[Openvas-commits] r11430 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Thu Aug 11 06:41:09 CEST 2011
Author: veerendragg
Date: 2011-08-11 06:41:03 +0200 (Thu, 11 Aug 2011)
New Revision: 11430
Added:
trunk/openvas-plugins/scripts/gb_ms_activebar_activex_control_mult_vuln.nasl
trunk/openvas-plugins/scripts/gb_ms_insecure_lib_loading_vuln.nasl
trunk/openvas-plugins/scripts/secpod_ms11-057.nasl
trunk/openvas-plugins/scripts/secpod_ms11-058.nasl
trunk/openvas-plugins/scripts/secpod_ms11-059.nasl
trunk/openvas-plugins/scripts/secpod_ms11-060.nasl
trunk/openvas-plugins/scripts/secpod_ms11-062.nasl
trunk/openvas-plugins/scripts/secpod_ms11-063.nasl
trunk/openvas-plugins/scripts/secpod_ms11-064.nasl
trunk/openvas-plugins/scripts/secpod_ms11-065.nasl
trunk/openvas-plugins/scripts/secpod_ms11-066.nasl
trunk/openvas-plugins/scripts/secpod_ms11-067.nasl
trunk/openvas-plugins/scripts/secpod_ms11-068.nasl
trunk/openvas-plugins/scripts/secpod_ms11-069.nasl
Modified:
trunk/openvas-plugins/ChangeLog
Log:
Added MS bulletin plugins - August 2011. Added MS Advisories.
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2011-08-10 17:39:32 UTC (rev 11429)
+++ trunk/openvas-plugins/ChangeLog 2011-08-11 04:41:03 UTC (rev 11430)
@@ -12,6 +12,26 @@
2011-08-10 Veerendra G.G <veerendragg at secpod.com>
+ * scripts/secpod_ms11-060.nasl,
+ scripts/secpod_ms11-058.nasl,
+ scripts/secpod_ms11-067.nasl,
+ scripts/secpod_ms11-064.nasl,
+ scripts/secpod_ms11-059.nasl,
+ scripts/secpod_ms11-068.nasl,
+ scripts/secpod_ms11-065.nasl,
+ scripts/secpod_ms11-062.nasl,
+ scripts/secpod_ms11-057.nasl,
+ scripts/secpod_ms11-069.nasl,
+ scripts/secpod_ms11-066.nasl,
+ scripts/secpod_ms11-063.nasl:
+ Added MS bulletin plugins - August 2011.
+
+ * scripts/gb_ms_insecure_lib_loading_vuln.nasl,
+ scripts/gb_ms_activebar_activex_control_mult_vuln.nasl:
+ Added MS Advisories.
+
+2011-08-10 Veerendra G.G <veerendragg at secpod.com>
+
* scripts/gb_google_chrome_mult_vuln_aug11_macosx.nasl,
scripts/gb_habari_install_path_disc_vuln.nasl,
scripts/gb_google_chrome_detect_macosx.nasl,
Added: trunk/openvas-plugins/scripts/gb_ms_activebar_activex_control_mult_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ms_activebar_activex_control_mult_vuln.nasl 2011-08-10 17:39:32 UTC (rev 11429)
+++ trunk/openvas-plugins/scripts/gb_ms_activebar_activex_control_mult_vuln.nasl 2011-08-11 04:41:03 UTC (rev 11430)
@@ -0,0 +1,101 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_ms_activebar_activex_control_mult_vuln.nasl 16618 2011-08-10 18:55:09Z aug $
+#
+# Microsoft Windows ActiveX Control Multiple Vulnerabilities (2562937)
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801966);
+ script_version("$Revision: 1.0$");
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"risk_factor", value:"High");
+ script_name("Microsoft Windows ActiveX Control Multiple Vulnerabilities (2562937)");
+ desc = "
+ Overview: This script will list all the vulnerable activex controls installed
+ on the remote windows machine with references and cause.
+
+ Vulnerability Insight:
+ The flaws are caused due to error in restricting the SetLayoutData method,
+ which fails to properly restrict the SetLayoutData method.
+
+ Impact:
+ Successful exploitation will let the remote attackers execute arbitrary code,
+ and can compromise a vulnerable system.
