0.11~0.1mdvmes5", rls:"MNDK_mes5")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "MNDK_2009.1") +{ + + if(isrpmvuln(pkg:"dumpcap", rpm:"dumpcap~1.0.11~0.1mdv2009.1", rls:"MNDK_2009.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libwireshark0", rpm:"libwireshark0~1.0.11~0.1mdv2009.1", rls:"MNDK_2009.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libwireshark-devel", rpm:"libwireshark-devel~1.0.11~0.1mdv2009.1", rls:"MNDK_2009.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"rawshark", rpm:"rawshark~1.0.11~0.1mdv2009.1", rls:"MNDK_2009.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"tshark", rpm:"tshark~1.0.11~0.1mdv2009.1", rls:"MNDK_2009.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"wireshark", rpm:"wireshark~1.0.11~0.1mdv2009.1", rls:"MNDK_2009.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"wireshark-tools", rpm:"wireshark-tools~1.0.11~0.1mdv2009.1", rls:"MNDK_2009.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"lib64wireshark0", rpm:"lib64wireshark0~1.0.11~0.1mdv2009.1", rls:"MNDK_2009.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"lib64wireshark-devel", rpm:"lib64wireshark-devel~1.0.11~0.1mdv2009.1", rls:"MNDK_2009.1")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2010_031.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2010_032.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2010_032.nasl 2010-02-08 09:53:20 UTC (rev 6681) +++ trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2010_032.nasl 2010-02-08 10:34:22 UTC (rev 6682) @@ -0,0 +1,387 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Mandriva Update for rootcerts MDVSA-2010:032 (rootcerts) +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(830857); + script_version("$Revision$: 1.0"); + script_xref(name: "MDVSA", value: "2010:032"); + script_name("Mandriva Update for rootcerts MDVSA-2010:032 (rootcerts)"); + desc = " + + Vulnerability Insight: + + It was brought to our attention by Ludwig Nussel at SUSE the md5 + collision certificate should not be included. This update removes + the offending certificate. + + Packages for 2008.0 are provided for Corporate Desktop 2008.0 + customers. + + The mozilla nss library has consequently been rebuilt to pickup these + changes and are also being provided. + + Affected Software/OS: + rootcerts on Mandriva Linux 2008.0, + Mandriva Linux 2008.0/X86_64, + Mandriva Linux 2009.0, + Mandriva Linux 2009.0/X86_64, + Mandriva Linux 2009.1, + Mandriva Linux 2009.1/X86_64, + Mandriva Linux 2010.0, + Mandriva Linux 2010.0/X86_64, + Mandriva Enterprise Server 5, + Mandriva Enterprise Server 5/X86_64 + + Fix: Please Install the Updated Packages. + + References: + http://lists.mandriva.com/security-announce/2010-02/msg00004.php + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of rootcerts"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Mandrake Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "MNDK_2008.0") +{ + + if(isrpmvuln(pkg:"libnss3", rpm:"libnss3~3.12.3.1~0.3mdv2008.0", rls:"MNDK_2008.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libnss-devel", rpm:"libnss-devel~3.12.3.1~0.3mdv2008.0", rls:"MNDK_2008.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libnss-static-devel", rpm:"libnss-static-devel~3.12.3.1~0.3mdv2008.0", rls:"MNDK_2008.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"nss", rpm:"nss~3.12.3.1~0.3mdv2008.0", rls:"MNDK_2008.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"rootcerts", rpm:"rootcerts~20091203.04~1mdv2008.0", rls:"MNDK_2008.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"lib64nss3", rpm:"lib64nss3~3.12.3.1~0.3mdv2008.0", rls:"MNDK_2008.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"lib64nss-devel", rpm:"lib64nss-devel~3.12.3.1~0.3mdv2008.0", rls:"MNDK_2008.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"lib64nss-static-devel", rpm:"lib64nss-static-devel~3.12.3.1~0.3mdv2008.0", rls:"MNDK_2008.0")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "MNDK_mes5") +{ + + if(isrpmvuln(pkg:"libnss3", rpm:"libnss3~3.12.3.1~0.3mdvmes5", rls:"MNDK_mes5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libnss-devel", rpm:"libnss-devel~3.12.3.1~0.3mdvmes5", rls:"MNDK_mes5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libnss-static-devel", rpm:"libnss-static-devel~3.12.3.1~0.3mdvmes5", rls:"MNDK_mes5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"nss", rpm:"nss~3.12.3.1~0.3mdvmes5", rls:"MNDK_mes5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"rootcerts", rpm:"rootcerts~20091203.04~1mdvmes5", rls:"MNDK_mes5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"rootcerts-java", rpm:"rootcerts-java~20091203.04~1mdvmes5", rls:"MNDK_mes5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"rootcerts", rpm:"rootcerts~20091203.04~1mdv2010.1", rls:"MNDK_mes5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"lib64nss3", rpm:"lib64nss3~3.12.3.1~0.3mdvmes5", rls:"MNDK_mes5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"lib64nss-devel", rpm:"lib64nss-devel~3.12.3.1~0.3mdvmes5", rls:"MNDK_mes5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"lib64nss-static-devel", rpm:"lib64nss-static-devel~3.12.3.1~0.3mdvmes5", rls:"MNDK_mes5")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "MNDK_2010.0") +{ + + if(isrpmvuln(pkg:"libnss3", rpm:"libnss3~3.12.4~2.2mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libnss-devel", rpm:"libnss-devel~3.12.4~2.2mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libnss-static-devel", rpm:"libnss-static-devel~3.12.4~2.2mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"nss", rpm:"nss~3.12.4~2.2mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"rootcerts", rpm:"rootcerts~20091203.04~1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"rootcerts-java", rpm:"rootcerts-java~20091203.04~1mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"lib64nss3", rpm:"lib64nss3~3.12.4~2.2mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"lib64nss-devel", rpm:"lib64nss-devel~3.12.4~2.2mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"lib64nss-static-devel", rpm:"lib64nss-static-devel~3.12.4~2.2mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "MNDK_2009.1") +{ + + if(isrpmvuln(pkg:"libnss3", rpm:"libnss3~3.12.3.1~0.3mdv2009.1", rls:"MNDK_2009.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libnss-devel", rpm:"libnss-devel~3.12.3.1~0.3mdv2009.1", rls:"MNDK_2009.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libnss-static-devel", rpm:"libnss-static-devel~3.12.3.1~0.3mdv2009.1", rls:"MNDK_2009.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"nss", rpm:"nss~3.12.3.1~0.3mdv2009.1", rls:"MNDK_2009.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"rootcerts", rpm:"rootcerts~20091203.04~1mdv2009.1", rls:"MNDK_2009.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"rootcerts-java", rpm:"rootcerts-java~20091203.04~1mdv2009.1", rls:"MNDK_2009.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"lib64nss3", rpm:"lib64nss3~3.12.3.1~0.3mdv2009.1", rls:"MNDK_2009.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"lib64nss-devel", rpm:"lib64nss-devel~3.12.3.1~0.3mdv2009.1", rls:"MNDK_2009.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"lib64nss-static-devel", rpm:"lib64nss-static-devel~3.12.3.1~0.3mdv2009.1", rls:"MNDK_2009.1")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "MNDK_2009.0") +{ + + if(isrpmvuln(pkg:"libnss3", rpm:"libnss3~3.12.3.1~0.3mdv2009.0", rls:"MNDK_2009.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libnss-devel", rpm:"libnss-devel~3.12.3.1~0.3mdv2009.0", rls:"MNDK_2009.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libnss-static-devel", rpm:"libnss-static-devel~3.12.3.1~0.3mdv2009.0", rls:"MNDK_2009.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"nss", rpm:"nss~3.12.3.1~0.3mdv2009.0", rls:"MNDK_2009.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"rootcerts", rpm:"rootcerts~20091203.04~1mdv2009.0", rls:"MNDK_2009.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"rootcerts-java", rpm:"rootcerts-java~20091203.04~1mdv2009.0", rls:"MNDK_2009.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"lib64nss3", rpm:"lib64nss3~3.12.3.1~0.3mdv2009.0", rls:"MNDK_2009.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"lib64nss-devel", rpm:"lib64nss-devel~3.12.3.1~0.3mdv2009.0", rls:"MNDK_2009.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"lib64nss-static-devel", rpm:"lib64nss-static-devel~3.12.3.1~0.3mdv2009.0", rls:"MNDK_2009.0")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2010_032.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2010_033.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2010_033.nasl 2010-02-08 09:53:20 UTC (rev 6681) +++ trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2010_033.nasl 2010-02-08 10:34:22 UTC (rev 6682) @@ -0,0 +1,175 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Mandriva Update for squid MDVSA-2010:033 (squid) +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(830862); + script_version("$Revision$: 1.0"); + script_xref(name: "MDVSA", value: "2010:033"); + script_cve_id("CVE-2010-0308"); + script_name("Mandriva Update for squid MDVSA-2010:033 (squid)"); + desc = " + + Vulnerability Insight: + + A vulnerability have been discovered and corrected in Squid 2.x, + 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15, which allows + remote attackers to cause a denial of service (assertion failure) + via a crafted DNS packet that only contains a header (CVE-2010-0308). + + This update provides a fix to this vulnerability. + + Affected Software/OS: + squid on Mandriva Linux 2008.0, + Mandriva Linux 2008.0/X86_64, + Mandriva Linux 2009.0, + Mandriva Linux 2009.0/X86_64, + Mandriva Linux 2009.1, + Mandriva Linux 2009.1/X86_64, + Mandriva Linux 2010.0, + Mandriva Linux 2010.0/X86_64, + Mandriva Enterprise Server 5, + Mandriva Enterprise Server 5/X86_64 + + Fix: Please Install the Updated Packages. + + References: + http://lists.mandriva.com/security-announce/2010-02/msg00005.php + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of squid"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Mandrake Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "MNDK_2008.0") +{ + + if(isrpmvuln(pkg:"squid", rpm:"squid~2.6.STABLE16~1.5mdv2008.0", rls:"MNDK_2008.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"squid-cachemgr", rpm:"squid-cachemgr~2.6.STABLE16~1.5mdv2008.0", rls:"MNDK_2008.0")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "MNDK_mes5") +{ + + if(isrpmvuln(pkg:"squid", rpm:"squid~3.0~22.2mdvmes5", rls:"MNDK_mes5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"squid-cachemgr", rpm:"squid-cachemgr~3.0~22.2mdvmes5", rls:"MNDK_mes5")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "MNDK_2010.0") +{ + + if(isrpmvuln(pkg:"squid", rpm:"squid~3.0~22.2mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"squid-cachemgr", rpm:"squid-cachemgr~3.0~22.2mdv2010.0", rls:"MNDK_2010.0")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "MNDK_2009.1") +{ + + if(isrpmvuln(pkg:"squid", rpm:"squid~3.0~22.2mdv2009.1", rls:"MNDK_2009.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"squid-cachemgr", rpm:"squid-cachemgr~3.0~22.2mdv2009.1", rls:"MNDK_2009.1")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "MNDK_2009.0") +{ + + if(isrpmvuln(pkg:"squid", rpm:"squid~3.0~22.2mdv2009.0", rls:"MNDK_2009.0")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"squid-cachemgr", rpm:"squid-cachemgr~3.0~22.2mdv2009.0", rls:"MNDK_2009.0")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2010_033.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/gb_ubuntu_USN_894_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_ubuntu_USN_894_1.nasl 2010-02-08 09:53:20 UTC (rev 6681) +++ trunk/openvas-plugins/scripts/gb_ubuntu_USN_894_1.nasl 2010-02-08 10:34:22 UTC (rev 6682) @@ -0,0 +1,578 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# Ubuntu Update for Linux kernel vulnerabilities USN-894-1 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(840383); + script_version("$Revision$: 1.0"); + script_xref(name: "USN", value: "894-1"); + script_cve_id("CVE-2009-4020", "CVE-2009-4021", "CVE-2009-4031", "CVE-2009-4138", "CVE-2009-4141", "CVE-2009-4308", "CVE-2009-4536", "CVE-2009-4538", "CVE-2010-0003", "CVE-2010-0006", "CVE-2010-0007", "CVE-2010-0291"); + script_name("Ubuntu Update for Linux kernel vulnerabilities USN-894-1"); + desc = " + + Vulnerability Insight: + + Amerigo Wang and Eric Sesterhenn discovered that the HFS and ext4 + filesystems did not correctly check certain disk structures. If a user + were tricked into mounting a specially crafted filesystem, a remote + attacker could crash the system or gain root privileges. (CVE-2009-4020, + CVE-2009-4308) + + It was discovered that FUSE did not correctly check certain requests. + A local attacker with access to FUSE mounts could exploit this to + crash the system or possibly gain root privileges. Ubuntu 9.10 was not + affected. (CVE-2009-4021) + + It was discovered that KVM did not correctly decode certain guest + instructions. A local attacker in a guest could exploit this to + trigger high scheduling latency in the host, leading to a denial of + service. Ubuntu 6.06 was not affected. (CVE-2009-4031) + + It was discovered that the OHCI fireware driver did not correctly + handle certain ioctls. A local attacker could exploit this to crash + the system, or possibly gain root privileges. Ubuntu 6.06 was not + affected. (CVE-2009-4138) + + Tavis Ormandy discovered that the kernel did not correctly handle + O_ASYNC on locked files. A local attacker could exploit this to gain + root privileges. Only Ubuntu 9.04 and 9.10 were affected. (CVE-2009-4141) + + Neil Horman and Eugene Teo discovered that the e1000 and e1000e + network drivers did not correctly check the size of Ethernet frames. + An attacker on the local network could send specially crafted traffic + to bypass packet filters, crash the system, or possibly gain root + privileges. (CVE-2009-4536, CVE-2009-4538) + + It was discovered that "print-fatal-signals" reporting could show + arbitrary kernel memory contents. A local attacker could exploit + this, leading to a loss of privacy. By default this is disabled in + Ubuntu and did not affect Ubuntu 6.06. (CVE-2010-0003) + + Olli Jarva and Tuomo Untinen discovered that IPv6 did not correctly + handle jumbo frames. A remote attacker could exploit this to crash the + system, leading to a denial of service. Only Ubuntu 9.04 and 9.10 were + affected. (CVE-2010-0006) + + Florian Westphal discovered that bridging netfilter rules could be + modified by unprivileged users. A local attacker could disrupt network + traffic, leading to a denial of service. (CVE-2010-0007) + + Al Viro discovered that certain mremap operations could leak kernel + memory. A local attacker could exploit this to consume all available + memory, leading to a denial of service. (CVE-2010-0291) + + Affected Software/OS: + Linux kernel vulnerabilities on Ubuntu 6.06 LTS , + Ubuntu 8.04 LTS , + Ubuntu 8.10 , + Ubuntu 9.04 , + Ubuntu 9.10 + + Fix: Please Install the Updated Packages. + + References: + https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-February/001041.html + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the Version of Linux kernel vulnerabilities"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2010 Greenbone Networks GmbH"); + script_family("Ubuntu Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-deb.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "UBUNTU9.04") +{ + + if(isdpkgvuln(pkg:"linux-headers-2.6.28-18-generic", ver:"2.6.28-18.59", rls:"UBUNTU9.04")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-headers-2.6.28-18-server", ver:"2.6.28-18.59", rls:"UBUNTU9.04")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-image-2.6.28-18-generic", ver:"2.6.28-18.59", rls:"UBUNTU9.04")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-image-2.6.28-18-server", ver:"2.6.28-18.59", rls:"UBUNTU9.04")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-image-2.6.28-18-virtual", ver:"2.6.28-18.59", rls:"UBUNTU9.04")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-libc-dev", ver:"2.6.28-18.59", rls:"UBUNTU9.04")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-doc-2.6.28", ver:"2.6.28-18.59", rls:"UBUNTU9.04")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-headers-2.6.28-18", ver:"2.6.28-18.59", rls:"UBUNTU9.04")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-source-2.6.28", ver:"2.6.28-18.59", rls:"UBUNTU9.04")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "UBUNTU6.06 LTS") +{ + + if(isdpkgvuln(pkg:"linux-headers-2.6.15-55-386", ver:"2.6.15-55.82", rls:"UBUNTU6.06 LTS")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-headers-2.6.15-55-686", ver:"2.6.15-55.82", rls:"UBUNTU6.06 LTS")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-headers-2.6.15-55-k7", ver:"2.6.15-55.82", rls:"UBUNTU6.06 LTS")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-headers-2.6.15-55-server-bigiron", ver:"2.6.15-55.82", rls:"UBUNTU6.06 LTS")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-headers-2.6.15-55-server", ver:"2.6.15-55.82", rls:"UBUNTU6.06 LTS")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-headers-2.6.15-55", ver:"2.6.15-55.82", rls:"UBUNTU6.06 LTS")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-image-2.6.15-55-386", ver:"2.6.15-55.82", rls:"UBUNTU6.06 LTS")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-image-2.6.15-55-686", ver:"2.6.15-55.82", rls:"UBUNTU6.06 LTS")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-image-2.6.15-55-k7", ver:"2.6.15-55.82", rls:"UBUNTU6.06 LTS")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-image-2.6.15-55-server-bigiron", ver:"2.6.15-55.82", rls:"UBUNTU6.06 LTS")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-image-2.6.15-55-server", ver:"2.6.15-55.82", rls:"UBUNTU6.06 LTS")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-doc-2.6.15", ver:"2.6.15-55.82", rls:"UBUNTU6.06 LTS")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-kernel-devel", ver:"2.6.15-55.82", rls:"UBUNTU6.06 LTS")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-source-2.6.15", ver:"2.6.15-55.82", rls:"UBUNTU6.06 LTS")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "UBUNTU8.10") +{ + + if(isdpkgvuln(pkg:"linux-headers-2.6.27-17-generic", ver:"2.6.27-17.45", rls:"UBUNTU8.10")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-headers-2.6.27-17-server", ver:"2.6.27-17.45", rls:"UBUNTU8.10")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-image-2.6.27-17-generic", ver:"2.6.27-17.45", rls:"UBUNTU8.10")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-image-2.6.27-17-server", ver:"2.6.27-17.45", rls:"UBUNTU8.10")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-image-2.6.27-17-virtual", ver:"2.6.27-17.45", rls:"UBUNTU8.10")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-libc-dev", ver:"2.6.27-17.45", rls:"UBUNTU8.10")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-doc-2.6.27", ver:"2.6.27-17.45", rls:"UBUNTU8.10")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-headers-2.6.27-17", ver:"2.6.27-17.45", rls:"UBUNTU8.10")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-source-2.6.27", ver:"2.6.27-17.45", rls:"UBUNTU8.10")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "UBUNTU8.04 LTS") +{ + + if(isdpkgvuln(pkg:"linux-headers-2.6.24-27-386", ver:"2.6.24-27.65", rls:"UBUNTU8.04 LTS")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-headers-2.6.24-27-generic", ver:"2.6.24-27.65", rls:"UBUNTU8.04 LTS")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-headers-2.6.24-27-openvz", ver:"2.6.24-27.65", rls:"UBUNTU8.04 LTS")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-headers-2.6.24-27-rt", ver:"2.6.24-27.65", rls:"UBUNTU8.04 LTS")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-headers-2.6.24-27-server", ver:"2.6.24-27.65", rls:"UBUNTU8.04 LTS")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-headers-2.6.24-27-virtual", ver:"2.6.24-27.65", rls:"UBUNTU8.04 LTS")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-headers-2.6.24-27-xen", ver:"2.6.24-27.65", rls:"UBUNTU8.04 LTS")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-image-2.6.24-27-386", ver:"2.6.24-27.65", rls:"UBUNTU8.04 LTS")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-image-2.6.24-27-generic", ver:"2.6.24-27.65", rls:"UBUNTU8.04 LTS")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-image-2.6.24-27-server", ver:"2.6.24-27.65", rls:"UBUNTU8.04 LTS")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-image-2.6.24-27-virtual", ver:"2.6.24-27.65", rls:"UBUNTU8.04 LTS")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-image-debug-2.6.24-27-386", ver:"2.6.24-27.65", rls:"UBUNTU8.04 LTS")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-image-debug-2.6.24-27-generic", ver:"2.6.24-27.65", rls:"UBUNTU8.04 LTS")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-image-debug-2.6.24-27-server", ver:"2.6.24-27.65", rls:"UBUNTU8.04 LTS")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-image-debug-2.6.24-27-virtual", ver:"2.6.24-27.65", rls:"UBUNTU8.04 LTS")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-libc-dev", ver:"2.6.24-27.65", rls:"UBUNTU8.04 LTS")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-image-2.6.24-27-openvz", ver:"2.6.24-27.65", rls:"UBUNTU8.04 LTS")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-image-2.6.24-27-rt", ver:"2.6.24-27.65", rls:"UBUNTU8.04 LTS")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-image-2.6.24-27-xen", ver:"2.6.24-27.65", rls:"UBUNTU8.04 LTS")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-doc-2.6.24", ver:"2.6.24-27.65", rls:"UBUNTU8.04 LTS")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-headers-2.6.24-27", ver:"2.6.24-27.65", rls:"UBUNTU8.04 LTS")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-kernel-devel", ver:"2.6.24-27.65", rls:"UBUNTU8.04 LTS")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-source-2.6.24", ver:"2.6.24-27.65", rls:"UBUNTU8.04 LTS")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "UBUNTU9.10") +{ + + if(isdpkgvuln(pkg:"linux-headers-2.6.31-304-ec2", ver:"2.6.31-304.10", rls:"UBUNTU9.10")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-image-2.6.31-304-ec2", ver:"2.6.31-304.10", rls:"UBUNTU9.10")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-headers-2.6.31-19-386", ver:"2.6.31-19.56", rls:"UBUNTU9.10")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-headers-2.6.31-19-generic-pae", ver:"2.6.31-19.56", rls:"UBUNTU9.10")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-headers-2.6.31-19-generic", ver:"2.6.31-19.56", rls:"UBUNTU9.10")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-image-2.6.31-19-386", ver:"2.6.31-19.56", rls:"UBUNTU9.10")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-image-2.6.31-19-generic-pae", ver:"2.6.31-19.56", rls:"UBUNTU9.10")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-image-2.6.31-19-generic", ver:"2.6.31-19.56", rls:"UBUNTU9.10")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-image-2.6.31-19-virtual", ver:"2.6.31-19.56", rls:"UBUNTU9.10")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-libc-dev", ver:"2.6.31-19.56", rls:"UBUNTU9.10")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-ec2-doc", ver:"2.6.31-304.10", rls:"UBUNTU9.10")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-ec2-source-2.6.31", ver:"2.6.31-304.10", rls:"UBUNTU9.10")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-headers-2.6.31-304", ver:"2.6.31-304.10", rls:"UBUNTU9.10")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-doc", ver:"2.6.31-19.56", rls:"UBUNTU9.10")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-headers-2.6.31-19", ver:"2.6.31-19.56", rls:"UBUNTU9.10")) + { + security_hole(0); + exit(0); + } + + if(isdpkgvuln(pkg:"linux-source-2.6.31", ver:"2.6.31-19.56", rls:"UBUNTU9.10")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Property changes on: trunk/openvas-plugins/scripts/gb_ubuntu_USN_894_1.nasl ___________________________________________________________________ Name: svn:keywords + Revision From scm-commit at wald.intevation.org Mon Feb 8 12:07:43 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 8 Feb 2010 12:07:43 +0100 (CET) Subject: [Openvas-commits] r6683 - in trunk/openvas-plugins: . scripts Message-ID: <20100208110743.5161486607B9@pyrosoma.intevation.org> Author: mime Date: 2010-02-08 12:07:33 +0100 (Mon, 08 Feb 2010) New Revision: 6683 Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/ldap_detect.nasl trunk/openvas-plugins/scripts/secpod_novell_prdts_detect_lin.nasl trunk/openvas-plugins/scripts/ssh_func.inc Log: Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2010-02-08 10:34:22 UTC (rev 6682) +++ trunk/openvas-plugins/ChangeLog 2010-02-08 11:07:33 UTC (rev 6683) @@ -1,3 +1,15 @@ +2010-02-08 Michael Meyer + + * scripts/ssh_func.inc: + Fix for "ord() usage : ord(char)". Seen while doing + local checks on FreeBSD and OpenSolaris. + + * scripts/secpod_novell_prdts_detect_lin.nasl: + Fixed "null value" for set_kb_item(). + + * scripts/ldap_detect.nasl: + Use function from ldap.inc to detect a LDAP-Server. + 2010-02-08 Chandrashekhar B * scripts/gb_mandriva_MDVSA_2010_031.nasl, Modified: trunk/openvas-plugins/scripts/ldap_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/ldap_detect.nasl 2010-02-08 10:34:22 UTC (rev 6682) +++ trunk/openvas-plugins/scripts/ldap_detect.nasl 2010-02-08 11:07:33 UTC (rev 6683) @@ -39,7 +39,7 @@ Risk factor : None"; - script_name("LDAP Detection"); + script_name("LDAP Detection"); script_description(desc); script_summary("Check for LDAP"); @@ -52,36 +52,16 @@ } include("misc_func.inc"); +include("ldap.inc"); port = get_kb_item("Services/ldap"); if(!port)port = 389; if(!get_port_state(port))exit(0); -soc = open_sock_tcp(port); -if(!soc)exit(0); - -req = raw_string(0x30,0x84,0x00,0x00,0x00,0x59,0x02,0x01,0x05,0x63,0x84,0x00, - 0x00,0x00,0x50,0x04,0x13,0x64,0x63,0x3d,0x6f,0x70,0x65,0x6e, - 0x76,0x61,0x73,0x64,0x63,0x2c,0x64,0x63,0x3d,0x6e,0x65,0x74, - 0x0a,0x01,0x02,0x0a,0x01,0x00,0x02,0x01,0x00,0x02,0x01,0x00, - 0x01,0x01,0x00,0xa3,0x84,0x00,0x00,0x00,0x13,0x04,0x0b,0x6f, - 0x62,0x6a,0x65,0x63,0x74,0x43,0x6c,0x61,0x73,0x73,0x04,0x04, - 0x75,0x73,0x65,0x72,0x30,0x84,0x00,0x00,0x00,0x0d,0x04,0x0b, - 0x64,0x69,0x73,0x70,0x6c,0x61,0x79,0x4e,0x61,0x6d,0x65); # ldapsearch "dc=openvasdc,dc=net" - -send(socket:soc, data:req); -buf = recv(socket:soc, length:1); -if( buf == NULL ) exit(0); -close(soc); - -if(strlen(buf) == 1) { - response = hexstr(buf); - - if(response =~ "^30$" ) { - register_service(port:port, ipproto:"tcp", proto:"ldap"); - security_note(port:port); - exit(0); - } +if(ldap_alive(port:port)) { + register_service(port:port, ipproto:"tcp", proto:"ldap"); + security_note(port:port); + exit(0); } exit(0); Modified: trunk/openvas-plugins/scripts/secpod_novell_prdts_detect_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_novell_prdts_detect_lin.nasl 2010-02-08 10:34:22 UTC (rev 6682) +++ trunk/openvas-plugins/scripts/secpod_novell_prdts_detect_lin.nasl 2010-02-08 11:07:33 UTC (rev 6683) @@ -64,13 +64,18 @@ eDirVer = get_bin_version(full_prog_name:chomp(eDirFile), version_argv:"--version", ver_pattern:"Novell eDirectory ([0-9.]+).?(SP[0-9]+)?", sock:sock); - if(eDirVer[1] != NULL && eDirVer[2] != NULL){ - eDirVer = eDirVer[1] + "." + eDirVer[2]; - } - else - eDirVer = eDirVer[1]; - set_kb_item(name:"Novell/eDir/Lin/Ver", value:eDirVer); + if(!isnull(eDirVer[1])) { + + if(eDirVer[2] != NULL){ + eDirVer = eDirVer[1] + "." + eDirVer[2]; + } + else + eDirVer = eDirVer[1]; + + set_kb_item(name:"Novell/eDir/Lin/Ver", value:eDirVer); + + } } #Set Version KB for Novell iPrint Client Modified: trunk/openvas-plugins/scripts/ssh_func.inc =================================================================== --- trunk/openvas-plugins/scripts/ssh_func.inc 2010-02-08 10:34:22 UTC (rev 6682) +++ trunk/openvas-plugins/scripts/ssh_func.inc 2010-02-08 11:07:33 UTC (rev 6683) @@ -935,6 +935,12 @@ ### Key exchange send client Init ### skex = ssh_recv(socket:socket, length:2000); + + if(isnull(skex)) { + set_ssh_error(msg: "ssh_recv() failed in function ssh_kex2()"); + return -1; + } + packetlen = ntol (buffer:skex, begin:0); paddinglen = ord(skex[4]); msgcode = ord(skex[5]); From scm-commit at wald.intevation.org Mon Feb 8 16:16:54 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 8 Feb 2010 16:16:54 +0100 (CET) Subject: [Openvas-commits] r6684 - in trunk/openvas-manager: . src Message-ID: <20100208151654.0AAE686607AD@pyrosoma.intevation.org> Author: mattm Date: 2010-02-08 16:16:52 +0100 (Mon, 08 Feb 2010) New Revision: 6684 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/otp.c Log: * src/otp.c (blank_control_chars): New function. (process_otp_scanner_input): Blank control chars in iso_field before converting to UTF-8. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-08 11:07:33 UTC (rev 6683) +++ trunk/openvas-manager/ChangeLog 2010-02-08 15:16:52 UTC (rev 6684) @@ -1,3 +1,9 @@ +2010-02-08 Matthew Mundell + + * src/otp.c (blank_control_chars): New function. + (process_otp_scanner_input): Blank control chars in iso_field before + converting to UTF-8. + 2010-02-08 Michael Wiegand Post-release version bump. Modified: trunk/openvas-manager/src/otp.c =================================================================== --- trunk/openvas-manager/src/otp.c 2010-02-08 11:07:33 UTC (rev 6683) +++ trunk/openvas-manager/src/otp.c 2010-02-08 15:16:52 UTC (rev 6684) @@ -48,6 +48,7 @@ #include "types.h" #include +#include #include #include #include @@ -103,6 +104,16 @@ return ACT_UNKNOWN; } +/** @brief Replace any control characters in string with spaces. + * + * @param[in,out] string String to replace in. + */ +static void +blank_control_chars (char *string) +{ + for (; *string; string++) if (iscntrl (*string)) *string = ' '; +} + /* Ports. */ @@ -1495,6 +1506,7 @@ { gsize size_dummy; char* iso_field = openvas_strip_space (message, match); + blank_control_chars (iso_field); field = g_convert (iso_field, match - message - 1, "UTF-8", "ISO_8859-1", NULL, &size_dummy, NULL); From scm-commit at wald.intevation.org Mon Feb 8 18:13:09 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 8 Feb 2010 18:13:09 +0100 (CET) Subject: [Openvas-commits] r6685 - in trunk/openvas-administrator: . src Message-ID: <20100208171309.8969B86607DA@pyrosoma.intevation.org> Author: mattm Date: 2010-02-08 18:13:08 +0100 (Mon, 08 Feb 2010) New Revision: 6685 Modified: trunk/openvas-administrator/ChangeLog trunk/openvas-administrator/src/admin.c trunk/openvas-administrator/src/openvasad.c Log: * src/admin.c (openvas_sync_feed): Switch from g_spawn_sync to using fork and execl. * src/openvasad.c (main): Set FD_CLOEXEC on the Administrator socket. Modified: trunk/openvas-administrator/ChangeLog =================================================================== --- trunk/openvas-administrator/ChangeLog 2010-02-08 15:16:52 UTC (rev 6684) +++ trunk/openvas-administrator/ChangeLog 2010-02-08 17:13:08 UTC (rev 6685) @@ -1,3 +1,8 @@ +2010-02-08 Matthew Mundell + + * src/admin.c (openvas_sync_feed): Switch from g_spawn_sync to using fork + and execl. + 2010-02-05 Matthew Mundell * src/oxpd.c (read_protocol) [TRACE || LOG]: Cast precision arg to int. Modified: trunk/openvas-administrator/src/admin.c =================================================================== --- trunk/openvas-administrator/src/admin.c 2010-02-08 15:16:52 UTC (rev 6684) +++ trunk/openvas-administrator/src/admin.c 2010-02-08 17:13:08 UTC (rev 6685) @@ -45,6 +45,7 @@ #include #include #include +#include #include #include @@ -1268,12 +1269,12 @@ return -1; } - /* Prevent descendants from becoming zombies. */ + /* Setup SIGCHLD for waiting. */ - /* RATS: ignore, this is SIG_IGN damnit. */ - if (signal (SIGCHLD, SIG_IGN) == SIG_ERR) + /* RATS: ignore, this is SIG_DFL damnit. */ + if (signal (SIGCHLD, SIG_DFL) == SIG_ERR) { - g_warning ("Failed to set SIG_IGN"); + g_warning ("Failed to set SIG_DFL"); return -1; } @@ -1294,16 +1295,7 @@ return -1; break; default: - /* Parent. Restore SIGCHLD handler then return in order to - * respond to client. */ - - /* RATS: ignore, this is SIG_DFL damnit. */ - if (signal (SIGCHLD, SIG_DFL) == SIG_ERR) - { - g_warning ("Failed to set SIG_DFL"); - return -1; - } - + /* Parent. Return in order to respond to client. */ return 0; break; } @@ -1377,41 +1369,85 @@ } } - /* Sync. */ + /* Fork a child to be the sync process. */ - gchar *script_working_dir = g_path_get_dirname (sync_script); + pid = fork (); + switch (pid) + { + case 0: + { + /* Child. Become the sync process. */ - gchar ** argv = (gchar **) g_malloc (2 * sizeof (gchar *)); - argv[0] = g_strdup (sync_script); - argv[1] = NULL; + if (freopen ("/tmp/openvasad_sync_out", "w", stdout) == NULL) + { + g_warning ("Failed to reopen stdout: %s", strerror (errno)); + exit (EXIT_FAILURE); + } - gchar *script_out; - gchar *script_err; - gint script_exit; - GError *error = NULL; + if (freopen ("/tmp/openvasad_sync_err", "w", stderr) == NULL) + { + g_warning ("Failed to reopen stderr: %s", strerror (errno)); + exit (EXIT_FAILURE); + } - if (!g_spawn_sync (script_working_dir, argv, NULL, 0, NULL, NULL, - &script_out, &script_err, &script_exit, &error)) - { - g_warning ("Failed to execute %s: %s", sync_script, error->message); - ret = -10; - goto free_exit; - } + if (execl (sync_script, sync_script, (char *) NULL)) + { + g_warning ("Failed to execl %s: %s", sync_script, strerror (errno)); + exit (EXIT_FAILURE); + } + /*@notreached@*/ + exit (EXIT_FAILURE); + break; + } + case -1: + /* Parent when error. */ - if (script_exit != 0) - { - g_warning ("%s returned a non-zero exit code.", sync_script); - ret = -10; - } + g_warning ("%s: failed to fork syncer: %s\n", + __FUNCTION__, + strerror (errno)); + ret = -1; + goto exit; + break; + default: + { + int status; - free_exit: + /* Parent on success. Wait for child, and handle result. */ - g_free (script_working_dir); - g_strfreev (argv); - g_free (script_out); - g_free (script_err); - g_free (error); + while (wait (&status) < 0) + { + if (errno == ECHILD) + { + g_warning ("Failed to get child exit status"); + ret = -10; + goto exit; + } + if (errno == EINTR) continue; + g_warning ("wait: %s", strerror (errno)); + ret = -10; + goto exit; + } + if (WIFEXITED (status)) + switch (WEXITSTATUS (status)) + { + case EXIT_SUCCESS: + break; + case EXIT_FAILURE: + default: + g_warning ("Error during synchronization."); + ret = -10; + break; + } + else + { + g_message ("Error during synchronization."); + ret = -10; + } + break; + } + } + exit: /* Close the lock file. */ Modified: trunk/openvas-administrator/src/openvasad.c =================================================================== --- trunk/openvas-administrator/src/openvasad.c 2010-02-08 15:16:52 UTC (rev 6684) +++ trunk/openvas-administrator/src/openvasad.c 2010-02-08 17:13:08 UTC (rev 6685) @@ -953,6 +953,14 @@ exit (EXIT_FAILURE); } + if (fcntl (administrator_socket, F_SETFD, FD_CLOEXEC, 1) == -1) + { + g_critical ("%s: failed to set FD_CLOEXEC on administrator socket: %s\n", + __FUNCTION__, + strerror (errno)); + exit (EXIT_FAILURE); + } + { int optval = 1; if (setsockopt (administrator_socket, From scm-commit at wald.intevation.org Mon Feb 8 20:57:30 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 8 Feb 2010 20:57:30 +0100 (CET) Subject: [Openvas-commits] r6686 - in trunk/gsa: . src Message-ID: <20100208195730.1DFD986607DE@pyrosoma.intevation.org> Author: timb Date: 2010-02-08 20:57:29 +0100 (Mon, 08 Feb 2010) New Revision: 6686 Modified: trunk/gsa/ChangeLog trunk/gsa/src/gsad.c Log: Fixed couple of leaks reported by cppcheck Modified: trunk/gsa/ChangeLog =================================================================== --- trunk/gsa/ChangeLog 2010-02-08 17:13:08 UTC (rev 6685) +++ trunk/gsa/ChangeLog 2010-02-08 19:57:29 UTC (rev 6686) @@ -1,3 +1,7 @@ +2010-02-08 Tim Brown + + * src/gsad.c: Fixed couple of leaks reported by cppcheck. + 2010-02-05 Matthew Mundell * src/html/src/omp.xsl (wrap): Lower wrap column to 90. Modified: trunk/gsa/src/gsad.c =================================================================== --- trunk/gsa/src/gsad.c 2010-02-08 17:13:08 UTC (rev 6685) +++ trunk/gsa/src/gsad.c 2010-02-08 19:57:29 UTC (rev 6686) @@ -298,7 +298,10 @@ if (slashpos[1] != '\0') cidr_mask = atoi (slashpos + 1); else - return TRUE; + { + g_free (copy); + return TRUE; + } if (cidr_mask < 16) { g_free (copy); @@ -2734,6 +2737,7 @@ __FUNCTION__, path); g_free (path); + fclose (file); return NULL; } From scm-commit at wald.intevation.org Mon Feb 8 23:29:59 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 8 Feb 2010 23:29:59 +0100 (CET) Subject: [Openvas-commits] r6687 - in trunk/openvas-plugins: . scripts Message-ID: <20100208222959.F2E6F865FADA@pyrosoma.intevation.org> Author: mime Date: 2010-02-08 23:29:56 +0100 (Mon, 08 Feb 2010) New Revision: 6687 Added: trunk/openvas-plugins/scripts/ejabberd_38003.nasl trunk/openvas-plugins/scripts/ejabberd_detect.nasl trunk/openvas-plugins/scripts/ipswitch_IMail_38109.nasl trunk/openvas-plugins/scripts/samba_38111.nasl trunk/openvas-plugins/scripts/xmpp_detect.nasl Modified: trunk/openvas-plugins/ChangeLog Log: Added new plugins Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2010-02-08 19:57:29 UTC (rev 6686) +++ trunk/openvas-plugins/ChangeLog 2010-02-08 22:29:56 UTC (rev 6687) @@ -1,5 +1,14 @@ 2010-02-08 Michael Meyer + * scripts/ejabberd_38003.nasl, + scripts/ipswitch_IMail_38109.nasl, + scripts/xmpp_detect.nasl, + scripts/samba_38111.nasl, + scripts/ejabberd_detect.nasl: + Added new plugins. + +2010-02-08 Michael Meyer + * scripts/ssh_func.inc: Fix for "ord() usage : ord(char)". Seen while doing local checks on FreeBSD and OpenSolaris. Added: trunk/openvas-plugins/scripts/ejabberd_38003.nasl =================================================================== --- trunk/openvas-plugins/scripts/ejabberd_38003.nasl 2010-02-08 19:57:29 UTC (rev 6686) +++ trunk/openvas-plugins/scripts/ejabberd_38003.nasl 2010-02-08 22:29:56 UTC (rev 6687) @@ -0,0 +1,83 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# ejabberd 'client2server' Message Remote Denial of Service Vulnerability +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100487); + script_bugtraq_id(38003); + script_version ("1.0-$Revision$"); + + script_name("ejabberd 'client2server' Message Remote Denial of Service Vulnerability"); + +desc = "Overview: +The 'ejabberd' application is prone to a denial-of-service +vulnerability. + +An attacker can exploit this issue to crash the affected application, +denying service to legitimate users. + +Versions prior to ejabberd 2.1.3 are vulnerable; other versions may +also be affected. + +Solution: +The vendor has released an update. Please see the references +for details. + +References: +http://www.securityfocus.com/bid/38003 +https://support.process-one.net/browse/EJAB/fixforversion/10453 +http://www.process-one.net/en/ejabberd/ + +Risk factor : Medium"; + + script_description(desc); + script_summary("Determine if ejabberd version is < 2.1.3"); + script_category(ACT_GATHER_INFO); + script_family("Denial of Service"); + script_copyright("This script is Copyright (C) 2010 Greenbone Networks GmbH"); + script_dependencies("ejabberd_detect.nasl"); + script_require_ports("Services/xmpp", 5222); + exit(0); +} + +include("version_func.inc"); + +xmpp_port = get_kb_item("Services/xmpp"); +if(!xmpp_port)xmpp_port=5222; +if(!get_port_state(xmpp_port))exit(0); + +if(!version = get_kb_item(string("xmpp/", xmpp_port, "/ejabberd")))exit(0); +if(!isnull(version)) { + + if(version_is_less(version: version, test_version: "2.1.3")) { + security_warning(port:xmpp_port); + exit(0); + } + +} + +exit(0); + Property changes on: trunk/openvas-plugins/scripts/ejabberd_38003.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Added: trunk/openvas-plugins/scripts/ejabberd_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/ejabberd_detect.nasl 2010-02-08 19:57:29 UTC (rev 6686) +++ trunk/openvas-plugins/scripts/ejabberd_detect.nasl 2010-02-08 22:29:56 UTC (rev 6687) @@ -0,0 +1,111 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# ejabberd Detection +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +# need desc here to modify it later in script. +desc = "Overview: +This host is running ejabberd, an instant messaging server. + +See also: +http://www.process-one.net/en/ejabberd/ + +Risk factor : None"; + +if (description) +{ + script_id(100486); + script_version ("1.0-$Revision$"); + script_name("ejabberd Detection"); + script_description(desc); + script_summary("Checks for the presence of ejabberd"); + script_category(ACT_GATHER_INFO); + script_family("Service detection"); + script_copyright("This script is Copyright (C) 2010 Greenbone Networks GmbH"); + script_dependencies("xmpp_detect.nasl"); + script_require_ports("Services/xmpp", 5222); + exit(0); +} + +include("global_settings.inc"); + +xmpp_port = get_kb_item("Services/xmpp"); +if(!xmpp_port)xmpp_port=5222; +if(!get_port_state(xmpp_port))exit(0); + +server = get_kb_item(string("xmpp/", xmpp_port, "/server")); +if("ejabberd" >< server) { + version = get_kb_item(string("xmpp/", xmpp_port, "/version")); + if(!isnull(version)) { + set_kb_item(name: string("xmpp/", xmpp_port, "/ejabberd"), value: version); + set_kb_item(name: string("cpe:/a:process-one:ejabberd:",version), value: TRUE); + info = string("None\n\nejabberd version '", version, "' was detected by OpenVAS.\n"); + desc = ereg_replace( + string:desc, + pattern:"None$", + replace:info + ); + if(report_verbosity > 0) { + security_note(port:xmpp_port,data:desc); + } + KB_SET = TRUE; + } +} + +include("http_func.inc"); +include("http_keepalive.inc"); + +port = 5280; +if(!get_port_state(port))exit(0); + +url = string("/admin/doc/README.txt"); +req = http_get(item:url, port:port); +buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); +if( buf == NULL )exit(0); + +if("Release Notes" >< buf && "ejabberd" >< buf) +{ + ### try to get version + ver = eregmatch(string: buf, pattern: "ejabberd ([0-9.]+)",icase:TRUE); + + if ( !isnull(ver[1]) ) { + + version=chomp(ver[1]); + + if(!KB_SET) { + set_kb_item(name: string("xmpp/", xmpp_port, "/ejabberd"), value: version); + set_kb_item(name: string("cpe:/a:process-one:ejabberd:",version), value: TRUE); + } + + info = string("ejabberd Web Admin (ejabberd version '",version,"') is running at this port.\n"); + + if(report_verbosity > 0) { + security_note(port:port,data:info); + } + exit(0); + } +} + +exit(0); + Property changes on: trunk/openvas-plugins/scripts/ejabberd_detect.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Added: trunk/openvas-plugins/scripts/ipswitch_IMail_38109.nasl =================================================================== --- trunk/openvas-plugins/scripts/ipswitch_IMail_38109.nasl 2010-02-08 19:57:29 UTC (rev 6686) +++ trunk/openvas-plugins/scripts/ipswitch_IMail_38109.nasl 2010-02-08 22:29:56 UTC (rev 6687) @@ -0,0 +1,101 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# Ipswitch IMail Server Multiple Local Privilege Escalation Vulnerabilities +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100490); + script_bugtraq_id(38109); + script_version ("1.0-$Revision$"); + + script_name("Ipswitch IMail Server Multiple Local Privilege Escalation Vulnerabilities"); + +desc = "Overview: +Ipswitch IMail Server is prone to multiple local privilege-escalation +vulnerabilities. + +Local attackers may exploit these issues to gain elevated privileges, +which may lead to a complete compromise of an affected computer. + +IMail Server 11.01 is affected; other versions may also be +vulnerable. + +References: +http://www.securityfocus.com/bid/38109 +http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0076.html +http://www.ipswitch.com/Products/IMail_Server/index.html + +Risk factor : High"; + + script_description(desc); + script_summary("Determine if Ipswitch IMail Server version is 11.01"); + script_category(ACT_GATHER_INFO); + script_family("SMTP problems"); + script_copyright("This script is Copyright (C) 2010 Greenbone Networks GmbH"); + script_dependencies("find_service.nes", "smtpserver_detect.nasl"); + script_require_ports("Services/smtp","Services/pop3","Services/imap", 25, 110, 143); + exit(0); +} + +include("smtp_func.inc"); +include("pop3_func.inc"); +include("imap_func.inc"); +include("version_func.inc"); + +function check_vuln(banner,port) { + version = eregmatch(pattern: "IMail ([0-9.]+)", string: banner); + if(!isnull(version[1])) { + if(version_is_equal(version: version[1], test_version:"11.01")) { + security_hole(port:port); + return 0; + } + } +} + +port = get_kb_item("Services/smtp"); +if(!port) port = 25; +if(banner = get_smtp_banner(port:port)) { + if("IMail" >< banner) { + check_vuln(banner:banner,port:port); + } +} + +port = get_kb_item("Services/pop3"); +if(!port) port = 110; +if(banner = get_pop3_banner(port:port)) { + if("IMail" >< banner) { + check_vuln(banner:banner,port:port); + } +} + +port = get_kb_item("Services/imap"); +if(!port) port = 143; +if(banner = get_imap_banner(port:port)) { + if("IMail" >< banner) { + check_vuln(banner:banner,port:port); + } +} + +exit(0); Property changes on: trunk/openvas-plugins/scripts/ipswitch_IMail_38109.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Added: trunk/openvas-plugins/scripts/samba_38111.nasl =================================================================== --- trunk/openvas-plugins/scripts/samba_38111.nasl 2010-02-08 19:57:29 UTC (rev 6686) +++ trunk/openvas-plugins/scripts/samba_38111.nasl 2010-02-08 22:29:56 UTC (rev 6687) @@ -0,0 +1,97 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# Samba Symlink Directory Traversal Vulnerability +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100488); + script_bugtraq_id(38111); + script_version ("1.0-$Revision$"); + + script_name("Samba Symlink Directory Traversal Vulnerability"); + +desc = "Overview: +Samba is prone to a directory-traversal vulnerability because the +application fails to sufficiently sanitize user-supplied input. + +Exploits would allow an attacker to access files outside of the Samba +user's root directory to obtain sensitive information and perform +other attacks. + +To exploit this issue, attackers require authenticated access to a +writable share. Note that this issue may be exploited through a +writable share accessible by guest accounts. + +NOTE: The vendor stated that this issue stems from an insecure default + configuration. The Samba team advises administrators to set + 'wide links = no' in the '[global]' section of 'smb.conf'. + +Solution: +The vendor commented on the issue stating that it stems from an +insecure default configuration. The Samba team advises administrators +to set 'wide links = no' in the '[global]' section of 'smb.conf' and +then restart the service to correct misconfigured services. + +Please see the references for more information. + +References: +http://www.securityfocus.com/bid/38111 +http://www.samba.org/samba/news/symlink_attack.html +http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0100.html +http://www.samba.org +http://lists.grok.org.uk/pipermail/full-disclosure/2010-February/072927.html + +Risk factor : Medium"; + + script_description(desc); + script_summary("Determine if Samba version is <= 3.4.5"); + script_category(ACT_GATHER_INFO); + script_family("Remote file access"); + script_copyright("This script is Copyright (C) 2010 Greenbone Networks GmbH"); + script_dependencies("smb_nativelanman.nasl"); + script_require_ports(139, 445); + script_require_keys("SMB/NativeLanManager"); + exit(0); +} + +include("version_func.inc"); + +port = get_kb_item("SMB/transport"); +if(!port)port = 139; + +if(!get_port_state(port))exit(0); + +if(!lanman = get_kb_item("SMB/NativeLanManager"))exit(0); +if("Samba" >!< lanman)exit(0); + +if(!version = eregmatch(pattern:"Samba ([0-9.]+)", string: lanman))exit(0); +if(isnull(version[1]))exit(0); + +if(version_is_less_equal(version:version[1], test_version:"3.4.5")) { + security_warning(port:port); + exit(0); +} + +exit(0); Property changes on: trunk/openvas-plugins/scripts/samba_38111.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Added: trunk/openvas-plugins/scripts/xmpp_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/xmpp_detect.nasl 2010-02-08 19:57:29 UTC (rev 6686) +++ trunk/openvas-plugins/scripts/xmpp_detect.nasl 2010-02-08 22:29:56 UTC (rev 6687) @@ -0,0 +1,179 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# XMPP Detection +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +# need desc here to modify it later in script. +desc = "Overview: +This host is running the Extensible Messaging and Presence Protocol (XMPP) +(formerly named Jabber). XMPP is an open, XML-based protocol originally aimed at +near-real-time, extensible instant messaging (IM) and presence information +(e.g., buddy lists), but now expanded into the broader realm of +message-oriented middleware. + +See also: +http://en.wikipedia.org/wiki/Jabber + +Risk factor : None"; + +if (description) +{ + script_id(100489); + script_version ("1.0-$Revision$"); + script_name("XMPP Detection"); + script_description(desc); + script_summary("Checks for the presence of XMPP Protocol"); + script_category(ACT_GATHER_INFO); + script_family("Service detection"); + script_copyright("This script is Copyright (C) 2010 Greenbone Networks GmbH"); + script_dependencies("find_service.nes"); + script_require_ports("Services/unknown", 5222); + exit(0); +} + +include("misc_func.inc"); +include("global_settings.inc"); + +port = 5222; +if(!get_port_state(port))exit(0); + +soc = open_sock_tcp(port); +if(!soc)exit(0); + +get_from = string(""); + +send(socket:soc, data:get_from); +buf = recv(socket:soc, length:512); +if(isnull(buf) || "xmlns:stream=" >!< buf || "jabber:client" >!< buf)exit(0); + +register_service(port: port, ipproto:"tcp", proto: 'xmpp'); + +close(soc); + +FROM = eregmatch(pattern:"from='([^']+)'", string:buf); +if(isnull(FROM[1]))exit(0); + +soc = open_sock_tcp(port); +if(!soc)exit(0); + +req = string(""); + +send(socket:soc, data:req); +buf = recv(socket:soc,length:512); + +if(isnull(buf) || "!< buf || "host-unknown" >< buf)exit(0); + +req = string(" + + "); + +send(socket:soc, data:req); +buf = recv(socket:soc,length:512); +if(isnull(buf))exit(0); + +if("instructions" >!< buf)exit(0); + +USER = string("OpenVAS",rand()); + +req = string(" + + ",USER," + ",USER," + ",USER," + openvas at openvas.org + + "); + +send(socket:soc, data:req); +buf = recv(socket:soc,length:512); +if(isnull(buf) || USER >!< buf)exit(0); + +req = string(" + + ",USER," + + "); + +send(socket:soc, data:req); +buf = recv(socket:soc,length:512); +if(isnull(buf) || USER >!< buf)exit(0); + +req = string(" + + ",USER," + telnet + ",USER," + + "); + +send(socket:soc, data:req); +buf = recv(socket:soc,length:512); + +req = string(" + + + "); + +send(socket:soc, data:req); +buf = recv(socket:soc,length:512); +close(soc); + +if("" >!< buf || "" >!< buf)exit(0); + +version = eregmatch(pattern: "([0-9.]+)", string: buf); +server = eregmatch(pattern: "(.*)", string: buf); + +if(!isnull(server[1])) { + server_name = server[1]; + set_kb_item(name: string("xmpp/",port,"/server"), value: server_name); +} + +if(!isnull(version[1])) { + server_version = version[1]; + set_kb_item(name: string("xmpp/",port,"/version"), value: server_version); +} + +if(server_name && server_version) { + + info = string("None\n\nXMPP Server '",server_name, "' version '", server_version, "' was detected by OpenVAS.\n"); + desc = ereg_replace( + string:desc, + pattern:"None$", + replace:info + ); + +} + +if(report_verbosity > 0) { + security_note(port:port,data:desc); + exit(0); +} + +exit(0); Property changes on: trunk/openvas-plugins/scripts/xmpp_detect.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision From scm-commit at wald.intevation.org Tue Feb 9 12:07:52 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 9 Feb 2010 12:07:52 +0100 (CET) Subject: [Openvas-commits] r6688 - trunk/openvas-scanner Message-ID: <20100209110752.B73BC86607A4@pyrosoma.intevation.org> Author: felix Date: 2010-02-09 12:07:49 +0100 (Tue, 09 Feb 2010) New Revision: 6688 Modified: trunk/openvas-scanner/ChangeLog trunk/openvas-scanner/openvas-adduser.in Log: * openvas-adduser.in: Cosmetics. Modified: trunk/openvas-scanner/ChangeLog =================================================================== --- trunk/openvas-scanner/ChangeLog 2010-02-08 22:29:56 UTC (rev 6687) +++ trunk/openvas-scanner/ChangeLog 2010-02-09 11:07:49 UTC (rev 6688) @@ -1,3 +1,7 @@ +2010-02-09 Felix Wolfsteller + + * openvas-adduser.in: Cosmetics. + 2010-02-04 Michael Wiegand * openvassd/plugs_hash.c: Removed superfluous include of users.h. Modified: trunk/openvas-scanner/openvas-adduser.in =================================================================== --- trunk/openvas-scanner/openvas-adduser.in 2010-02-08 22:29:56 UTC (rev 6687) +++ trunk/openvas-scanner/openvas-adduser.in 2010-02-09 11:07:49 UTC (rev 6688) @@ -25,9 +25,6 @@ # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -# -# -# # check whether we have echo -n, depending @@ -110,7 +107,7 @@ # find openvassd by the first path segment, ask for settings openvassd_conf=` openvassd -s | sed '/^config_file *= /!d; s/^[^=]*= *//;'` - + # some checks [ -s "$openvassd_conf" ] || { eval_gettext "Missing or empty configuration file \"\$openvassd_conf\"!"; echo @@ -119,7 +116,7 @@ # path to a temporary directory test -z "$TMPDIR" && { - if [ -d /var/tmp ]; + if [ -d /var/tmp ]; then gettext "Using /var/tmp as a temporary file holder."; echo TMPDIR=/var/tmp @@ -128,7 +125,7 @@ echo $Xn "`eval_gettext "Enter the location to a place where I could place temporary files: [\\$HOME]"` $Xc" read TMPDIR test -z "$TMPDIR" && TMPDIR=$HOME - fi + fi } @@ -202,7 +199,7 @@ read password_again stty echo echo - + if test -z "$password" ; then gettext "Your password can not be empty."; echo else @@ -217,7 +214,7 @@ fi if [ $prompt -eq 0 ] ; then -echo +echo gettext "User rules"; echo echo "---------------" @@ -238,14 +235,14 @@ mkdir -m 0700 $tmpAddUserDir || { eval_gettext "Error - could not create \$tmpAddUserDir"; echo; exit 1; } cat > $tmpAddUserFile || { - eval_gettext "Error - could not write \$tmpAddUserFile" + eval_gettext "Error - could not write \$tmpAddUserFile" exit 1 } -echo echo +echo gettext "Login : "; echo $Xn "$login" $Xc ; echo -test -n "$dn" || echo "$sayPasswd ***********" ; +test -n "$dn" || echo "$sayPasswd ***********" ; test -n "$dn" && eval_gettext "DN : \$dn"; echo gettext "Rules : "; echo @@ -268,7 +265,7 @@ exit 0 esac -# add the user rules in our rules files. +# Add the user rules in our rules files. # # The users file must end with the default user '*', so we add # our data at the TOP of the file @@ -276,7 +273,6 @@ #echo "$login:$password" > $TMPDIR/adduser.$$ - chmod 0700 "$localstatedir/lib/openvas/" mkdir -p "$localstatedir/lib/openvas/users/$login" @@ -295,7 +291,7 @@ chmod 0700 "$localstatedir/lib/openvas/users/$login/auth" if [ "$auth" = "pass" ]; then - test -c /dev/urandom && + test -c /dev/urandom && { URANDOM=`dd if=/dev/urandom bs=16 count=16 2>/dev/null|$MD5CMD` } @@ -307,16 +303,10 @@ fi - cp $tmpAddUserFile "$localstatedir/lib/openvas/users/$login/auth/rules" - rm -rf $tmpAddUserDir - - - gettext "user added."; echo - From scm-commit at wald.intevation.org Tue Feb 9 12:13:02 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 9 Feb 2010 12:13:02 +0100 (CET) Subject: [Openvas-commits] r6689 - trunk/openvas-scanner Message-ID: <20100209111302.DE99B86607A4@pyrosoma.intevation.org> Author: felix Date: 2010-02-09 12:13:02 +0100 (Tue, 09 Feb 2010) New Revision: 6689 Modified: trunk/openvas-scanner/ChangeLog trunk/openvas-scanner/openvas-adduser.in Log: * openvas-adduser.in: exit 0 if successfull, exit 1 if no input to user name/login is given. Modified: trunk/openvas-scanner/ChangeLog =================================================================== --- trunk/openvas-scanner/ChangeLog 2010-02-09 11:07:49 UTC (rev 6688) +++ trunk/openvas-scanner/ChangeLog 2010-02-09 11:13:02 UTC (rev 6689) @@ -1,5 +1,10 @@ 2010-02-09 Felix Wolfsteller + * openvas-adduser.in: exit 0 if successfull, exit 1 if no input to user + name/login is given. + +2010-02-09 Felix Wolfsteller + * openvas-adduser.in: Cosmetics. 