[Openvas-commits] r9380 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Wed Nov 10 13:18:16 CET 2010 

Author: mime
Date: 2010-11-10 13:18:12 +0100 (Wed, 10 Nov 2010)
New Revision: 9380

Added:
   trunk/openvas-plugins/scripts/gb_mysql_43676.nasl
   trunk/openvas-plugins/scripts/gb_php_44605.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/gb_php_44727.nasl
Log:
Added new plugins. Fixed typo. Exit if report_paranoia is < 2.

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2010-11-10 08:12:59 UTC (rev 9379)
+++ trunk/openvas-plugins/ChangeLog	2010-11-10 12:18:12 UTC (rev 9380)
@@ -1,3 +1,12 @@
+2010-11-10  Michael Meyer <michael.meyer at greenbone.net>
+
+	* scripts/gb_mysql_43676.nasl,
+	scripts/gb_php_44605.nasl:
+	Added new plugins.
+
+	* scripts/gb_php_44727.nasl:
+	Fixed typo. Exit if report_paranoia is < 2.
+
 2010-11-10  Chandrashekhar B <bchandra at secpod.com>
 
 	* scripts/secpod_totalcalendar_sql_inj_n_dir_trav_vuln.nasl,

Added: trunk/openvas-plugins/scripts/gb_mysql_43676.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_mysql_43676.nasl	2010-11-10 08:12:59 UTC (rev 9379)
+++ trunk/openvas-plugins/scripts/gb_mysql_43676.nasl	2010-11-10 12:18:12 UTC (rev 9380)
@@ -0,0 +1,79 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Oracle MySQL Prior to 5.1.51 Multiple Denial Of Service Vulnerabilities
+#
+# Authors:
+# Michael Meyer <michael.meyer at greenbone.net>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100900);
+ script_bugtraq_id(43676);
+ script_cve_id("CVE-2010-3833","CVE-2010-3834","CVE-2010-3835","CVE-2010-3836","CVE-2010-3837","CVE-2010-3838","CVE-2010-3839","CVE-2010-3840");
+ script_version ("1.0-$Revision$");
+
+ script_name("Oracle MySQL Prior to 5.1.51 Multiple Denial Of Service Vulnerabilities");
+
+desc = "Overview:
+MySQL is prone to multiple denial-of-service vulnerabilities.
+
+An attacker can exploit these issues to crash the database, denying
+access to legitimate users.
+
+These issues affect versions prior to MySQL 5.1.51.
+
+Solution:
+Updates are available. Please see the references for more information.
+
+References:
+https://www.securityfocus.com/bid/43676
+http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html
+http://www.mysql.com/";
+
+ script_tag(name:"risk_factor", value:"Medium");
+ script_description(desc);
+ script_summary("Determine if installed MySQL version is vulnerable");
+ script_category(ACT_GATHER_INFO);
+ script_family("Databases");
+ script_copyright("This script is Copyright (C) 2010 Greenbone Networks GmbH");
+ script_dependencies("mysql_version.nasl");
+ script_require_ports("Services/mysql", 3306);
+ exit(0);
+}
+
+include("version_func.inc");
+include("misc_func.inc");
+
+if (report_paranoia < 2)exit(0); # this nvt is prone to fp
+
+port = get_kb_item("Services/mysql");
+if(!port)port = 3306;
+if(!get_tcp_port_state(port))exit(0);
+
+if(!ver = get_mysql_version(port:port))exit(0);
+
+if(version_in_range(version:ver, test_version:"5", test_version2:"5.1.50")) {
+  security_warning(port:port);
+  exit(0);
+}
+
+exit(0);


Property changes on: trunk/openvas-plugins/scripts/gb_mysql_43676.nasl
___________________________________________________________________
Name: svn:keywords
   + Id Revision

Added: trunk/openvas-plugins/scripts/gb_php_44605.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_php_44605.nasl	2010-11-10 08:12:59 UTC (rev 9379)
+++ trunk/openvas-plugins/scripts/gb_php_44605.nasl	2010-11-10 12:18:12 UTC (rev 9380)
@@ -0,0 +1,92 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# PHP 'xml_utf8_decode()' UTF-8 Input Validation Vulnerability
+#
+# Authors:
+# Michael Meyer <michael.meyer at greenbone.net>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100901);
+ script_bugtraq_id(44605);
+ script_cve_id("CVE-2010-3870");
+ script_version ("1.0-$Revision$");
+
+ script_name("PHP 'xml_utf8_decode()' UTF-8 Input Validation Vulnerability");
+
+desc = "Overview:
+PHP is prone to a vulnerability because it fails to
+sufficiently sanitize user-supplied input.
+
+Exploiting this issue can allow attackers to provide unexpected input
+and possibly bypass input-validation protection mechanisms. This can
+aid in further attacks that may utilize crafted user-supplied input.
+
+Versions prior to PHP 5.3.4 are vulnerable.
+
+Solution:
+Updates are available. Please see the references for more information.
+
+References:
+https://www.securityfocus.com/bid/44605
+http://bugs.php.net/bug.php?id=48230
+http://bugs.php.net/bug.php?id=49687
+http://svn.php.net/viewvc?view=revision&revision=304959
+http://www.php.net/
+http://comments.gmane.org/gmane.comp.security.oss.general/3684
+http://www.mandriva.com/en/security/advisories?name=MDVSA-2010:224";
+
+ script_tag(name:"risk_factor", value:"Medium");
+ script_description(desc);
+ script_summary("Determine if installed php version is vulnerable");
+ script_category(ACT_GATHER_INFO);
+ script_family("General");
+ script_copyright("This script is Copyright (C) 2010 Greenbone Networks GmbH");
+ script_dependencies("gb_php_detect.nasl");
+ script_require_ports("Services/www", 80);
+ exit(0);
+}
+
+include("http_func.inc");
+include("version_func.inc");
+
+if ( report_paranoia < 2 ) exit(0); # this nvt is prone to FP
+
+port = get_http_port(default:80);
+if(!get_port_state(port))exit(0);
+
+if (!can_host_php(port:port)) exit(0);
+
+if(!vers = get_kb_item(string("www/", port, "/PHP")))exit(0);
+
+if(!isnull(vers)) {
+
+  if(version_in_range(version: vers, test_version: "5", test_version2: "5.3.3")) {
+      security_warning(port:port);
+      exit(0);
+  }
+
+
+}
+
+exit(0);
+


Property changes on: trunk/openvas-plugins/scripts/gb_php_44605.nasl
___________________________________________________________________
Name: svn:keywords
   + Id Revision

Modified: trunk/openvas-plugins/scripts/gb_php_44727.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_php_44727.nasl	2010-11-10 08:12:59 UTC (rev 9379)
+++ trunk/openvas-plugins/scripts/gb_php_44727.nasl	2010-11-10 12:18:12 UTC (rev 9380)
@@ -49,7 +49,7 @@
 
  script_tag(name:"risk_factor", value:"Medium");
  script_description(desc);
- script_summary("Determine if installed oho version is vulnerable");
+ script_summary("Determine if installed php version is vulnerable");
  script_category(ACT_GATHER_INFO);
  script_family("General");
  script_copyright("This script is Copyright (C) 2010 Greenbone Networks GmbH");
@@ -61,6 +61,8 @@
 include("http_func.inc");
 include("version_func.inc");
 
+if ( report_paranoia < 2 ) exit(0); # this nvt is prone to FP
+
 port = get_http_port(default:80);
 if(!get_port_state(port))exit(0);

More information about the Openvas-commits mailing list