[Openvas-commits] r8134 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Tue Jun 22 14:43:51 CEST 2010 

Author: chandra
Date: 2010-06-22 14:43:46 +0200 (Tue, 22 Jun 2010)
New Revision: 8134

Added:
   trunk/openvas-plugins/scripts/secpod_hp_openview_nnm_mult_vuln.nasl
   trunk/openvas-plugins/scripts/secpod_rosoft_audio_converter_bof_vuln.nasl
   trunk/openvas-plugins/scripts/secpod_rosoft_audio_converter_detect.nasl
   trunk/openvas-plugins/scripts/secpod_simm_management_system_lfi_vuln.nasl
   trunk/openvas-plugins/scripts/secpod_symantec_sygate_personal_firewall_bof_vuln.nasl
   trunk/openvas-plugins/scripts/secpod_unrealircd_bof_vuln.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/cpe.inc
   trunk/openvas-plugins/scripts/secpod_adobe_prdts_mult_vuln_jun10_win.nasl
Log:
Added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2010-06-22 12:32:37 UTC (rev 8133)
+++ trunk/openvas-plugins/ChangeLog	2010-06-22 12:43:46 UTC (rev 8134)
@@ -1,3 +1,15 @@
+2010-06-22  Chandrashekhar B <bchandra at secpod.com>
+
+	* scripts/secpod_simm_management_system_lfi_vuln.nasl,
+	scripts/secpod_unrealircd_bof_vuln.nasl,
+	scripts/secpod_rosoft_audio_converter_bof_vuln.nasl,
+	scripts/secpod_symantec_sygate_personal_firewall_bof_vuln.nasl,
+	scripts/secpod_hp_openview_nnm_mult_vuln.nasl,
+	scripts/secpod_rosoft_audio_converter_detect.nasl:
+	Added new plugins
+
+	* scripts/cpe.inc: Added new CPE.
+
 2010-06-22  Michael Meyer <michael.meyer at greenbone.net>
 
 	* scripts/freebsdsa_fpu.nasl,

Modified: trunk/openvas-plugins/scripts/cpe.inc
===================================================================
--- trunk/openvas-plugins/scripts/cpe.inc	2010-06-22 12:32:37 UTC (rev 8133)
+++ trunk/openvas-plugins/scripts/cpe.inc	2010-06-22 12:43:46 UTC (rev 8134)
@@ -851,7 +851,8 @@
 "Adobe/Photoshop/Ver", "^([0-9.]+)", "cpe:/a:adobe:photoshop_cs4:",
 "HP/SWSM", "^([0-9.]+)", "cpe:/a:hp:storageworks_storage_mirroring:",
 "www/*/PHP-Quick-Arcade", "^([0-9.]+)", "cpe:/a:jcink:php-quick-arcade:",
-"Beanstalkd/Ver", "^([0-9.]+)", "cpe:/a:wildbit:beanstalkd:"
+"Beanstalkd/Ver", "^([0-9.]+)", "cpe:/a:wildbit:beanstalkd:",
+"Rosoft/Audio/Converter/Ver", "^([0-9.]+)", "cpe:/a:rosoftengineering:rosoft_audio_converter:"
 );
 
 

Modified: trunk/openvas-plugins/scripts/secpod_adobe_prdts_mult_vuln_jun10_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_adobe_prdts_mult_vuln_jun10_win.nasl	2010-06-22 12:32:37 UTC (rev 8133)
+++ trunk/openvas-plugins/scripts/secpod_adobe_prdts_mult_vuln_jun10_win.nasl	2010-06-22 12:43:46 UTC (rev 8134)
@@ -26,7 +26,7 @@
 
 if(description)
 {
-  script_id(902193);
+  script_id(902200);
   script_version("Revision$:1.0");
   script_cve_id("CVE-2008-4546", "CVE-2009-3793", "CVE-2010-1297", "CVE-2010-2160",
                 "CVE-2010-2161", "CVE-2010-2162", "CVE-2010-2163", "CVE-2010-2164",

