[Openvas-commits] r8272 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Fri Jul 2 08:02:17 CEST 2010 

Author: chandra
Date: 2010-07-02 08:02:13 +0200 (Fri, 02 Jul 2010)
New Revision: 8272

Added:
   trunk/openvas-plugins/scripts/secpod_ibm_was_xss_vuln.nasl
   trunk/openvas-plugins/scripts/secpod_mozilla_firefox_spoofing_vuln_win_jun10.nasl
   trunk/openvas-plugins/scripts/secpod_opera_spoofing_vuln_win.nasl
   trunk/openvas-plugins/scripts/secpod_sascam_webcam_server_dos_vuln.nasl
   trunk/openvas-plugins/scripts/secpod_titan_ftp_server_dir_trav_vuln.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
Log:
Added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2010-07-01 20:07:08 UTC (rev 8271)
+++ trunk/openvas-plugins/ChangeLog	2010-07-02 06:02:13 UTC (rev 8272)
@@ -1,5 +1,14 @@
 2010-07-01  Chandrashekhar B <bchandra at secpod.com>
 
+	* scripts/secpod_opera_spoofing_vuln_win.nasl,
+	scripts/secpod_ibm_was_xss_vuln.nasl,
+	scripts/secpod_mozilla_firefox_spoofing_vuln_win_jun10.nasl,
+	scripts/secpod_titan_ftp_server_dir_trav_vuln.nasl,
+	scripts/secpod_sascam_webcam_server_dos_vuln.nasl:
+	Added new plugins.
+
+2010-07-01  Chandrashekhar B <bchandra at secpod.com>
+
 	* scripts/secpod_mozilla_prdts_iframe_dos_vuln_win.nasl,
 	scripts/secpod_mozilla_prdts_mult_vuln_win_jun10.nasl,
 	scripts/secpod_ms_ie_iframe_info_disc_vuln_june10.nasl,