2010-02-04 Michael Wiegand Modified: trunk/openvas-scanner/openvas-adduser.in =================================================================== --- trunk/openvas-scanner/openvas-adduser.in 2010-02-09 11:07:49 UTC (rev 6688) +++ trunk/openvas-scanner/openvas-adduser.in 2010-02-09 11:13:02 UTC (rev 6689) @@ -145,6 +145,12 @@ do echo $Xn "`gettext "Login :"` $Xc" read login + # Abort with error if nothing to read in. + if [ $? = 1 ] + then + gettext "No input, exiting."; echo + exit 1; + fi if [ -d $localstatedir/lib/openvas/users/$login ]; then gettext "This login already exists. Choose another one."; echo @@ -310,3 +316,5 @@ gettext "user added."; echo + +exit 0 From scm-commit at wald.intevation.org Tue Feb 9 12:21:16 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 9 Feb 2010 12:21:16 +0100 (CET) Subject: [Openvas-commits] r6690 - in trunk/openvas-plugins: . scripts Message-ID: <20100209112116.0C97E86607A4@pyrosoma.intevation.org> Author: mime Date: 2010-02-09 12:21:13 +0100 (Tue, 09 Feb 2010) New Revision: 6690 Added: trunk/openvas-plugins/scripts/httpdx_38135.nasl Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/xmpp_detect.nasl Log: Added new plugins Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2010-02-09 11:13:02 UTC (rev 6689) +++ trunk/openvas-plugins/ChangeLog 2010-02-09 11:21:13 UTC (rev 6690) @@ -1,3 +1,11 @@ +2010-02-09 Michael Meyer + + * scripts/httpdx_38135.nasl: + Added new plugin. + + * scripts/xmpp_detect.nasl: + Changed regex for version. + 2010-02-08 Michael Meyer * scripts/ejabberd_38003.nasl, Added: trunk/openvas-plugins/scripts/httpdx_38135.nasl =================================================================== --- trunk/openvas-plugins/scripts/httpdx_38135.nasl 2010-02-09 11:13:02 UTC (rev 6689) +++ trunk/openvas-plugins/scripts/httpdx_38135.nasl 2010-02-09 11:21:13 UTC (rev 6690) @@ -0,0 +1,75 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# httpdx 'USER' Command Remote Format String Vulnerability +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100491); + script_bugtraq_id(38135); + script_version ("1.0-$Revision$"); + + script_name("httpdx 'USER' Command Remote Format String Vulnerability"); + +desc = "Overview: +The 'httpdx' program is prone to a remote format-string vulnerability. + +An attacker may exploit this issue to execute arbitrary code within +the context of the affected application. Failed exploit attempts will +result in a denial-of-service condition. + +The issue affects httpdx 1.5.2; other versions may also be affected. + +References: +http://www.securityfocus.com/bid/38135 +http://sourceforge.net/projects/httpdx/ + +Risk factor : High"; + + script_description(desc); + script_summary("Determine if httpdx version is 1.5.2"); + script_category(ACT_GATHER_INFO); + script_family("Web Servers"); + script_copyright("This script is Copyright (C) 2010 Greenbone Networks GmbH"); + script_dependencies("gb_httpdx_server_detect.nasl"); + script_require_ports("Services/www", 80); + exit(0); +} + + +include("http_func.inc"); +include("version_func.inc"); + +httpdxPort = get_http_port(default:80); +if(!httpdxPort){ + exit(0); +} + +httpdxVer = get_kb_item("httpdx/" + httpdxPort + "/Ver"); +if(!isnull(httpdxVer)) +{ + if(version_is_equal(version:httpdxVer, test_version:"1.5.2")){ + security_hole(httpdxPort); + } +} Property changes on: trunk/openvas-plugins/scripts/httpdx_38135.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Modified: trunk/openvas-plugins/scripts/xmpp_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/xmpp_detect.nasl 2010-02-09 11:13:02 UTC (rev 6689) +++ trunk/openvas-plugins/scripts/xmpp_detect.nasl 2010-02-09 11:21:13 UTC (rev 6690) @@ -147,7 +147,7 @@ if("" >!< buf || "" >!< buf)exit(0); -version = eregmatch(pattern: "([0-9.]+)", string: buf); +version = eregmatch(pattern: "(.*)", string: buf); server = eregmatch(pattern: "(.*)", string: buf); if(!isnull(server[1])) { From scm-commit at wald.intevation.org Tue Feb 9 13:09:24 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 9 Feb 2010 13:09:24 +0100 (CET) Subject: [Openvas-commits] r6691 - in trunk/openvas-manager: . src Message-ID: <20100209120924.B4C4F86607D4@pyrosoma.intevation.org> Author: mattm Date: 2010-02-09 13:09:22 +0100 (Tue, 09 Feb 2010) New Revision: 6691 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/omp.c Log: * src/omp.c (omp_xml_handle_end_element): Ensure all parameter lists that are on the line following the function name are indented with a single character. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-09 11:21:13 UTC (rev 6690) +++ trunk/openvas-manager/ChangeLog 2010-02-09 12:09:22 UTC (rev 6691) @@ -1,5 +1,11 @@ 2010-02-08 Matthew Mundell + * src/omp.c (omp_xml_handle_end_element): Ensure all parameter lists + that are on the line following the function name are indented with a + single character. + +2010-02-08 Matthew Mundell + * src/otp.c (blank_control_chars): New function. (process_otp_scanner_input): Blank control chars in iso_field before converting to UTF-8. Modified: trunk/openvas-manager/src/omp.c =================================================================== --- trunk/openvas-manager/src/omp.c 2010-02-09 11:21:13 UTC (rev 6690) +++ trunk/openvas-manager/src/omp.c 2010-02-09 12:09:22 UTC (rev 6691) @@ -4747,7 +4747,7 @@ &filtered_result_count); report_scan_run_status (report, &run_status); SENDF_TO_CLIENT_OR_FAIL - ("" "" @@ -4776,7 +4776,7 @@ SEND_TO_CLIENT_OR_FAIL ("Debug"); SENDF_TO_CLIENT_OR_FAIL - ("" + ("" "%s" "" "%i" @@ -4819,7 +4819,7 @@ GArray *ports = g_array_new (TRUE, FALSE, sizeof (gchar*)); init_result_iterator - (&results, report, NULL, + (&results, report, NULL, get_report_data->first_result, get_report_data->max_results, /* Sort by port in order requested. */ @@ -4955,7 +4955,7 @@ gchar *nl_descr = descr ? convert_to_newlines (descr) : NULL; const char *name = result_iterator_nvt_name (&results); SENDF_TO_CLIENT_OR_FAIL - ("" + ("" "%s" "%s" "%s" @@ -4968,8 +4968,7 @@ result_iterator_port (&results), result_iterator_nvt_oid (&results), name ? name : "", - result_type_threat - (result_iterator_type (&results)), + result_type_threat (result_iterator_type (&results)), descr ? nl_descr : ""); if (descr) g_free (nl_descr); } @@ -5107,7 +5106,7 @@ /* This is a missing resource, however the resource is * the responsibility of the manager admin. */ SEND_TO_CLIENT_OR_FAIL - (XML_INTERNAL_ERROR ("get_report")); + (XML_INTERNAL_ERROR ("get_report")); } else { @@ -5139,7 +5138,7 @@ g_free (command); g_free (html_file); SEND_TO_CLIENT_OR_FAIL - (XML_INTERNAL_ERROR ("get_report")); + (XML_INTERNAL_ERROR ("get_report")); } else { @@ -5164,7 +5163,7 @@ get_error->message); g_error_free (get_error); SEND_TO_CLIENT_OR_FAIL - (XML_INTERNAL_ERROR ("get_report")); + (XML_INTERNAL_ERROR ("get_report")); } else { @@ -5175,7 +5174,7 @@ /* Encode and send the HTML. */ SEND_TO_CLIENT_OR_FAIL - ("" ""); @@ -5195,7 +5194,7 @@ } g_free (html); SEND_TO_CLIENT_OR_FAIL - ("" + ("" ""); } } @@ -5240,7 +5239,7 @@ /* This is a missing resource, however the resource is * the responsibility of the manager admin. */ SEND_TO_CLIENT_OR_FAIL - (XML_INTERNAL_ERROR ("get_report")); + (XML_INTERNAL_ERROR ("get_report")); } else { @@ -5276,7 +5275,7 @@ g_free (command); g_free (pdf_file); SEND_TO_CLIENT_OR_FAIL - (XML_INTERNAL_ERROR ("get_report")); + (XML_INTERNAL_ERROR ("get_report")); } else { @@ -5301,7 +5300,7 @@ get_error->message); g_error_free (get_error); SEND_TO_CLIENT_OR_FAIL - (XML_INTERNAL_ERROR ("get_report")); + (XML_INTERNAL_ERROR ("get_report")); } else { @@ -5312,7 +5311,7 @@ /* Encode and send the HTML. */ SEND_TO_CLIENT_OR_FAIL - ("" ""); @@ -5374,7 +5373,7 @@ S_IRUSR | S_IWUSR); command = g_strdup_printf - ("pdflatex -output-directory %s %s" + ("pdflatex -output-directory %s %s" " > /tmp/openvasmd_pdflatex_out 2>&1" " && pdflatex -output-directory %s %s" " > /tmp/openvasmd_pdflatex_out 2>&1", @@ -5394,7 +5393,7 @@ pdf_file); g_free (pdf_file); SEND_TO_CLIENT_OR_FAIL - (XML_INTERNAL_ERROR ("get_report")); + (XML_INTERNAL_ERROR ("get_report")); } /* RATS: ignore, command is defined above. */ else if (ret = system (command), @@ -5411,7 +5410,7 @@ g_free (pdf_file); g_free (command); SEND_TO_CLIENT_OR_FAIL - (XML_INTERNAL_ERROR ("get_report")); + (XML_INTERNAL_ERROR ("get_report")); } else { @@ -5437,7 +5436,7 @@ get_error->message); g_error_free (get_error); SEND_TO_CLIENT_OR_FAIL - (XML_INTERNAL_ERROR ("get_report")); + (XML_INTERNAL_ERROR ("get_report")); } else { @@ -5448,7 +5447,7 @@ /* Encode and send the PDF data. */ SEND_TO_CLIENT_OR_FAIL - ("" ""); @@ -5476,8 +5475,8 @@ else { SEND_TO_CLIENT_OR_FAIL - (XML_ERROR_SYNTAX ("get_report", - "Bogus report format in format attribute")); + (XML_ERROR_SYNTAX ("get_report", + "Bogus report format in format attribute")); } get_report_data_reset (get_report_data); @@ -8896,9 +8895,9 @@ report_type_iterator_title (&types)); cleanup_report_type_iterator (&types); SEND_TO_CLIENT_OR_FAIL - ("" - "" - ""); + ("" + "" + ""); } } else From scm-commit at wald.intevation.org Tue Feb 9 13:14:56 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 9 Feb 2010 13:14:56 +0100 (CET) Subject: [Openvas-commits] r6692 - in trunk/openvas-manager: . src Message-ID: <20100209121456.3A51386607A4@pyrosoma.intevation.org> Author: mattm Date: 2010-02-09 13:14:54 +0100 (Tue, 09 Feb 2010) New Revision: 6692 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/manage.h Log: * src/manage.h (manage_complete_nvt_cache_update): Add missing arg. Thanks to Stephan Kleine. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-09 12:09:22 UTC (rev 6691) +++ trunk/openvas-manager/ChangeLog 2010-02-09 12:14:54 UTC (rev 6692) @@ -1,3 +1,8 @@ +2010-02-09 Matthew Mundell + + * src/manage.h (manage_complete_nvt_cache_update): Add missing arg. + Thanks to Stephan Kleine. + 2010-02-08 Matthew Mundell * src/omp.c (omp_xml_handle_end_element): Ensure all parameter lists Modified: trunk/openvas-manager/src/manage.h =================================================================== --- trunk/openvas-manager/src/manage.h 2010-02-09 12:09:22 UTC (rev 6691) +++ trunk/openvas-manager/src/manage.h 2010-02-09 12:14:54 UTC (rev 6692) @@ -900,7 +900,7 @@ family_nvt_count (const char *); void -manage_complete_nvt_cache_update (); +manage_complete_nvt_cache_update (int); /* NVT selectors. */ From scm-commit at wald.intevation.org Tue Feb 9 13:49:16 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 9 Feb 2010 13:49:16 +0100 (CET) Subject: [Openvas-commits] r6693 - in trunk/openvas-manager: . src Message-ID: <20100209124916.7365D86607DC@pyrosoma.intevation.org> Author: mattm Date: 2010-02-09 13:49:15 +0100 (Tue, 09 Feb 2010) New Revision: 6693 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/ovas-mngr-comm.c Log: * src/ovas-mngr-comm.c (sendn_to_server, write_string_to_server) (write_to_server_buffer): Cast string format precision modifier to int. Thanks to Stephan Kleine. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-09 12:14:54 UTC (rev 6692) +++ trunk/openvas-manager/ChangeLog 2010-02-09 12:49:15 UTC (rev 6693) @@ -1,5 +1,11 @@ 2010-02-09 Matthew Mundell + * src/ovas-mngr-comm.c (sendn_to_server, write_string_to_server) + (write_to_server_buffer): Cast string format precision modifier to int. + Thanks to Stephan Kleine. + +2010-02-09 Matthew Mundell + * src/manage.h (manage_complete_nvt_cache_update): Add missing arg. Thanks to Stephan Kleine. Modified: trunk/openvas-manager/src/ovas-mngr-comm.c =================================================================== --- trunk/openvas-manager/src/ovas-mngr-comm.c 2010-02-09 12:14:54 UTC (rev 6692) +++ trunk/openvas-manager/src/ovas-mngr-comm.c 2010-02-09 12:49:15 UTC (rev 6693) @@ -137,7 +137,7 @@ } memmove (to_server + to_server_end, msg, n); - tracef ("s> server (string) %.*s\n", n, to_server + to_server_end); + tracef ("s> server (string) %.*s\n", (int) n, to_server + to_server_end); tracef ("-> server %zi bytes\n", n); to_server_end += n; @@ -215,9 +215,9 @@ return -1; } #if LOG - if (count) logf ("=> server %.*s\n", count, point); + if (count) logf ("=> server %.*s\n", (int) count, point); #endif - tracef ("s> server (string) %.*s\n", count, point); + tracef ("s> server (string) %.*s\n", (int) count, point); point += count; tracef ("=> server (string) %zi bytes\n", count); } @@ -261,9 +261,11 @@ return -1; } #if LOG - if (count) logf ("=> server %.*s\n", count, to_server + to_server_start); + if (count) logf ("=> server %.*s\n", + (int) count, + to_server + to_server_start); #endif - tracef ("s> server %.*s\n", count, to_server + to_server_start); + tracef ("s> server %.*s\n", (int) count, to_server + to_server_start); to_server_start += count; tracef ("=> server %zi bytes\n", count); } From scm-commit at wald.intevation.org Tue Feb 9 19:43:18 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 9 Feb 2010 19:43:18 +0100 (CET) Subject: [Openvas-commits] r6694 - in trunk/openvas-manager: . src Message-ID: <20100209184318.6069E86607DA@pyrosoma.intevation.org> Author: mattm Date: 2010-02-09 19:43:15 +0100 (Tue, 09 Feb 2010) New Revision: 6694 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/tasks_sql.h Log: Use UUIDs for NVT selector names instead of using the name of the associated config. Hence increase database version to 13. Add database migration from 12 to 13. Preparation for enabling users to name their configs with names used by other users. * CMakeLists.txt (OPENVASMD_DATABASE_VERSION): Increase to 13. * src/tasks_sql.h (MANAGE_NVT_SELECTOR_UUID_ALL): New define. (insert_rc_into_config): Add NVT selector arg. Update callers. (migrate_12_to_13): New function. (database_migrators): Add migrate_12_to_13. (init_manage): Use UUID for predefined "All" NVT selector. (create_config, create_config_rc, copy_config): Set NVT selector name to generated UUID. (clude): Rename arg config_name to nvt_selector. (delete_config): Get NVT selector name from right column. (init_nvt_selector_iterator): Remove completed todo. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-09 12:49:15 UTC (rev 6693) +++ trunk/openvas-manager/ChangeLog 2010-02-09 18:43:15 UTC (rev 6694) @@ -1,5 +1,25 @@ 2010-02-09 Matthew Mundell + Use UUIDs for NVT selector names instead of using the name of the + associated config. Hence increase database version to 13. Add + database migration from 12 to 13. Preparation for enabling users + to name their configs with names used by other users. + + * CMakeLists.txt (OPENVASMD_DATABASE_VERSION): Increase to 13. + + * src/tasks_sql.h (MANAGE_NVT_SELECTOR_UUID_ALL): New define. + (insert_rc_into_config): Add NVT selector arg. Update callers. + (migrate_12_to_13): New function. + (database_migrators): Add migrate_12_to_13. + (init_manage): Use UUID for predefined "All" NVT selector. + (create_config, create_config_rc, copy_config): Set NVT selector name to + generated UUID. + (clude): Rename arg config_name to nvt_selector. + (delete_config): Get NVT selector name from right column. + (init_nvt_selector_iterator): Remove completed todo. + +2010-02-09 Matthew Mundell + * src/ovas-mngr-comm.c (sendn_to_server, write_string_to_server) (write_to_server_buffer): Cast string format precision modifier to int. Thanks to Stephan Kleine. @@ -131,13 +151,13 @@ Remove UNIQUE constraint from name of user resource tables. Hence increase database version to 12. Add database migration from 11 to 12. + * CMakeLists.txt (OPENVASMD_DATABASE_VERSION): Increase to 12. + * src/tasks_sql.h (create_tables): Remove UNIQUE from name column of tables agents, configs and escalators. (migrate_11_to_12): New function. (database_migrators): Add migrate_11_to_12. - * CMakeLists.txt (OPENVASMD_DATABASE_VERSION): Increase to 12. - * doc/db_postgres.sql (agents, escalators, targets, configs) (lsc_credentials): Remove UNIQUE from name. Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2010-02-09 12:49:15 UTC (rev 6693) +++ trunk/openvas-manager/src/tasks_sql.h 2010-02-09 18:43:15 UTC (rev 6694) @@ -42,6 +42,8 @@ #define CONFIG_ID_FULL_AND_VERY_DEEP 3 #define CONFIG_ID_FULL_AND_VERY_DEEP_ULTIMATE 4 +#define MANAGE_NVT_SELECTOR_UUID_ALL "54b45713-d4f4-4435-b20d-304c175ed8c5" + /* Static headers. */ @@ -82,7 +84,7 @@ nvt_selector_remove_selector (const char*, const char*, int); static int -insert_rc_into_config (config_t, const char*, char*); +insert_rc_into_config (config_t, const char*, const char*, char*); static void update_config_caches (config_t); @@ -2168,6 +2170,88 @@ } /** + * @brief Migrate the database from version 12 to version 13. + * + * @return 0 success, -1 error. + */ +static int +migrate_12_to_13 () +{ + iterator_t rows; + + sql ("BEGIN EXCLUSIVE;"); + + /* Ensure that the database is currently version 12. */ + + if (manage_db_version () != 12) + { + sql ("ROLLBACK;"); + return -1; + } + + /* Update the database. */ + + /* Table nvt_selectors column name changed to a UUID. + * + * Replace names with UUIDs, ensuring that the 'All' selector gets the + * predefined UUID. */ + + /** @todo ROLLBACK on failure. */ + + init_iterator (&rows, "SELECT distinct name FROM nvt_selectors;"); + while (next (&rows)) + { + gchar *quoted_name, *uuid; + + if (strcmp (iterator_string (&rows, 0), "All") == 0) + continue; + + uuid = make_report_uuid (); + if (uuid == NULL) + { + cleanup_iterator (&rows); + sql ("ROLLBACK;"); + return -1; + } + + quoted_name = sql_insert (iterator_string (&rows, 0)); + + sql ("UPDATE nvt_selectors SET name = '%s' WHERE name = %s;", + uuid, + quoted_name); + + sql ("UPDATE configs SET nvt_selector = '%s' WHERE nvt_selector = %s;", + uuid, + quoted_name); + + g_free (uuid); + g_free (quoted_name); + } + cleanup_iterator (&rows); + + if (sql_int (0, 0, + "SELECT COUNT(*) FROM nvt_selectors WHERE name = '" + MANAGE_NVT_SELECTOR_UUID_ALL "';")) + sql ("DELETE FROM nvt_selectors WHERE name = 'All';"); + else + sql ("UPDATE nvt_selectors" + " SET name = '" MANAGE_NVT_SELECTOR_UUID_ALL "'" + " WHERE name = 'All';"); + + sql ("UPDATE configs" + " SET nvt_selector = '" MANAGE_NVT_SELECTOR_UUID_ALL "'" + " WHERE nvt_selector = 'All';"); + + /* Set the database version to 13. */ + + set_db_version (13); + + sql ("COMMIT;"); + + return 0; +} + +/** * @brief Array of database version migrators. */ static migrator_t database_migrators[] @@ -2184,6 +2268,7 @@ {10, migrate_9_to_10}, {11, migrate_10_to_11}, {12, migrate_11_to_12}, + {13, migrate_12_to_13}, /* End marker. */ {-1, NULL}}; @@ -3735,18 +3820,23 @@ /* Ensure the predefined selectors and configs exist. */ - if (sql_int (0, 0, "SELECT count(*) FROM nvt_selectors WHERE name = 'All';") + if (sql_int (0, 0, + "SELECT count(*) FROM nvt_selectors WHERE name =" + " '" MANAGE_NVT_SELECTOR_UUID_ALL "';") == 0) { sql ("INSERT into nvt_selectors (name, exclude, type, family_or_nvt)" - " VALUES ('All', 0, " G_STRINGIFY (NVT_SELECTOR_TYPE_ALL) ", NULL);"); + " VALUES ('" MANAGE_NVT_SELECTOR_UUID_ALL "', 0, " + G_STRINGIFY (NVT_SELECTOR_TYPE_ALL) ", NULL);"); sql ("INSERT into nvt_selectors" " (name, exclude, type, family_or_nvt, family)" - " VALUES ('All', 1, " G_STRINGIFY (NVT_SELECTOR_TYPE_FAMILY) "," + " VALUES ('" MANAGE_NVT_SELECTOR_UUID_ALL "', 1, " + G_STRINGIFY (NVT_SELECTOR_TYPE_FAMILY) "," " 'Port scanners', 'Port scanners');"); sql ("INSERT into nvt_selectors" " (name, exclude, type, family_or_nvt, family)" - " VALUES ('All', 0, " G_STRINGIFY (NVT_SELECTOR_TYPE_NVT) "," + " VALUES ('" MANAGE_NVT_SELECTOR_UUID_ALL "', 0, " + G_STRINGIFY (NVT_SELECTOR_TYPE_NVT) "," /* OID of the "Nmap (NASL wrapper)" NVT. */ " '1.3.6.1.4.1.25623.1.0.14259', 'Port scanners');"); } @@ -3761,7 +3851,7 @@ sql ("INSERT into configs (id, owner, name, nvt_selector, comment," " family_count, nvt_count, nvts_growing, families_growing)" " VALUES (" G_STRINGIFY (CONFIG_ID_FULL_AND_FAST) ", NULL," - " 'Full and fast', 'All'," + " 'Full and fast', '" MANAGE_NVT_SELECTOR_UUID_ALL "'," " 'All NVT''s; optimized by using previously collected information.'," " %i, %i, 1, 1);", family_nvt_count (NULL) - family_nvt_count ("Port scanners") + 1, @@ -3782,7 +3872,7 @@ sql ("INSERT into configs (id, owner, name, nvt_selector, comment," " family_count, nvt_count, nvts_growing, families_growing)" " VALUES (" G_STRINGIFY (CONFIG_ID_FULL_AND_FAST_ULTIMATE) ", NULL," - " 'Full and fast ultimate', 'All'," + " 'Full and fast ultimate', '" MANAGE_NVT_SELECTOR_UUID_ALL "'," " 'All NVT''s including those that can stop services/hosts;" " optimized by using previously collected information.'," " %i, %i, 1, 1);", @@ -3804,7 +3894,7 @@ sql ("INSERT into configs (id, owner, name, nvt_selector, comment," " family_count, nvt_count, nvts_growing, families_growing)" " VALUES (" G_STRINGIFY (CONFIG_ID_FULL_AND_VERY_DEEP) ", NULL," - " 'Full and very deep', 'All'," + " 'Full and very deep', '" MANAGE_NVT_SELECTOR_UUID_ALL "'," " 'All NVT''s; don''t trust previously collected information; slow.'," " %i, %i, 1, 1);", family_nvt_count (NULL) - family_nvt_count ("Port scanners") + 1, @@ -3825,7 +3915,8 @@ sql ("INSERT into configs (id, owner, name, nvt_selector, comment," " family_count, nvt_count, nvts_growing, families_growing)" " VALUES (" G_STRINGIFY (CONFIG_ID_FULL_AND_VERY_DEEP_ULTIMATE) "," - " NULL, 'Full and very deep ultimate', 'All'," + " NULL, 'Full and very deep ultimate'," + " '" MANAGE_NVT_SELECTOR_UUID_ALL "'," " 'All NVT''s including those that can stop services/hosts;" " don''t trust previously collected information; slow.'," " %i, %i, 1, 1);", @@ -6001,7 +6092,6 @@ sql ("DELETE FROM nvt_selectors WHERE name = '%s';", quoted_selector); - free (quoted_selector); /* Replace targets. */ @@ -6009,6 +6099,7 @@ if (hosts == NULL) { free (config_name); + free (quoted_selector); g_free (rc); sql ("ROLLBACK"); return -1; @@ -6021,12 +6112,15 @@ quoted_config_name = sql_quote (config_name); free (config_name); /* This modifies rc. */ - if (insert_rc_into_config (config, quoted_config_name, (gchar*) rc)) + if (insert_rc_into_config (config, quoted_config_name, + quoted_selector, (gchar*) rc)) { + free (quoted_selector); g_free (rc); sql ("ROLLBACK"); return -1; } + free (quoted_selector); g_free (rc); } @@ -6856,7 +6950,7 @@ * If a config with the same name exists already then add a unique integer * suffix onto the name. * - * @param[in] proposed_name Proposed name of config and NVT selector. + * @param[in] proposed_name Proposed name of config. * @param[in] comment Comment on config. * @param[in] selectors NVT selectors. * @param[in] preferences Preferences. @@ -6873,6 +6967,7 @@ { int ret; gchar *quoted_comment, *candidate_name, *quoted_candidate_name; + char *uuid; config_t config; unsigned int num = 1; @@ -6880,6 +6975,10 @@ if (proposed_name == NULL || strlen (proposed_name) == 0) return -2; + uuid = make_report_uuid (); + if (uuid == NULL) + return -1; + candidate_name = g_strdup (proposed_name); quoted_candidate_name = sql_quote (candidate_name); @@ -6887,15 +6986,10 @@ while (1) { - if ((sql_int (0, 0, - "SELECT COUNT(*) FROM configs WHERE name = '%s';", - quoted_candidate_name) - == 0) - /** @todo Reference selector in config by ROWID instead of by name. */ - && (sql_int (0, 0, - "SELECT COUNT(*) FROM nvt_selectors WHERE name = '%s' LIMIT 1;", - quoted_candidate_name) - == 0)) + if (sql_int (0, 0, + "SELECT COUNT(*) FROM configs WHERE name = '%s';", + quoted_candidate_name) + == 0) break; g_free (candidate_name); g_free (quoted_candidate_name); @@ -6912,7 +7006,7 @@ " '%s', '%s');", quoted_candidate_name, current_credentials.uuid, - quoted_candidate_name, + uuid, quoted_comment); g_free (quoted_comment); } @@ -6923,24 +7017,25 @@ " '%s', '');", quoted_candidate_name, current_credentials.uuid, - quoted_candidate_name); + uuid); + g_free (quoted_candidate_name); /* Insert the selectors into the nvt_selectors table. */ config = sqlite3_last_insert_rowid (task_db); - if ((ret = insert_nvt_selectors (quoted_candidate_name, selectors))) + if ((ret = insert_nvt_selectors (uuid, selectors))) { sql ("ROLLBACK;"); - g_free (quoted_candidate_name); + free (uuid); return ret; } + free (uuid); /* Insert the preferences into the config_preferences table. */ if ((ret = config_insert_preferences (config, preferences))) { sql ("ROLLBACK;"); - g_free (quoted_candidate_name); return ret; } @@ -6949,7 +7044,6 @@ update_config_caches (config); sql ("COMMIT;"); - g_free (quoted_candidate_name); *name = candidate_name; return 0; } @@ -7003,13 +7097,13 @@ /** * @brief Exclude or include an array of NVTs in a config. * - * @param[in] config_name Config name. - * @param[in] array Array of OIDs of NVTs. - * @param[in] array_size Size of \ref array. - * @param[in] exclude If true exclude, else include. + * @param[in] nvt_selector NVT selector name. + * @param[in] array Array of OIDs of NVTs. + * @param[in] array_size Size of \ref array. + * @param[in] exclude If true exclude, else include. */ static void -clude (const char *config_name, GArray *array, int array_size, int exclude, +clude (const char *nvt_selector, GArray *array, int array_size, int exclude, GHashTable *families) { gint index; @@ -7022,13 +7116,13 @@ formatted = g_strdup_printf ("INSERT INTO nvt_selectors" " (name, exclude, type, family_or_nvt, family)" " VALUES ('%s', %i, 2, $value, $family);", - config_name, + nvt_selector, exclude); else formatted = g_strdup_printf ("INSERT INTO nvt_selectors" " (name, exclude, type, family_or_nvt, family)" " VALUES ('%s', %i, 2, $value, NULL);", - config_name, + nvt_selector, exclude); tracef (" sql: %s\n", formatted); @@ -7083,7 +7177,7 @@ " cache", __FUNCTION__, id, - config_name); + nvt_selector); continue; } } @@ -7093,7 +7187,7 @@ " because the NVT is missing from the cache", __FUNCTION__, id, - config_name); + nvt_selector); continue; } @@ -7164,14 +7258,17 @@ /** * @brief Copy the preferences and nvt selector from an RC file to a config. * - * @param[in] config Config to copy into. - * @param[in] config_name Name of config to copy into, SQL quoted. - * @param[in] rc Text of RC file. + * @param[in] config Config to copy into. + * @param[in] config_name Name of config to copy into, SQL quoted. + * @param[in] nvt_selector_name Name of NVT selector associated with config, + * SQL quoted. + * @param[in] rc Text of RC file. * * @return 0 success, -1 error. */ static int -insert_rc_into_config (config_t config, const char *config_name, char *rc) +insert_rc_into_config (config_t config, const char *config_name, + const char *nvt_selector_name, char *rc) { GArray *yes = g_array_sized_new (FALSE, FALSE, sizeof (rc), 20000); GArray *no = g_array_sized_new (FALSE, FALSE, sizeof (rc), 20000); @@ -7344,11 +7441,11 @@ sql ("INSERT INTO nvt_selectors" " (name, exclude, type, family_or_nvt)" " VALUES ('%s', 0, 0, 0);", - config_name); + nvt_selector_name); /* Explicitly exclude any nos. */ - clude (config_name, no, no_size, 1, NULL); + clude (nvt_selector_name, no, no_size, 1, NULL); /* Cache the counts and growth types. */ @@ -7356,8 +7453,8 @@ " SET families_growing = 1, nvts_growing = 1," " family_count = %i, nvt_count = %i" " WHERE name = '%s';", - nvt_selector_family_count (config_name, 1), - nvt_selector_nvt_count (config_name, NULL, 1), + nvt_selector_family_count (nvt_selector_name, 1), + nvt_selector_nvt_count (nvt_selector_name, NULL, 1), config_name); } else @@ -7366,8 +7463,8 @@ * because the config may change to auto enable new plugins. */ /** @todo The other selector manipulation functions may lose the nos. */ - clude (config_name, yes, yes_size, 0, families); - clude (config_name, no, no_size, 1, NULL); + clude (nvt_selector_name, yes, yes_size, 0, families); + clude (nvt_selector_name, no, no_size, 1, NULL); /* Cache the family and NVT count and selector types. */ @@ -7401,6 +7498,7 @@ { gchar *quoted_name = sql_nquote (name, strlen (name)); gchar *quoted_comment; + char *uuid; config_t new_config; assert (current_credentials.uuid); @@ -7416,15 +7514,25 @@ return 1; } - if (sql_int (0, 0, "SELECT COUNT(*) FROM nvt_selectors WHERE name = '%s' LIMIT 1;", - quoted_name)) + uuid = make_report_uuid (); + if (uuid == NULL) { - tracef (" NVT selector \"%s\" already exists\n", name); + tracef (" failed to create UUID \n"); sql ("ROLLBACK;"); g_free (quoted_name); return -1; } + if (sql_int (0, 0, + "SELECT COUNT(*) FROM nvt_selectors WHERE name = '%s' LIMIT 1;", + uuid)) + { + tracef (" NVT selector \"%s\" already exists\n", uuid); + sql ("ROLLBACK;"); + free (uuid); + g_free (quoted_name); + return -1; + } if (comment) { @@ -7433,7 +7541,7 @@ " VALUES ('%s'," " (SELECT ROWID FROM users WHERE users.uuid = '%s')," " '%s', '%s');", - quoted_name, current_credentials.uuid, quoted_name, quoted_comment); + quoted_name, current_credentials.uuid, uuid, quoted_comment); g_free (quoted_comment); } else @@ -7441,19 +7549,21 @@ " VALUES ('%s'," " (SELECT ROWID FROM users WHERE users.uuid = '%s')," " '%s', '');", - quoted_name, current_credentials.uuid, quoted_name); + quoted_name, current_credentials.uuid, uuid); /* Insert the RC into the config_preferences table. */ new_config = sqlite3_last_insert_rowid (task_db); - if (insert_rc_into_config (new_config, quoted_name, rc)) + if (insert_rc_into_config (new_config, quoted_name, uuid, rc)) { sql ("ROLLBACK;"); + free (uuid); g_free (quoted_name); return -1; } sql ("COMMIT;"); + free (uuid); g_free (quoted_name); if (config) *config = new_config; @@ -7473,7 +7583,7 @@ int copy_config (const char* name, const char* comment, config_t config) { - char* config_selector; + char *config_selector, *uuid; config_t id; gchar *quoted_name = sql_quote (name); gchar *quoted_comment, *quoted_config_selector; @@ -7513,12 +7623,23 @@ return 2; } + uuid = make_report_uuid (); + if (uuid == NULL) + { + tracef (" failed to create UUID \n"); + sql ("ROLLBACK;"); + g_free (quoted_name); + g_free (quoted_config_selector); + return -1; + } + if (sql_int (0, 0, "SELECT COUNT(*) FROM nvt_selectors WHERE name = '%s' LIMIT 1;", - quoted_name)) + uuid)) { - tracef (" NVT selector \"%s\" already exists\n", name); + tracef (" NVT selector \"%s\" already exists\n", uuid); sql ("ROLLBACK;"); + free (uuid); g_free (quoted_name); g_free (quoted_config_selector); return -1; @@ -7538,7 +7659,7 @@ " FROM configs WHERE ROWID = %llu;", quoted_name, current_credentials.uuid, - quoted_name, + uuid, quoted_comment, config); g_free (quoted_comment); @@ -7553,7 +7674,7 @@ " FROM configs WHERE ROWID = %llu", quoted_name, current_credentials.uuid, - quoted_name, + uuid, config); id = sqlite3_last_insert_rowid (task_db); @@ -7567,10 +7688,11 @@ sql ("INSERT INTO nvt_selectors (name, exclude, type, family_or_nvt, family)" " SELECT '%s', exclude, type, family_or_nvt, family FROM nvt_selectors" " WHERE name = '%s';", - quoted_name, + uuid, quoted_config_selector); sql ("COMMIT;"); + free (uuid); g_free (quoted_name); g_free (quoted_config_selector); return 0; @@ -7603,7 +7725,7 @@ return 1; } sql ("DELETE FROM nvt_selectors WHERE name =" - " (SELECT name FROM configs WHERE ROWID = %llu);", + " (SELECT nvt_selector FROM configs WHERE ROWID = %llu);", config); sql ("DELETE FROM config_preferences WHERE config = %llu;", config); @@ -8880,7 +9002,6 @@ config); } -/** @todo Adjust omp.c caller, make config a config_t. */ /** * @brief Initialise an NVT selector iterator. * From scm-commit at wald.intevation.org Tue Feb 9 20:17:47 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 9 Feb 2010 20:17:47 +0100 (CET) Subject: [Openvas-commits] r6695 - in trunk/openvas-manager: . src Message-ID: <20100209191747.0F9FE86607DB@pyrosoma.intevation.org> Author: mattm Date: 2010-02-09 20:17:44 +0100 (Tue, 09 Feb 2010) New Revision: 6695 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/tasks_sql.h Log: * src/tasks_sql.h (find_target): Look for the target owned by the current user. (create_target): Limit the "already exists" check to the targets owned by the current user. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-09 18:43:15 UTC (rev 6694) +++ trunk/openvas-manager/ChangeLog 2010-02-09 19:17:44 UTC (rev 6695) @@ -1,5 +1,12 @@ 2010-02-09 Matthew Mundell + * src/tasks_sql.h (find_target): Look for the target owned by the current + user. + (create_target): Limit the "already exists" check to the targets owned by + the current user. + +2010-02-09 Matthew Mundell + Use UUIDs for NVT selector names instead of using the name of the associated config. Hence increase database version to 13. Add database migration from 12 to 13. Preparation for enabling users Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2010-02-09 18:43:15 UTC (rev 6694) +++ trunk/openvas-manager/src/tasks_sql.h 2010-02-09 19:17:44 UTC (rev 6695) @@ -6527,14 +6527,19 @@ gboolean find_target (const char* name, target_t* target) { + assert (current_credentials.uuid); if (user_owns ("target", name) == 0) { *target = 0; return FALSE; } switch (sql_int64 (target, 0, 0, - "SELECT ROWID FROM targets WHERE name = '%s';", - name)) + "SELECT ROWID FROM targets" + " WHERE name = '%s'" + " AND ((owner IS NULL) OR (owner =" + " (SELECT users.ROWID FROM users WHERE users.uuid = '%s')))", + name, + current_credentials.uuid)) { case 0: break; @@ -6573,8 +6578,13 @@ assert (current_credentials.uuid); - if (sql_int (0, 0, "SELECT COUNT(*) FROM targets WHERE name = '%s';", - quoted_name)) + if (sql_int (0, 0, + "SELECT COUNT(*) FROM targets" + " WHERE name = '%s'" + " AND ((owner IS NULL) OR (owner =" + " (SELECT users.ROWID FROM users WHERE users.uuid = '%s')))", + quoted_name, + current_credentials.uuid)) { g_free (quoted_name); sql ("ROLLBACK;"); From scm-commit at wald.intevation.org Wed Feb 10 11:14:55 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 10 Feb 2010 11:14:55 +0100 (CET) Subject: [Openvas-commits] r6696 - in trunk/openvas-plugins: . scripts Message-ID: <20100210101455.9007286607DB@pyrosoma.intevation.org> Author: felix Date: 2010-02-10 11:14:52 +0100 (Wed, 10 Feb 2010) New Revision: 6696 Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/ldapsearch.nasl trunk/openvas-plugins/scripts/toolcheck.nasl Log: * scripts/toolcheck.nasl: Added check for ldapsearch. * scripts/ldapsearch.nasl: Use mandatory_key / compatibility func. Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2010-02-09 19:17:44 UTC (rev 6695) +++ trunk/openvas-plugins/ChangeLog 2010-02-10 10:14:52 UTC (rev 6696) @@ -1,3 +1,9 @@ +2010-02-09 Felix Wolfsteller + + * scripts/toolcheck.nasl: Added check for ldapsearch. + + * scripts/ldapsearch.nasl: Use mandatory_key / compatibility func. + 2010-02-09 Michael Meyer * scripts/httpdx_38135.nasl: Modified: trunk/openvas-plugins/scripts/ldapsearch.nasl =================================================================== --- trunk/openvas-plugins/scripts/ldapsearch.nasl 2010-02-09 19:17:44 UTC (rev 6695) +++ trunk/openvas-plugins/scripts/ldapsearch.nasl 2010-02-10 10:14:52 UTC (rev 6696) @@ -37,9 +37,15 @@ script_add_preference(name:"Timeout value", type:"entry", value:"3"); script_add_preference(name:"Buffersize", type:"entry", value:"500"); + if(defined_func("script_mandatory_keys")) + script_mandatory_keys("Tools/Present/ldapsearch"); exit(0); } +# script_mandatory_keys compatibility: +include ("toolcheck.inc"); +exit_if_not_found (toolname: "ldapsearch"); +# end of script_mandatory_keys compatibility port = get_kb_item("Services/ldap"); if (! port) port = 389; Modified: trunk/openvas-plugins/scripts/toolcheck.nasl =================================================================== --- trunk/openvas-plugins/scripts/toolcheck.nasl 2010-02-09 19:17:44 UTC (rev 6695) +++ trunk/openvas-plugins/scripts/toolcheck.nasl 2010-02-10 10:14:52 UTC (rev 6696) @@ -396,6 +396,22 @@ } # +# Test for presence of ldapsearch +# +if ( find_in_path("ldapsearch") ){ + set_kb_item(name: "Tools/Present/ldapsearch", value: TRUE); + set_kb_item(name: "Tools/Missing/ldapsearch", value: FALSE); +} else { + set_kb_item(name: "Tools/Missing/ldapsearch", value: TRUE); + set_kb_item(name: "Tools/Present/ldapsearch", value: FALSE); + summary = summary + " +Tool: ldapsearch +Effect: Advanced ldap directory checks are not available. +"; + all_tools_available = FALSE; +} + +# # Send final summary as log information # From scm-commit at wald.intevation.org Wed Feb 10 12:06:43 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 10 Feb 2010 12:06:43 +0100 (CET) Subject: [Openvas-commits] r6697 - trunk/openvas-manager Message-ID: <20100210110643.1AAF7865FABD@pyrosoma.intevation.org> Author: mattm Date: 2010-02-10 12:06:41 +0100 (Wed, 10 Feb 2010) New Revision: 6697 Modified: trunk/openvas-manager/CMakeLists.txt trunk/openvas-manager/ChangeLog Log: * CMakeLists.txt (OPENVASMD_DATABASE_VERSION): Increase to 13. (Missing file from commit yesterday). Modified: trunk/openvas-manager/CMakeLists.txt =================================================================== --- trunk/openvas-manager/CMakeLists.txt 2010-02-10 10:14:52 UTC (rev 6696) +++ trunk/openvas-manager/CMakeLists.txt 2010-02-10 11:06:41 UTC (rev 6697) @@ -94,7 +94,7 @@ ## Variables -set (OPENVASMD_DATABASE_VERSION 12) +set (OPENVASMD_DATABASE_VERSION 13) set (CMAKE_BUILD Debug) set (CMAKE_VERBOSE_MAKEFILE ON) Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-10 10:14:52 UTC (rev 6696) +++ trunk/openvas-manager/ChangeLog 2010-02-10 11:06:41 UTC (rev 6697) @@ -1,5 +1,10 @@ 2010-02-09 Matthew Mundell + * CMakeLists.txt (OPENVASMD_DATABASE_VERSION): Increase to 13. (Missing + file from commit yesterday). + +2010-02-09 Matthew Mundell + * src/tasks_sql.h (find_target): Look for the target owned by the current user. (create_target): Limit the "already exists" check to the targets owned by From scm-commit at wald.intevation.org Wed Feb 10 12:12:47 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 10 Feb 2010 12:12:47 +0100 (CET) Subject: [Openvas-commits] r6698 - in trunk/openvas-manager: . src Message-ID: <20100210111247.4651D86607DB@pyrosoma.intevation.org> Author: mattm Date: 2010-02-10 12:12:43 +0100 (Wed, 10 Feb 2010) New Revision: 6698 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/lsc_user.c Log: * src/lsc_user.c (file_utils_copy_file): Remove G_GSIZE_MODIFIER from format string. Thanks to Stephan Kleine. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-10 11:06:41 UTC (rev 6697) +++ trunk/openvas-manager/ChangeLog 2010-02-10 11:12:43 UTC (rev 6698) @@ -1,3 +1,8 @@ +2010-02-10 Matthew Mundell + + * src/lsc_user.c (file_utils_copy_file): Remove G_GSIZE_MODIFIER from + format string. Thanks to Stephan Kleine. + 2010-02-09 Matthew Mundell * CMakeLists.txt (OPENVASMD_DATABASE_VERSION): Increase to 13. (Missing Modified: trunk/openvas-manager/src/lsc_user.c =================================================================== --- trunk/openvas-manager/src/lsc_user.c 2010-02-10 11:06:41 UTC (rev 6697) +++ trunk/openvas-manager/src/lsc_user.c 2010-02-10 11:12:43 UTC (rev 6698) @@ -222,7 +222,7 @@ if (bytes_written != (size_t) src_file_size) { g_debug ("%s: failed to write to %s" - " (%zu/%" G_GSIZE_MODIFIER G_GSIZE_FORMAT ")", + " (%zu/%" G_GSIZE_FORMAT ")", __FUNCTION__, dest_file, bytes_written, src_file_size); g_free (src_file_content); return FALSE; From scm-commit at wald.intevation.org Wed Feb 10 12:17:42 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 10 Feb 2010 12:17:42 +0100 (CET) Subject: [Openvas-commits] r6699 - in trunk/openvas-plugins: . scripts Message-ID: <20100210111742.6706586607A3@pyrosoma.intevation.org> Author: mime Date: 2010-02-10 12:17:39 +0100 (Wed, 10 Feb 2010) New Revision: 6699 Added: trunk/openvas-plugins/scripts/novell_edirectory_38157.nasl trunk/openvas-plugins/scripts/smb_enum_services.nasl Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/nav_installed.nasl trunk/openvas-plugins/scripts/savce_installed.nasl trunk/openvas-plugins/scripts/spysweeper_corp_installed.nasl trunk/openvas-plugins/scripts/xmpp_detect.nasl Log: Added new plugin Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2010-02-10 11:12:43 UTC (rev 6698) +++ trunk/openvas-plugins/ChangeLog 2010-02-10 11:17:39 UTC (rev 6699) @@ -1,3 +1,20 @@ +2010-02-10 Michael Meyer + + * scripts/novell_edirectory_38157.nasl: + Added new plugin. + + * scripts/xmpp_detect.nasl: + Close soc on exit. Delete user when done. + + * scripts/smb_enum_services.nasl: + Added new plugin developed by LSS Security Team. + + * scripts/savce_installed.nasl, + scripts/spysweeper_corp_installed.nasl, + scripts/nav_installed.nasl: + Readded smb_enum_services.nasl as a dependency. Reactivated + service check. + 2010-02-09 Felix Wolfsteller * scripts/toolcheck.nasl: Added check for ldapsearch. Modified: trunk/openvas-plugins/scripts/nav_installed.nasl =================================================================== --- trunk/openvas-plugins/scripts/nav_installed.nasl 2010-02-10 11:12:43 UTC (rev 6698) +++ trunk/openvas-plugins/scripts/nav_installed.nasl 2010-02-10 11:17:39 UTC (rev 6699) @@ -25,7 +25,7 @@ script_copyright("This script is Copyright (C) 2004-2005 Jeff Adams / Tenable Network Security"); family = "Windows"; script_family(family); - script_dependencies("secpod_reg_enum.nasl"); + script_dependencies("secpod_reg_enum.nasl","smb_enum_services.nasl"); script_require_keys("SMB/Registry/Enumerated"); script_require_ports(139, 445); exit(0); @@ -168,7 +168,7 @@ # Checks if Antivirus is running # #-------------------------------------------------------------# -#services = get_kb_item("SMB/svcs"); # Waiting for smb_enum_services.nasl (LSS) +services = get_kb_item("SMB/svcs"); # Thanks to Jeff Adams for Symantec service. if ( services ) Added: trunk/openvas-plugins/scripts/novell_edirectory_38157.nasl =================================================================== --- trunk/openvas-plugins/scripts/novell_edirectory_38157.nasl 2010-02-10 11:12:43 UTC (rev 6698) +++ trunk/openvas-plugins/scripts/novell_edirectory_38157.nasl 2010-02-10 11:17:39 UTC (rev 6699) @@ -0,0 +1,130 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# Novell eDirectory eMBox SOAP Request Denial Of Service Vulnerability +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2010 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100492); + script_bugtraq_id(38157); + script_version ("1.0-$Revision$"); + + script_name("Novell eDirectory eMBox SOAP Request Denial Of Service Vulnerability"); + +desc = "Overview: +Novell eDirectory is prone to a denial-of-service vulnerability. + +Remote attackers can exploit this issue to crash the application, +denying service to legitimate users. + +Versions prior to Novell eDirectory 8.8 SP5 Patch 3 are vulnerable. + +Solution: +Updates are available. Please see the references for details. + +References: +http://www.securityfocus.com/bid/38157 +http://www.novell.com/support/viewContent.do?externalId=3426981 +http://www.novell.com + +Risk factor : Medium"; + + script_description(desc); + script_summary("Determine if eDirectory version is < 8.8 SP5 Patch 3 "); + script_category(ACT_GATHER_INFO); + script_family("Denial of Service"); + script_copyright("This script is Copyright (C) 2010 Greenbone Networks GmbH"); + script_dependencies("novell_edirectory_detect.nasl"); + script_require_ports("Services/ldap", 389); + exit(0); +} + +include("version_func.inc"); + +port = get_kb_item("Services/ldap"); +if(!port)exit(0); +if(!get_port_state(port))exit(0); + +if(!version = get_kb_item(string("ldap/", port,"/eDirectory")))exit(0); +if(!isnull(version)) { + + versions = split(version,sep: " ", keep:FALSE); + + if(!isnull(versions[0])) { + major = versions[0]; + } else { + exit(0); + } + + if(!isnull(versions[1])) { + if("SP" >< versions[1]) { + sp = versions[1]; + sp -= "SP"; + sp = int(sp); + } else { + revision = versions[1]; + } + } + + if(sp && !isnull(versions[2])) { + revision = versions[2]; + } + + if(revision) { + revision -= "("; + revision -= ")"; + revision -= "."; + revision = int(revision); + } + + if(major == "8.8") { + if(sp && sp > 0) { + if(sp == 5) { + + if(revision && revision < 2050315) { # < eDirectory 8.8 SP5 Patch 3 (20503.15) + vuln = TRUE; + } + + } else { + + if(sp < 5) { + vuln = TRUE; + } + + } + } else { + vuln = TRUE; + } + } +} + +if(vuln) { + security_warning(port:port); + exit(0); +} + +exit(0); + + + Property changes on: trunk/openvas-plugins/scripts/novell_edirectory_38157.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Modified: trunk/openvas-plugins/scripts/savce_installed.nasl =================================================================== --- trunk/openvas-plugins/scripts/savce_installed.nasl 2010-02-10 11:12:43 UTC (rev 6698) +++ trunk/openvas-plugins/scripts/savce_installed.nasl 2010-02-10 11:17:39 UTC (rev 6699) @@ -28,7 +28,7 @@ script_copyright("This script is Copyright (C) 2004-2005 Jeff Adams / Tenable Network Security"); family = "Windows"; script_family(family); - script_dependencies("secpod_reg_enum.nasl"); + script_dependencies("secpod_reg_enum.nasl","smb_enum_services.nasl"); script_require_keys("SMB/Registry/Enumerated"); script_require_ports(139, 445); exit(0); @@ -196,7 +196,7 @@ # Checks if Antivirus is running # #-------------------------------------------------------------# -#services = get_kb_item("SMB/svcs"); # Waiting for smb_enum_services.nasl (LSS) +services = get_kb_item("SMB/svcs"); # Thanks to Jeff Adams for Symantec service. if ( services ) Added: trunk/openvas-plugins/scripts/smb_enum_services.nasl =================================================================== --- trunk/openvas-plugins/scripts/smb_enum_services.nasl 2010-02-10 11:12:43 UTC (rev 6698) +++ trunk/openvas-plugins/scripts/smb_enum_services.nasl 2010-02-10 11:17:39 UTC (rev 6699) @@ -0,0 +1,662 @@ +################################################################### +# OpenVAS Vulnerability Test +# +# SMB Enumerate Services +# +# LSS-NVT-2010-001 +# +# Developed by LSS Security Team +# +# Copyright(C) 2010 LSS +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or(at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program. If not, see +# . +################################################################### + +if(description) +{ + script_id(102016); + script_version("$Revision$-1.0"); + script_name("SMB Enumerate Services"); + desc = " + This plugin implements the SvcOpenSCManager() and + SvcEnumServices() calls to obtain the list of active and inactive + services and drivers of the remote host, using the MS-DCE/RPC + protocol over SMB. + + An attacker may use this feature to gain better + knowledge of the remote host. + + Solution : To prevent access to the services and drivers + list, you should either have tight login restrictions, + so that only trusted users can access your host, and/or you + should filter incoming traffic to this port. + + Risk factor : Low + "; + script_description(desc); + script_summary("Enumerates the list of remote services and drivers"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright(C) 2010 LSS"); + script_family("Windows"); + script_dependencies('netbios_name_get.nasl', 'smb_login.nasl'); + script_require_keys('SMB/transport', 'SMB/name', 'SMB/login', 'SMB/password'); + script_require_ports(139, 445); + exit(0); +} + +include('smb_nt.inc'); + +#--------------------------------------------------------# +# Decodes the data sent back by svcenumservicesstatus() # +#--------------------------------------------------------# + +function svc_decode(data) +{ + # ret = ''; + sz = ''; + if(strlen(data) < 128) + return(FALSE); + + for(i=4;i>0;i=i-1) + { + sz = sz * 256; + sz = sz + ord(data[123+i]); + } + + # display('size : ', sz, '\n'); + + len = strlen(data); + num_svc = ord(data[len-15]); + num_svc = num_svc * 256; + num_svc = num_svc + ord(data[len-16]); + + if(!num_svc) + { + return(FALSE); + } + ret[0] = num_svc; # number of 'services'(services, drivers, processes) + + off = 0; + lim = num_svc * 0x24; + + for(j = 0; j < lim; j = j + 0x24) + { + for(i = 4; i > 0; i = i - 1) + { + off = off * 256; + off = off + ord(data[87+i+j]); + } + + off2 = 0; + for(i = 4; i > 0; i = i - 1) + { + off2 = off2 * 256; + off2 = off2 + ord(data[91+i+j]); + } + + if(off2 > strlen(data))return(0); + if(off > strlen(data))return(0); + + name = ''; + svc = ''; + for(k=0;k<255;k = k+1) + { + if(!(ord(data[off2+k+88]))) + k = 255; + else + name = string(name, raw_string(ord(data[off2+k+88]))); + } + + for(k=0;k<255;k=k+1) + { + if(!(ord(data[off+k+88]))) + k = 255; + else + svc = string(svc, raw_string(ord(data[off+k+88]))); + } + + ret[1] = ret[1] + string(name, ' [', svc, ']\n'); + } + return(ret); +} + + +#------------------------------------------------------# +# Obtains a handle we use in svcenumservicesstatus() # +#------------------------------------------------------# +function svcopenscmanager(soc, name, uid, tid, pipe) +{ + tid_low = tid % 256; + tid_high = tid / 256; + uid_low = uid % 256; + uid_high = uid / 256; + pipe_low = pipe % 256; + pipe_high = pipe / 256; + + req = raw_string(0x00, 0x00, + 0x00, 0x9c, 0xFF, 0x53, 0x4D, 0x42, 0x25, 0x00, + 0x00, 0x00, 0x00, 0x18, 0x03, 0x80, 0x59, 0x81, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, tid_low, tid_high, 0x00, 0x28, uid_low, uid_high, + g_mlo, g_mhi, 0x10, 0x00, 0x00, 0x48, 0x00, 0x00, + 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x54, + 0x00, 0x48, 0x00, 0x54, 0x00, 0x02, 0x00, 0x26, + 0x00, pipe_low, pipe_high, 0x59, 0x00, 0x00, 0x5C, 0x00, + 0x50, 0x00, 0x49, 0x00, 0x50, 0x00, 0x45, 0x00, + 0x5C, 0x00, 0x00, 0x00, 0x00, 0x14, 0x05, 0x00, + 0x0B, 0x00, 0x10, 0x00, 0x00, 0x00, 0x48, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x30, 0x16, + 0x30, 0x16, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x81, 0xBB, + 0x7A, 0x36, 0x44, 0x98, 0xF1, 0x35, 0xAD, 0x32, + 0x98, 0xF0, 0x38, 0x00, 0x10, 0x03, 0x02, 0x00, + 0x00, 0x00, 0x04, 0x5D, 0x88, 0x8A, 0xEB, 0x1C, + 0xC9, 0x11, 0x9F, 0xE8, 0x08, 0x00, 0x2B, 0x10, + 0x48, 0x60, 0x02, 0x00, 0x00, 0x00); + + send(socket:soc, data:req); + r = smb_recv(socket:soc, length:4096); + if(!r)return(FALSE); + + len = strlen(name); + add = 4 -((len+1) % 4); + + tot_len = 133 + len + add; + tot_len_lo = tot_len % 256; + tot_len_hi = tot_len / 256; + + if(odd)len = len + 1; + bcc = 66 + len + add; + bcc_lo = bcc % 256; + bcc_hi = bcc / 256; + tot = 49 + len + add ; + tot_hi = tot/256; + tot_lo = tot%256; + + len2 = 25 + len + add; + len2_lo = len2 % 256; + len2_hi = len2 / 256; + + len = len + 1; + len_lo = len % 256; + len_hi = len / 256; + + req = raw_string(0x00, 0x00, + tot_len_hi, tot_len_lo, 0xFF, 0x53, 0x4D, 0x42, 0x25, 0x00, + 0x00, 0x00, 0x00, 0x18, 0x03, 0x80, 0x63, 0x81, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, tid_low, tid_high, 0x00, 0x28, uid_low, uid_high, + g_mlo, g_mhi, 0x10, 0x00, 0x00, tot_lo, tot_hi, 0x00, + 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x54, + 0x00, tot_lo, tot_hi, 0x54, 0x00, 0x02, 0x00, 0x26, + 0x00, pipe_low, pipe_high, bcc_lo, bcc_hi, 0x00, 0x5C, 0x00, + 0x50, 0x00, 0x49, 0x00, 0x50, 0x00, 0x45, 0x00, + 0x5C, 0x00, 0x00, 0x00, 0x00, 0x5C, 0x05, 0x00, + 0x00, 0x03, 0x10, 0x00, 0x00, 0x00, tot_lo, tot_hi, + 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, len2_lo, len2_hi, + 0x00, 0x00, 0x00, 0x00, 0x1B, 0x00, 0x60, 0x02, + 0x7D, 0x00, len_lo, len_hi, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, len_lo, len_hi, 0x00, 0x00) + + tolower(name) + raw_string(0); + + # req = req + raw_string(0x00); + # else req = req + raw_string(0x00, 0x00); + if( add ) + { + req = req + crap(data:raw_string(0), length:add); + } + + req = req + raw_string(0x00, 0x00, + 0x00, 0x00, 0x04, 0x00, 0x00, 0x00); + + send(socket:soc, data:req); + r = smb_recv(socket:soc, length:4096); + if(!r) return(FALSE); + # if(strlen(r) < 100)return(FALSE); + if(strlen(r) < 104) exit(0); + # display('hu\n'); + + # + # extract the handle + # + hdl = ''; + i = 0; + for(i = 0; i < 21; i= i + 1) + { + # display(hex(ord(r[83+i])), ' '); + hdl = string(hdl, raw_string(ord(r[83+i]))); + } + # display('\n'); + return(hdl); +} + + +#------------------------------------------------# +# creates a valid smbreadx() request # +#------------------------------------------------# +function smbreadx() +{ + return(raw_string(0x00, 0x00, + 0x00, 0x3C, 0xFF, 0x53, 0x4D, 0x42, 0x2E, 0x00, + 0x00, 0x00, 0x00, 0x18, 0x00, 0x80, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, tid_low, tid_high, 0x00, 0x28, uid_low, uid_high, + g_mlo, g_mhi, 0x0C, 0xFF, 0x00, 0x00, 0x00, pipe_low, + pipe_high, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x02)); +} + + +#----------------------------------------------# +# returns TRUE if svcenumservicesstatus needs # +# to call smbreadx() to get the rest of the # +# services list # +#----------------------------------------------# + + +function moredata(data) +{ + len_data = strlen(data); + start = len_data - 4; + for(_i = start; _i < len_data; _i = _i + 1) + { + # display(hex(data[_i]), ' '); + if(ord(data[_i])) return(TRUE); + } + return(FALSE); +} + +# svcenumservicesstatus global constants +SERVICE_STATE_ACTIVE = raw_string(0x01, 0x00, 0x00, 0x00); +SERVICE_STATE_INACTIVE = raw_string(0x02, 0x00, 0x00, 0x00); +SERVICE_STATE_ALL = raw_string(0x03, 0x00, 0x00, 0x00);#( SERVICE_STATE_ACTIVE | SERVICE_STATE_INACTIVE ) +SERVICE_TYPE_KERNEL_DRIVER = raw_string(0x01, 0x00, 0x00, 0x00); +SERVICE_TYPE_FS_DRIVER = raw_string(0x02, 0x00, 0x00, 0x00); +SERVICE_TYPE_ADAPTER = raw_string(0x04, 0x00, 0x00, 0x00);#couldn't get to work +SERVICE_TYPE_RECOGNIZER_DRIVER = raw_string(0x08, 0x00, 0x00, 0x00);#couldn't get to work +SERVICE_TYPE_DRIVER = raw_string(0x0F, 0x00, 0x00, 0x00);#(SERVICE_TYPE_KERNEL_DRIVER|SERVICE_TYPE_FS_DRIVER|SERVICE_TYPE_RECOGNIZER_DRIVER +SERVICE_TYPE_WIN32_OWN_PROCESS = raw_string(0x10, 0x00, 0x00, 0x00); +SERVICE_TYPE_WIN32_SHARE_PROCESS = raw_string(0x20, 0x00, 0x00, 0x00); +SERVICE_TYPE_WIN32 = raw_string(0x30, 0x00, 0x00, 0x00);#SERVICE_TYPE_WIN32_OWN_PROCESS|SERVICE_TYPE_WIN32_SHARE_PROCESS +SERVICE_TYPE_INTERACTIVE_PROCESS = raw_string(0x00, 0x01, 0x00, 0x00);#0x100; + +#----------------------------------------------# +# svcenumservicesstatus() : # +# This function makes the appropriate calls # +# to get the list of the remote active services# +# and decodes the result. It returns FALSE if # +# no service is running at all. # +#----------------------------------------------# +function svcenumservicesstatus(soc, name, uid, tid, pipe, handle, svc_type, svc_state) +{ + tid_low = tid % 256; + tid_high = tid / 256; + uid_low = uid % 256; + uid_high = uid / 256; + pipe_low = pipe % 256; + pipe_high = pipe / 256; + + # + # We make a first call to svcenumservicesstatus(), and we declare + # our buffer size as being 0 bytes. We receive an error with the + # amount of bytes we'd need, then we make a second request + # with that value. + # + + # + # First request + # + req = raw_string(0x00, 0x00, + 0x00, 0x94, 0xFF, 0x53, 0x4D, 0x42, 0x25, 0x00, + 0x00, 0x00, 0x00, 0x18, 0x03, 0x80, 0x6B, 0x80, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, tid_low, tid_high, 0x00, 0x28, uid_low, uid_high, + g_mlo, g_mhi, 0x10, 0x00, 0x00, 0x40, 0x00, 0x00, + 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x54, + 0x00, 0x40, 0x00, 0x54, 0x00, 0x02, 0x00, 0x26, + 0x00, pipe_low, pipe_high, 0x51, 0x00, 0x00, 0x5C, 0x00, + 0x50, 0x00, 0x49, 0x00, 0x50, 0x00, 0x45, 0x00, + 0x5C, 0x00, 0x00, 0x00, 0x00, 0x88, 0x05, 0x00, + 0x00, 0x03, 0x10, 0x00, 0x00, 0x00, 0x40, 0x00, + 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x28, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x1A) + handle + svc_type + svc_state + + raw_string(0x24, 0x00, 0x00, 0x00, 0x74, 0xFF, + 0x12, 0x00, 0x00, 0x00, 0x00, 0x00); + + # display('strlen(req) : ', strlen(req), '\n'); + send(socket:soc, data:req); + r = smb_recv(socket:soc, length:1024); + if(strlen(r) < 128) return(NULL); + len = ''; + for(i = 124; i < 128; i = i + 1) len = string(len, raw_string(ord(r[i]))); + + # + # Second request, with the appropriate length + # + req = raw_string(0x00, 0x00, + 0x00, 0x94, 0xFF, 0x53, 0x4D, 0x42, 0x25, 0x00, + 0x00, 0x00, 0x00, 0x18, 0x03, 0x80, 0x6B, 0x80, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, tid_low, tid_high, 0x00, 0x28, uid_low, uid_high, + g_mlo, g_mhi, 0x10, 0x00, 0x00, 0x40, 0x00, 0x00, + 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x54, + 0x00, 0x40, 0x00, 0x54, 0x00, 0x02, 0x00, 0x26, + 0x00, pipe_low, pipe_high, 0x51, 0x00, 0x00, 0x5C, 0x00, + 0x50, 0x00, 0x49, 0x00, 0x50, 0x00, 0x45, 0x00, + 0x5C, 0x00, 0x00, 0x00, 0x00, 0x88, 0x05, 0x00, + 0x00, 0x03, 0x10, 0x00, 0x00, 0x00, 0x40, 0x00, + 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x28, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x1A) + + handle + svc_type + svc_state + len + + raw_string(0x74, 0xFF, + 0x12, 0x00, 0x00, 0x00, 0x00, 0x00); + + send(socket:soc, data:req); + r = smb_recv(socket:soc, length:65535); + + # + # get what's left - smbreadX request + # + if(ord(r[9])) + { + req = smbreadx(); + send(socket:soc, data:req); + r2 = smb_recv(socket:soc, length:67000); + + # + # Merge the relevant portion of r2 into r + # + len_r2 = strlen(r2); + for(k = 64; k < len_r2; k = k + 1) + { + r = r + raw_string(ord(r2[k])); + } + + while(moredata(data:r2)) + { + req = smbreadx(); + send(socket:soc, data:req); + r2 = smb_recv(socket:soc, length:67000); + len_r2 = strlen(r2); + for(k = 88; k < len_r2; k = k + 1) + { + # display('->', r2[k], '\n'); + r = r + raw_string(ord(r2[k])); + } + } + } + + # display(r); + ret = svc_decode(data:r); + if(svc_state == SERVICE_STATE_ACTIVE) + { + if(svc_type == SERVICE_TYPE_KERNEL_DRIVER) + { + set_kb_item(name:'SMB/number_of_active_kernel_drivers', value:ret[0]); + set_kb_item(name:'SMB/active_kernel_drivers', value:ret[1]); + } + if(svc_type == SERVICE_TYPE_FS_DRIVER) + { + set_kb_item(name:'SMB/number_of_active_fs_drivers', value:ret[0]); + set_kb_item(name:'SMB/active_fs_drivers', value:ret[1]); + } + if(svc_type == SERVICE_TYPE_ADAPTER) + { + set_kb_item(name:'SMB/number_of_active_adapters', value:ret[0]); + set_kb_item(name:'SMB/active_adapters', value:ret[1]); + } + if(svc_type == SERVICE_TYPE_RECOGNIZER_DRIVER) + { + set_kb_item(name:'SMB/number_of_active_recognizer_drivers', value:ret[0]); + set_kb_item(name:'SMB/active_recognizer_drivers', value:ret[1]); + } + if(svc_type == SERVICE_TYPE_DRIVER) + { + set_kb_item(name:'SMB/number_of_active_drivers', value:ret[0]); + set_kb_item(name:'SMB/active_drivers', value:ret[1]); + } + if(svc_type == SERVICE_TYPE_WIN32_OWN_PROCESS) + { + set_kb_item(name:'SMB/number_of_active_win32_own_processes', value:ret[0]); + set_kb_item(name:'SMB/active_win32_own_procesess', value:ret[1]); + } + if(svc_type == SERVICE_TYPE_WIN32_SHARE_PROCESS) + { + set_kb_item(name:'SMB/number_of_active_win32_share_processes', value:ret[0]); + set_kb_item(name:'SMB/active_win32_share_procesess', value:ret[1]); + } + if(svc_type == SERVICE_TYPE_WIN32) + { + set_kb_item(name:'SMB/number_of_active_win32_procesess', value:ret[0]); + #set_kb_item(name:'SMB/active_win32_procesess', value:ret[1]); + set_kb_item(name:'SMB/svcs', value:ret[1]); #changed naming convention to "svcs" to accomodate dependencies + } + if(svc_type == SERVICE_TYPE_INTERACTIVE_PROCESS) + { + set_kb_item(name:'SMB/number_of_active_interactive_processes', value:ret[0]); + set_kb_item(name:'SMB/active_interactive_procesess', value:ret[1]); + } + } + else if(svc_state == SERVICE_STATE_INACTIVE) + { + if(svc_type == SERVICE_TYPE_KERNEL_DRIVER) + { + set_kb_item(name:'SMB/number_of_inactive_kernel_drivers', value:ret[0]); + set_kb_item(name:'SMB/inactive_kernel_drivers', value:ret[1]); + } + if(svc_type == SERVICE_TYPE_FS_DRIVER) + { + set_kb_item(name:'SMB/number_of_inactive_fs_drivers', value:ret[0]); + set_kb_item(name:'SMB/inactive_fs_drivers', value:ret[1]); + } + if(svc_type == SERVICE_TYPE_ADAPTER) + { + set_kb_item(name:'SMB/number_of_inactive_adapters', value:ret[0]); + set_kb_item(name:'SMB/inactive_adapters', value:ret[1]); + } + if(svc_type == SERVICE_TYPE_RECOGNIZER_DRIVER) + { + set_kb_item(name:'SMB/number_of_inactive_recognizer_drivers', value:ret[0]); + set_kb_item(name:'SMB/inactive_recognizer_drivers', value:ret[1]); + } + if(svc_type == SERVICE_TYPE_DRIVER) + { + set_kb_item(name:'SMB/number_of_inactive_drivers', value:ret[0]); + set_kb_item(name:'SMB/inactive_drivers', value:ret[1]); + } + if(svc_type == SERVICE_TYPE_WIN32_OWN_PROCESS) + { + set_kb_item(name:'SMB/number_of_inactive_win32_own_processes', value:ret[0]); + set_kb_item(name:'SMB/inactive_win32_own_procesess', value:ret[1]); + } + if(svc_type == SERVICE_TYPE_WIN32_SHARE_PROCESS) + { + set_kb_item(name:'SMB/number_of_inactive_win32_share_processes', value:ret[0]); + set_kb_item(name:'SMB/inactive_win32_share_procesess', value:ret[1]); + } + if(svc_type == SERVICE_TYPE_WIN32) + { + set_kb_item(name:'SMB/number_of_inactive_win32_procesess', value:ret[0]); + set_kb_item(name:'SMB/inactive_win32_procesess', value:ret[1]); + } + if(svc_type == SERVICE_TYPE_INTERACTIVE_PROCESS) + { + set_kb_item(name:'SMB/number_of_inactive_interactive_processes', value:ret[0]); + set_kb_item(name:'SMB/inactive_interactive_procesess', value:ret[1]); + } + } + + return(ret); +} + +#################################### +########### MAIN ################# +#################################### + +port = kb_smb_transport(); +if(!port)port = 139; +login = kb_smb_login(); +domain = kb_smb_domain(); +pass = kb_smb_password(); +name = chomp(kb_smb_name()); #TODO: check for a bug! kb_smb_name returned a name with trailing whitespace! + +soc = open_sock_tcp(port); +if(!soc) + { + log_message(data:'MAIN: Can not open socket on tcp port ' + port); + exit(-1); + } + +r = smb_session_request(soc:soc, remote:name); +if(!r) + { + log_message(data:'MAIN: SMB session request failed'); + close(soc); + exit(-1); + } + +prot = smb_neg_prot(soc:soc); +if(!prot) + { + log_message(data:'MAIN: SMB negotiate protocol failed'); + close(soc); + exit(-1); + } + +r = smb_session_setup(soc:soc, login:login, password:pass, domain:domain, prot:prot); +if(!r) + { + log_message(data:'MAIN: SMB session setup failed'); + close(soc); + exit(-1); + } + +uid = session_extract_uid(reply:r); +if(!uid) + { + log_message(data:'MAIN: SMB session setup extract UID failed'); + close(soc); + exit(-1); + } + +r = smb_tconx(soc:soc, name:name, uid:uid, share:'IPC$'); +if(!r) + { + log_message(data:'MAIN: SMB tree connect failed'); + close(soc); + exit(-1); + } + +tid = tconx_extract_tid(reply:r); +if(!tid) + { + log_message(data:'MAIN: SMB tree extract TID failed'); + close(soc); + exit(-1); + } + +# Create a pipe to \svcctl +r = smbntcreatex(soc:soc, uid:uid, tid:tid, name:'\\svcctl'); +if(!r) + { + log_message(data:'MAIN: SMB open \\svcctl pipe failed'); + close(soc); + exit(-1); + } + +# and extract its ID +pipe = smbntcreatex_extract_pipe(reply:r); +if(!pipe) + { + log_message(data:'MAIN: SMB extract FID failed'); + close(soc); + exit(-1); + } + +# For the moment bind() is implemented in svcopenscmanager(). Due for implementation in msrpc.inc. +# dcerpc_bind(soc:soc, user_id:uid, tree_id:tid, fid:pipe); + +handle = svcopenscmanager(soc:soc, name:name, uid:uid, tid:tid, pipe:pipe); +if(handle == FALSE) + { + log_message(data:'MAIN: RPC OpenServiceManager failed'); + close(soc); + exit(-1); + } + +report_data = ''; +report_data_separator = '\n\n##############################################\n\n'; + +services = svcenumservicesstatus(soc:soc, name:name, uid:uid, tid:tid, pipe:pipe,handle:handle, svc_type: SERVICE_TYPE_WIN32, svc_state: SERVICE_STATE_ACTIVE); +if(services == null) + { + log_message(data:'MAIN: RPC Enum Services(WIN32 active services) failed'); + } +report_data += 'WIN32 active services: \n' + services[1]; +report_data += report_data_separator; + +services = svcenumservicesstatus(soc:soc, name:name, uid:uid, tid:tid, pipe:pipe,handle:handle, svc_type: SERVICE_TYPE_WIN32, svc_state: SERVICE_STATE_INACTIVE); +if(services == null) + { + log_message(data:'MAIN: RPC Enum Services(WIN32 inactive services) failed'); + } +report_data += 'WIN32 inactive services: \n' + services[1]; +report_data += report_data_separator; + +services = svcenumservicesstatus(soc:soc, name:name, uid:uid, tid:tid, pipe:pipe,handle:handle, svc_type: SERVICE_TYPE_DRIVER, svc_state: SERVICE_STATE_ACTIVE); +if(services == null) + { + log_message(data:'MAIN: RPC Enum Services(WIN32 active drivers) failed'); + } +report_data += 'WIN32 active drivers: \n' + services[1]; +report_data += report_data_separator; + +services = svcenumservicesstatus(soc:soc, name:name, uid:uid, tid:tid, pipe:pipe,handle:handle, svc_type: SERVICE_TYPE_DRIVER, svc_state: SERVICE_STATE_INACTIVE); +if(services == null) + { + log_message(data:'MAIN: RPC Enum Services(WIN32 inactive drivers) failed'); + } +report_data += 'WIN32 inactive drivers: \n' + services[1]; +report_data += report_data_separator; + +services = svcenumservicesstatus(soc:soc, name:name, uid:uid, tid:tid, pipe:pipe,handle:handle, svc_type: SERVICE_TYPE_INTERACTIVE_PROCESS, svc_state: SERVICE_STATE_ACTIVE); +if(services == null) + { + log_message(data:'MAIN: RPC Enum Services(WIN32 active interactive services) failed'); + } +report_data += 'WIN32 active interactive services: \n' + services[1]; +report_data += report_data_separator; + +services = svcenumservicesstatus(soc:soc, name:name, uid:uid, tid:tid, pipe:pipe,handle:handle, svc_type: SERVICE_TYPE_INTERACTIVE_PROCESS, svc_state: SERVICE_STATE_INACTIVE); +if(services == null) + { + log_message(data:'MAIN: RPC Enum Services(WIN32 inactive interactive services) failed'); + } +report_data += 'WIN32 inactive interactive services: \n' + services[1]; + +security_note(data:report_data, port: port); + +# display(services[1]); + +close(soc); + +################################### +########### END ################# +################################### Property changes on: trunk/openvas-plugins/scripts/smb_enum_services.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Modified: trunk/openvas-plugins/scripts/spysweeper_corp_installed.nasl =================================================================== --- trunk/openvas-plugins/scripts/spysweeper_corp_installed.nasl 2010-02-10 11:12:43 UTC (rev 6698) +++ trunk/openvas-plugins/scripts/spysweeper_corp_installed.nasl 2010-02-10 11:17:39 UTC (rev 6699) @@ -29,7 +29,7 @@ script_copyright("This script is Copyright (C) 2004-2005 Jeff Adams / Tenable Network Security"); family = "Windows"; script_family(family); - script_dependencies("secpod_reg_enum.nasl"); + script_dependencies("secpod_reg_enum.nasl","smb_enum_services.nasl"); script_require_keys("SMB/Registry/Enumerated"); script_require_ports(139, 445); exit(0); @@ -169,7 +169,7 @@ # operation. # #-------------------------------------------------------------# -#services = get_kb_item("SMB/svcs"); # Waiting for smb_enum_services.nasl (LSS) +services = get_kb_item("SMB/svcs"); if ( services ) { Modified: trunk/openvas-plugins/scripts/xmpp_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/xmpp_detect.nasl 2010-02-10 11:12:43 UTC (rev 6698) +++ trunk/openvas-plugins/scripts/xmpp_detect.nasl 2010-02-10 11:17:39 UTC (rev 6699) @@ -55,6 +55,21 @@ include("misc_func.inc"); include("global_settings.inc"); +function delete_user(soc) { + + req = string(" + + + + "); + + send(socket:soc, data:req); + buf = recv(socket:soc,length:512); + close(soc); + + return 0; +} + port = 5222; if(!get_port_state(port))exit(0); @@ -68,7 +83,10 @@ send(socket:soc, data:get_from); buf = recv(socket:soc, length:512); -if(isnull(buf) || "xmlns:stream=" >!< buf || "jabber:client" >!< buf)exit(0); +if(isnull(buf) || "xmlns:stream=" >!< buf || "jabber:client" >!< buf) { + close(soc); + exit(0); +} register_service(port: port, ipproto:"tcp", proto: 'xmpp'); @@ -88,7 +106,10 @@ send(socket:soc, data:req); buf = recv(socket:soc,length:512); -if(isnull(buf) || "!< buf || "host-unknown" >< buf)exit(0); +if(isnull(buf) || "!< buf || "host-unknown" >< buf) { + close(soc); + exit(0); +} req = string(" @@ -96,24 +117,28 @@ send(socket:soc, data:req); buf = recv(socket:soc,length:512); -if(isnull(buf))exit(0); +if(isnull(buf) || "instructions" >!< buf) { + close(soc); + exit(0); +} -if("instructions" >!< buf)exit(0); - USER = string("OpenVAS",rand()); req = string(" - - ",USER," - ",USER," - ",USER," - openvas at openvas.org - - "); + + ",USER," + ",USER," + ",USER," + openvas at openvas.org + + "); send(socket:soc, data:req); buf = recv(socket:soc,length:512); -if(isnull(buf) || USER >!< buf)exit(0); +if(isnull(buf) || USER >!< buf) { + close(soc); + exit(0); +} req = string(" @@ -123,7 +148,10 @@ send(socket:soc, data:req); buf = recv(socket:soc,length:512); -if(isnull(buf) || USER >!< buf)exit(0); +if(isnull(buf) || USER >!< buf) { + delete_user(soc: soc); + exit(0); +} req = string(" @@ -135,6 +163,10 @@ send(socket:soc, data:req); buf = recv(socket:soc,length:512); +if("result" >!< buf) { + delete_user(soc: soc); + exit(0); +} req = string(" @@ -143,9 +175,11 @@ send(socket:soc, data:req); buf = recv(socket:soc,length:512); -close(soc); -if("" >!< buf || "" >!< buf)exit(0); +if("" >!< buf || "" >!< buf) { + delete_user(soc: soc); + exit(0); +} version = eregmatch(pattern: "(.*)", string: buf); server = eregmatch(pattern: "(.*)", string: buf); @@ -160,6 +194,8 @@ set_kb_item(name: string("xmpp/",port,"/version"), value: server_version); } +delete_user(soc: soc); + if(server_name && server_version) { info = string("None\n\nXMPP Server '",server_name, "' version '", server_version, "' was detected by OpenVAS.\n"); From scm-commit at wald.intevation.org Wed Feb 10 12:51:13 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 10 Feb 2010 12:51:13 +0100 (CET) Subject: [Openvas-commits] r6700 - in trunk/openvas-manager: . src Message-ID: <20100210115113.2153486607A0@pyrosoma.intevation.org> Author: mattm Date: 2010-02-10 12:51:11 +0100 (Wed, 10 Feb 2010) New Revision: 6700 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/tasks_sql.h Log: * src/tasks_sql.h (user_owns, user_owns_uuid, find_target) (create_target): Terminate SQL statements. (find_agent): Look for the agent owned by the current user. (create_agent): Limit the "already exists" check to the agents owned by the current user. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-10 11:17:39 UTC (rev 6699) +++ trunk/openvas-manager/ChangeLog 2010-02-10 11:51:11 UTC (rev 6700) @@ -1,5 +1,13 @@ 2010-02-10 Matthew Mundell + * src/tasks_sql.h (user_owns, user_owns_uuid, find_target) + (create_target): Terminate SQL statements. + (find_agent): Look for the agent owned by the current user. + (create_agent): Limit the "already exists" check to the agents owned by + the current user. + +2010-02-10 Matthew Mundell + * src/lsc_user.c (file_utils_copy_file): Remove G_GSIZE_MODIFIER from format string. Thanks to Stephan Kleine. Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2010-02-10 11:17:39 UTC (rev 6699) +++ trunk/openvas-manager/src/tasks_sql.h 2010-02-10 11:51:11 UTC (rev 6700) @@ -450,7 +450,7 @@ "SELECT count(*) FROM %ss" " WHERE name = '%s'" " AND ((owner IS NULL) OR (owner =" - " (SELECT users.ROWID FROM users WHERE users.uuid = '%s')))", + " (SELECT users.ROWID FROM users WHERE users.uuid = '%s')));", resource, quoted_resource_name, current_credentials.uuid); @@ -477,7 +477,7 @@ "SELECT count(*) FROM %ss" " WHERE uuid = '%s'" " AND ((owner IS NULL) OR (owner =" - " (SELECT users.ROWID FROM users WHERE users.uuid = '%s')))", + " (SELECT users.ROWID FROM users WHERE users.uuid = '%s')));", resource, uuid, current_credentials.uuid); @@ -6537,7 +6537,7 @@ "SELECT ROWID FROM targets" " WHERE name = '%s'" " AND ((owner IS NULL) OR (owner =" - " (SELECT users.ROWID FROM users WHERE users.uuid = '%s')))", + " (SELECT users.ROWID FROM users WHERE users.uuid = '%s')));", name, current_credentials.uuid)) { @@ -6582,7 +6582,7 @@ "SELECT COUNT(*) FROM targets" " WHERE name = '%s'" " AND ((owner IS NULL) OR (owner =" - " (SELECT users.ROWID FROM users WHERE users.uuid = '%s')))", + " (SELECT users.ROWID FROM users WHERE users.uuid = '%s')));", quoted_name, current_credentials.uuid)) { @@ -10868,14 +10868,19 @@ gboolean find_agent (const char* name, agent_t* agent) { + assert (current_credentials.uuid); if (user_owns ("agent", name) == 0) { *agent = 0; return FALSE; } switch (sql_int64 (agent, 0, 0, - "SELECT ROWID FROM agents WHERE name = '%s';", - name)) + "SELECT ROWID FROM agents" + " WHERE name = '%s'" + " AND ((owner IS NULL) OR (owner =" + " (SELECT users.ROWID FROM users WHERE users.uuid = '%s')));", + name, + current_credentials.uuid)) { case 0: break; @@ -10915,8 +10920,12 @@ sql ("BEGIN IMMEDIATE;"); - if (sql_int (0, 0, "SELECT COUNT(*) FROM agents WHERE name = '%s';", - quoted_name)) + if (sql_int (0, 0, + "SELECT COUNT(*) FROM agents WHERE name = '%s'" + " AND ((owner IS NULL) OR (owner =" + " (SELECT users.ROWID FROM users WHERE users.uuid = '%s')));", + quoted_name, + current_credentials.uuid)) { g_free (quoted_name); sql ("ROLLBACK;"); From scm-commit at wald.intevation.org Wed Feb 10 13:01:20 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 10 Feb 2010 13:01:20 +0100 (CET) Subject: [Openvas-commits] r6701 - in trunk/openvas-manager: . src Message-ID: <20100210120120.8BA82865FAC3@pyrosoma.intevation.org> Author: mattm Date: 2010-02-10 13:01:19 +0100 (Wed, 10 Feb 2010) New Revision: 6701 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/tasks_sql.h Log: * src/tasks_sql.h (find_lsc_credential): Look for the LSC credential owned by the current user. (create_lsc_credential): Limit the "already exists" check to the LSC credentials owned by the current user. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-10 11:51:11 UTC (rev 6700) +++ trunk/openvas-manager/ChangeLog 2010-02-10 12:01:19 UTC (rev 6701) @@ -1,5 +1,12 @@ 2010-02-10 Matthew Mundell + * src/tasks_sql.h (find_lsc_credential): Look for the LSC credential owned + by the current user. + (create_lsc_credential): Limit the "already exists" check to the LSC + credentials owned by the current user. + +2010-02-10 Matthew Mundell + * src/tasks_sql.h (user_owns, user_owns_uuid, find_target) (create_target): Terminate SQL statements. (find_agent): Look for the agent owned by the current user. Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2010-02-10 11:51:11 UTC (rev 6700) +++ trunk/openvas-manager/src/tasks_sql.h 2010-02-10 12:01:19 UTC (rev 6701) @@ -10366,14 +10366,19 @@ gboolean find_lsc_credential (const char* name, lsc_credential_t* lsc_credential) { + assert (current_credentials.uuid); if (user_owns ("lsc_credential", name) == 0) { *lsc_credential = 0; return FALSE; } switch (sql_int64 (lsc_credential, 0, 0, - "SELECT ROWID FROM lsc_credentials WHERE name = '%s';", - name)) + "SELECT ROWID FROM lsc_credentials" + " WHERE name = '%s'" + " AND ((owner IS NULL) OR (owner =" + " (SELECT users.ROWID FROM users WHERE users.uuid = '%s')))", + name, + current_credentials.uuid)) { case 0: break; @@ -10428,8 +10433,12 @@ sql ("BEGIN IMMEDIATE;"); - if (sql_int (0, 0, "SELECT COUNT(*) FROM lsc_credentials WHERE name = '%s';", - quoted_name)) + if (sql_int (0, 0, + "SELECT COUNT(*) FROM lsc_credentials WHERE name = '%s'" + " AND ((owner IS NULL) OR (owner =" + " (SELECT users.ROWID FROM users WHERE users.uuid = '%s')));", + quoted_name, + current_credentials.uuid)) { g_free (quoted_name); sql ("ROLLBACK;"); From scm-commit at wald.intevation.org Wed Feb 10 13:25:25 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 10 Feb 2010 13:25:25 +0100 (CET) Subject: [Openvas-commits] r6702 - in trunk/openvas-manager: . src Message-ID: <20100210122525.10B4586607DB@pyrosoma.intevation.org> Author: mattm Date: 2010-02-10 13:25:20 +0100 (Wed, 10 Feb 2010) New Revision: 6702 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/manage.h trunk/openvas-manager/src/omp.c trunk/openvas-manager/src/tasks_sql.h Log: * src/tasks_sql.h (add_task_escalator): Take escalator_t instead of name. * src/manage.h: Update header accordingly. * src/omp.c (omp_xml_handle_end_element): In CLIENT_CREATE_TASK pass escalator_t instead of name to add_task_escalator. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-10 12:01:19 UTC (rev 6701) +++ trunk/openvas-manager/ChangeLog 2010-02-10 12:25:20 UTC (rev 6702) @@ -1,5 +1,14 @@ 2010-02-10 Matthew Mundell + * src/tasks_sql.h (add_task_escalator): Take escalator_t instead of name. + + * src/manage.h: Update header accordingly. + + * src/omp.c (omp_xml_handle_end_element): In CLIENT_CREATE_TASK pass + escalator_t instead of name to add_task_escalator. + +2010-02-10 Matthew Mundell + * src/tasks_sql.h (find_lsc_credential): Look for the LSC credential owned by the current user. (create_lsc_credential): Limit the "already exists" check to the LSC Modified: trunk/openvas-manager/src/manage.h =================================================================== --- trunk/openvas-manager/src/manage.h 2010-02-10 12:01:19 UTC (rev 6701) +++ trunk/openvas-manager/src/manage.h 2010-02-10 12:25:20 UTC (rev 6702) @@ -413,7 +413,7 @@ task_escalator (task_t); void -add_task_escalator (task_t, const char*); +add_task_escalator (task_t, escalator_t); unsigned int task_report_count (task_t); Modified: trunk/openvas-manager/src/omp.c =================================================================== --- trunk/openvas-manager/src/omp.c 2010-02-10 12:01:19 UTC (rev 6701) +++ trunk/openvas-manager/src/omp.c 2010-02-10 12:25:20 UTC (rev 6702) @@ -7121,7 +7121,7 @@ set_client_state (CLIENT_AUTHENTIC); break; } - add_task_escalator (current_client_task, modify_task_name); + add_task_escalator (current_client_task, escalator); } openvas_free_string_var (&modify_task_name); Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2010-02-10 12:01:19 UTC (rev 6701) +++ trunk/openvas-manager/src/tasks_sql.h 2010-02-10 12:25:20 UTC (rev 6702) @@ -4572,14 +4572,12 @@ * @param[in] escalator Escalator. */ void -add_task_escalator (task_t task, const char* escalator) +add_task_escalator (task_t task, escalator_t escalator) { - gchar* quoted_escalator = sql_quote (escalator); sql ("INSERT INTO task_escalators (task, escalator)" - " VALUES (%llu, (SELECT ROWID FROM escalators WHERE name = '%s'));", + " VALUES (%llu, %llu);", task, - quoted_escalator); - g_free (quoted_escalator); + escalator); } /** From scm-commit at wald.intevation.org Wed Feb 10 13:29:11 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 10 Feb 2010 13:29:11 +0100 (CET) Subject: [Openvas-commits] r6703 - in trunk/openvas-manager: . src Message-ID: <20100210122911.4855B861F2EC@pyrosoma.intevation.org> Author: mattm Date: 2010-02-10 13:29:10 +0100 (Wed, 10 Feb 2010) New Revision: 6703 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/tasks_sql.h Log: * src/tasks_sql.h (find_escalator): Look for the escalator owned by the current user. (create_escalator): Limit the "already exists" check to the escalator owned by the current user. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-10 12:25:20 UTC (rev 6702) +++ trunk/openvas-manager/ChangeLog 2010-02-10 12:29:10 UTC (rev 6703) @@ -1,5 +1,12 @@ 2010-02-10 Matthew Mundell + * src/tasks_sql.h (find_escalator): Look for the escalator owned by the + current user. + (create_escalator): Limit the "already exists" check to the escalator + owned by the current user. + +2010-02-10 Matthew Mundell + * src/tasks_sql.h (add_task_escalator): Take escalator_t instead of name. * src/manage.h: Update header accordingly. Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2010-02-10 12:25:20 UTC (rev 6702) +++ trunk/openvas-manager/src/tasks_sql.h 2010-02-10 12:29:10 UTC (rev 6703) @@ -2595,7 +2595,9 @@ gboolean find_escalator (const char* name, escalator_t* escalator) { - gchar *quoted_name = sql_quote (name); + gchar *quoted_name; + assert (current_credentials.uuid); + quoted_name = sql_quote (name); if (user_owns ("escalator", quoted_name) == 0) { g_free (quoted_name); @@ -2603,8 +2605,12 @@ return FALSE; } switch (sql_int64 (escalator, 0, 0, - "SELECT ROWID FROM escalators WHERE name = '%s';", - quoted_name)) + "SELECT ROWID FROM escalators" + " WHERE name = '%s'" + " AND ((owner IS NULL) OR (owner =" + " (SELECT users.ROWID FROM users WHERE users.uuid = '%s')))", + quoted_name, + current_credentials.uuid)) { case 0: break; @@ -2651,8 +2657,12 @@ sql ("BEGIN IMMEDIATE;"); - if (sql_int (0, 0, "SELECT COUNT(*) FROM escalators WHERE name = '%s';", - quoted_name)) + if (sql_int (0, 0, + "SELECT COUNT(*) FROM escalators WHERE name = '%s'" + " AND ((owner IS NULL) OR (owner =" + " (SELECT users.ROWID FROM users WHERE users.uuid = '%s')));", + quoted_name, + current_credentials.uuid)) { g_free (quoted_name); sql ("ROLLBACK;"); From scm-commit at wald.intevation.org Wed Feb 10 14:32:36 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 10 Feb 2010 14:32:36 +0100 (CET) Subject: [Openvas-commits] r6704 - in trunk/openvas-manager: . src Message-ID: <20100210133236.DA02386607BA@pyrosoma.intevation.org> Author: mattm Date: 2010-02-10 14:32:35 +0100 (Wed, 10 Feb 2010) New Revision: 6704 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/tasks_sql.h Log: * src/tasks_sql.h (find_config): Look for the config owned by the current user. (create_config, create_config_rc, copy_config): Limit the "already exists" check to the config owned by the current user. (delete_config): Remove config by ROWID instead of by name. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-10 12:29:10 UTC (rev 6703) +++ trunk/openvas-manager/ChangeLog 2010-02-10 13:32:35 UTC (rev 6704) @@ -1,5 +1,13 @@ 2010-02-10 Matthew Mundell + * src/tasks_sql.h (find_config): Look for the config owned by the current + user. + (create_config, create_config_rc, copy_config): Limit the "already exists" + check to the config owned by the current user. + (delete_config): Remove config by ROWID instead of by name. + +2010-02-10 Matthew Mundell + * src/tasks_sql.h (find_escalator): Look for the escalator owned by the current user. (create_escalator): Limit the "already exists" check to the escalator Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2010-02-10 12:29:10 UTC (rev 6703) +++ trunk/openvas-manager/src/tasks_sql.h 2010-02-10 13:32:35 UTC (rev 6704) @@ -6860,7 +6860,9 @@ gboolean find_config (const char* name, config_t* config) { - gchar *quoted_name = sql_quote (name); + gchar *quoted_name; + assert (current_credentials.uuid); + quoted_name = sql_quote (name); if (user_owns ("config", quoted_name) == 0) { g_free (quoted_name); @@ -6868,8 +6870,12 @@ return FALSE; } switch (sql_int64 (config, 0, 0, - "SELECT ROWID FROM configs WHERE name = '%s';", - quoted_name)) + "SELECT ROWID FROM configs" + " WHERE name = '%s'" + " AND ((owner IS NULL) OR (owner =" + " (SELECT users.ROWID FROM users WHERE users.uuid = '%s')));", + quoted_name, + current_credentials.uuid)) { case 0: break; @@ -7005,8 +7011,11 @@ while (1) { if (sql_int (0, 0, - "SELECT COUNT(*) FROM configs WHERE name = '%s';", - quoted_candidate_name) + "SELECT COUNT(*) FROM configs WHERE name = '%s'" + " AND ((owner IS NULL) OR (owner =" + " (SELECT users.ROWID FROM users WHERE users.uuid = '%s')));", + quoted_candidate_name, + current_credentials.uuid) == 0) break; g_free (candidate_name); @@ -7523,8 +7532,12 @@ sql ("BEGIN IMMEDIATE;"); - if (sql_int (0, 0, "SELECT COUNT(*) FROM configs WHERE name = '%s';", - quoted_name)) + if (sql_int (0, 0, + "SELECT COUNT(*) FROM configs WHERE name = '%s'" + " AND ((owner IS NULL) OR (owner =" + " (SELECT users.ROWID FROM users WHERE users.uuid = '%s')));", + quoted_name, + current_credentials.uuid)) { tracef (" config \"%s\" already exists\n", name); sql ("ROLLBACK;"); @@ -7616,8 +7629,12 @@ sql ("BEGIN IMMEDIATE;"); - if (sql_int (0, 0, "SELECT COUNT(*) FROM configs WHERE name = '%s';", - quoted_name)) + if (sql_int (0, 0, + "SELECT COUNT(*) FROM configs WHERE name = '%s'" + " AND ((owner IS NULL) OR (owner =" + " (SELECT users.ROWID FROM users WHERE users.uuid = '%s')));", + quoted_name, + current_credentials.uuid)) { tracef (" config \"%s\" already exists\n", name); sql ("ROLLBACK;"); @@ -7747,8 +7764,7 @@ config); sql ("DELETE FROM config_preferences WHERE config = %llu;", config); - sql ("DELETE FROM configs WHERE name =" - " (SELECT name FROM configs WHERE ROWID = %llu);", + sql ("DELETE FROM configs WHERE ROWID = %llu;", config); sql ("COMMIT;"); return 0; From scm-commit at wald.intevation.org Wed Feb 10 16:02:42 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 10 Feb 2010 16:02:42 +0100 (CET) Subject: [Openvas-commits] r6705 - in trunk/openvas-manager: . src Message-ID: <20100210150242.04A01865FAC3@pyrosoma.intevation.org> Author: mattm Date: 2010-02-10 16:02:36 +0100 (Wed, 10 Feb 2010) New Revision: 6705 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/tasks_sql.h Log: * src/tasks_sql.h (find_target, find_lsc_credential, find_agent): Quote name. (find_config): Free quoted_name on error too. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-10 13:32:35 UTC (rev 6704) +++ trunk/openvas-manager/ChangeLog 2010-02-10 15:02:36 UTC (rev 6705) @@ -1,5 +1,11 @@ 2010-02-10 Matthew Mundell + * src/tasks_sql.h (find_target, find_lsc_credential, find_agent): Quote + name. + (find_config): Free quoted_name on error too. + +2010-02-10 Matthew Mundell + * src/tasks_sql.h (find_config): Look for the config owned by the current user. (create_config, create_config_rc, copy_config): Limit the "already exists" Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2010-02-10 13:32:35 UTC (rev 6704) +++ trunk/openvas-manager/src/tasks_sql.h 2010-02-10 15:02:36 UTC (rev 6705) @@ -6535,9 +6535,12 @@ gboolean find_target (const char* name, target_t* target) { + gchar *quoted_name; assert (current_credentials.uuid); - if (user_owns ("target", name) == 0) + quoted_name = sql_quote (name); + if (user_owns ("target", quoted_name) == 0) { + g_free (quoted_name); *target = 0; return FALSE; } @@ -6546,7 +6549,7 @@ " WHERE name = '%s'" " AND ((owner IS NULL) OR (owner =" " (SELECT users.ROWID FROM users WHERE users.uuid = '%s')));", - name, + quoted_name, current_credentials.uuid)) { case 0: @@ -6557,10 +6560,12 @@ default: /* Programming error. */ assert (0); case -1: + g_free (quoted_name); return TRUE; break; } + g_free (quoted_name); return FALSE; } @@ -6885,6 +6890,7 @@ default: /* Programming error. */ assert (0); case -1: + g_free (quoted_name); return TRUE; break; } @@ -10390,9 +10396,12 @@ gboolean find_lsc_credential (const char* name, lsc_credential_t* lsc_credential) { + gchar *quoted_name; assert (current_credentials.uuid); - if (user_owns ("lsc_credential", name) == 0) + quoted_name = sql_quote (name); + if (user_owns ("lsc_credential", quoted_name) == 0) { + g_free (quoted_name); *lsc_credential = 0; return FALSE; } @@ -10401,7 +10410,7 @@ " WHERE name = '%s'" " AND ((owner IS NULL) OR (owner =" " (SELECT users.ROWID FROM users WHERE users.uuid = '%s')))", - name, + quoted_name, current_credentials.uuid)) { case 0: @@ -10412,10 +10421,12 @@ default: /* Programming error. */ assert (0); case -1: + g_free (quoted_name); return TRUE; break; } + g_free (quoted_name); return FALSE; } @@ -10901,9 +10912,12 @@ gboolean find_agent (const char* name, agent_t* agent) { + gchar *quoted_name; assert (current_credentials.uuid); - if (user_owns ("agent", name) == 0) + quoted_name = sql_quote (name); + if (user_owns ("agent", quoted_name) == 0) { + g_free (quoted_name); *agent = 0; return FALSE; } @@ -10912,7 +10926,7 @@ " WHERE name = '%s'" " AND ((owner IS NULL) OR (owner =" " (SELECT users.ROWID FROM users WHERE users.uuid = '%s')));", - name, + quoted_name, current_credentials.uuid)) { case 0: @@ -10923,10 +10937,12 @@ default: /* Programming error. */ assert (0); case -1: + g_free (quoted_name); return TRUE; break; } + g_free (quoted_name); return FALSE; } From scm-commit at wald.intevation.org Wed Feb 10 16:06:47 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 10 Feb 2010 16:06:47 +0100 (CET) Subject: [Openvas-commits] r6706 - in trunk/openvas-plugins: . scripts Message-ID: <20100210150647.18339865FAC3@pyrosoma.intevation.org> Author: chandra Date: 2010-02-10 16:06:43 +0100 (Wed, 10 Feb 2010) New Revision: 6706 Added: trunk/openvas-plugins/scripts/secpod_ms10-003.nasl trunk/openvas-plugins/scripts/secpod_ms10-004.nasl trunk/openvas-plugins/scripts/secpod_ms10-005.nasl trunk/openvas-plugins/scripts/secpod_ms10-006.nasl trunk/openvas-plugins/scripts/secpod_ms10-007.nasl trunk/openvas-plugins/scripts/secpod_ms10-008.nasl trunk/openvas-plugins/scripts/secpod_ms10-011.nasl trunk/openvas-plugins/scripts/secpod_ms10-012.nasl trunk/openvas-plugins/scripts/secpod_ms10-013.nasl trunk/openvas-plugins/scripts/secpod_ms10-014.nasl trunk/openvas-plugins/scripts/secpod_ms10-015.nasl Modified: trunk/openvas-plugins/ChangeLog Log: Added MS Bulletin plugins Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2010-02-10 15:02:36 UTC (rev 6705) +++ trunk/openvas-plugins/ChangeLog 2010-02-10 15:06:43 UTC (rev 6706) @@ -1,3 +1,18 @@ +2010-02-10 Chandrashekhar B + + * scripts/secpod_ms10-008.nasl, + scripts/secpod_ms10-015.nasl, + scripts/secpod_ms10-005.nasl, + scripts/secpod_ms10-012.nasl, + scripts/secpod_ms10-007.nasl, + scripts/secpod_ms10-014.nasl, + scripts/secpod_ms10-004.nasl, + scripts/secpod_ms10-011.nasl, + scripts/secpod_ms10-006.nasl, + scripts/secpod_ms10-013.nasl, + scripts/secpod_ms10-003.nasl: + Addded MS Bulletins - Feb 10 plugins. + 2010-02-10 Michael Meyer * scripts/novell_edirectory_38157.nasl: Added: trunk/openvas-plugins/scripts/secpod_ms10-003.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_ms10-003.nasl 2010-02-10 15:02:36 UTC (rev 6705) +++ trunk/openvas-plugins/scripts/secpod_ms10-003.nasl 2010-02-10 15:06:43 UTC (rev 6706) @@ -0,0 +1,109 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_ms10-003.nasl 7181 2010-02-10 10:10:09Z feb $ +# +# Microsoft Office (MSO) Remote Code Execution Vulnerability (978214) +# +# Authors: +# Veerendra GG +# +# Copyright: +# Copyright (c) 2010 SecPod, http://www.secpod.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(900228); + script_version("$Revision$: 1.0"); + script_cve_id("CVE-2010-0243"); + script_name("Microsoft Office (MSO) Remote Code Execution Vulnerability (978214)"); + desc = " + Overview: This host has critical security update missing according to + Microsoft Bulletin MS10-003. + + Vulnerability Insight: + An unspecified issue exists in Mso.dll while handling specially crafted + office files causing remote code execution. + + Impact: + Successful exploitation could allow attackers to execute arbitrary code. + + Impact Level: System + + Affected Software/OS: + Microsoft Office XP 3 and prior + + Fix: + Run Windows Update and update the listed hotfixes or download and + update mentioned hotfixes in the advisory from the below link, + http://www.microsoft.com/technet/security/bulletin/MS10-003.mspx + + References: + http://support.microsoft.com/kb/977896 + http://www.vupen.com/english/advisories/2010/0336 + http://www.microsoft.com/technet/security/bulletin/MS10-003.mspx + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the version of Mso.dll file"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2010 SecPod"); + script_family("Windows : Microsoft Bulletins"); + script_dependencies("secpod_office_products_version_900032.nasl", + "secpod_reg_enum.nasl"); + script_require_ports(139, 445); + exit(0); +} + + +include("smb_nt.inc"); +include("secpod_reg.inc"); +include("version_func.inc"); +include("secpod_smb_func.inc"); + +## Get File Version +function FileVer (file, path) +{ + share = ereg_replace(pattern:"([A-Za-z]):.*", replace:"\1$", string:path); + if(share =~ "[a-z]\$") + share = toupper(share); + file = ereg_replace(pattern:"[A-Za-z]:(.*)", replace:"\1", string:path + file); + ver = GetVer(file:file, share:share); + return ver; +} + +## Office XP +if(get_kb_item("MS/Office/Ver") =~ "^10\..*") +{ + ## Get Office File Path + offPath = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion", + item:"CommonFilesDir"); + if(offPath) + { + offPath += "\Microsoft Shared\OFFICE10"; + dllVer = FileVer(file:"\Mso.dll", path:offPath); + if(dllVer) + { + # Grep for Mso.dll version 10.0 < 10.0.6858.0 + if(version_in_range(version:dllVer, test_version:"10.0", test_version2:"10.0.6857.9")) + { + security_hole(0); + exit(0); + } + } + } +} Property changes on: trunk/openvas-plugins/scripts/secpod_ms10-003.nasl ___________________________________________________________________ Name: svn:executable + * Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/secpod_ms10-004.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_ms10-004.nasl 2010-02-10 15:02:36 UTC (rev 6705) +++ trunk/openvas-plugins/scripts/secpod_ms10-004.nasl 2010-02-10 15:06:43 UTC (rev 6706) @@ -0,0 +1,95 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_ms10-004.nasl 7182 2010-02-10 04:46:09Z feb $ +# +# Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (975416) +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2009 SecPod, http://www.secpod.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(902114); + script_version("$Revision$:1.0"); + script_cve_id("CVE-2010-0029", "CVE-2010-0030", "CVE-2010-0031", "CVE-2010-0032", + "CVE-2010-0033", "CVE-2010-0034"); + script_bugtraq_id(38099, 38101, 38103, 38104, 38107,38108); + script_name("Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (975416)"); + desc = " + Overview: This host has critical security update missing according to + Microsoft Bulletin MS10-004. + + Vulnerability Insight: + Multiple flaws are due to: + - Buffer overflow error when handling file paths. + - Heap overflow error when processing 'LinkedSlideAtom' records. + - Array indexing error when processing 'OEPlaceholderAtom' records with a + specially crafted 'placementId' field. + - Use-after-free error when processing 'OEPlaceholderAtom' records. + - Stack overflow error when processing 'TextBytesAtom' records. + - Stack overflow error when processing 'TextCharsAtom' records. + + Impact: + Successful exploitation could allow attackers to execute arbitrary code by + tricking a user into opening a malicious PPT file. + + Impact Level: Application + + Affected Software/OS: + Microsoft Office PowerPoint 2002 SP 3 and prior. + Microsoft Office PowerPoint 2003 SP 3 and prior. + + Fix: + Run Windows Update and update the listed hotfixes or download and + update mentioned hotfixes in the advisory from the below link, + http://www.microsoft.com/technet/security/bulletin/ms10-004.mspx + + References: + http://support.microsoft.com/kb/976881 + http://support.microsoft.com/kb/973143 + http://www.vupen.com/english/advisories/2010/0337 + http://www.microsoft.com/technet/security/bulletin/MS10-004.mspx + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the version of Powerpnt.exe file"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 SecPod"); + script_family("Windows : Microsoft Bulletins"); + script_dependencies("secpod_office_products_version_900032.nasl"); + script_require_keys("MS/Office/Ver", "SMB/Office/PowerPnt/Version"); + exit(0); +} + + +include("version_func.inc"); + +if(egrep(pattern:"^(|10|11)\..*", string:get_kb_item("MS/Office/Ver"))) +{ + pptVer = get_kb_item("SMB/Office/PowerPnt/Version"); + if(!isnull(pptVer)) + { + if(version_in_range(version:pptVer, test_version:"10.0", test_version2:"10.0.6857") || + version_in_range(version:pptVer, test_version:"11.0", test_version2:"11.0.8317")){ + security_hole(0); + } + } +} Property changes on: trunk/openvas-plugins/scripts/secpod_ms10-004.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/secpod_ms10-005.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_ms10-005.nasl 2010-02-10 15:02:36 UTC (rev 6705) +++ trunk/openvas-plugins/scripts/secpod_ms10-005.nasl 2010-02-10 15:06:43 UTC (rev 6706) @@ -0,0 +1,148 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_ms10-005.nasl 7187 2010-02-10 10:40:35Z feb $ +# +# Microsoft Paint Remote Code Execution Vulnerability (978706) +# +# Authors: +# Madhuri D +# +# Copyright: +# Copyright (c) 2010 SecPod, http://www.secpod.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(902015); + script_version("$Revision$:1.0"); + script_cve_id("CVE-2010-0028"); + script_bugtraq_id(38042); + script_name("Microsoft Paint Remote Code Execution Vulnerability (978706)"); + desc = " + Overview: This host has critical security update missing according to + Microsoft Bulletin MS10-005. + + Vulnerability Insight: + The flaw is due to an integer overflow error in Microsoft Paint when decoding + malformed JPEG images. + + Impact: + Successful exploitation could allow remote attackers to execute arbitrary + code by tricking a user into visiting a specially crafted web page. + + Impact Level: System + + Affected Software/OS: + Microsoft Windows 2000 Service Pack 4 and prior + Microsoft Windows XP Service Pack 3 and prior + Microsoft Windows 2003 Service Pack 2 and prior + + Fix: + Run Windows Update and update the listed hotfixes or download and + update mentioned hotfixes in the advisory from the below link, + http://www.microsoft.com/technet/security/bulletin/ms10-005.mspx + + References: + http://www.vupen.com/english/advisories/2010/0338 + http://www.microsoft.com/technet/security/bulletin/ms10-005.mspx + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the vulnerable Mspaint.exe file version"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2010 SecPod"); + script_family("Windows : Microsoft Bulletins"); + script_dependencies("secpod_reg_enum.nasl"); + script_require_ports(139, 445); + exit(0); +} + + +include("smb_nt.inc"); +include("secpod_reg.inc"); +include("version_func.inc"); +include("secpod_smb_func.inc"); + +if(hotfix_check_sp(win2k:5, xp:4, win2003:3) <= 0){ + exit(0); +} + +# Check for MS10-005 Hotfix +if(hotfix_missing(name:"978706") == 0){ + exit(0); +} + +sysPath = registry_get_sz(key:"SOFTWARE\Microsoft\COM3\Setup", + item:"Install Path"); +if(!sysPath){ + exit(0); +} + +share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:sysPath); +file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:sysPath + "\Mspaint.exe"); + +sysVer = GetVer(file:file, share:share); +if(!sysVer){ + exit(0); +} + +# Windows 2K +if(hotfix_check_sp(win2k:5) > 0) +{ + # Grep for Mspaint.exe version < 5.0.2195.7368 + if(version_is_less(version:sysVer, test_version:"5.0.2195.7368")){ + security_hole(0); + } +} + +# Windows XP +else if(hotfix_check_sp(xp:4) > 0) +{ + SP = get_kb_item("SMB/WinXP/ServicePack"); + if("Service Pack 2" >< SP) + { + # Grep for Mspaint.exe < 5.1.2600.3660 + if(version_is_less(version:sysVer, test_version:"5.1.2600.3660")){ + security_hole(0); + } + exit(0); + } + else if("Service Pack 3" >< SP) + { + # Grep for Mspaint.exe < 5.1.2600.5918 + if(version_is_less(version:sysVer, test_version:"5.1.2600.5918")){ + security_hole(0); + } + exit(0); + } + security_hole(0); +} + +# Windows 2003 +else if(hotfix_check_sp(win2003:3) > 0) +{ + SP = get_kb_item("SMB/Win2003/ServicePack"); + if("Service Pack 2" >< SP) + { + # Grep for Mspaint.exe version < 5.2.3790.4638 + if(version_is_less(version:sysVer, test_version:"5.2.3790.4638")){ + security_hole(0); + } + exit(0); + } + security_hole(0); +} Property changes on: trunk/openvas-plugins/scripts/secpod_ms10-005.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/secpod_ms10-006.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_ms10-006.nasl 2010-02-10 15:02:36 UTC (rev 6705) +++ trunk/openvas-plugins/scripts/secpod_ms10-006.nasl 2010-02-10 15:06:43 UTC (rev 6706) @@ -0,0 +1,149 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_ms10-006.nasl 7176 2010-02-10 09:14:35Z feb $ +# +# Microsoft SMB Client Remote Code Execution Vulnerabilities (978251) +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2010 SecPod, http://www.secpod.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(902112); + script_version("$Revision$:1.0"); + script_cve_id("CVE-2010-0017", "CVE-2010-0016"); + script_bugtraq_id(38100); + script_name("Microsoft SMB Client Remote Code Execution Vulnerabilities (978251)"); + desc = " + Overview: This host has critical security update missing according to + Microsoft Bulletin MS10-006. + + Vulnerability Insight: + The flaws are due to pool corruption error in SMB client implementation. It is + improperly validating fields in the SMB response. + + Impact: + Successful exploitation could allow remote attackers to crash an affected + system or execute arbitrary code by tricking a user into visiting a specially + crafted web page. + + Impact Level: System + + Affected Software/OS: + Microsoft Windows 2000 Service Pack 4 and prior + Microsoft Windows XP Service Pack 3 and prior + Microsoft Windows 2003 Service Pack 2 and prior + + Fix: + Run Windows Update and update the listed hotfixes or download and + update mentioned hotfixes in the advisory from the below link, + http://www.microsoft.com/technet/security/bulletin/ms10-006.mspx + + References: + http://www.vupen.com/english/advisories/2010/0339 + http://www.microsoft.com/technet/security/bulletin/ms10-006.mspx + + Risk factor: Critical"; + + script_description(desc); + script_summary("Check for the vulnerable Mrxsmb.sys file version"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2010 SecPod"); + script_family("Windows : Microsoft Bulletins"); + script_dependencies("secpod_reg_enum.nasl"); + script_require_ports(139, 445); + exit(0); +} + + +include("smb_nt.inc"); +include("secpod_reg.inc"); +include("version_func.inc"); +include("secpod_smb_func.inc"); + +if(hotfix_check_sp(win2k:5, xp:4, win2003:3) <= 0){ + exit(0); +} + +# Check for MS10-006 Hotfix +if(hotfix_missing(name:"978251") == 0){ + exit(0); +} + +sysPath = registry_get_sz(key:"SOFTWARE\Microsoft\COM3\Setup", + item:"Install Path"); +if(!sysPath){ + exit(0); +} + +share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:sysPath); +file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", + string:sysPath + "\drivers\Mrxsmb.sys"); + +sysVer = GetVer(file:file, share:share); +if(!sysVer){ + exit(0); +} + +# Windows 2K +if(hotfix_check_sp(win2k:5) > 0) +{ + # Grep for Mrxsmb.sys version < 5.0.2195.7362 + if(version_is_less(version:sysVer, test_version:"5.0.2195.7362")){ + security_hole(0); + } +} +# Windows XP +else if(hotfix_check_sp(xp:4) > 0) +{ + SP = get_kb_item("SMB/WinXP/ServicePack"); + if("Service Pack 2" >< SP) + { + # Grep for Mrxsmb.sys < 5.1.2600.3652 + if(version_is_less(version:sysVer, test_version:"5.1.2600.3652")){ + security_hole(0); + } + exit(0); + } + else if("Service Pack 3" >< SP) + { + # Grep for Mrxsmb.sys < 5.1.2600.5911 + if(version_is_less(version:sysVer, test_version:"5.1.2600.5911")){ + security_hole(0); + } + exit(0); + } + security_hole(0); +} + +# Windows 2003 +else if(hotfix_check_sp(win2003:3) > 0) +{ + SP = get_kb_item("SMB/Win2003/ServicePack"); + if("Service Pack 2" >< SP) + { + # Grep for Mrxsmb.sys version < 5.2.3790.4630 + if(version_is_less(version:sysVer, test_version:"5.2.3790.4630")){ + security_hole(0); + } + exit(0); + } + security_hole(0); +} Property changes on: trunk/openvas-plugins/scripts/secpod_ms10-006.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/secpod_ms10-007.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_ms10-007.nasl 2010-02-10 15:02:36 UTC (rev 6705) +++ trunk/openvas-plugins/scripts/secpod_ms10-007.nasl 2010-02-10 15:06:43 UTC (rev 6706) @@ -0,0 +1,152 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_ms10-007.nasl 7178 2010-02-10 08:00:09Z feb $ +# +# Microsoft Windows Shell Handler Could Allow Remote Code Execution Vulnerability (975713) +# +# Authors: +# Veerendra GG +# +# Copyright: +# Copyright (c) 2010 SecPod, http://www.secpod.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(900227); + script_version("$Revision$: 1.0"); + script_cve_id("CVE-2010-0027"); + script_bugtraq_id(37884); + script_name("Microsoft Windows Shell Handler Could Allow Remote Code Execution Vulnerability (975713)"); + desc = " + Overview: This host has critical security update missing according to + Microsoft Bulletin MS10-007. + + Vulnerability Insight: + An error exists due to incorrect validation of input sent to the ShellExecute + API function. Remote attacker could exploit this vulnerability to execute a + binary from the local client system by making a victim to click on a + specially-crafted URL. + + Impact: + Successful exploitation will let the remote attackers to execure a binary + from the local client system. + + Impact Level: System + + Affected Software/OS: + Microsoft Windows 2K Service Pack 4 and prior. + Microsoft Windows XP Service Pack 3 and prior. + Microsoft Windows 2K3 Service Pack 2 and prior. + + Fix: + Run Windows Update and update the listed hotfixes or download and + update mentioned hotfixes in the advisory from the below link, + http://www.microsoft.com/technet/security/bulletin/MS10-007.mspx + + References: + http://xforce.iss.net/xforce/xfdb/55773 + http://support.microsoft.com/kb/975713 + + Risk factor: Critical"; + + script_description(desc); + script_summary("Check for the version of Shlwapi.dll file"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2010 SecPod"); + script_family("Windows : Microsoft Bulletins"); + script_dependencies("secpod_reg_enum.nasl"); + script_require_ports(139, 445); + exit(0); +} + + +include("smb_nt.inc"); +include("secpod_reg.inc"); +include("version_func.inc"); +include("secpod_smb_func.inc"); + +if(hotfix_check_sp(win2k:5, xp:4, win2003:3) <= 0){ + exit(0); +} + +# MS10-007 Hotfix check +if(hotfix_missing(name:"975713") == 0){ + exit(0); +} + +dllPath = registry_get_sz(key:"SOFTWARE\Microsoft\COM3\Setup", + item:"Install Path"); +if(!dllPath){ + exit(0); +} + +share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:dllPath); +file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", + string:dllPath + "\Shlwapi.dll"); + +dllVer = GetVer(file:file, share:share); +if(!dllVer){ + exit(0); +} + +# Windows 2K +if(hotfix_check_sp(win2k:5) > 0) +{ + # Grep for Shlwapi.dll version < 5.0.3900.7349 + if(version_is_less(version:dllVer, test_version:"5.0.3900.7349")){ + security_hole(0); + } +} + +# Windows XP +else if(hotfix_check_sp(xp:4) > 0) +{ + SP = get_kb_item("SMB/WinXP/ServicePack"); + if("Service Pack 2" >< SP) + { + # Grep for Shlwapi.dll < 6.0.2900.3653 + if(version_is_less(version:dllVer, test_version:"6.0.2900.3653")){ + security_hole(0); + } + exit(0); + } + + else if("Service Pack 3" >< SP) + { + # Grep for Shlwapi.dll < 6.0.2900.5912 + if(version_is_less(version:dllVer, test_version:"6.0.2900.5912")){ + security_hole(0); + } + exit(0); + } + security_hole(0); +} + +# Windows 2003 +else if(hotfix_check_sp(win2003:3) > 0) +{ + SP = get_kb_item("SMB/Win2003/ServicePack"); + if("Service Pack 2" >< SP) + { + # Grep for Shlwapi.dll version < 6.0.3790.4603 + if(version_is_less(version:dllVer, test_version:"6.0.3790.4603")){ + security_hole(0); + } + exit(0); + } + security_hole(0); +} Property changes on: trunk/openvas-plugins/scripts/secpod_ms10-007.nasl ___________________________________________________________________ Name: svn:executable + * Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/secpod_ms10-008.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_ms10-008.nasl 2010-02-10 15:02:36 UTC (rev 6705) +++ trunk/openvas-plugins/scripts/secpod_ms10-008.nasl 2010-02-10 15:06:43 UTC (rev 6706) @@ -0,0 +1,111 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_ms10-008.nasl 7188 2010-02-10 11:55:09Z feb $ +# +# Microsoft Data Analyzer ActiveX Control Vulnerability (978262) +# +# Authors: +# Veerendra GG +# +# Copyright: +# Copyright (c) 2010 SecPod, http://www.secpod.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(900229); + script_version("$Revision$: 1.0"); + script_cve_id("CVE-2010-0252"); + script_name("Microsoft Data Analyzer ActiveX Control Vulnerability (978262)"); + desc = " + Overview: This host has critical security update missing according to + Microsoft Bulletin MS10-008. + + Vulnerability Insight: + An unspecified error exists in the Microsoft Data Analyzer ActiveX control + (max3activex.dll) when used with Internet Explorer. Attackers can execute + arbitrary code by tricking a user into visiting a specially crafted web page. + + Impact: + Successful exploitation will let the remote attackers execute arbitrary code + and can compromise a vulnerable system. + + Impact Level: System. + + Affected Software/OS: + Microsoft Windows 2K Service Pack 4 and prior + Microsoft Windows XP Service Pack 3 and prior + Microsoft Windows 2K3 Service Pack 2 and prior + + Fix: + Run Windows Update and update the listed hotfixes or download and + update mentioned hotfixes in the advisory from the below link, + http://www.microsoft.com/technet/security/bulletin/ms10-008.mspx + + Workaround: + Set the killbit for the following CLSIDs, + {E0ECA9C3-D669-4EF4-8231-00724ED9288F}, {C05A1FBC-1413-11D1-B05F-00805F4945F6}, + {5D80A6D1-B500-47DA-82B8-EB9875F85B4D}, {0CCA191D-13A6-4E29-B746-314DEE697D83}, + {2d8ed06d-3c30-438b-96ae-4d110fdc1fb8} + http://support.microsoft.com/kb/240797 + + References: + http://secunia.com/advisories/38503/ + http://www.vupen.com/english/advisories/2010/0341 + http://www.microsoft.com/technet/security/bulletin/ms10-008.mspx + + Risk factor: Critical"; + + script_description(desc); + script_summary("Check for the CLSID and Hotfix"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2010 SecPod"); + script_family("Windows : Microsoft Bulletins"); + script_dependencies("secpod_reg_enum.nasl"); + script_require_ports(139, 445); + exit(0); +} + + +include("smb_nt.inc"); +include("secpod_reg.inc"); +include("secpod_activex.inc"); + +## Check For OS and Service Packs +if(hotfix_check_sp(win2k:5, xp:4, win2003:3) <= 0){ + exit(0); +} + +## MS10-008 Hotfix check +if(hotfix_missing(name:"978262") == 0){ + exit(0); +} + +## CLSID List +clsids = make_list( + "{E0ECA9C3-D669-4EF4-8231-00724ED9288F}", "{C05A1FBC-1413-11D1-B05F-00805F4945F6}", + "{5D80A6D1-B500-47DA-82B8-EB9875F85B4D}", "{0CCA191D-13A6-4E29-B746-314DEE697D83}", + "{2d8ed06d-3c30-438b-96ae-4d110fdc1fb8}"); + +foreach clsid (clsids) +{ + ## Check if Kill-Bit is set for ActiveX control + if(is_killbit_set(clsid:clsid) == 0) + { + security_hole(0); + exit(0); + } +} Property changes on: trunk/openvas-plugins/scripts/secpod_ms10-008.nasl ___________________________________________________________________ Name: svn:executable + * Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/secpod_ms10-011.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_ms10-011.nasl 2010-02-10 15:02:36 UTC (rev 6705) +++ trunk/openvas-plugins/scripts/secpod_ms10-011.nasl 2010-02-10 15:06:43 UTC (rev 6706) @@ -0,0 +1,148 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_ms10-011.nasl 7177 2010-02-10 09:14:35Z feb $ +# +# Microsoft Client/Server Run-time Subsystem Privilege Elevation Vulnerability (978037) +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2010 SecPod, http://www.secpod.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(902116); + script_version("$Revision$:1.0"); + script_cve_id("CVE-2010-0023"); + script_bugtraq_id(38098); + script_name(" Microsoft Client/Server Run-time Subsystem Privilege Elevation Vulnerability (978037)"); + desc = " + Overview: This host has critical security update missing according to Microsoft + Bulletin MS10-011. + + Vulnerability Insight: + The issue is caused by an error in the 'Client/Server Run-time Subsystem' (CSRSS) + that does not properly terminate user processes when a user logs out. + + Impact: + Successful exploitation could allow remote attackers to monitor all actions + performed by other logged-in users or run arbitrary code in kernel mode. + + Impact Level: System + + Affected Software/OS: + Microsoft Windows 2000 Service Pack 4 and prior + Microsoft Windows XP Service Pack 3 and prior + Microsoft Windows 2003 Service Pack 2 and prior + + Fix: + Run Windows Update and update the listed hotfixes or download and + update mentioned hotfixes in the advisory from the below link, + http://www.microsoft.com/technet/security/bulletin/ms10-011.mspx + + References: + http://www.vupen.com/english/advisories/2010/0344 + http://www.microsoft.com/technet/security/bulletin/ms10-011.mspx + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the vulnerable DLL file version"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2010 SecPod"); + script_family("Windows : Microsoft Bulletins"); + script_dependencies("secpod_reg_enum.nasl"); + script_require_ports(139, 445); + exit(0); +} + + +include("smb_nt.inc"); +include("secpod_reg.inc"); +include("version_func.inc"); +include("secpod_smb_func.inc"); + +if(hotfix_check_sp(win2k:5, xp:4, win2003:3) <= 0){ + exit(0); +} + +# Check for MS10-011 Hotfix Missing 978037 +if(hotfix_missing(name:"978037") == 0){ + exit(0); +} + +sysPath = registry_get_sz(key:"SOFTWARE\Microsoft\COM3\Setup", + item:"Install Path"); +if(!sysPath){ + exit(0); +} + +share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:sysPath); +file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", + string:sysPath + "\Csrsrv.dll"); + +sysVer = GetVer(file:file, share:share); +if(!sysVer){ + exit(0); +} + +# Windows 2K +if(hotfix_check_sp(win2k:5) > 0) +{ + # Grep for Csrsrv.dll version < 5.0.2195.7366 + if(version_is_less(version:sysVer, test_version:"5.0.2195.7366")){ + security_hole(0); + } +} +# Windows XP +else if(hotfix_check_sp(xp:4) > 0) +{ + SP = get_kb_item("SMB/WinXP/ServicePack"); + if("Service Pack 2" >< SP) + { + # Grep for Csrsrv.dll < 5.1.2600.3657 + if(version_is_less(version:sysVer, test_version:"5.1.2600.3657")){ + security_hole(0); + } + exit(0); + } + else if("Service Pack 3" >< SP) + { + # Grep for Csrsrv.dll < 5.1.2600.5915 + if(version_is_less(version:sysVer, test_version:"5.1.2600.5915")){ + security_hole(0); + } + exit(0); + } + security_hole(0); +} + +# Windows 2003 +else if(hotfix_check_sp(win2003:3) > 0) +{ + SP = get_kb_item("SMB/Win2003/ServicePack"); + if("Service Pack 2" >< SP) + { + # Grep for Csrsrv.dll version < 5.2.3790.4635 + if(version_is_less(version:sysVer, test_version:"5.2.3790.4635")){ + security_hole(0); + } + exit(0); + } + security_hole(0); +} Property changes on: trunk/openvas-plugins/scripts/secpod_ms10-011.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/secpod_ms10-012.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_ms10-012.nasl 2010-02-10 15:02:36 UTC (rev 6705) +++ trunk/openvas-plugins/scripts/secpod_ms10-012.nasl 2010-02-10 15:06:43 UTC (rev 6706) @@ -0,0 +1,164 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_ms10-012.nasl 7184 2010-02-10 15:00:09Z feb $ +# +# Microsoft Windows SMB Server Multiple Vulnerabilities (971468) +# +# Authors: +# Veerendra GG +# +# Copyright: +# Copyright (c) 2010 SecPod, http://www.secpod.