[Openvas-commits] r6582 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Thu Jan 28 16:24:15 CET 2010


Author: chandra
Date: 2010-01-28 16:24:05 +0100 (Thu, 28 Jan 2010)
New Revision: 6582

Added:
   trunk/openvas-plugins/scripts/gb_adobe_shockwave_player_bof_vuln_jan10.nasl
   trunk/openvas-plugins/scripts/gb_south_river_webdrive_detect.nasl
   trunk/openvas-plugins/scripts/gb_south_river_webdrive_loc_priv_esc_vuln.nasl
   trunk/openvas-plugins/scripts/gb_varnish_detect.nasl
   trunk/openvas-plugins/scripts/gb_varnish_logs_escape_sequence_inj_vuln.nasl
   trunk/openvas-plugins/scripts/gb_vlc_media_player_ass_bof_vuln_lin.nasl
   trunk/openvas-plugins/scripts/gb_vlc_media_player_ass_bof_vuln_win.nasl
   trunk/openvas-plugins/scripts/secpod_thegreenbow_ipsec_vpn_client_bof_vuln.nasl
   trunk/openvas-plugins/scripts/secpod_tor_clients_info_disc_vuln_lin.nasl
   trunk/openvas-plugins/scripts/secpod_tor_clients_info_disc_vuln_win.nasl
   trunk/openvas-plugins/scripts/secpod_tor_dir_queries_info_disc_vuln_lin.nasl
   trunk/openvas-plugins/scripts/secpod_tor_dir_queries_info_disc_vuln_win.nasl
   trunk/openvas-plugins/scripts/secpod_zabbix_serv_arbitrary_cmd_exec_vuln.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/cpe.inc
   trunk/openvas-plugins/scripts/gb_adobe_flash_player_remote_code_exec_vuln_winxp.nasl
   trunk/openvas-plugins/scripts/zabbix_37308.nasl
   trunk/openvas-plugins/scripts/zabbix_37309.nasl
Log:
Added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2010-01-28 13:55:55 UTC (rev 6581)
+++ trunk/openvas-plugins/ChangeLog	2010-01-28 15:24:05 UTC (rev 6582)
@@ -1,5 +1,28 @@
 2010-01-28  Chandrashekhar B <bchandra at secpod.com>
 
+	* scripts/gb_vlc_media_player_ass_bof_vuln_win.nasl,
+	scripts/gb_south_river_webdrive_loc_priv_esc_vuln.nasl,
+	scripts/secpod_tor_clients_info_disc_vuln_win.nasl,
+	scripts/gb_adobe_flash_player_remote_code_exec_vuln_winxp.nasl,
+	scripts/secpod_tor_dir_queries_info_disc_vuln_lin.nasl,
+	scripts/gb_south_river_webdrive_detect.nasl,
+	scripts/gb_adobe_shockwave_player_bof_vuln_jan10.nasl,
+	scripts/gb_varnish_detect.nasl,
+	scripts/secpod_zabbix_serv_arbitrary_cmd_exec_vuln.nasl,
+	scripts/gb_vlc_media_player_ass_bof_vuln_lin.nasl,
+	scripts/gb_varnish_logs_escape_sequence_inj_vuln.nasl,
+	scripts/secpod_tor_clients_info_disc_vuln_lin.nasl,
+	scripts/secpod_thegreenbow_ipsec_vpn_client_bof_vuln.nasl,
+	scripts/secpod_tor_dir_queries_info_disc_vuln_win.nasl:
+	Added new plugins
+
+	* scripts/cpe.inc: Added new CPE's.
+
+	* scripts/zabbix_37309.nasl,
+	scripts/zabbix_37308.nasl: Added CVE's.
+
+2010-01-28  Chandrashekhar B <bchandra at secpod.com>
+
 	* scripts/smb_nt.inc (smb_neg_prot): Updated to negotiate
 	NTLM authentication if support is available.
 

Modified: trunk/openvas-plugins/scripts/cpe.inc
===================================================================
--- trunk/openvas-plugins/scripts/cpe.inc	2010-01-28 13:55:55 UTC (rev 6581)
+++ trunk/openvas-plugins/scripts/cpe.inc	2010-01-28 15:24:05 UTC (rev 6582)
@@ -782,7 +782,9 @@
 "www/*/LiveZilla", "^([0-9.]+)", "cpe:/a:livezilla:livezilla:",
 "Kerberos5/Ver", "^([0-9.]+)", "cpe:/a:mit:kerberos:",
 "Google/SketchUp/Win/Ver", "^([0-9.]+)", "cpe:/a:google:google_sketchup:",
-"www/*/phpNagios", "^([0-9.]+)", "cpe:/a:phpnagios:phpnagios:"
+"www/*/phpNagios", "^([0-9.]+)", "cpe:/a:phpnagios:phpnagios:",
+"SouthRiverWebDrive/Win/Ver", "^([0-9.]+)", "cpe:/a:south_river_technologies:webdrive:",
+"Varnish/Ver", "^([0-9.]+)", "cpe:/a:varnish.projects.linpro:varnish:"
 );
 
 