Added: trunk/openvas-plugins/scripts/secpod_hp_openview_nnm_mult_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_hp_openview_nnm_mult_vuln.nasl	2010-06-22 12:32:37 UTC (rev 8133)
+++ trunk/openvas-plugins/scripts/secpod_hp_openview_nnm_mult_vuln.nasl	2010-06-22 12:43:46 UTC (rev 8134)
@@ -0,0 +1,102 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_hp_openview_nnm_mult_vuln.nasl 9740 2010-06-18 16:10:03Z jun $
+#
+# HP OpenView Network Node Manager Multiple Vulnerabilities
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(902076);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2010-1964", "CVE-2010-1961", "CVE-2010-1960");
+  script_bugtraq_id(40873, 40637, 40638);
+  script_tag(name:"cvss_base", value:"10.0");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_name("HP OpenView Network Node Manager Multiple Vulnerabilities");
+  desc = "
+  Overview: This host is running HP OpenView Network Node Manager and
+  is prone to multiple vulnerabilities.
+
+  Vulnerability Insight:
+  The flaws are caused due to boundary errors,
+  - when creating an error message within 'ovwebsnmpsrv.exe'
+  - within 'getProxiedStorageAddress()' in 'ovutil.dll'
+  - when parsing command line argument variables within 'ovwebsnmpsrv.ex'
+
+  Impact:
+  Successful exploitation will let the attacker to cause a buffer overflow
+  via a specially crafted HTTP request to the 'jovgraph.exe' CGI program.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  HP OpenView Network Node Manager version 7.51 and 7.53
+
+  Fix: Apply the patch for OpenView NNM version 7.53,
+  http://seclists.org/bugtraq/2010/Jun/152
+  http://support.openview.hp.com/selfsolve/patches
+
+  *****
+  NOTE : No Patch/Solution available for OpenView NNM version 7.51, upgrade to
+         OpenView NNM version 7.53 and apply the patch.
+  *****
+
+  *****
+  NOTE : Ignore this warning, if above mentioned patch is already applied.
+  *****
+
+  References:
+  http://secunia.com/advisories/40101
+  http://xforce.iss.net/xforce/xfdb/59250
+  http://xforce.iss.net/xforce/xfdb/59249
+  http://seclists.org/bugtraq/2010/Jun/152
+  http://securitytracker.com/alerts/2010/Jun/1024071.html ";
+
+  script_description(desc);
+  script_summary("Check version of HP OpenView Network Node Manager");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2010 SecPod");
+  script_family("Web application abuses");
+  script_dependencies("secpod_hp_openview_nnm_detect.nasl");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+## Check NNM Port status
+nnmPort = 7510;
+if(!get_port_state(nnmPort)){
+  exit(0);
+}
+
+## Get HP OpenView Network Node Manager version from KB
+nnmVer = get_kb_item(string("www/", nnmPort, "/HP/OVNNM/Ver"));
+if(nnmVer != NULL)
+{
+  ## Check for HP OpenView Network Node Manager equal to 07.51 and 07.53
+  if(version_is_equal(version:nnmVer, test_version:"B.07.51") ||
+     version_is_equal(version:nnmVer, test_version:"B.07.53")){
+    security_hole(nnmPort);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_hp_openview_nnm_mult_vuln.nasl
___________________________________________________________________
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/secpod_rosoft_audio_converter_bof_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_rosoft_audio_converter_bof_vuln.nasl	2010-06-22 12:32:37 UTC (rev 8133)
+++ trunk/openvas-plugins/scripts/secpod_rosoft_audio_converter_bof_vuln.nasl	2010-06-22 12:43:46 UTC (rev 8134)
@@ -0,0 +1,83 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_rosoft_audio_converter_bof_vuln.nasl 9755 2010-06-22 10:57:24Z jun $
+#
+# Rosoft Audio Converter '.M3U' file Buffer Overflow Vulnerability
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(902079);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2010-2329");