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(900230); + script_version("$Revision$: 1.0"); + script_cve_id("CVE-2010-0020", "CVE-2010-0021", + "CVE-2010-0022", "CVE-2010-0231"); + script_name("Microsoft Windows SMB Server Multiple Vulnerabilities (971468)"); + desc = " + Overview: This host has critical security update missing according to + Microsoft Bulletin MS10-012. + + Vulnerability Insight: + - An input validation error exists while processing SMB requests and can + be exploited to cause a buffer overflow via a specially crafted SMB packet. + - An error exists in the SMB implementation while parsing SMB packets during + the Negotiate phase causing memory corruption via a specially crafted SMB + packet. + - NULL pointer dereference error exists in SMB while verifying the 'share' + and 'servername' fields in SMB packets causing denial of service. + - A lack of cryptographic entropy when the SMB server generates challenges + during SMB NTLM authentication and can be exploited to bypass the + authentication mechanism. + + Impact: + Successful exploitation will let the remote attackers to execute arbitrary + code or cause a denial of service or bypass the authentication mechanism + via brute force technique. + + Impact Level: System/Application + + Affected Software/OS: + Microsoft Windows 2K Service Pack 4 and prior + Microsoft Windows XP Service Pack 3 and prior + Microsoft Windows 2K3 Service Pack 2 and prior + + Fix: + Run Windows Update and update the listed hotfixes or download and + update mentioned hotfixes in the advisory from the below link, + http://www.microsoft.com/technet/security/bulletin/ms10-012.mspx + + References: + http://secunia.com/advisories/38510/ + http://support.microsoft.com/kb/971468 + http://www.vupen.com/english/advisories/2010/0345 + http://www.microsoft.com/technet/security/bulletin/ms10-012.mspx + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the version of Srv.sys file"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2010 SecPod"); + script_family("Windows : Microsoft Bulletins"); + script_dependencies("secpod_reg_enum.nasl"); + script_require_ports(139, 445); + exit(0); +} + + +include("smb_nt.inc"); +include("secpod_reg.inc"); +include("version_func.inc"); +include("secpod_smb_func.inc"); + +if(hotfix_check_sp(win2k:5, xp:4, win2003:3) <= 0){ + exit(0); +} + +## Check Hotfix MS10-012 +if(hotfix_missing(name:"971468") == 0){ + exit(0); +} + +## Get System Path +sysPath = registry_get_sz(key:"SOFTWARE\Microsoft\COM3\Setup", + item:"Install Path"); +if(!sysPath){ + exit(0); +} + +share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:sysPath); +file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", + string:sysPath + "\drivers\Srv.sys"); + +## Get File Version +sysVer = GetVer(file:file, share:share); + +if(!sysVer){ + exit(0); +} + +## Windows 2K +if(hotfix_check_sp(win2k:5) > 0) +{ + ## Grep for Srv.sys version < 5.0.2195.7365 + if(version_is_less(version:sysVer, test_version:"5.0.2195.7365")){ + security_hole(0); + } + exit(0); +} + +## Windows XP +if(hotfix_check_sp(xp:4) > 0) +{ + SP = get_kb_item("SMB/WinXP/ServicePack"); + if("Service Pack 2" >< SP) + { + ## Grep for Srv.sys < 5.1.2600.3662 + if(version_is_less(version:sysVer, test_version:"5.1.2600.3662")){ + security_hole(0); + } + exit(0); + } + else if("Service Pack 3" >< SP) + { + ## Grep for Srv.sys < 5.1.2600.5923 + if(version_is_less(version:sysVer, test_version:"5.1.2600.5923")){ + security_hole(0); + } + exit(0); + } + security_hole(0); +} + +## Windows 2003 +if(hotfix_check_sp(win2003:3) > 0) +{ + SP = get_kb_item("SMB/Win2003/ServicePack"); + if("Service Pack 2" >< SP) + { + ## Grep for Srv.sys version < 5.2.3790.4634 + if(version_is_less(version:sysVer, test_version:"5.2.3790.4634")){ + security_hole(0); + } + exit(0); + } + security_hole(0); +} Property changes on: trunk/openvas-plugins/scripts/secpod_ms10-012.nasl ___________________________________________________________________ Name: svn:executable + * Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/secpod_ms10-013.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_ms10-013.nasl 2010-02-10 15:02:36 UTC (rev 6705) +++ trunk/openvas-plugins/scripts/secpod_ms10-013.nasl 2010-02-10 15:06:43 UTC (rev 6706) @@ -0,0 +1,166 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_ms10-013.nasl 7180 2010-02-10 09:14:35Z feb $ +# +# Microsoft DirectShow Remote Code Execution Vulnerability (977935) +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2010 SecPod, http://www.secpod.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(902117); + script_version("$Revision$:1.0"); + script_cve_id("CVE-2010-0250"); + script_bugtraq_id(38112); + script_name("Microsoft DirectShow Remote Code Execution Vulnerability (977935)"); + desc = " + Overview: This host has critical security update missing according to + Microsoft Bulletin MS10-013. + + Vulnerability Insight: + The flaw is caused by a heap overflow error in the Microsoft DirectShow + component when handling malformed AVI files. + + Impact: + Successful exploitation could allow remote attackers to crash an affected + system or execute arbitrary code by tricking a user into visiting a specially + crafted web page. + + Impact Level: System + + Affected Software/OS: + Microsoft Windows 2000 Service Pack 4 and prior + Microsoft Windows XP Service Pack 3 and prior + Microsoft Windows 2003 Service Pack 2 and prior + + Fix: + Run Windows Update and update the listed hotfixes or download and + update mentioned hotfixes in the advisory from the below link, + http://www.microsoft.com/technet/security/bulletin/ms10-013.mspx + + References: + http://www.vupen.com/english/advisories/2010/0346 + http://www.microsoft.com/technet/security/bulletin/ms10-013.mspx + + Risk factor: Critical"; + + script_description(desc); + script_summary("Check for the vulnerable DLL file version"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2010 SecPod"); + script_family("Windows : Microsoft Bulletins"); + script_dependencies("secpod_reg_enum.nasl"); + script_require_ports(139, 445); + exit(0); +} + + +include("smb_nt.inc"); +include("secpod_reg.inc"); +include("version_func.inc"); +include("secpod_smb_func.inc"); + +function Get_dllversion(path, dllfile) +{ + share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:path); + file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", + string:path + dllfile); + sysVer = GetVer(file:file, share:share); + if(isnull(sysVer)){ + return 0; + } + else + return sysVer; +} + +if(hotfix_check_sp(win2k:5, xp:4, win2003:3) <= 0){ + exit(0); +} + +# Check for MS10-013 Hotfixes 977914, 975560 +if((hotfix_missing(name:"977914") == 0) && (hotfix_missing(name:"975560") == 0)){ + exit(0); +} + +sysPath = registry_get_sz(key:"SOFTWARE\Microsoft\COM3\Setup", + item:"Install Path"); +if(!sysPath){ + exit(0); +} + +sysVer1 = Get_dllversion(path:sysPath, dllfile:"\Avifil32.dll"); +sysVer2 = Get_dllversion(path:sysPath, dllfile:"\Quartz.dll"); + +if(!(sysVer1 && sysVer2)){ + exit(0); +} + +# Windows 2K +if(hotfix_check_sp(win2k:5) > 0) +{ + # Grep for Avifil32.dll version < 5.0.2195.7359, Quartz.dll < 6.5.1.913, 6.1.9.738 + if(version_is_less(version:sysVer1, test_version:"5.0.2195.7359") || + version_in_range(version:sysVer2, test_version:"6.5", test_version:"6.5.1.912") || + version_in_range(version:sysVer2, test_version:"6.1", test_version:"6.1.9.737")) { + security_hole(0); + } +} + +# Windows XP +else if(hotfix_check_sp(xp:4) > 0) +{ + SP = get_kb_item("SMB/WinXP/ServicePack"); + if("Service Pack 2" >< SP) + { + # Grep for Avifil32.dll 5.1.2600.3649, Quartz.dll < 6.5.2600.3649 + if(version_is_less(version:sysVer1, test_version:"5.1.2600.3649") || + version_is_less(version:sysVer2, test_version:"6.5.2600.3649")){ + security_hole(0); + } + exit(0); + } + else if("Service Pack 3" >< SP) + { + # Grep for Avifil32.dll < 5.1.2600.5908, Quartz.dll < 6.5.2600.5908 + if(version_is_less(version:sysVer1, test_version:"5.1.2600.5908") || + version_is_less(version:sysVer2, test_version:"6.5.2600.5908")){ + security_hole(0); + } + exit(0); + } + security_hole(0); +} + +# Windows 2003 +else if(hotfix_check_sp(win2003:3) > 0) +{ + SP = get_kb_item("SMB/Win2003/ServicePack"); + if("Service Pack 2" >< SP) + { + # Grep for Avifil32.dll < 5.2.3790.4625, Quartz.dll < 6.5.3790.4625 + if(version_is_less(version:sysVer1, test_version:"5.2.3790.4625") || + version_is_less(version:sysVer2, test_version:"6.5.3790.4625")){ + security_hole(0); + } + exit(0); + } + security_hole(0); +} Property changes on: trunk/openvas-plugins/scripts/secpod_ms10-013.nasl ___________________________________________________________________ Name: svn:executable + * Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/secpod_ms10-014.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_ms10-014.nasl 2010-02-10 15:02:36 UTC (rev 6705) +++ trunk/openvas-plugins/scripts/secpod_ms10-014.nasl 2010-02-10 15:06:43 UTC (rev 6706) @@ -0,0 +1,126 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_ms10-014.nasl 7185 2010-02-10 09:14:35Z feb $ +# +# Microsoft Kerberos Denial of Service Vulnerability (977290) +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2010 SecPod, http://www.secpod.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(902115); + script_version("$Revision$:1.0"); + script_cve_id("CVE-2010-0035"); + script_bugtraq_id(38110); + script_name("Microsoft Kerberos Denial of Service Vulnerability (977290)"); + desc = " + Overview: This host has critical security update missing according to Microsoft + Bulletin MS10-014. + + Vulnerability Insight: + The issue is caused by a NULL pointer dereference error when handling + 'Ticket-Granting-Ticket' renewal requests sent by a client on a remote + non-Windows realm in a mixed-mode Kerberos implementation. + + Impact: + Successful exploitation could allow remote attackers to cause a vulnerable + Windows domain controller to stop responding. + + Impact Level: System + + Affected Software/OS: + Microsoft Windows 2000 Service Pack 4 and prior. + Microsoft Windows 2003 Service Pack 2 and prior. + + Fix: + Run Windows Update and update the listed hotfixes or download and + update mentioned hotfixes in the advisory from the below link, + http://www.microsoft.com/technet/security/bulletin/ms10-014.mspx + + References: + http://www.vupen.com/english/advisories/2010/0344 + http://www.microsoft.com/technet/security/bulletin/ms10-014.mspx + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the vulnerable DLL file version"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2010 SecPod"); + script_family("Windows : Microsoft Bulletins"); + script_dependencies("secpod_reg_enum.nasl"); + script_require_ports(139, 445); + exit(0); +} + + +include("smb_nt.inc"); +include("secpod_reg.inc"); +include("version_func.inc"); +include("secpod_smb_func.inc"); + +if(hotfix_check_sp(win2k:5, xp:4, win2003:3) <= 0){ + exit(0); +} + +# Check for MS10-014 Hotfix +if(hotfix_missing(name:"977290") == 0){ + exit(0); +} + +sysPath = registry_get_sz(key:"SOFTWARE\Microsoft\COM3\Setup", + item:"Install Path"); +if(!sysPath){ + exit(0); +} + +share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:sysPath); +file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", + string:sysPath + "\Kdcsvc.dll"); + +sysVer = GetVer(file:file, share:share); +if(!sysVer){ + exit(0); +} + +# Windows 2K +if(hotfix_check_sp(win2k:5) > 0) +{ + # Grep for Kdcsvc.dll version < 5.0.2195.7361 + if(version_is_less(version:sysVer, test_version:"5.0.2195.7361")){ + security_hole(0); + } +} + +# Windows 2003 +else if(hotfix_check_sp(win2003:3) > 0) +{ + SP = get_kb_item("SMB/Win2003/ServicePack"); + if("Service Pack 2" >< SP) + { + # Grep for Kdcsvc.dll version < 5.2.3790.4628 + if(version_is_less(version:sysVer, test_version:"5.2.3790.4628")){ + security_hole(0); + } + exit(0); + } + security_hole(0); +} Property changes on: trunk/openvas-plugins/scripts/secpod_ms10-014.nasl ___________________________________________________________________ Name: svn:keywords + Revision Added: trunk/openvas-plugins/scripts/secpod_ms10-015.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_ms10-015.nasl 2010-02-10 15:02:36 UTC (rev 6705) +++ trunk/openvas-plugins/scripts/secpod_ms10-015.nasl 2010-02-10 15:06:43 UTC (rev 6706) @@ -0,0 +1,152 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_ms10-015.nasl 7186 2010-02-10 17:57:42Z feb $ +# +# Microsoft Windows Kernel Could Allow Elevation of Privilege (977165) +# +# Authors: +# Rachana Shetty +# +# Copyright: +# Copyright (c) 2010 SecPod, http://www.secpod.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(900740); + script_version("$Revision$: 1.0"); + script_cve_id("CVE-2010-0232", "CVE-2010-0233"); + script_bugtraq_id(37864); + script_name("Microsoft Windows Kernel Could Allow Elevation of Privilege (977165)"); + desc = " + Overview: This host has critical security update missing according to + Microsoft Bulletin MS10-015. + + Vulnerability Insight: + - Windows Kernel is not properly handling certain exceptions, which can be + exploited to execute arbitrary code with kernel privileges. + - Windows Kernel is not correctly resetting a pointer when freeing memory, + which can be exploited to trigger a double-free condition. + + Impact: + Successful exploitation could allow attackers to execute arbitrary code with + kernel-level privilege. + + Impact Level: System + + Affected Software/OS: + Microsoft Windows 2K Service Pack 4 and prior. + Microsoft Windows XP Service Pack 3 and prior. + Microsoft Windows 2K3 Service Pack 2 and prior. + + Fix: + Run Windows Update and update the listed hotfixes or download and + update mentioned hotfixes in the advisory from the below link, + http://www.microsoft.com/technet/security/Bulletin/MS10-015.mspx + + References: + http://secunia.com/advisories/38265 + http://www.vupen.com/english/advisories/2010/0179 + http://www.microsoft.com/technet/security/advisory/979682.mspx + + Risk factor: High"; + + script_description(desc); + script_summary("Check for the version of ntoskrnl.exe file"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2010 SecPod"); + script_family("Windows : Microsoft Bulletins"); + script_dependencies("secpod_reg_enum.nasl"); + script_require_ports(139, 445); + exit(0); +} + + +include("smb_nt.inc"); +include("secpod_reg.inc"); +include("version_func.inc"); +include("secpod_smb_func.inc"); + +if(hotfix_check_sp(xp:4, win2k:5, win2003:3) <= 0){ + exit(0); +} + +# MS09-058 Hotfix check +if(hotfix_missing(name:"977165") == 0){ + exit(0); +} + +exePath = registry_get_sz(key:"SOFTWARE\Microsoft\COM3\Setup", + item:"Install Path"); +if(!exePath){ + exit(0); +} + +share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:exePath); +file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", + string:exePath + "\ntoskrnl.exe"); + +exeVer = GetVer(file:file, share:share); +if(!exeVer){ + exit(0); +} + +# Windows 2K +if(hotfix_check_sp(win2k:5) > 0) +{ + # Grep for ntoskrnl.exe version < 5.0.2195.7364 + if(version_is_less(version:exeVer, test_version:"5.0.2195.7364")){ + security_hole(0); + } +} + +# Windows XP +else if(hotfix_check_sp(xp:4) > 0) +{ + SP = get_kb_item("SMB/WinXP/ServicePack"); + if("Service Pack 2" >< SP) + { + # Grep for ntoskrnl.exe < 5.1.2600.3654 + if(version_is_less(version:exeVer, test_version:"5.1.2600.3654")){ + security_hole(0); + } + exit(0); + } + else if("Service Pack 3" >< SP) + { + # Grep for ntoskrnl.exe < 5.1.2600.5913 + if(version_is_less(version:exeVer, test_version:"5.1.2600.5913")){ + security_hole(0); + } + exit(0); + } + security_hole(0); +} + +# Windows 2003 +else if(hotfix_check_sp(win2003:3) > 0) +{ + SP = get_kb_item("SMB/Win2003/ServicePack"); + if("Service Pack 2" >< SP) + { + # Grep for ntoskrnl.exe version < 5.2.3790.4637 + if(version_is_less(version:exeVer, test_version:"5.2.3790.4637")){ + security_hole(0); + } + exit(0); + } + security_hole(0); +} Property changes on: trunk/openvas-plugins/scripts/secpod_ms10-015.nasl ___________________________________________________________________ Name: svn:keywords + Revision From scm-commit at wald.intevation.org Wed Feb 10 16:09:55 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 10 Feb 2010 16:09:55 +0100 (CET) Subject: [Openvas-commits] r6707 - in trunk/gsa: . src/html/src Message-ID: <20100210150955.04E62865FAC8@pyrosoma.intevation.org> Author: mattm Date: 2010-02-10 16:09:51 +0100 (Wed, 10 Feb 2010) New Revision: 6707 Modified: trunk/gsa/ChangeLog trunk/gsa/src/html/src/omp.xsl Log: * src/html/src/omp.xsl (escalator) [details]: Remove greying of method background. Modified: trunk/gsa/ChangeLog =================================================================== --- trunk/gsa/ChangeLog 2010-02-10 15:06:43 UTC (rev 6706) +++ trunk/gsa/ChangeLog 2010-02-10 15:09:51 UTC (rev 6707) @@ -1,3 +1,8 @@ +2010-02-10 Matthew Mundell + + * src/html/src/omp.xsl (escalator) [details]: Remove greying of method + background. + 2010-02-08 Tim Brown * src/gsad.c: Fixed couple of leaks reported by cppcheck. Modified: trunk/gsa/src/html/src/omp.xsl =================================================================== --- trunk/gsa/src/html/src/omp.xsl 2010-02-10 15:06:43 UTC (rev 6706) +++ trunk/gsa/src/html/src/omp.xsl 2010-02-10 15:09:51 UTC (rev 6707) @@ -2065,7 +2065,7 @@

Name

Method:

- + From scm-commit at wald.intevation.org Wed Feb 10 16:31:42 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 10 Feb 2010 16:31:42 +0100 (CET) Subject: [Openvas-commits] r6708 - in trunk/openvas-manager: . src Message-ID: <20100210153142.04073865FAC3@pyrosoma.intevation.org> Author: mattm Date: 2010-02-10 16:31:41 +0100 (Wed, 10 Feb 2010) New Revision: 6708 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/omp.c Log: * src/omp.c (print_report_latex): Note in the abstract if the task was still running. Check host end time before printing it. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2010-02-10 15:09:51 UTC (rev 6707) +++ trunk/openvas-manager/ChangeLog 2010-02-10 15:31:41 UTC (rev 6708) @@ -1,5 +1,10 @@ 2010-02-10 Matthew Mundell + * src/omp.c (print_report_latex): Note in the abstract if the task was + still running. Check host end time before printing it. + +2010-02-10 Matthew Mundell + * src/tasks_sql.h (find_target, find_lsc_credential, find_agent): Quote name. (find_config): Free quoted_name on error too. Modified: trunk/openvas-manager/src/omp.c =================================================================== --- trunk/openvas-manager/src/omp.c 2010-02-10 15:09:51 UTC (rev 6707) +++ trunk/openvas-manager/src/omp.c 2010-02-10 15:31:41 UTC (rev 6708) @@ -3803,12 +3803,15 @@ fprintf (out, "\\begin{abstract}\n" "This document reports on the results of an automatic security scan.\n" - "The scan started at %s and ended at %s. The\n" + "The scan started at %s and %s%s. The\n" "report first summarises the results found. Then, for each host,\n" "the report describes every issue found. Please consider the\n" "advice given in each desciption, in order to rectify the issue.\n" "\\end{abstract}\n", start_time, + (strlen (end_time) > 0 + ? "ended at " + : "was still running when the report was created"), end_time); free (start_time); free (end_time); @@ -3960,7 +3963,10 @@ host, host, host_iterator_start_time (&hosts), - host_iterator_end_time (&hosts)); + ((host_iterator_end_time (&hosts) + && strlen (host_iterator_end_time (&hosts))) + ? host_iterator_end_time (&hosts) + : "")); /* Print the result summary table. */ From scm-commit at wald.intevation.org Wed Feb 10 18:13:51 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 10 Feb 2010 18:13:51 +0100 (CET) Subject: [Openvas-commits] r6709 - in trunk/openvas-plugins: . scripts Message-ID: <20100210171351.A0290865FAC8@pyrosoma.intevation.org> Author: reinke Date: 2010-02-10 18:13:46 +0100 (Wed, 10 Feb 2010) New Revision: 6709 Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/pkg-lib-rpm.inc Log: Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2010-02-10 15:31:41 UTC (rev 6708) +++ trunk/openvas-plugins/ChangeLog 2010-02-10 17:13:46 UTC (rev 6709) @@ -1,3 +1,10 @@ +2010-02-10 Thomas Reinke + + * scripts/pkg-lib-rpm.inc + Added patch to handle specific instances where strings cannot + be compared in revcomp() and get the expected results. + Also cleaned up local_var definitions. + 2010-02-10 Chandrashekhar B * scripts/secpod_ms10-008.nasl, Modified: trunk/openvas-plugins/scripts/pkg-lib-rpm.inc =================================================================== --- trunk/openvas-plugins/scripts/pkg-lib-rpm.inc 2010-02-10 15:31:41 UTC (rev 6708) +++ trunk/openvas-plugins/scripts/pkg-lib-rpm.inc 2010-02-10 17:13:46 UTC (rev 6709) @@ -23,6 +23,7 @@ # Example call: isrpmvuln(pkg:"gnutls-utils", rpm:"gnutls-utils~1.4.1~3", rls:"FC6") function isrpmvuln(pkg, rpm, rls) { + local_var a, b, kbrls, pat, matches, checkshorta, checkshortb, rc, norm_pkg; # Check that we have the data for this release. kbrls = get_kb_item("ssh/login/release"); if(kbrls!=rls) { @@ -35,13 +36,39 @@ # overly permissive search (e.g. search for 'ash' must not match 'bash') pat = string("[\n;](", pkg, "~[^;]+);"); -# pat = string(pkg, "~([^;]+);"); matches = eregmatch(pattern:pat, string:rpms); if(isnull(matches)) { return(0); } #security_note(0, data: "Comparing " + matches[1] + " against " + rpm); - rc = revcomp(a:matches[1], b:rpm); + + # Ok...revcomp handles almost all situations intellligently. But, + # it can get caught on the following two string example: + # a:a="kernel~2.6.9~89.EL"; b="kernel~2.6.9~89.0.20.EL"; + # One would expect 'a' to be < (older than) 'b'. However, in this + # case revcomp differentiates the 'E' from the '0', and thinks that + # that b is as a result older (lexicographically less than) a. + # This is the only situation we've seen where this type of suffix + # causes problems. So, as a patch, we solve the problem locally + # BEFORE we call revcomp, by stripping from both strings the trailing + # '.EL[0-9]*' suffix, but only if both strings have the identical suffix. + # If we find other systems where this type of problem occurred, it may + # make sense to consider if we should be stripping equal trailing strings + # from the a/b parameters within revcomp. For now, though we'll do it here. + + a = matches[1]; + b = rpm; + checkshorta = eregmatch(pattern:"^(.*)[.]([Ee][Ll][0-9]*)$", string:a); + checkshortb = eregmatch(pattern:"^(.*)[.]([Ee][Ll][0-9]*)$", string:b); + if(!isnull(checkshorta) && !isnull(checkshortb)) { + if(checkshorta[2]==checkshortb[2]) { + a = checkshorta[1]; + b = checkshortb[1]; + } + } + + # Now proceed with the normal revision comparison + rc = revcomp(a:a, b:b); if(rc<0) { norm_pkg = ""; foreach comp (split(matches[1], sep: "~", keep:0)) { From scm-commit at wald.intevation.org Wed Feb 10 21:51:28 2010 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 10 Feb 2010 21:51:28 +0100 (CET) Subject: [Openvas-commits] r6710 - in trunk/openvas-plugins: . scripts Message-ID: <20100210205128.EA8AD86607DA@pyrosoma.intevation.org> Author: reinke Date: 2010-02-10 21:51:26 +0100 (Wed, 10 Feb 2010) New Revision: 6710 Added: trunk/openvas-plugins/scripts/deb_1841_2.nasl trunk/openvas-plugins/scripts/deb_1982_1.nasl trunk/openvas-plugins/scripts/deb_1983_1.nasl trunk/openvas-plugins/scripts/deb_1986_1.nasl trunk/openvas-plugins/scripts/deb_1987_1.nasl trunk/openvas-plugins/scripts/deb_1991_1.nasl trunk/openvas-plugins/scripts/deb_1992_1.nasl trunk/openvas-plugins/scripts/freebsd_ZendFramework0.nasl trunk/openvas-plugins/scripts/freebsd_apache16.nasl trunk/openvas-plugins/scripts/freebsd_bugzilla9.nasl trunk/openvas-plugins/scripts/freebsd_dokuwiki5.nasl trunk/openvas-plugins/scripts/freebsd_ircd-ratbox.nasl trunk/openvas-plugins/scripts/freebsd_otrs.nasl trunk/openvas-plugins/scripts/freebsd_powerdns-recursor0.nasl trunk/openvas-plugins/scripts/freebsd_squid24.nasl trunk/openvas-plugins/scripts/freebsd_wireshark3.nasl Modified: trunk/openvas-plugins/ChangeLog Log: New scripts added Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2010-02-10 17:13:46 UTC (rev 6709) +++ trunk/openvas-plugins/ChangeLog 2010-02-10 20:51:26 UTC (rev 6710) @@ -1,5 +1,25 @@ 2010-02-10 Thomas Reinke + * scripts/deb_1841_2.nasl, + scripts/deb_1982_1.nasl, + scripts/deb_1983_1.nasl, + scripts/deb_1986_1.nasl, + scripts/deb_1987_1.nasl, + scripts/deb_1991_1.nasl, + scripts/deb_1992_1.nasl, + scripts/freebsd_ZendFramework0.nasl, + scripts/freebsd_apache16.nasl, + scripts/freebsd_bugzilla9.nasl, + scripts/freebsd_dokuwiki5.nasl, + scripts/freebsd_ircd-ratbox.nasl, + scripts/freebsd_otrs.nasl, + scripts/freebsd_powerdns-recursor0.nasl, + scripts/freebsd_squid24.nasl, + scripts/freebsd_wireshark3.nasl: + New scripts. + +2010-02-10 Thomas Reinke + * scripts/pkg-lib-rpm.inc Added patch to handle specific instances where strings cannot be compared in revcomp() and get the expected results. Added: trunk/openvas-plugins/scripts/deb_1841_2.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1841_2.nasl 2010-02-10 17:13:46 UTC (rev 6709) +++ trunk/openvas-plugins/scripts/deb_1841_2.nasl 2010-02-10 20:51:26 UTC (rev 6710) @@ -0,0 +1,150 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1841-2 (git-core) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66803); + script_cve_id("CVE-2009-2108"); + script_version ("$Revision$"); + script_name("Debian Security Advisory DSA 1841-2 (git-core)"); + + desc = "The remote host is missing an update to git-core +announced via advisory DSA 1841-2. + +A bug in git-core caused the security update in DSA 1841 to fail to +build on a number of architectures Debian supports. This update corrects +the bug and releases builds for all supported architectures. The original +advisory is quoted in full below for reference. + +It was discovered that git-daemon which is part of git-core, a popular +distributed revision control system, is vulnerable to denial of service +attacks caused by a programming mistake in handling requests containing +extra unrecognized arguments which results in an infinite loop. While +this is no problem for the daemon itself as every request will spawn a +new git-daemon instance, this still results in a very high CPU consumption +and might lead to denial of service conditions. + +For the oldstable distribution (etch), this problem has been fixed in +version 1.4.4.4-4+etch4. + +For the stable distribution (lenny), this problem has been fixed in +version 1.5.6.5-3+lenny3. + +For the testing distribution (squeeze), this problem has been fixed in +version 1:1.6.3.3-1. + +For the unstable distribution (sid), this problem has been fixed in +version 1:1.6.3.3-1. + +We recommend that you upgrade your git-core packages. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201841-2 + +Risk factor : High"; + + script_description(desc); + + script_summary("Debian Security Advisory DSA 1841-2 (git-core)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com"); + script_family("Debian Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"gitk", ver:"1.4.4.4-4+etch4", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"git-cvs", ver:"1.4.4.4-4+etch4", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"git-svn", ver:"1.4.4.4-4+etch4", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"git-email", ver:"1.4.4.4-4+etch4", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"git-arch", ver:"1.4.4.4-4+etch4", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"gitweb", ver:"1.4.4.4-4+etch4", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"git-daemon-run", ver:"1.4.4.4-4+etch4", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"git-doc", ver:"1.4.4.4-4+etch4", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"git-core", ver:"1.4.4.4-4+etch4", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"gitweb", ver:"1.5.6.5-3+lenny3", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"git-daemon-run", ver:"1.5.6.5-3+lenny3", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"git-arch", ver:"1.5.6.5-3+lenny3", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"git-cvs", ver:"1.5.6.5-3+lenny3", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"gitk", ver:"1.5.6.5-3+lenny3", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"git-gui", ver:"1.5.6.5-3+lenny3", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"git-svn", ver:"1.5.6.5-3+lenny3", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"git-doc", ver:"1.5.6.5-3+lenny3", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"git-email", ver:"1.5.6.5-3+lenny3", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"git-core", ver:"1.5.6.5-3+lenny3", rls:"DEB5.