[Openvas-commits] r8076 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Fri Jun 18 12:11:10 CEST 2010 

Author: mime
Date: 2010-06-18 12:11:06 +0200 (Fri, 18 Jun 2010)
New Revision: 8076

Added:
   trunk/openvas-plugins/scripts/gb_samba_40884.nasl
   trunk/openvas-plugins/scripts/gb_teamspeak_40918.nasl
   trunk/openvas-plugins/scripts/gb_teamspeak_detect.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
Log:
Added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2010-06-17 22:11:07 UTC (rev 8075)
+++ trunk/openvas-plugins/ChangeLog	2010-06-18 10:11:06 UTC (rev 8076)
@@ -1,3 +1,10 @@
+2010-06-18  Michael Meyer <michael.meyer at greenbone.net>
+
+	* * scripts/gb_teamspeak_40918.nasl,
+	scripts/gb_samba_40884.nasl,
+	scripts/gb_teamspeak_detect.nasl:
+	Added new plugins.
+
 2010-06-17  Michael Meyer <michael.meyer at greenbone.net>
 
 	* scripts/portscan-tcp-simple.nasl,

Added: trunk/openvas-plugins/scripts/gb_samba_40884.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_samba_40884.nasl	2010-06-17 22:11:07 UTC (rev 8075)
+++ trunk/openvas-plugins/scripts/gb_samba_40884.nasl	2010-06-18 10:11:06 UTC (rev 8076)
@@ -0,0 +1,83 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Samba 'SMB1 Packet Chaining' Unspecified Remote Memory Corruption Vulnerability
+#
+# Authors:
+# Michael Meyer <michael.meyer at greenbone.net>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100680);
+ script_bugtraq_id(40884);
+ script_cve_id("CVE-2010-2063");
+ script_version ("1.0-$Revision$");
+
+ script_name("Samba 'SMB1 Packet Chaining' Unspecified Remote Memory Corruption Vulnerability");
+
+desc = "Overview:
+Samba is prone to an unspecified memory-corruption vulnerability.
+
+Attackers can exploit this issue to execute arbitrary code in the
+context of the application. Failed attacks may cause a denial-of-
+service condition.
+
+Samba versions prior to 3.3.13 are vulnerable.
+
+Solution:
+Updates are available. Please see the references for more information.
+
+References:
+https://www.securityfocus.com/bid/40884
+http://www.samba.org
+http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=873
+http://www.samba.org/samba/security/CVE-2010-2063.html";
+
+ script_tag(name:"risk_factor", value:"High");
+ script_description(desc);
+ script_summary("Determine if Samba version is < 3.3.13");
+ script_category(ACT_GATHER_INFO);
+ script_family("General");
+ script_copyright("This script is Copyright (C) 2010 Greenbone Networks GmbH");
+ script_dependencies("smb_nativelanman.nasl");
+ script_require_ports(139, 445);
+ exit(0);
+}
+
+include("version_func.inc");
+
+port = get_kb_item("SMB/transport");
+if(!port)port = 139;
+
+if(!get_port_state(port))exit(0);
+
+if(!lanman = get_kb_item("SMB/NativeLanManager"))exit(0);
+if("Samba" >!< lanman)exit(0);
+
+if(!version = eregmatch(pattern:"Samba ([0-9.]+)", string:lanman))exit(0);
+if(isnull(version[1]))exit(0);
+
+if(version_in_range(version:version[1], test_version:"3", test_version2:"3.3.12")) {
+     security_hole(port:port);
+     exit(0);
+}
+
+exit(0);


Property changes on: trunk/openvas-plugins/scripts/gb_samba_40884.nasl
___________________________________________________________________
Name: svn:keywords
   + Id Revision