Added: trunk/openvas-plugins/scripts/secpod_ibm_was_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ibm_was_xss_vuln.nasl	2010-07-01 20:07:08 UTC (rev 8271)
+++ trunk/openvas-plugins/scripts/secpod_ibm_was_xss_vuln.nasl	2010-07-02 06:02:13 UTC (rev 8272)
@@ -0,0 +1,92 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_ibm_was_xss_vuln.nasl 9883 2010-06-29 22:35:33Z jun $
+#
+# IBM WebSphere Application Server (WAS) Cross-site Scripting Vulnerability
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(902213);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2010-0778","CVE-2010-0779");
+  script_tag(name:"cvss_base", value:"4.3");
+  script_tag(name:"risk_factor", value:"Medium");
+  script_name("IBM WebSphere Application Server (WAS) Cross-site Scripting Vulnerability");
+  desc = "
+  Overview:
+  The host is running IBM WebSphere Application Server and is prone to Cross-site
+  Scripting vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused due to an error in the Administration Console, which
+  allows remote attackers to inject arbitrary web script or HTML via
+  unspecified vectors.
+
+  Impact:
+  Successful exploitation will let attackers to conduct Cross-site scripting
+  attacks.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  IBM WAS Version 6.0 before 6.0.2.43, 6.1 before 6.1.0.33 and 7.0 before 7.0.0.11
+
+  Fix: Upgrade to IBM WAS version 6.0.2.43, 6.1.0.33 or 7.0.0.11,
+  For updates refer, http://www.ibm.com/developerworks/downloads/ws/was/
+
+  References:
+  http://vul.hackerjournals.com/?p=10207
+  http://en.securitylab.ru/nvd/395192.php
+  http://xforce.iss.net/xforce/xfdb/59646
+  http://xforce.iss.net/xforce/xfdb/59647
+  ";
+
+  script_description(desc);
+  script_summary("Check for the version of IBM WebSphere Application Server");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2010 SecPod");
+  script_family("Web Servers");
+  script_dependencies("gb_ibm_websphere_detect.nasl");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+port = get_http_port(default:80);
+if(!get_port_state(port)){
+  exit(0);
+}
+
+vers = get_kb_item(string("www/", port, "/websphere_application_server"));
+if(isnull(vers)){
+  exit(0);
+}
+
+if(version_in_range(version: vers, test_version: "7.0", test_version2:"7.0.0.10") ||
+   version_in_range(version: vers, test_version: "6.0", test_version2:"6.0.2.42") ||
+   version_in_range(version: vers, test_version: "6.1", test_version2:"6.1.0.32")){
+   security_warning(port:port);
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_ibm_was_xss_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/secpod_mozilla_firefox_spoofing_vuln_win_jun10.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_mozilla_firefox_spoofing_vuln_win_jun10.nasl	2010-07-01 20:07:08 UTC (rev 8271)
+++ trunk/openvas-plugins/scripts/secpod_mozilla_firefox_spoofing_vuln_win_jun10.nasl	2010-07-02 06:02:13 UTC (rev 8272)
@@ -0,0 +1,84 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_mozilla_firefox_spoofing_vuln_win_jun10.nasl 2010-06-29 22:35:33Z jun $
+#
+# Mozilla Firefox Address Bar Spoofing Vulnerability june-10 (Win)
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(902209);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2010-1206");
+  script_tag(name:"cvss_base", value:"4.3");
+  script_tag(name:"risk_factor", value:"Medium");
+  script_name("Mozilla Firefox Address Bar Spoofing Vulnerability june-10 (Win)");
+  desc = "
+  Overview:
+  The host is installed with Mozilla Firefox and is prone to spoofing
+  vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused due to error in the 'startDocumentLoad()' function in
+  'browser/base/content/browser.js', fails to implement Same Origin Policy.
+  This can be exploited to display arbitrary content in the blank document
+  while showing the URL of a trusted web site in the address bar.
+
+  Impact:
+  Successful exploitation will let attackers to conduct spoofing attacks.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Firefox version before 3.6.6
+
+  Fix:
+  Upgrade to Firefox version 3.6.6 or later,
+  http://www.mozilla.com/en-US/firefox/all.html
+
+  References:
+  http://secunia.com/advisories/40283
+  http://hg.mozilla.org/mozilla-central/rev/cadddabb1178
+  http://lcamtuf.blogspot.com/2010/06/yeah-about-that-address-bar-thing.html ";
+
+  script_description(desc);
+  script_summary("Check for the version of Mozilla Firefox");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2010 SecPod");
+  script_family("General");
+  script_dependencies("gb_firefox_detect_win.nasl");
+  script_require_keys("Firefox/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+# Firefox Check
+ffVer = get_kb_item("Firefox/Win/Ver");
+if(ffVer)
+{
+  # Grep for Firefox version < 3.6.6
+  if(version_is_less(version:ffVer, test_version:"3.6.6")){
+    security_hole(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_mozilla_firefox_spoofing_vuln_win_jun10.nasl
___________________________________________________________________
Name: svn:executable
   + *
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/secpod_opera_spoofing_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_opera_spoofing_vuln_win.nasl	2010-07-01 20:07:08 UTC (rev 8271)
+++ trunk/openvas-plugins/scripts/secpod_opera_spoofing_vuln_win.nasl	2010-07-02 06:02:13 UTC (rev 8272)
@@ -0,0 +1,83 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_opera_spoofing_vuln_win.nasl 9922 2010-06-30 15:21:47Z jun $
+#
+# Opera Browser Address Bar Spoofing Vulnerability june-10 (Win)
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(902216);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2010-2455");
+  script_tag(name:"cvss_base", value:"4.3");
+  script_tag(name:"risk_factor", value:"Medium");
+  script_name("Opera Browser Address Bar Spoofing Vulnerability june-10 (Win)");
+  desc = "
+  Overview: The host is installed with Opera Web Browser and is prone to
+  spoofing vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused due to an error in handling of address bar, which does
+  not properly manage the address bar between the request to open a URL and
+  the retrieval of the new document's content.
+
+  Impact:
+  Successful exploitation will let attackers to conduct spoofing attacks via a
+  crafted HTML document.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Opera version 10.54 and prior on Windows.
+
+  Fix: No solution or patch is available as on 30th June 2010, Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://www.opera.com/download/?os=windows&list=all
+
+  References:
+  https://bugzilla.mozilla.org/show_bug.cgi?id=556957
+  http://lcamtuf.blogspot.com/2010/06/yeah-about-that-address-bar-thing.html ";
+
+  script_description(desc);
+  script_summary("Check for the version of Opera Web Browser");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2010 SecPod");
+  script_family("General");
+  script_dependencies("secpod_opera_detection_win_900036.nasl");
+  script_require_keys("Opera/Win/Version");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get Opera version from from KB list
+operaVer = get_kb_item("Opera/Win/Version");
+if(!operaVer){
+  exit(0);
+}
+
+## Check if version is lesser than 10.54
+if(version_is_less_equal(version:operaVer, test_version:"10.54")){
+  security_warning(0);
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_opera_spoofing_vuln_win.nasl
___________________________________________________________________
Name: svn:executable
   + *
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/secpod_sascam_webcam_server_dos_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_sascam_webcam_server_dos_vuln.nasl	2010-07-01 20:07:08 UTC (rev 8271)
+++ trunk/openvas-plugins/scripts/secpod_sascam_webcam_server_dos_vuln.nasl	2010-07-02 06:02:13 UTC (rev 8272)
@@ -0,0 +1,104 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_sascam_webcam_server_dos_vuln.nasl 9952 2010-06-30 12:12:12Z jun $
+#
+# SasCAM Request Processing Denial of Service Vulnerability
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(901132);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2010-2505");
+  script_tag(name:"cvss_base", value:"5.0");
+  script_tag(name:"risk_factor", value:"Medium");
+  script_name("SasCAM Request Processing Denial of Service Vulnerability");
+  desc = "
+  Overview: This host is running SasCam Webcam Server and is prone to denial
+  of service vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused due to an error when handling certain requests, which
+  can be exploited to block processing of further requests and terminate the
+  application by sending specially crafted requests.
+
+  Impact:
+  Successful exploitation will let the attacker to crash the server process,
+  resulting in a denial-of-service condition.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Soft SaschArt SasCAM Webcam Server 2.7 and prior
+
+  Fix: No solution or patch is available as on 30th June, 2010. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://soft.saschart.com/sascam_webcam_server.php
+
+  References:
+  http://secunia.com/advisories/40214
+  http://www.exploit-db.com/exploits/13888
+  ";
+
+  script_description(desc);
+  script_summary("Determine if SasCAM Webcam Server is prone to a denial-of-service vulnerability");
+  script_category(ACT_DENIAL);
+  script_copyright("Copyright (C) 2010 SecPod");
+  script_family("Denial of Service");
+  script_dependencies("find_service.nes");
+  script_require_ports("Services/www", 8080);
+  exit(0);
+}
+
+
+include("http_func.inc");
+
+## Get HTTP Port
+port = get_http_port(default:8080);
+if(!port) {
+  exit(0);
+}
+
+banner = get_http_banner(port:port);
+
+## Confirm Application
+if("Server: SaServer" >< banner)
+{
+  ## Open Socket
+  sock = http_open_socket(port);
+  if(!sock) {
+    exit(0);
+  }
+
+  ## Sending Crash
+  crash = http_get( item:"/"+ crap(99999),  port:port);
+  send(socket:sock, data:crash);
+  http_close_socket(sock);
+
+  ## Check Port Status
+  if (http_is_dead(port: port))
+  {
+    security_warning(port);
+    exit(0);
+  }
+}
+