+  script_tag(name:"cvss_base", value:"9.3");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_name("Rosoft Audio Converter '.M3U' file Buffer Overflow Vulnerability");
+  desc = "
+  Overview: This host is installed with Rosoft Audio Converter and is prone
+  to buffer overflow vulnerability.
+
+  Vulnerability Insight:
+  The flaw exists due to boundary error when processing '.M3U' file, which can
+  be exploited by tricking a user into loading a specially crafted M3U file.
+
+  Impact:
+  Successful exploitation will allow remote attackers to execute arbitrary code
+  on the system or cause the application to crash.
+
+  Impact Level: Application.
+
+  Affected Software:
+  Rosoft Audio Converter version 4.4.4
+
+  Fix: No solution or patch is available as on 22th June, 2010. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://www.rosoftengineering.com/FreePrograms.aspx
+
+  References:
+  http://secunia.com/advisories/40195
+  http://xforce.iss.net/xforce/xfdb/59483
+  http://www.exploit-db.com/exploits/13895/ ";
+
+  script_description(desc);
+  script_summary("Check for the version of Rosoft Audio Converter");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2010 SecPod");
+  script_family("Buffer overflow");
+  script_dependencies("secpod_rosoft_audio_converter_detect.nasl");
+  script_require_keys("Rosoft/Audio/Converter/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get version from KB
+racVer = get_kb_item("Rosoft/Audio/Converter/Ver");
+
+if(racVer != NULL)
+{
+  ## Check Rosoft Audio Converter version equal to '4.4.4'
+  if(version_is_equal(version:racVer, test_version:"4.4.4")){
+    security_hole(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_rosoft_audio_converter_bof_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/secpod_rosoft_audio_converter_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_rosoft_audio_converter_detect.nasl	2010-06-22 12:32:37 UTC (rev 8133)
+++ trunk/openvas-plugins/scripts/secpod_rosoft_audio_converter_detect.nasl	2010-06-22 12:43:46 UTC (rev 8134)
@@ -0,0 +1,83 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_rosoft_audio_converter_detect.nasl 9755 2010-06-22 12:17:24Z jun $
+#
+# Rosoft Audio Converter Version Detection
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(902078);
+  script_version("$Revision$: 1.0");
+  script_tag(name:"risk_factor", value:"None");
+  script_name("Rosoft Audio Converter Version Detection");
+  desc = "
+  Overview: This host is installed with Rosoft Audio Converter and sets the
+  result in KB.";
+
+  script_description(desc);
+  script_summary("Set Version of Rosoft Audio Converter in KB");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2010 SecPod");
+  script_family("Service detection");
+  script_dependencies("secpod_reg_enum.nasl");
+  script_require_keys("SMB/WindowsVersion");
+  script_require_ports(139, 445);
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+  exit(0);
+}
+
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
+
+if(!registry_key_exists(key:key)){
+  exit(0);
+}
+
+foreach item(registry_enum_keys(key:key))
+{
+  racName = registry_get_sz(key:key + item, item:"DisplayName");
+
+  ## Check DisplayName for Rosoft Audio Converter
+  if("Rosoft Audio Converter, Silver Edition, Release" >< racName)
+  {
+    ## Get the installed location from registry
+    racPath = registry_get_sz(key:key + item, item:"InstallLocation");
+
+    ## Grep the version for Rosoft Audio Converter
+    racVer = eregmatch(pattern:"Release, ([0-9.]+)", string:racName);
+    if(racVer[1] != NULL)
+    {
+      ## Set the KB Value
+      set_kb_item(name:"Rosoft/Audio/Converter/Ver", value:racVer[1]);
+      security_note(data:"Rosoft Audio Converter version " + racVer[1] +
+                     " running at location " + racPath + " was detected on the host");
+    }
+  }
+}
+