Modified: trunk/openvas-plugins/scripts/gb_adobe_flash_player_remote_code_exec_vuln_winxp.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_adobe_flash_player_remote_code_exec_vuln_winxp.nasl	2010-01-28 13:55:55 UTC (rev 6581)
+++ trunk/openvas-plugins/scripts/gb_adobe_flash_player_remote_code_exec_vuln_winxp.nasl	2010-01-28 15:24:05 UTC (rev 6582)
@@ -1,12 +1,16 @@
 ###############################################################################
 # OpenVAS Vulnerability Test
-# $Id: gb_adobe_flash_player_remote_code_exec_vuln_winxp.nasl 2010-01-13 15:06:02Z oct $
+# $Id: gb_adobe_flash_player_remote_code_exec_vuln_winxp.nasl 6943 2010-01-13 15:06:02Z jan $
 #
 # Adobe Flash Player Remote Code Execution Vulnerability (WinXP)
 #
 # Authors:
 # Antu Sanadi <santu at secpod.com>
 #
+# Updated By:
+# Antu Sanadi <santu at secpod.com> on 2010-01-22 #6943
+# updated the CVE's and Vulnerability Insight
+#
 # Copyright:
 # Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
 #
@@ -27,15 +31,17 @@
 if(description)
 {
   script_id(800420);
-  script_version("$Revision$: 1.0");
+  script_version("$Revision$: 1.1");
+  script_cve_id("CVE-2010-0378", "CVE-2010-0379");
   script_name("Adobe Flash Player Remote Code Execution Vulnerability (WinXP)");
   desc = "
-  Overview: This host has Adobe Flash Player installed and is prone to Remote
-  Code Execution vulnerability
+  Overview: This host has Adobe Flash Player installed and is prone to remote
+  code execution vulnerability.
 
   Vulnerability Insight:
-  The flaw exist when a user views a specially crafted Web page through Internet
-  Explorer.
+  The flaw is caused due to a use-after-free error in the bundled version of Flash
+  Player when unloading Flash objects while these are still being accessed using
+  script code.
 
   Impact:
   Successful exploitation could allow remote attackers to crash an affected
@@ -48,14 +54,17 @@
   Adobe Flash Player 6.x on Windows XP.
 
   Fix: Upgrade to Adobe Flash Player 10.0.42.34,
-  http://www.adobe.com/downloads/
+  For Updates Refer, http://www.adobe.com/downloads/
 
   References:
+  http://secunia.com/advisories/27105
+  http://secunia.com/secunia_research/2007-77/
+  http://securitytracker.com/alerts/2010/Jan/1023435.html
   http://www.microsoft.com/technet/security/advisory/979267.mspx
 
   CVSS Score:
-    CVSS Base Score     : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
-    CVSS Temporal Score : 6.9
+    CVSS Base Score      : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score  : 6.9
   Risk factor: High";
 
   script_description(desc);
@@ -68,7 +77,6 @@
 }
 
 
-
 include("smb_nt.inc");
 include("secpod_reg.inc");
 
@@ -77,7 +85,6 @@
 }
 
 adobeVer = get_kb_item("AdobeFlashPlayer/Win/Ver");
-
 # Grep for versions 6 Series
 if((adobeVer) && (adobeVer =~ "^6\.")){
    security_hole(0);