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1982_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1982_1.nasl 2010-02-10 17:13:46 UTC (rev 6709) +++ trunk/openvas-plugins/scripts/deb_1982_1.nasl 2010-02-10 20:51:26 UTC (rev 6710) @@ -0,0 +1,91 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1982-1 (hybserv) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66804); + script_cve_id("CVE-2010-0303"); + script_version ("$Revision$"); + script_name("Debian Security Advisory DSA 1982-1 (hybserv)"); + + desc = "The remote host is missing an update to hybserv +announced via advisory DSA 1982-1. + + +Julien Cristau discovered that hybserv, a daemon running IRC services +for IRCD-Hybrid, is prone to a denial of service attack via the commands +option. + + +For the stable distribution (lenny), this problem has been fixed in +version 1.9.2-4+lenny2. + +Due to a bug in the archive system, it is not possible to release the +fix for the oldstable distribution (etch) simultaneously. Therefore, +etch will be fixed in version 1.9.2-4+etch1 as soon as it becomes +available. + +For the testing distribution (squeeze), this problem will be fixed soon. + +For the unstable distribution (sid), this problem has been fixed in +version 1.9.2-4.1. + + +We recommend that you upgrade your hybserv packages. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201982-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Debian Security Advisory DSA 1982-1 (hybserv)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com"); + script_family("Debian Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"hybserv", ver:"1.9.2-4+lenny2", rls:"DEB5.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1983_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1983_1.nasl 2010-02-10 17:13:46 UTC (rev 6709) +++ trunk/openvas-plugins/scripts/deb_1983_1.nasl 2010-02-10 20:51:26 UTC (rev 6710) @@ -0,0 +1,99 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1983-1 (wireshark) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66805); + script_cve_id("CVE-2009-4337", "CVE-2010-0304"); + script_version ("$Revision$"); + script_name("Debian Security Advisory DSA 1983-1 (wireshark)"); + + desc = "The remote host is missing an update to wireshark +announced via advisory DSA 1983-1. + +Several remote vulnerabilities have been discovered in the Wireshark +network traffic analyzer, which may lead to the execution of arbitrary +code or denial of service. The Common Vulnerabilities and Exposures +project identifies the following problems: + +CVE-2009-4337 + +A NULL pointer dereference was found in the SMB/SMB2 dissectors. + +CVE-2010-0304 + +Several buffer overflows were found in the LWRES dissector. + +For the stable distribution (lenny), this problem has been fixed in +version 1.0.2-3+lenny8. + +For the unstable distribution (sid) these problems have been fixed in +version 1.2.6-1. + +We recommend that you upgrade your Wireshark packages. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201983-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Debian Security Advisory DSA 1983-1 (wireshark)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com"); + script_family("Debian Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"wireshark-dev", ver:"1.0.2-3+lenny8", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"wireshark-common", ver:"1.0.2-3+lenny8", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"wireshark", ver:"1.0.2-3+lenny8", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"tshark", ver:"1.0.2-3+lenny8", rls:"DEB5.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1986_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1986_1.nasl 2010-02-10 17:13:46 UTC (rev 6709) +++ trunk/openvas-plugins/scripts/deb_1986_1.nasl 2010-02-10 20:51:26 UTC (rev 6710) @@ -0,0 +1,127 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1986-1 (moodle) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66807); + script_cve_id("CVE-2009-4297", "CVE-2009-4298", "CVE-2009-4299", "CVE-2009-4301", "CVE-2009-4302", "CVE-2009-4303", "CVE-2009-4305"); + script_version ("$Revision$"); + script_name("Debian Security Advisory DSA 1986-1 (moodle)"); + + desc = "The remote host is missing an update to moodle +announced via advisory DSA 1986-1. + + +Several vulnerabilities have been discovered in Moodle, an online +course management system. The Common Vulnerabilities and Exposures +project identifies the following problems: + +CVE-2009-4297 + +Multiple cross-site request forgery (CSRF) vulnerabilities have been +discovered. + +CVE-2009-4298 + +It has been discovered that the LAMS module is prone to the disclosure +of user account information. + +CVE-2009-4299 + +The Glossary module has an insufficient access control mechanism. + +CVE-2009-4301 + +Moodle does not properly check permissions when the MNET service is +enabled, which allows remote authenticated servers to execute arbitrary +MNET functions. + +CVE-2009-4302 + +The login/index_form.html page links to an HTTP page instead of using an +SSL secured connection. + +CVE-2009-4303 + +Moodle stores sensitive data in backup files, which might make it +possible for attackers to obtain them. + +CVE-2009-4305 + +It has been discovered that the SCORM module is prone to an SQL +injection. + +Additionally, an SQL injection in the update_record function, a problem +with symbolic links and a verification problem with Glossary, database +and forum ratings have been fixed. + + +For the stable distribution (lenny), these problems have been fixed in +version 1.8.2.dfsg-3+lenny3. + +For the oldstable distribution (etch), there are no fixed packages +available and it is too hard to backport many of the fixes. Therefore, +we recommend to upgrade to the lenny version. + +For the testing distribution (squeeze) and the unstable distribution +(sid), these problems have been fixed in version 1.8.2.dfsg-6. + + +We recommend that you upgrade your moodle packages. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201986-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Debian Security Advisory DSA 1986-1 (moodle)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com"); + script_family("Debian Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"moodle", ver:"1.8.2.dfsg-3+lenny3", rls:"DEB5.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1987_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1987_1.nasl 2010-02-10 17:13:46 UTC (rev 6709) +++ trunk/openvas-plugins/scripts/deb_1987_1.nasl 2010-02-10 20:51:26 UTC (rev 6710) @@ -0,0 +1,128 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1987-1 (lighttpd) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66806); + script_cve_id("CVE-2010-0295"); + script_version ("$Revision$"); + script_name("Debian Security Advisory DSA 1987-1 (lighttpd)"); + + desc = "The remote host is missing an update to lighttpd +announced via advisory DSA 1987-1. + +Li Ming discovered that lighttpd, a small and fast webserver with minimal +memory footprint, is vulnerable to a denial of service attack due to bad +memory handling. Slowly sending very small chunks of request data causes +lighttpd to allocate new buffers for each read instead of appending to +old ones. An attacker can abuse this behaviour to cause denial of service +conditions due to memory exhaustion. + + +For the oldstable distribution (etch), this problem has been fixed in +version 1.4.13-4etch12. + +For the stable distribution (lenny), this problem has been fixed in +version 1.4.19-5+lenny1. + +For the testing (squeeze) and unstable (sid) distribution, this problem +will be fixed soon. + + +We recommend that you upgrade your lighttpd packages. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201987-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Debian Security Advisory DSA 1987-1 (lighttpd)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com"); + script_family("Debian Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"lighttpd-doc", ver:"1.4.13-4etch12", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"lighttpd-mod-mysql-vhost", ver:"1.4.13-4etch12", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"lighttpd", ver:"1.4.13-4etch12", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"lighttpd-mod-magnet", ver:"1.4.13-4etch12", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"lighttpd-mod-webdav", ver:"1.4.13-4etch12", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"lighttpd-mod-trigger-b4-dl", ver:"1.4.13-4etch12", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"lighttpd-mod-cml", ver:"1.4.13-4etch12", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"lighttpd-doc", ver:"1.4.19-5+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"lighttpd-mod-cml", ver:"1.4.19-5+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"lighttpd", ver:"1.4.19-5+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"lighttpd-mod-webdav", ver:"1.4.19-5+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"lighttpd-mod-mysql-vhost", ver:"1.4.19-5+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"lighttpd-mod-magnet", ver:"1.4.19-5+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"lighttpd-mod-trigger-b4-dl", ver:"1.4.19-5+lenny1", rls:"DEB5.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1991_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1991_1.nasl 2010-02-10 17:13:46 UTC (rev 6709) +++ trunk/openvas-plugins/scripts/deb_1991_1.nasl 2010-02-10 20:51:26 UTC (rev 6710) @@ -0,0 +1,140 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1991-1 (squid/squid3) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66808); + script_cve_id("CVE-2009-2855", "CVE-2010-0308"); + script_version ("$Revision$"); + script_name("Debian Security Advisory DSA 1991-1 (squid/squid3)"); + + desc = "The remote host is missing an update to squid/squid3 +announced via advisory DSA 1991-1. + +Two denial of service vulnerabilities have been discovered in +squid and squid3, a web proxy. The Common Vulnerabilities and Exposures +project identifies the following problems: + +CVE-2009-2855 + +Bastian Blank discovered that it is possible to cause a denial of +service via a crafted auth header with certain comma delimiters. + +CVE-2010-0308 + +Tomas Hoger discovered that it is possible to cause a denial of service +via invalid DNS header-only packets. + + +For the stable distribution (lenny), these problems have been fixed in +version 2.7.STABLE3-4.1lenny1 of the squid package and version +3.0.STABLE8-3+lenny3 of the squid3 package. + +For the oldstable distribution (etch), these problems have been fixed in +version 2.6.5-6etch5 of the squid package and version 3.0.PRE5-5+etch2 +of the squid3 package. + +For the testing distribution (squeeze) and the unstable distribution +(sid), these problems will be fixed soon. + + +We recommend that you upgrade your squid/squid3 packages. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201991-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Debian Security Advisory DSA 1991-1 (squid/squid3)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com"); + script_family("Debian Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"squid3-common", ver:"3.0.PRE5-5+etch2", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"squid-common", ver:"2.6.5-6etch5", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"squid3-cgi", ver:"3.0.PRE5-5+etch2", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"squid3-client", ver:"3.0.PRE5-5+etch2", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"squid3", ver:"3.0.PRE5-5+etch2", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"squid-cgi", ver:"2.6.5-6etch5", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"squid", ver:"2.6.5-6etch5", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"squidclient", ver:"2.6.5-6etch5", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"squid-common", ver:"2.7.STABLE3-4.1lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"squid3-common", ver:"3.0.STABLE8-3+lenny3", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"squid", ver:"2.7.STABLE3-4.1lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"squidclient", ver:"3.0.STABLE8-3+lenny3", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"squid3", ver:"3.0.STABLE8-3+lenny3", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"squid-cgi", ver:"2.7.STABLE3-4.1lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"squid3-cgi", ver:"3.0.STABLE8-3+lenny3", rls:"DEB5.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1992_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1992_1.nasl 2010-02-10 17:13:46 UTC (rev 6709) +++ trunk/openvas-plugins/scripts/deb_1992_1.nasl 2010-02-10 20:51:26 UTC (rev 6710) @@ -0,0 +1,112 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1992-1 (chrony) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66809); + script_cve_id("CVE-2010-0292", "CVE-2010-0293", "CVE-2010-0294", "CVE-2009-3563"); + script_version ("$Revision$"); + script_name("Debian Security Advisory DSA 1992-1 (chrony)"); + + desc = "The remote host is missing an update to chrony +announced via advisory DSA 1992-1. + +Several vulnerabilities have been discovered in chrony, a pair of programs +which are used to maintain the accuracy of the system clock on a computer. +This issues are similar to the NTP security flaw CVE-2009-3563. The Common +Vulnerabilities and Exposures project identifies the following problems: + +CVE-2010-0292 + +chronyd replies to all cmdmon packets with NOHOSTACCESS messages even for +unauthorized hosts. An attacker can abuse this behaviour to force two +chronyd instances to play packet ping-pong by sending such a packet with +spoofed source address and port. This results in high CPU and network +usage and thus denial of service conditions. + +CVE-2010-0293 + +The client logging facility of chronyd doesn't limit memory that is used +to store client information. An attacker can cause chronyd to allocate +large amounts of memory by sending NTP or cmdmon packets with spoofed +source addresses resulting in memory exhaustion. + +CVE-2010-0294 + +chronyd lacks of a rate limit control to the syslog facility when logging +received packets from unauthorized hosts. This allows an attacker to +cause denial of service conditions via filling up the logs and thus disk +space by repeatedly sending invalid cmdmon packets. + + +For the oldstable distribution (etch), this problem has been fixed in +version 1.21z-5+etch1. + +For the stable distribution (lenny), this problem has been fixed in +version 1.23-6+lenny1. + +For the testing (squeeze) and unstable (sid) distribution, this problem +will be fixed soon. + + +We recommend that you upgrade your chrony packages. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201992-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Debian Security Advisory DSA 1992-1 (chrony)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com"); + script_family("Debian Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"chrony", ver:"1.21z-5+etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"chrony", ver:"1.23-6+lenny1", rls:"DEB5.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/freebsd_ZendFramework0.nasl =================================================================== --- trunk/openvas-plugins/scripts/freebsd_ZendFramework0.nasl 2010-02-10 17:13:46 UTC (rev 6709) +++ trunk/openvas-plugins/scripts/freebsd_ZendFramework0.nasl 2010-02-10 20:51:26 UTC (rev 6710) @@ -0,0 +1,84 @@ +# +#VID c9263916-006f-11df-94cb-0050568452ac +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from VID c9263916-006f-11df-94cb-0050568452ac +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66821); + script_version ("$Revision$"); + script_name("FreeBSD Ports: ZendFramework"); + + desc = "The remote host is missing an update to the system +as announced in the referenced advisory. + +The following package is affected: ZendFramework + +Solution: +Update your system with the appropriate patches or +software upgrades. + +http://framework.zend.com/security/advisory/ZF2010-06 +http://framework.zend.com/security/advisory/ZF2010-05 +http://framework.zend.com/security/advisory/ZF2010-04 +http://framework.zend.com/security/advisory/ZF2010-03 +http://framework.zend.com/security/advisory/ZF2010-02 +http://framework.zend.com/security/advisory/ZF2010-01 +http://framework.zend.com/security/advisory/ZF2009-02 +http://framework.zend.com/security/advisory/ZF2009-01 +http://www.vuxml.org/freebsd/c9263916-006f-11df-94cb-0050568452ac.html + +Risk factor : High"; + + script_description(desc); + + script_summary("FreeBSD Ports: ZendFramework"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com"); + script_family("FreeBSD Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/freebsdrel"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-bsd.inc"); +vuln = 0; +bver = portver(pkg:"ZendFramework"); +if(!isnull(bver) && revcomp(a:bver, b:"1.9.7")<0) { + security_note(0, data:"Package ZendFramework version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/freebsd_apache16.nasl =================================================================== --- trunk/openvas-plugins/scripts/freebsd_apache16.nasl 2010-02-10 17:13:46 UTC (rev 6709) +++ trunk/openvas-plugins/scripts/freebsd_apache16.nasl 2010-02-10 20:51:26 UTC (rev 6710) @@ -0,0 +1,201 @@ +# +#VID cae01d7b-110d-11df-955a-00219b0fc4d8 +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from VID cae01d7b-110d-11df-955a-00219b0fc4d8 +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66816); + script_version ("$Revision$"); + script_name("FreeBSD Ports: apache"); + + desc = "The remote host is missing an update to the system +as announced in the referenced advisory. + +The following packages are affected: + apache + apache+mod_perl + apache+ipv6 + apache_fp + ru-apache + ru-apache+mod_ssl + apache+ssl + apache+mod_ssl + apache+mod_ssl+ipv6 + apache+mod_ssl+mod_accel + apache+mod_ssl+mod_accel+ipv6 + apache+mod_ssl+mod_accel+mod_deflate + apache+mod_ssl+mod_accel+mod_deflate+ipv6 + apache+mod_ssl+mod_deflate + apache+mod_ssl+mod_deflate+ipv6 + apache+mod_ssl+mod_snmp + apache+mod_ssl+mod_snmp+mod_accel + apache+mod_ssl+mod_snmp+mod_accel+ipv6 + apache+mod_ssl+mod_snmp+mod_deflate + apache+mod_ssl+mod_snmp+mod_deflate+ipv6 + apache+mod_ssl+mod_snmp+mod_accel+mod_deflate+ipv6 + +Solution: +Update your system with the appropriate patches or +software upgrades. + +http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0010 +http://www.security-database.com/detail.php?alert=CVE-2010-0010 +http://security-tracker.debian.org/tracker/CVE-2010-0010 +http://www.vupen.com/english/Reference-CVE-2010-0010.php +http://www.vuxml.org/freebsd/cae01d7b-110d-11df-955a-00219b0fc4d8.html + +Risk factor : High"; + + script_description(desc); + + script_summary("FreeBSD Ports: apache"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com"); + script_family("FreeBSD Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/freebsdrel"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-bsd.inc"); +vuln = 0; +bver = portver(pkg:"apache"); +if(!isnull(bver) && revcomp(a:bver, b:"1.3.42")<0) { + security_note(0, data:"Package apache version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} +bver = portver(pkg:"apache+mod_perl"); +if(!isnull(bver) && revcomp(a:bver, b:"1.3.42")<0) { + security_note(0, data:"Package apache+mod_perl version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} +bver = portver(pkg:"apache+ipv6"); +if(!isnull(bver) && revcomp(a:bver, b:"1.3.42")<0) { + security_note(0, data:"Package apache+ipv6 version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} +bver = portver(pkg:"apache_fp"); +if(!isnull(bver) && revcomp(a:bver, b:"0")>=0) { + security_note(0, data:"Package apache_fp version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} +bver = portver(pkg:"ru-apache"); +if(!isnull(bver) && revcomp(a:bver, b:"1.3.42+30.23")<0) { + security_note(0, data:"Package ru-apache version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} +bver = portver(pkg:"ru-apache+mod_ssl"); +if(!isnull(bver) && revcomp(a:bver, b:"1.3.42")<0) { + security_note(0, data:"Package ru-apache+mod_ssl version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} +bver = portver(pkg:"apache+ssl"); +if(!isnull(bver) && revcomp(a:bver, b:"1.3.42.1.57_2")<0) { + security_note(0, data:"Package apache+ssl version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} +bver = portver(pkg:"apache+mod_ssl"); +if(!isnull(bver) && revcomp(a:bver, b:"1.3.42+2.8.27_1")<0) { + security_note(0, data:"Package apache+mod_ssl version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} +bver = portver(pkg:"apache+mod_ssl+ipv6"); +if(!isnull(bver) && revcomp(a:bver, b:"1.3.42+2.8.27_1")<0) { + security_note(0, data:"Package apache+mod_ssl+ipv6 version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} +bver = portver(pkg:"apache+mod_ssl+mod_accel"); +if(!isnull(bver) && revcomp(a:bver, b:"1.3.42+2.8.27_1")<0) { + security_note(0, data:"Package apache+mod_ssl+mod_accel version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} +bver = portver(pkg:"apache+mod_ssl+mod_accel+ipv6"); +if(!isnull(bver) && revcomp(a:bver, b:"1.3.42+2.8.27_1")<0) { + security_note(0, data:"Package apache+mod_ssl+mod_accel+ipv6 version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} +bver = portver(pkg:"apache+mod_ssl+mod_accel+mod_deflate"); +if(!isnull(bver) && revcomp(a:bver, b:"1.3.42+2.8.27_1")<0) { + security_note(0, data:"Package apache+mod_ssl+mod_accel+mod_deflate version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} +bver = portver(pkg:"apache+mod_ssl+mod_accel+mod_deflate+ipv6"); +if(!isnull(bver) && revcomp(a:bver, b:"1.3.42+2.8.27_1")<0) { + security_note(0, data:"Package apache+mod_ssl+mod_accel+mod_deflate+ipv6 version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} +bver = portver(pkg:"apache+mod_ssl+mod_deflate"); +if(!isnull(bver) && revcomp(a:bver, b:"1.3.42+2.8.27_1")<0) { + security_note(0, data:"Package apache+mod_ssl+mod_deflate version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} +bver = portver(pkg:"apache+mod_ssl+mod_deflate+ipv6"); +if(!isnull(bver) && revcomp(a:bver, b:"1.3.42+2.8.27_1")<0) { + security_note(0, data:"Package apache+mod_ssl+mod_deflate+ipv6 version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} +bver = portver(pkg:"apache+mod_ssl+mod_snmp"); +if(!isnull(bver) && revcomp(a:bver, b:"1.3.42+2.8.27_1")<0) { + security_note(0, data:"Package apache+mod_ssl+mod_snmp version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} +bver = portver(pkg:"apache+mod_ssl+mod_snmp+mod_accel"); +if(!isnull(bver) && revcomp(a:bver, b:"1.3.42+2.8.27_1")<0) { + security_note(0, data:"Package apache+mod_ssl+mod_snmp+mod_accel version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} +bver = portver(pkg:"apache+mod_ssl+mod_snmp+mod_accel+ipv6"); +if(!isnull(bver) && revcomp(a:bver, b:"1.3.42+2.8.27_1")<0) { + security_note(0, data:"Package apache+mod_ssl+mod_snmp+mod_accel+ipv6 version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} +bver = portver(pkg:"apache+mod_ssl+mod_snmp+mod_deflate"); +if(!isnull(bver) && revcomp(a:bver, b:"1.3.42+2.8.27_1")<0) { + security_note(0, data:"Package apache+mod_ssl+mod_snmp+mod_deflate version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} +bver = portver(pkg:"apache+mod_ssl+mod_snmp+mod_deflate+ipv6"); +if(!isnull(bver) && revcomp(a:bver, b:"1.3.42+2.8.27_1")<0) { + security_note(0, data:"Package apache+mod_ssl+mod_snmp+mod_deflate+ipv6 version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} +bver = portver(pkg:"apache+mod_ssl+mod_snmp+mod_accel+mod_deflate+ipv6"); +if(!isnull(bver) && revcomp(a:bver, b:"1.3.42+2.8.27_1")<0) { + security_note(0, data:"Package apache+mod_ssl+mod_snmp+mod_accel+mod_deflate+ipv6 version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/freebsd_bugzilla9.nasl =================================================================== --- trunk/openvas-plugins/scripts/freebsd_bugzilla9.nasl 2010-02-10 17:13:46 UTC (rev 6709) +++ trunk/openvas-plugins/scripts/freebsd_bugzilla9.nasl 2010-02-10 20:51:26 UTC (rev 6710) @@ -0,0 +1,85 @@ +# +#VID 696053c6-0f50-11df-a628-001517351c22 +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from VID 696053c6-0f50-11df-a628-001517351c22 +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66818); + script_cve_id("CVE-2009-3387"); + script_version ("$Revision$"); + script_name("FreeBSD Ports: bugzilla"); + + desc = "The remote host is missing an update to the system +as announced in the referenced advisory. + +The following package is affected: bugzilla + +CVE-2009-3387 +Bugzilla 3.3.1 through 3.4.4, 3.5.1, and 3.5.2 does not allow group +restrictions to be preserved throughout the process of moving a bug to +a different product category, which allows remote attackers to obtain +sensitive information via a request for a bug in opportunistic +circumstances. + +Solution: +Update your system with the appropriate patches or +software upgrades. + +http://www.bugzilla.org/security/3.0.10/ +http://www.vuxml.org/freebsd/696053c6-0f50-11df-a628-001517351c22.html + +Risk factor : High"; + + script_description(desc); + + script_summary("FreeBSD Ports: bugzilla"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com"); + script_family("FreeBSD Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/freebsdrel"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-bsd.inc"); +vuln = 0; +bver = portver(pkg:"bugzilla"); +if(!isnull(bver) && revcomp(a:bver, b:"3.3.1")>0 && revcomp(a:bver, b:"3.4.5")<0) { + security_note(0, data:"Package bugzilla version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/freebsd_dokuwiki5.nasl =================================================================== --- trunk/openvas-plugins/scripts/freebsd_dokuwiki5.nasl 2010-02-10 17:13:46 UTC (rev 6709) +++ trunk/openvas-plugins/scripts/freebsd_dokuwiki5.nasl 2010-02-10 20:51:26 UTC (rev 6710) @@ -0,0 +1,78 @@ +# +#VID 848539dc-0458-11df-8dd7-002170daae37 +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from VID 848539dc-0458-11df-8dd7-002170daae37 +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66820); + script_version ("$Revision$"); + script_name("FreeBSD Ports: dokuwiki"); + + desc = "The remote host is missing an update to the system +as announced in the referenced advisory. + +The following package is affected: dokuwiki + +Solution: +Update your system with the appropriate patches or +software upgrades. + +http://bugs.splitbrain.org/index.php?do=details&task_id=1847 +http://bugs.splitbrain.org/index.php?do=details&task_id=1853 +http://www.vuxml.org/freebsd/848539dc-0458-11df-8dd7-002170daae37.html + +Risk factor : High"; + + script_description(desc); + + script_summary("FreeBSD Ports: dokuwiki"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com"); + script_family("FreeBSD Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/freebsdrel"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-bsd.inc"); +vuln = 0; +bver = portver(pkg:"dokuwiki"); +if(!isnull(bver) && revcomp(a:bver, b:"20091225_2")<0) { + security_note(0, data:"Package dokuwiki version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/freebsd_ircd-ratbox.nasl =================================================================== --- trunk/openvas-plugins/scripts/freebsd_ircd-ratbox.nasl 2010-02-10 17:13:46 UTC (rev 6709) +++ trunk/openvas-plugins/scripts/freebsd_ircd-ratbox.nasl 2010-02-10 20:51:26 UTC (rev 6710) @@ -0,0 +1,99 @@ +# +#VID 192609c8-0c51-11df-82a0-00248c9b4be7 +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from VID 192609c8-0c51-11df-82a0-00248c9b4be7 +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66819); + script_cve_id("CVE-2009-4016", "CVE-2010-0300"); + script_version ("$Revision$"); + script_name("FreeBSD Ports: ircd-ratbox"); + + desc = "The remote host is missing an update to the system +as announced in the referenced advisory. + +The following packages are affected: + ircd-ratbox + ircd-ratbox-devel + +CVE-2009-4016 +Integer underflow in the clean_string function in irc_string.c in (1) +IRCD-hybrid 7.2.2 and 7.2.3, (