Property changes on: trunk/openvas-plugins/scripts/secpod_rosoft_audio_converter_detect.nasl
___________________________________________________________________
Name: svn:executable
   + *
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/secpod_simm_management_system_lfi_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_simm_management_system_lfi_vuln.nasl	2010-06-22 12:32:37 UTC (rev 8133)
+++ trunk/openvas-plugins/scripts/secpod_simm_management_system_lfi_vuln.nasl	2010-06-22 12:43:46 UTC (rev 8134)
@@ -0,0 +1,106 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_simm_management_system_lfi_vuln.nasl 9741 2010-06-21 14:14:14Z jun $
+#
+# SIMM Management System 'page' Local File Inclusion Vulnerability
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(901127);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2010-2313");
+  script_bugtraq_id(40543);
+  script_tag(name:"cvss_base", value:"6.8");
+  script_tag(name:"risk_factor", value:"High");
+  script_name("SIMM Management System 'page' Local File Inclusion Vulnerability");
+  desc = "
+  Overview: This host is running SIMM Management System and is prone to
+  local file inclusion vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused by improper validation of user-supplied input via
+  the 'page' parameter to 'index.php' when magic_quotes_gpc is disabled,
+  that allows remote attackers to view files and execute local scripts
+  in the context of the webserver.
+
+  Impact:
+  Successful exploitation will let the attacker to obtain potentially
+  sensitive information and to execute arbitrary local scripts in the
+  context of the webserver process.
+
+  Impact Level: Application/System
+
+  Affected Software/OS:
+  Anodyne Productions SIMM Management System Version 2.6.10
+
+  Fix: No solution or patch is available as on 22nd June, 2010. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://www.anodyne-productions.com/index.php/sms/download
+
+  References:
+  http://secunia.com/advisories/40009
+  http://xforce.iss.net/xforce/xfdb/59063
+  http://www.exploit-db.com/exploits/12848/ ";
+
+  script_description(desc);
+  script_summary("Check if SMS is vulnerable to local file inclusion");
+  script_category(ACT_ATTACK);
+  script_copyright("Copyright (C) 2010 SecPod");
+  script_family("Web application abuses");
+  script_dependencies("http_version.nasl");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("http_keepalive.inc");
+
+## Get HTTP Port
+port = get_http_port(default:80);
+if(!port){
+  exit(0);
+}
+
+foreach dir (make_list("/sms", "/SMS", "/", cgi_dirs()))
+{
+  ## Send and Recieve the response
+  req = http_get(item:string(dir,"/index.php?page=main"), port:port);
+  res = http_keepalive_send_recv(port:port,data:req);
+
+  ## Confirm the application
+  if( ('Powered by SMS 2' >< res) && ('>Anodyne Productions<' >< res) )
+  {
+    foreach file (make_list("/etc/passwd","boot.ini"))
+    {
+      ## Try attack and check the response to confirm vulnerability.
+      if(http_vuln_check(port:port, url:string (dir,"/index.php?page=../../",
+                         "../../../../../../../../../../../../../",file,"%00"),
+                         pattern:"(root:.*:0:[01]:|\[boot loader\])"))
+      {
+        security_hole(port:port);
+        exit(0);
+      }
+    }
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_simm_management_system_lfi_vuln.nasl
___________________________________________________________________
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/secpod_symantec_sygate_personal_firewall_bof_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_symantec_sygate_personal_firewall_bof_vuln.nasl	2010-06-22 12:32:37 UTC (rev 8133)
+++ trunk/openvas-plugins/scripts/secpod_symantec_sygate_personal_firewall_bof_vuln.nasl	2010-06-22 12:43:46 UTC (rev 8134)
@@ -0,0 +1,107 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_symantec_sygate_personal_firewall_bof_vuln.nasl 9702 2010-06-18 11:11:11Z jun $
+#
+# Symantec Sygate Personal Firewall ActiveX Buffer Overflow Vulnerability
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(901125);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2010-2305");
+  script_tag(name:"cvss_base", value:"9.3");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_name("Symantec Sygate Personal Firewall ActiveX Buffer Overflow Vulnerability");
+  desc = "
+  Overview: This host is installed with Symantec Sygate Personal Firewall and
+  is prone to Buffer overflow vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused by an error in ActiveX control in SSHelper.dll
+  allows remote attackers to execute arbitrary code via a long third
+  argument to the SetRegString method.
+
+  Impact:
+  Successful exploitation could allow remote attackers to execute arbitrary
+  code on the system or cause the application to crash.