Added: trunk/openvas-plugins/scripts/gb_adobe_shockwave_player_bof_vuln_jan10.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_adobe_shockwave_player_bof_vuln_jan10.nasl	2010-01-28 13:55:55 UTC (rev 6581)
+++ trunk/openvas-plugins/scripts/gb_adobe_shockwave_player_bof_vuln_jan10.nasl	2010-01-28 15:24:05 UTC (rev 6582)
@@ -0,0 +1,89 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_adobe_shockwave_player_bof_vuln_jan10.nasl 6943 2010-01-22 13:39:02Z jan $
+#
+# Adobe Shockwave Player 3D Model Buffer Overflow Vulnerabilities
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800443);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2009-4003", "CVE-2009-4002");
+  script_bugtraq_id(37872, 37870);
+  script_name("Adobe Shockwave Player 3D Model Buffer Overflow Vulnerabilities");
+  desc = "
+  Overview: This host has Adobe Shockwave Player installed and is prone to
+  Buffer Overflow vulnerabilities.
+
+  Vulnerability Insight:
+  These flaws are caused by buffer and integer overflow errors when processing
+  Shockwave files or 3D models, which could be exploited to execute arbitrary
+  code by tricking a user into visiting a specially crafted web page.
+
+  Impact:
+  Successful attack could allow attackers to execute arbitrary code and compromise
+  a vulnerable system.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  Adobe Shockwave Player prior to 11.5.6.606 on Windows.
+
+  Fix: Upgrade to Adobe Shockwave Player 11.5.6.606 or later.
+  For Updates Refer, http://get.adobe.com/shockwave/otherversions/
+
+  References:
+  http://secunia.com/secunia_research/2009-61/
+  http://www.vupen.com/english/advisories/2010/0171
+  http://securitytracker.com/alerts/2010/Jan/1023481.html
+  http://www.adobe.com/support/security/bulletins/apsb10-03.html
+  http://www.securityfocus.com/archive/1/archive/1/509062/100/0/threaded
+
+  CVSS Score:
+    CVSS Base Score     : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 6.9
+  Risk factor: High";
+
+  script_description(desc);
+  script_summary("Check for the version of Adobe Shockwave Player");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
+  script_family("Buffer overflow");
+  script_dependencies("secpod_adobe_shockwave_player_detect.nasl");
+  script_require_keys("Adobe/ShockwavePlayer/Ver");
+  script_require_ports(139, 445);
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+shockVer = get_kb_item("Adobe/ShockwavePlayer/Ver");
+if(!shockVer){
+  exit(0);
+}
+
+# Grep for version prior to 11.5.6.606
+if(version_is_less(version:shockVer, test_version:"11.5.6.606")){
+  security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_adobe_shockwave_player_bof_vuln_jan10.nasl
___________________________________________________________________
Name: svn:executable
   + *
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/gb_south_river_webdrive_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_south_river_webdrive_detect.nasl	2010-01-28 13:55:55 UTC (rev 6581)
+++ trunk/openvas-plugins/scripts/gb_south_river_webdrive_detect.nasl	2010-01-28 15:24:05 UTC (rev 6582)
@@ -0,0 +1,76 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_south_river_webdrive_detect.nasl 6803 2010-01-25 15:19:28Z jan $
+#
+# South River WebDrive Version Detection
+#
+# Authors:
+# Veerendra G <veerendragg at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800158);
+  script_version("$Revision$: 1.0");
+  script_name("South River WebDrive Version Detection");
+  desc = "
+  Overview: This script detects the installed South River WebDrive and
+  saves the version in KB.
+
+  Risk factor: Informational";
+
+  script_description(desc);
+  script_summary("Set version of South River WebDrive in KB");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2010 Greenbone Networks GmbH");
+  script_family("Service detection");
+  script_dependencies("secpod_reg_enum.nasl");
+  script_require_keys("SMB/WindowsVersion");
+  script_require_ports(139, 445);
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_smb_func.inc");
+
+## Windows Confirmation
+if(!get_kb_item("SMB/WindowsVersion")){
+  exit(0);
+}
+
+## South River Web Drive Application confirmation
+if(!registry_key_exists(key:"SOFTWARE\South River Technologies\WebDrive")){
+  exit(0);
+}
+
+## Get the South River Web Drive Version
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
+foreach item (registry_enum_keys(key:key))
+{
+  webDrive = registry_get_sz(key:key + item, item:"DisplayName");
+  if("WebDrive" >< webDrive)
+  {
+    webDriveVer = registry_get_sz(key:key + item, item:"DisplayVersion");
+    if( webDriveVer != NULL){
+       set_kb_item(name:"SouthRiverWebDrive/Win/Ver", value:webDriveVer);
+    }
+    exit(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_south_river_webdrive_detect.nasl
___________________________________________________________________
Name: svn:executable
   + *
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/gb_south_river_webdrive_loc_priv_esc_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_south_river_webdrive_loc_priv_esc_vuln.nasl	2010-01-28 13:55:55 UTC (rev 6581)
+++ trunk/openvas-plugins/scripts/gb_south_river_webdrive_loc_priv_esc_vuln.nasl	2010-01-28 15:24:05 UTC (rev 6582)
@@ -0,0 +1,89 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_south_river_webdrive_loc_prev_esc_vuln.nasl 6803 2010-01-25 16:04:27Z jan $
+#
+# South River Technologies WebDrive Local Privilege Escalation Vulnerability
+#
+# Authors:
+# Veerendra GG <veerendragg at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800159);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2009-4606");
+  script_name("South River Technologies WebDrive Local Privilege Escalation Vulnerability");
+  desc = "
+  Overview: This host is installed with South River Technologies WebDrive and
+  is prone to Local Privilege Escalation Vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused due to the WebDrive Service being installed without
+  security descriptors, which could be exploited by local attackers to,
+  - stop the service via the stop command
+  - restart the service via the start command
+  - execute arbitrary commands with elevated privileges by changing the
+    service 'binPath' configuration.
+
+  Impact:
+  Successful exploitation will let the local attacker to execute arbitrary
+  commands with an elevated privileges.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  South River WebDrive version 9.02 build 2232 and prior on Windows.
+
+  Fix: No solution or patch is available as on 25th January, 2010. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://www.webdrive.com/download/index.html
+
+  References:
+  http://secunia.com/advisories/37083/
+  http://retrogod.altervista.org/9sg_south_river_priv.html
+  http://www.securityfocus.com/archive/1/archive/1/507323/100/0/threaded
+
+  CVSS Score:
+    CVSS Base Score     : 7.2 (AV:L/AC:L/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 6.4
+  Risk factor: High";
+
+  script_description(desc);
+  script_summary("Check for the version of South River WebDrive");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2010 Intevation GmbH");
+  script_family("Privilege escalation");
+  script_dependencies("gb_south_river_webdrive_detect.nasl");
+  script_require_keys("SouthRiverWebDrive/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get South River WebDrive Version from KB
+webDriveVer = get_kb_item("SouthRiverWebDrive/Win/Ver");
+if(webDriveVer != NULL)
+{
+  # Check for South River WebDrive Version < 9.02 build 2232 (9.02.2232)
+  if(version_is_less_equal(version:webDriveVer, test_version:"9.02.2232")){
+    security_hole(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_south_river_webdrive_loc_priv_esc_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/gb_varnish_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_varnish_detect.nasl	2010-01-28 13:55:55 UTC (rev 6581)
+++ trunk/openvas-plugins/scripts/gb_varnish_detect.nasl	2010-01-28 15:24:05 UTC (rev 6582)
@@ -0,0 +1,66 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_varnish_detect.nasl 6807 2010-01-27 15:21:24Z jan $
+#
+# Varnish Version Detection
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800446);
+  script_version("$Revision$: 1.0");
+  script_name("Varnish Version Detection");
+  desc = "
+  Overview: This script detects the installed version of Varnish and
+  sets the result in KB.
+
+  Risk factor: Informational";
+
+  script_description(desc);
+  script_summary("Sets KB for the version of Varnish");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
+  script_family("Service detection");
+  exit(0);
+}
+
+
+include("ssh_func.inc");
+include("version_func.inc");
+
+sock = ssh_login_or_reuse_connection();
+if(!sock){
+  exit(0);
+}
+
+#Set Version KB for Varnish
+varPath = find_bin(prog_name:"varnishd", sock:sock);
+foreach varFile (varPath)
+{
+  varVer = get_bin_version(full_prog_name:chomp(varFile), version_argv:"-V",
+                   ver_pattern:"-(([0-9.]+)(-[a-zA-z0-9]+)?)", sock:sock);
+  if(varVer[1] != NULL)
+  {
+    varVer = ereg_replace(pattern:"-", string:varVer[1], replace: ".");
+    set_kb_item(name:"Varnish/Ver", value:varVer);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_varnish_detect.nasl
___________________________________________________________________
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/gb_varnish_logs_escape_sequence_inj_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_varnish_logs_escape_sequence_inj_vuln.nasl	2010-01-28 13:55:55 UTC (rev 6581)
+++ trunk/openvas-plugins/scripts/gb_varnish_logs_escape_sequence_inj_vuln.nasl	2010-01-28 15:24:05 UTC (rev 6582)
@@ -0,0 +1,97 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_varnish_logs_escape_sequence_inj_vuln.nasl 6807 2010-01-27 16:30:29Z jan $
+#
+# Varnish Log Escape Sequence Injection  Vulnerability
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800447);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2009-4488");
+  script_bugtraq_id(37713);
+  script_name("Varnish Log Escape Sequence Injection Vulnerability");
+  desc = "
+  Overview: This host is installed with Varnish and is prone to Log Escape
+  Sequence Injection Vulnerability.
+
+  Vulnerability Insight:
+  The flaw exists when the Web Server is executed in foreground in a pty or
+  when the logfiles are viewed with tools like 'cat' or 'tail' injected control
+  characters reach the terminal and are executed.
+
+  Impact:
+  Successful exploitation will let the attacker execute arbitrary commands in
+  a terminal.
+
+  Impact level: Application
+
+  Affected Software/OS:
+  Varnish version 2.0.6 and prior.
+
+  Fix:
+  No solution or patch is available as on 27th January, 2010. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://varnish.projects.linpro.no/wiki/WikiStart
+
+  References:
+  http://www.ush.it/team/ush/hack_httpd_escape/adv.txt
+  http://www.securityfocus.com/archive/1/archive/1/508830/100/0/threaded
+
+  CVSS Score:
+    CVSS Base Score       : 5.0 (AV:N/AC:L/Au:NR/C:P/I:N/A:N)
+    CVSS Temporal Score   : 4.5
+  Risk factor : Medium";
+
+  script_description(desc);
+  script_summary("Check for the version of Varnish");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
+  script_family("Web Servers");
+  script_dependencies("find_service.nes", "gb_varnish_detect.nasl");
+  script_require_ports("Services/www", 80);
+  script_require_keys("Varnish/Ver");
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+port = get_http_port(default:80);
+if(!get_port_state(port)){
+  exit(0);
+}
+
+varVer = get_kb_item("Varnish/Ver");
+if(!varVer){
+  exit(0);
+}
+
+banner = get_http_banner(port:port);
+if("X-Varnish" >< banner)
+{
+  if(version_is_less_equal(version:varVer, test_version:"2.0.6")){
+    security_warning(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_varnish_logs_escape_sequence_inj_vuln.nasl
___________________________________________________________________
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/gb_vlc_media_player_ass_bof_vuln_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_vlc_media_player_ass_bof_vuln_lin.nasl	2010-01-28 13:55:55 UTC (rev 6581)
+++ trunk/openvas-plugins/scripts/gb_vlc_media_player_ass_bof_vuln_lin.nasl	2010-01-28 15:24:05 UTC (rev 6582)
@@ -0,0 +1,82 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_vlc_media_player_ass_bof_vuln_lin.nasl 6945 2010-01-23 13:52:23Z jan $
+#
+# VLC Media Player ASS File Buffer Overflow Vulnerability (Linux)
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800445);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2010-0364");
+  script_bugtraq_id(37832);
+  script_name("VLC Media Player ASS File Buffer Overflow Vulnerability (Linux)");
+  desc = "
+  Overview: This host is installed with VLC Media Player and is prone to
+  Stack-Based Buffer Overflow Vulnerability.
+
+  Vulnerability Insight:
+  The flaw exists due to stack-based buffer overflow error in Aegisub Advanced
+  SubStation ('.ass') file handler that fails to perform adequate boundary
+  checks on user-supplied input.
+
+  Impact:
+  Successful exploitation allows attackers to execute arbitrary code, and can
+  casue application crash.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  VLC Media Player version 0.8.6 on Linux.
+
+  Fix:
+  No solution/patch is available as on 23rd January, 2010. Information
+  regarding this issue will updated once the solution details are available.
+  For updates refer, http://www.videolan.org/vlc/
+
+  References:
+  http://xforce.iss.net/xforce/xfdb/55717
+  http://www.exploit-db.com/exploits/11174
+
+  CVSS Score:
+    CVSS Base Score      : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score  : 8.4
+  Risk factor : Critical";
+