Added: trunk/openvas-plugins/scripts/gb_teamspeak_40918.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_teamspeak_40918.nasl	2010-06-17 22:11:07 UTC (rev 8075)
+++ trunk/openvas-plugins/scripts/gb_teamspeak_40918.nasl	2010-06-18 10:11:06 UTC (rev 8076)
@@ -0,0 +1,93 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Teamspeak Versions Prior to 3.0.0-beta25 Multiple Remote Vulnerabilities
+#
+# Authors:
+# Michael Meyer <michael.meyer at greenbone.net>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100682);
+ script_bugtraq_id(40918);
+ script_version ("1.0-$Revision$");
+
+ script_name("Teamspeak Versions Prior to 3.0.0-beta25 Multiple Remote Vulnerabilities");
+
+desc = "Overview:
+Teamspeak is prone to multiple remote vulnerabilities,
+including:
+
+1. A security-pass vulnerability
+2. A denial-of-service vulnerability
+3. Multiple denial-of-service vulnerabilities due to a NULL-pointer
+   dereference condition.
+
+An attacker can exploit these issues to execute arbitrary commands
+within the context of the affected application, bypass certain
+security restrictions and crash the affected application. Other
+attacks are also possible.
+
+Versions prior to TeamSpeak 3.0.0-beta25 are vulnerable.
+
+References:
+https://www.securityfocus.com/bid/40918
+http://aluigi.altervista.org/adv/teamspeakrack-adv.txt
+http://forum.teamspeak.com/showthread.php?t=55646
+http://forum.teamspeak.com/showthread.php?t=55643
+http://www.goteamspeak.com/";
+
+ script_tag(name:"risk_factor", value:"High");
+ script_description(desc);
+ script_summary("Determine if installed Teamspeak version is vulnerable");
+ script_category(ACT_GATHER_INFO);
+ script_family("General");
+ script_copyright("This script is Copyright (C) 2010 Greenbone Networks GmbH");
+ script_dependencies("gb_teamspeak_detect.nasl");
+ script_require_ports(10011);
+ exit(0);
+}
+
+include("version_func.inc");
+
+port = 10011;
+if(!get_port_state(port))exit(0);
+
+if(!version = get_kb_item(string("teamspeak/",port)))exit(0);
+
+if("build" >< version) {
+  vers = eregmatch(pattern:"([^ ]+)", string: version);
+  vers = vers[1];
+} else {
+  vers = version;
+}  
+
+if(isnull(vers))exit(0);
+if("-beta" >< vers) {
+  vers = str_replace(string:vers, find:string("-beta"), replace:".");
+}  
+
+if(version_is_less(version: vers, test_version:"3.0.0.25")) {
+  security_hole(port:port);
+  exit(0);
+}   
+
+exit(0);


Property changes on: trunk/openvas-plugins/scripts/gb_teamspeak_40918.nasl
___________________________________________________________________
Name: svn:keywords
   + Id Revision

Added: trunk/openvas-plugins/scripts/gb_teamspeak_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_teamspeak_detect.nasl	2010-06-17 22:11:07 UTC (rev 8075)
+++ trunk/openvas-plugins/scripts/gb_teamspeak_detect.nasl	2010-06-18 10:11:06 UTC (rev 8076)
@@ -0,0 +1,88 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Teamspeak Detection
+#
+# Authors:
+# Michael Meyer <michael.meyer at greenbone.net>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+# need desc here to modify it later in script.
+desc = "Overview:
+This host is running Teamspeak. TeamSpeak is proprietary Voice over IP
+software that allows users to speak on a chat channel with other
+users, much like a telephone conference call.
+
+See also:
+http://www.teamspeak.com/";
+
+if (description)
+{
+ 
+ script_tag(name:"risk_factor", value:"None");
+ script_id(100681);
+ script_version ("1.0-$Revision$");
+
+ script_name("Teamspeak Detection");
+ script_description(desc);
+ script_summary("Checks for the presence of Teamspeak");
+ script_category(ACT_GATHER_INFO);
+ script_family("Service detection");
+ script_copyright("This script is Copyright (C) 2010 Greenbone Networks GmbH");
+ script_dependencies("find_service.nes");
+ script_require_ports(10011);
+ exit(0);
+}
+
+port = 10011;
+if(!get_port_state(port))exit(0);
+
+soc = open_sock_tcp(port);
+if(!soc)exit(0);
+
+buf = recv(socket:soc, length:16);
+if( buf == NULL )exit(0);
+if("TS" >!< buf)exit(0);
+
+send(socket:soc, data:string("version\n"));
+buf = recv(socket:soc, length:256);
+
+if("version" >!< buf && "msg" >!< buf)exit(0);
+
+version = eregmatch(pattern:"version=([^ ]+) (build=([^ ]+))*", string:buf);
+if(isnull(version[1]))exit(0);
+vers = version[1];
+
+if(!isnull(version[3]))vers = vers + ' build=' + version[3];
+
+set_kb_item(name: string("teamspeak/",port), value: vers);
+
+info = string("com/\n\nTeamspeak ");
+info += string(vers);
+info += string("' was detected on the remote host\n"); 
+
+desc = ereg_replace(
+  string:desc,
+  pattern:"com/$",
+  replace:info
+);
+
+security_note(port:port,data:desc);
+exit(0);	       


Property changes on: trunk/openvas-plugins/scripts/gb_teamspeak_detect.nasl
___________________________________________________________________
Name: svn:keywords
   + Id Revision

More information about the Openvas-commits mailing list