Property changes on: trunk/openvas-plugins/scripts/secpod_sascam_webcam_server_dos_vuln.nasl
___________________________________________________________________
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/secpod_titan_ftp_server_dir_trav_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_titan_ftp_server_dir_trav_vuln.nasl	2010-07-01 20:07:08 UTC (rev 8271)
+++ trunk/openvas-plugins/scripts/secpod_titan_ftp_server_dir_trav_vuln.nasl	2010-07-02 06:02:13 UTC (rev 8272)
@@ -0,0 +1,93 @@
+##############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_titan_ftp_server_dir_trav_vuln.nasl 9877 2010-06-30 12:50:29 jun $
+#
+# Titan FTP Server 'XCRC' and 'COMB' Directory Traversal Vulnerabilities
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(902087);
+  script_version("$Revision$: 1.0");
+  script_tag(name:"cvss_base", value:"6.5");
+  script_tag(name:"risk_factor", value:"High");
+  script_cve_id("CVE-2010-2425", "CVE-2010-2426");
+  script_bugtraq_id(40949, 40904);
+  script_name("Titan FTP Server 'XCRC' and 'COMB' Directory Traversal Vulnerabilities");
+  desc = "
+  Overview: This host is running Titan FTP Server and is prone to directory
+  traversal vulnerabilities.
+
+  Vulnerability Insight:
+  The flaws are caused due to,
+  - Input validation error when processing 'XCRC' commands, which can be
+    exploited to determine the existence of a file outside the FTP root
+    directory.
+  - Input validation error when processing 'COMB' commands, which can be
+    exploited to read and delete an arbitrary file.
+
+  Impact:
+  Successful exploitation will let the attackers to download arbitrary files
+  and deletion of arbitrary files on the server.
+
+  Impact Level: Application.
+
+  Affected Software:
+  Titan FTP Server version 8.10.1125 and prior
+
+  Fix: No solution/patch is available as on 30th June 2010. Information
+  regarding this issue will updated once the solution details are available.
+  For updates refer, http://www.titanftp.com/index.html
+
+  References:
+  http://secunia.com/advisories/40237
+  http://xforce.iss.net/xforce/xfdb/59492
+  http://www.securityfocus.com/archive/1/archive/1/511839/100/0/threaded ";
+
+  script_description(desc);
+  script_summary("Check for the version of TitanFTP Server");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2010 SecPod");
+  script_family("Web application abuses");
+  script_dependencies("gb_titan_ftp_detect.nasl", "find_service.nes");
+  script_require_keys("TitanFTP/Server/Ver");
+  script_require_ports("Services/ftp", 21);
+  exit(0);
+}
+
+include("ftp_func.inc");
+include("version_func.inc");
+
+ftpPort = get_kb_item("Services/ftp");
+if(!ftpPort){
+  exit(0);
+}
+
+titanVer = get_kb_item("TitanFTP/Server/Ver");
+if(!titanVer){
+  exit(0);
+}
+
+# Grep for TitanFTP Server version 8.10.1125 and prior.
+if(version_is_less_equal(version:titanVer, test_version:"8.10.1125")){
+  security_hole(ftpPort);
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_titan_ftp_server_dir_trav_vuln.nasl
___________________________________________________________________
Name: svn:keywords
   + Revision

More information about the Openvas-commits mailing list