+  script_description(desc);
+  script_summary("Check for the version of VLC Media Player");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
+  script_family("Buffer overflow");
+  script_dependencies("secpod_vlc_media_player_detect_lin.nasl");
+  script_require_keys("VLCPlayer/Lin/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+vlcVer = get_kb_item("VLCPlayer/Lin/Ver");
+if(!isnull(vlcVer) &&  vlcVer =~ "^0\.8\.6.*"){
+  security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_vlc_media_player_ass_bof_vuln_lin.nasl
___________________________________________________________________
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/gb_vlc_media_player_ass_bof_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_vlc_media_player_ass_bof_vuln_win.nasl	2010-01-28 13:55:55 UTC (rev 6581)
+++ trunk/openvas-plugins/scripts/gb_vlc_media_player_ass_bof_vuln_win.nasl	2010-01-28 15:24:05 UTC (rev 6582)
@@ -0,0 +1,82 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_vlc_media_player_ass_bof_vuln_win.nasl 6945 2010-01-23 12:52:23Z jan $
+#
+# VLC Media Player ASS File Buffer Overflow Vulnerability (Win)
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800444);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2010-0364");
+  script_bugtraq_id(37832);
+  script_name("VLC Media Player ASS File Buffer Overflow Vulnerability (Win)");
+  desc = "
+  Overview: This host is installed with VLC Media Player and is prone to
+  Stack-Based Buffer Overflow Vulnerability.
+
+  Vulnerability Insight:
+  The flaw exists due to stack-based buffer overflow error in Aegisub Advanced
+  SubStation ('.ass') file handler that fails to perform adequate boundary checks on
+  user-supplied input.
+
+  Impact:
+  Successful exploitation allows attackers to execute arbitrary code, and can
+  casue application crash.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  VLC Media Player version 0.8.6 on Windows.
+
+  Fix:
+  No solution/patch is available as on 23rd January, 2010. Information
+  regarding this issue will updated once the solution details are available.
+  For updates refer, http://www.videolan.org/vlc/
+
+  References:
+  http://xforce.iss.net/xforce/xfdb/55717
+  http://www.exploit-db.com/exploits/11174
+
+  CVSS Score:
+    CVSS Base Score      : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score  : 8.4
+  Risk factor : Critical";
+
+  script_description(desc);
+  script_summary("Check for the version of VLC Media Player");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
+  script_family("Buffer overflow");
+  script_dependencies("secpod_vlc_media_player_detect_win.nasl");
+  script_require_keys("VLCPlayer/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+vlcVer = get_kb_item("VLCPlayer/Win/Ver");
+if(!isnull(vlcVer) &&  vlcVer =~ "^0\.8\.6.*"){
+  security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_vlc_media_player_ass_bof_vuln_win.nasl
___________________________________________________________________
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/secpod_thegreenbow_ipsec_vpn_client_bof_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_thegreenbow_ipsec_vpn_client_bof_vuln.nasl	2010-01-28 13:55:55 UTC (rev 6581)
+++ trunk/openvas-plugins/scripts/secpod_thegreenbow_ipsec_vpn_client_bof_vuln.nasl	2010-01-28 15:24:05 UTC (rev 6582)
@@ -0,0 +1,95 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_thegreenbow_ipsec_vpn_client_bof_vuln.nasl 7007 2010-01-27 11:52:24Z jan $
+#
+# TheGreenBow IPSec VPN Client Local Stack Overflow Vulnerability
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(902104);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2010-0392");
+  script_name("TheGreenBow IPSec VPN Client Local Stack Overflow Vulnerability");
+  desc = "
+  Overview:
+  This host has TheGreenBow IPSec VPN Client installed and is prone to Stack
+  Overflow vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused due to a boundary error when processing certain sections of
+  'tgb' (policy) files. Passing an overly long string to 'OpenScriptAfterUp' will
+  trigger the overflow.
+
+  Impact:
+  Successful exploitation allows the attacker to execute arbitrary code on
+  the system or compromise a system.
+
+  Impact Level:System/Application
+
+  Affected Software/OS:
+  TheGreenBow IPSec VPN Client version 4.65.003 and prior.
+
+  Fix: Apply patch from below link,
+  http://www.thegreenbow.com/download.php?id=1000150
+
+  *****
+  NOTE: Ignore this warning, if above mentioned patch is manually applied.
+  *****
+
+  References:
+  http://secunia.com/advisories/38262
+  http://xforce.iss.net/xforce/xfdb/55793
+  http://www.senseofsecurity.com.au/advisories/SOS-10-001
+
+  CVSS Score:
+    CVSS Base Score      : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score  : 7.1
+  Risk factor: High";
+
+  script_description(desc);
+  script_summary("Check for the version of TheGreenBow IPSec VPN Client");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2010 SecPod");
+  script_family("Buffer overflow");
+  script_dependencies("secpod_thegreenbow_ipsec_vpn_client_detect.nasl");
+  script_require_keys("TheGreenBow-IPSec-VPN-Client/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+vpnPort = 500;
+if(!get_udp_port_state(vpnPort)){
+  exit(0);
+}
+
+vpnVer = get_kb_item("TheGreenBow-IPSec-VPN-Client/Ver");
+if(!vpnVer){
+  exit(0);
+}
+
+# Check for TheGreenBow IPSec VPN Client version <= 4.65.003 (4.6.5.3)
+if(version_is_less_equal(version:vpnVer, test_version:"4.6.5.3")){
+  security_hole(port:vpnPort, proto:"udp");
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_thegreenbow_ipsec_vpn_client_bof_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/secpod_tor_clients_info_disc_vuln_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_tor_clients_info_disc_vuln_lin.nasl	2010-01-28 13:55:55 UTC (rev 6581)
+++ trunk/openvas-plugins/scripts/secpod_tor_clients_info_disc_vuln_lin.nasl	2010-01-28 15:24:05 UTC (rev 6582)
@@ -0,0 +1,106 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_tor_clients_info_disc_vuln_lin.nasl 6967 2010-01-28 26:49:29Z jan $
+#
+# Tor Clients Information Disclosure Vulnerability (Linux)
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(902103);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2010-0384");
+  script_name("Tor Clients Information Disclosure Vulnerability (Linux)");
+  desc = "
+  Overview:
+  This host is installed with Tor and is prone to Information Disclosure
+  vulnerability.
+
+  Vulnerability Insight:
+  The issue is caused due to directory mirror which does not prevent logging of the
+  client IP address upon detection of erroneous client behavior, which might make
+  it easier for local users to discover the identities of clients by reading log
+  files.
+
+  Impact:
+  Successful exploitation will let the attackers to obtain client IP information