+
+  Impact Level: Application/System
+
+  Affected Software/OS:
+  Symantec Sygate Personal Firewall 5.6 build 2808
+
+  Fix: No solution or patch is available as on 18th June, 2010. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://www.symantec.com/norton/sygate/index.jsp
+
+  References:
+  http://xforce.iss.net/xforce/xfdb/59408
+  http://www.exploit-db.com/exploits/13834
+  http://www.corelan.be:8800/index.php/forum/security-advisories/10-050-sygate-personal-firewall-5-6-build-2808-activex/
+  ";
+
+  script_description(desc);
+  script_summary("Check for the vulnerable version of Symantec Sygate Personal Firewall");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2010 SecPod");
+  script_family("Buffer overflow");
+  script_dependencies("secpod_reg_enum.nasl");
+  script_require_keys("SMB/WindowsVersion");
+  script_require_ports(139, 445);
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+## Confirm Windows OS
+if(!get_kb_item("SMB/WindowsVersion")){
+  exit(0);
+}
+
+## Confirm Sygate Personal Firewall
+if(!registry_key_exists(key:"SOFTWARE\Sygate Technologies, Inc." +
+                              "\Sygate Personal Firewall")){
+    exit(0);
+}
+
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
+
+## Get Sygate Personal Firewall version from registry
+foreach item(registry_enum_keys(key:key))
+{
+  name = registry_get_sz(key:key + item, item:"DisplayName");
+  if("Sygate Personal Firewall" >< name)
+  {
+    ver = registry_get_sz(key:key + item, item:"DisplayVersion");
+    if(ver != NULL)
+    {
+      if(version_is_equal(version:ver, test_version:"5.6.2808")){
+        security_hole(0);
+        exit(0);
+      }
+    }
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_symantec_sygate_personal_firewall_bof_vuln.nasl
___________________________________________________________________
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/secpod_unrealircd_bof_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_unrealircd_bof_vuln.nasl	2010-06-22 12:32:37 UTC (rev 8133)
+++ trunk/openvas-plugins/scripts/secpod_unrealircd_bof_vuln.nasl	2010-06-22 12:43:46 UTC (rev 8134)
@@ -0,0 +1,107 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_unrealircd_bof_vuln.nasl 9678 2010-06-22 11:11:11Z jun $
+#
+# UnrealIRCd Buffer Overflow Vulnerability
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(901126);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2009-4893");
+  script_tag(name:"cvss_base", value:"6.8");
+  script_tag(name:"risk_factor", value:"High");
+  script_name("UnrealIRCd Buffer Overflow Vulnerability");
+  desc = "
+  Overview: This host is running UnrealIRCd and is prone to buffer overflow
+  vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused by an error when allow::options::noident is enabled,
+  which allows remote attackers to cause a denial of service and possibly
+  execute arbitrary code via unspecified vectors.
+
+  Impact:
+  Successful exploitation will let the attacker to cause a denial of service
+  and possibly execute arbitrary code via unspecified vectors.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  UnrealIRCd version 3.2beta11 through 3.2.8
+
+  Fix: Upgrade to UnrealIRCd version 3.2.8.1 or later,
+  For updates refer, http://www.unrealircd.com/downloads.php
+
+  Workaround: Remove noident from the allow::options and /REHASH.
+
+  *****
+  NOTE: Ignore this warning, if allow::options::noident is not enabled.
+  *****
+
+  References:
+  http://security.gentoo.org/glsa/glsa-201006-21.xml
+  http://www.openwall.com/lists/oss-security/2010/06/14/13
+  http://www.unrealircd.com/txt/unrealsecadvisory.20090413.txt ";
+
+  script_description(desc);
+  script_summary("Check for the vulnerable version of UnrealIRCd");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2010 SecPod");
+  script_family("Buffer overflow");
+  script_dependencies("find_service.nes","ircd.nasl");
+  script_require_ports("Services/irc", 6667);
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get IRC port
+port = get_kb_item("Services/irc");
+if (!port){
+  port = 6667;
+}
+
+## Check port status
+if(!get_port_state(port)){
+   exit(0);
+}
+
+## Get Banner
+banner = get_kb_item(string("irc/banner/", port));
+if(isnull(banner)){
+  exit(0);
+}
+
+## Confirm Application
+if("unreal" >< tolower(banner))
+{
+  ## Get Version from Banner
+  ver = eregmatch(pattern:"[u|U]nreal([0-9.]+)", string:banner);
+
+  ## Check for vulnerable versions
+  if(version_in_range (version: ver[1], test_version: "3.2", test_version2: "3.2.8") ){
+    security_hole(port);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_unrealircd_bof_vuln.nasl
___________________________________________________________________
Name: svn:keywords
   + Revision

More information about the Openvas-commits mailing list