+  that can help them launch further attacks.
+
+  Impact level: Application
+
+  Affected Software/OS:
+  Tor version 0.2.2.x before 0.2.2.7-alpha on Linux.
+
+  Fix: Upgrade to version 0.2.2.7-alpha
+  http://www.torproject.org/download.html.en
+
+  References:
+  http://secunia.com/advisories/38198
+  http://archives.seul.org/or/announce/Jan-2010/msg00000.html
+
+  CVSS Score:
+    CVSS Base Score     : 2.1 (AV:L/AC:L/Au:NR/C:P/I:N/A:N)
+    CVSS Temporal Score : 1.6
+  Risk factor: Informational";
+
+  script_description(desc);
+  script_summary("Check for the version of Tor");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2010 SecPod");
+  script_family("General");
+  script_dependencies("secpod_tor_detect_lin.nasl");
+  script_require_keys("Tor/Linux/Ver");
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+torVer = get_kb_item("Tor/Linux/Ver");
+if(torVer == NULL){
+  exit(0);
+}
+
+foreach torPort (make_list(9050, 9051, 8118))
+{
+  if(get_port_state(torPort))
+  {
+    sndReq = string("GET / HTTP/1.1", "\r\n",
+                    "Host: ", get_host_name(), "\r\n\r\n");
+    rcvRes = http_send_recv(port:torPort, data:sndReq);
+
+    if(!isnull(rcvRes) && "Tor" >< rcvRes)
+    {
+
+      torVer = ereg_replace(pattern:"-", replace:".", string:torVer);
+      if(torVer =~ "^0\.2\.2.*")
+      {
+        if(version_is_less(version:torVer, test_version:"0.2.2.7.alpha"))
+        {
+          security_warning(torPort);
+          exit(0);
+        }
+      }
+    }
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_tor_clients_info_disc_vuln_lin.nasl
___________________________________________________________________
Name: svn:executable
   + *
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/secpod_tor_clients_info_disc_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_tor_clients_info_disc_vuln_win.nasl	2010-01-28 13:55:55 UTC (rev 6581)
+++ trunk/openvas-plugins/scripts/secpod_tor_clients_info_disc_vuln_win.nasl	2010-01-28 15:24:05 UTC (rev 6582)
@@ -0,0 +1,104 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_tor_clients_info_disc_vuln_win.nasl 6967 2010-01-28 24:49:29Z jan $
+#
+# Tor Clients Information Disclosure Vulnerability (win)
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(902102);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2010-0384");
+  script_name("Tor Clients Information Disclosure Vulnerability (win)");
+  desc = "
+  Overview:
+  This host is installed with Tor and is prone to Information Disclosure
+  vulnerability.
+
+  Vulnerability Insight:
+  This issue is caused due to directory mirror which does not prevent logging of the
+  client IP address upon detection of erroneous client behavior, which might make
+  it easier for local users to discover the identities of clients by reading log
+  files.
+
+  Impact:
+  Successful exploitation will let the attackers to obtain client IP information
+  that can help them launch further attacks.
+
+  Impact level: Application
+
+  Affected Software/OS:
+  Tor version 0.2.2.x before 0.2.2.7-alpha on Windows.
+
+  Fix: Upgrade to version 0.2.2.7-alpha
+  http://www.torproject.org/download.html.en
+
+  References:
+  http://secunia.com/advisories/38198
+  http://archives.seul.org/or/announce/Jan-2010/msg00000.html
+
+  CVSS Score:
+    CVSS Base Score     : 2.1 (AV:L/AC:L/Au:NR/C:P/I:N/A:N)
+    CVSS Temporal Score : 1.6
+  Risk factor: Informatinal";
+
+  script_description(desc);
+  script_summary("Check for the version of Tor");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2010 SecPod");
+  script_family("General");
+  script_dependencies("gb_tor_detect_win.nasl");
+  script_require_keys("Tor/Win/Ver");
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+torVer = get_kb_item("Tor/Win/Ver");
+if(torVer == NULL){
+  exit(0);
+}
+
+foreach torPort (make_list(9050, 9051, 8118))
+{
+  if(get_port_state(torPort))
+  {
+    sndReq = string("GET / HTTP/1.1", "\r\n",
+                    "Host: ", get_host_name(), "\r\n\r\n");
+    rcvRes = http_send_recv(port:torPort, data:sndReq);
+    if(!isnull(rcvRes) && "Tor is" >< rcvRes)
+    {
+      torVer = ereg_replace(pattern:"-", replace:".", string:torVer);
+      if(torVer =~ "^0\.2\.2.*")
+      {
+        if(version_is_less(version:torVer, test_version:"0.2.2.7.alpha"))
+        {
+          security_warning(torPort);
+          exit(0);
+        }
+      }
+    }
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_tor_clients_info_disc_vuln_win.nasl
___________________________________________________________________
Name: svn:executable
   + *
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/secpod_tor_dir_queries_info_disc_vuln_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_tor_dir_queries_info_disc_vuln_lin.nasl	2010-01-28 13:55:55 UTC (rev 6581)
+++ trunk/openvas-plugins/scripts/secpod_tor_dir_queries_info_disc_vuln_lin.nasl	2010-01-28 15:24:05 UTC (rev 6582)
@@ -0,0 +1,109 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_tor_dir_queries_info_disc_vuln_lin.nasl 6967 2010-01-28 22:49:29Z jan $
+#
+# Tor Directory Queries Information Disclosure Vulnerability (Linux)
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(902101);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2010-0383", "CVE-2010-0385");
+  script_bugtraq_id(37901);
+  script_name("Tor Directory Queries Information Disclosure Vulnerability (Linux)");
+  desc = "
+  Overview:
+  This host is installed with Tor and is prone to Information Disclosure
+  vulnerability.
+
+  Vulnerability Insight:
+  The issue is caused due to bridge directory authorities disclosing all tracked
+  bridge identities when responding to 'dbg-stability.txt' directory queries.
+
+  Impact:
+  Successful exploitation will let the attackers to obtain sensitive information
+  that can help them launch further attacks.
+
+  Impact level: Application
+
+  Affected Software/OS:
+  Tor version prior to 0.2.1.22 and 0.2.2.x before 0.2.2.7-alpha on Linux.
+
+  Fix: Upgrade to version 0.2.1.22 or later
+  http://www.torproject.org/download.html.en
+
+  References:
+  http://osvdb.org/61865
+  http://secunia.com/advisories/38198
+  http://archives.seul.org/or/talk/Jan-2010/msg00162.html
+  http://archives.seul.org/or/announce/Jan-2010/msg00000.html
+
+  CVSS Score:
+    CVSS Base Score     : 5.0 (AV:N/AC:L/Au:NR/C:N/I:N/A:P)
+    CVSS Temporal Score : 3.7
+  Risk factor: Medium";
+
+  script_description(desc);
+  script_summary("Check for the version of Tor");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2010 SecPod");
+  script_family("General");
+  script_dependencies("secpod_tor_detect_lin.nasl");
+  script_require_keys("Tor/Linux/Ver");
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+torVer = get_kb_item("Tor/Linux/Ver");
+if(torVer == NULL){
+  exit(0);
+}
+
+foreach torPort (make_list(9050, 9051, 8118))
+{
+  if(get_port_state(torPort))
+  {
+    sndReq = string("GET / HTTP/1.1", "\r\n",
+                    "Host: ", get_host_name(), "\r\n\r\n");
+    rcvRes = http_send_recv(port:torPort, data:sndReq);
+
+    if(!isnull(rcvRes) && "Tor is" >< rcvRes)
+    {
+      torVer = ereg_replace(pattern:"-", replace:".", string:torVer);
+      if(version_is_less(version:torVer, test_version:"0.2.1.22"))
+      {
+        security_warning(torPort);
+        exit(0);
+      }
+
+      if(version_is_less(version:torVer, test_version:"0.2.2.7.alpha"))
+      {
+        security_warning(torPort);
+        exit(0);
+      }
+    }
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_tor_dir_queries_info_disc_vuln_lin.nasl
___________________________________________________________________
Name: svn:executable
   + *
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/secpod_tor_dir_queries_info_disc_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_tor_dir_queries_info_disc_vuln_win.nasl	2010-01-28 13:55:55 UTC (rev 6581)
+++ trunk/openvas-plugins/scripts/secpod_tor_dir_queries_info_disc_vuln_win.nasl	2010-01-28 15:24:05 UTC (rev 6582)
@@ -0,0 +1,110 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_tor_dir_queries_info_disc_vuln_win.nasl 6967 2010-01-28 20:49:29Z jan $
+#
+# Tor Directory Queries Information Disclosure Vulnerability (win)
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(901100);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2010-0383", "CVE-2010-0385");
+  script_bugtraq_id(37901);
+  script_name("Tor Directory Queries Information Disclosure Vulnerability (win)");
+  desc = "
+  Overview:
+  This host is installed with Tor and is prone to Information Disclosure
+  vulnerability.
+
+  Vulnerability Insight:
+  The issue is caused due to bridge directory authorities disclosing all tracked
+  bridge identities when responding to 'dbg-stability.txt' directory queries.
+
+  Impact:
+  Successful exploitation will let the attackers to obtain sensitive information
+  that can help them launch further attacks.
+
+  Impact level: Application
+
+  Affected Software/OS:
+  Tor version prior to 0.2.1.22 and 0.2.2.x before 0.2.2.7-alpha on Windows.
+
+  Fix: Upgrade to version 0.2.1.22 or later
+  http://www.torproject.org/download.html.en
+
+  References:
+  http://osvdb.org/61865
+  http://secunia.com/advisories/38198
+  http://archives.seul.org/or/talk/Jan-2010/msg00162.html
+  http://archives.seul.org/or/announce/Jan-2010/msg00000.html
+
+  CVSS Score:
+    CVSS Base Score     : 5.0 (AV:N/AC:L/Au:NR/C:N/I:N/A:P)
+    CVSS Temporal Score : 3.7
+  Risk factor: Medium";
+
+  script_description(desc);
+  script_summary("Check for the version of Tor");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2010 SecPod");
+  script_family("General");
+  script_dependencies("gb_tor_detect_win.nasl");
+  script_require_keys("Tor/Win/Ver");
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+torVer = get_kb_item("Tor/Win/Ver");
+if(torVer == NULL){
+  exit(0);
+}
+
+
+foreach torPort (make_list(9050, 9051, 8118))
+{
+  if(get_port_state(torPort))
+  {
+    sndReq = string("GET / HTTP/1.1", "\r\n",
+                    "Host: ", get_host_name(), "\r\n\r\n");
+    rcvRes = http_send_recv(port:torPort, data:sndReq);
+
+    if(!isnull(rcvRes) && "Tor is" >< rcvRes)
+    {
+      torVer = ereg_replace(pattern:"-", replace:".", string:torVer);
+      if(version_is_less(version:torVer, test_version:"0.2.1.22"))
+      {
+          security_warning(torPort);
+          exit(0);
+      }
+
+      if(version_is_less(version:torVer, test_version:"0.2.2.7.alpha"))
+      {
+        security_warning(torPort);
+        exit(0);
+      }
+    }
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_tor_dir_queries_info_disc_vuln_win.nasl
___________________________________________________________________
Name: svn:executable
   + *
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/secpod_zabbix_serv_arbitrary_cmd_exec_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_zabbix_serv_arbitrary_cmd_exec_vuln.nasl	2010-01-28 13:55:55 UTC (rev 6581)
+++ trunk/openvas-plugins/scripts/secpod_zabbix_serv_arbitrary_cmd_exec_vuln.nasl	2010-01-28 15:24:05 UTC (rev 6582)
@@ -0,0 +1,111 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_zabbix_serv_arbitrary_cmd_exec_vuln.nasl 6535 2010-01-27 19:50:56Z jan $
+#
+# Zabbix Arbitrary Command Execution Vulnerability
+#
+# Authors:
+# Veerendra GG <veerendragg at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900226);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2009-4498");
+  script_name("Zabbix Arbitrary Command Execution Vulnerability");
+  desc = "
+  Overview:
+  This host is installed with Zabbix Server and is prone to arbitrary command
+  execution vulnerability.
+
+  Vulnerability Insight:
+  This issue is caused due to an error in the 'node_process_command()'
+  function, which can be exploited to execute arbitrary commands via
+  specially crafted data.
+
+  Impact:
+  Successful exploitation will let the attackers to execute arbitrary commands
+  via specially crafted data.
+
+  Impact level: Application
+
+  Affected Software/OS:
+  Zabbix Server versions prior to 1.8
+
+  Fix: Update to version 1.8 or above,
+  http://www.zabbix.com/download.php
+
+  References:
+  http://secunia.com/advisories/37740/3/
+  https://support.zabbix.com/browse/ZBX-1030
+  http://www.vupen.com/english/advisories/2009/3514
+
+  CVSS Score:
+    CVSS Base Score     : 6.8 (AV:N/AC:M/Au:NR/C:P/I:P/A:P)
+    CVSS Temporal Score : 5.0
+  Risk factor: Medium";
+
+  script_description(desc);
+  script_summary("Check for the version of Zabbix");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2010 SecPod");
+  script_family("Web application abuses");
+  script_dependencies("zabbix_detect.nasl","zabbix_web_detect.nasl");
+  script_require_ports("Services/www","Services/zabbix_server", 80,10051);
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("http_keepalive.inc");
+include("version_func.inc");
+
+## Get http ports
+port = get_http_port(default:80);
+if(!get_port_state(port)){
+  exit(0);
+}
+
+## Check it can host PHP or not
+if (!can_host_php(port:port)){
+  exit(0);
+}
+
+## Get the Zabbix Version from the KB
+if(!version = get_kb_item(string("www/", port, "/zabbix_client"))){
+  exit(0);
+}
+
+## Extract the version
+if(!matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$")){
+  exit(0);
+}
+vers = matches[1];
+if(!isnull(vers) && vers >!< "unknown")
+{
+  if(version_is_less(version: vers, test_version: "1.8")){
+    ## Get the Zabbix Server port
+    if(zabbix_port = get_kb_item("Services/zabbix_server")){
+      port = zabbix_port;
+    }
+    security_warning(port:port);
+    exit(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_zabbix_serv_arbitrary_cmd_exec_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *
Name: svn:keywords
   + Revision

Modified: trunk/openvas-plugins/scripts/zabbix_37308.nasl
===================================================================
--- trunk/openvas-plugins/scripts/zabbix_37308.nasl	2010-01-28 13:55:55 UTC (rev 6581)
+++ trunk/openvas-plugins/scripts/zabbix_37308.nasl	2010-01-28 15:24:05 UTC (rev 6582)
@@ -27,6 +27,7 @@
 if (description)
 {
  script_id(100404);
+ script_cve_id("CVE-2009-4500");
  script_bugtraq_id(37308);
  script_version ("1.0-$Revision$");
 
@@ -46,8 +47,9 @@
 Updates are available. Please see the references for details.
 
 References:
-http://www.securityfocus.com/bid/37308
 http://www.zabbix.com/index.php
+http://secunia.com/advisories/37740/
+https://support.zabbix.com/browse/ZBX-993
 
 Risk factor : Medium";
 

Modified: trunk/openvas-plugins/scripts/zabbix_37309.nasl
===================================================================
--- trunk/openvas-plugins/scripts/zabbix_37309.nasl	2010-01-28 13:55:55 UTC (rev 6581)
+++ trunk/openvas-plugins/scripts/zabbix_37309.nasl	2010-01-28 15:24:05 UTC (rev 6582)
@@ -27,6 +27,7 @@
 if (description)
 {
  script_id(100406);
+ script_cve_id("CVE-2009-4499", "CVE-2009-4501");
  script_bugtraq_id(37309);
  script_version ("1.0-$Revision$");
 
@@ -46,7 +47,9 @@
 Updates are available. Please see the references for details.
 
 References:
-http://www.securityfocus.com/bid/37309
+http://secunia.com/advisories/37740/
+https://support.zabbix.com/browse/ZBX-1031
+https://support.zabbix.com/browse/ZBX-1355
 http://www.zabbix.com/index.php
 
 Risk factor : Medium";



More information about the Openvas-commits mailing list