+
+ Impact Level: System
+
+ Affected Software/OS:
+ Microsoft Windows 7 Service Pack 1 and prior.
+ Microsoft Windows XP Service Pack 3 and prior.
+ Microsoft Windows 2003 Service Pack 2 and prior.
+ Microsoft Windows Vista Service Pack 2 and prior.
+ Microsoft Windows Server 2008 Service Pack 2 and prior.
+
+ Fix: Apply the patch from below link,
+ http://support.microsoft.com/kb/2562937
+
+ Workaround:
+ Set the killbit for the following CLSIDs,
+ {B4CB50E4-0309-4906-86EA-10B6641C8392},
+ {E4F874A0-56ED-11D0-9C43-00A0C90F29FC},
+ {FB7FE605-A832-11D1-88A8-0000E8D220A6}
+
+ References:
+ http://support.microsoft.com/kb/2562937
+ http://www.microsoft.com/technet/security/advisory/2562937.mspx ";
+
+ script_description(desc);
+ script_summary("Check for the CLSID and Hotfix");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Windows");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_ports(139, 445);
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_reg.inc");
+include("secpod_activex.inc");
+
+# Hotfix check
+if(hotfix_missing(name:"2562937") == 0){
+ exit(0);
+}
+
+# Check if Kill-Bit is set for ActiveX control
+clsids = make_list("{B4CB50E4-0309-4906-86EA-10B6641C8392}",
+ "{E4F874A0-56ED-11D0-9C43-00A0C90F29FC}",
+ "{FB7FE605-A832-11D1-88A8-0000E8D220A6}");
+
+## check for each bit
+foreach clsid (clsids)
+{
+ if(is_killbit_set(clsid:clsid) != 1)
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_ms_activebar_activex_control_mult_vuln.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_ms_insecure_lib_loading_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ms_insecure_lib_loading_vuln.nasl 2011-08-10 17:39:32 UTC (rev 11429)
+++ trunk/openvas-plugins/scripts/gb_ms_insecure_lib_loading_vuln.nasl 2011-08-11 04:41:03 UTC (rev 11430)
@@ -0,0 +1,91 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_ms_insecure_lib_loading_vuln.nasl 16619 2011-08-10 11:40:05Z aug $
+#
+# Microsoft Windows Insecure Library Loading Vulnerability (2269637)
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802136);
+ script_version("$Revision: 1.0$");
+ script_tag(name:"cvss_base", value:"9.3");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_name("Microsoft Windows Insecure Library Loading Vulnerability (2269637)");
+ desc = "
+ Overview:
+ This host has critical security update missing according to Microsoft
+ Security Advisory (2269637).
+
+ Vulnerability Insight:
+ The flaw caused due to the applications installed on windows, passes an
+ insufficiently qualified path of '.dll' files when loading an external
+ library.
+
+ Impact:
+ Successful exploitation will allow attacker to remotely execute arbitrary
+ code in the context of the user running the vulnerable application when the
+ user opens a file from an untrusted location.
+
+ Impact Level: System
+
+ Affected Software/OS:
+ Microsoft Windows 7 Service Pack 1 and prior.
+ Microsoft Windows XP Service Pack 3 and prior.
+ Microsoft Windows 2003 Service Pack 2 and prior.
+ Microsoft Windows Vista Service Pack 2 and prior.
+ Microsoft Windows Server 2008 Service Pack 2 and prior.
+
+ Fix: No solution or patch is available as on 10th, August, 2011. Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://technet.microsoft.com/en-us/security/default.aspx
+
+ Workaround:
+ Apply workaround from below link,
+ http://support.microsoft.com/kb/2264107
+
+ References:
+ http://support.microsoft.com/kb/2264107
+ http://forums.cnet.com/7723-6132_102-407460.html
+ http://www.microsoft.com/technet/security/advisory/2269637.mspx ";
+
+ script_description(desc);
+ script_summary("Check for the presence of registry key");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("General");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_ports(139, 445);
+ exit(0);
+}
+
+include("smb_nt.inc");
+
+key = "SYSTEM\CurrentControlSet\Control\Session Manager";
+if(registry_key_exists(key:key))
+{
+ ## Checking the item CWDIllegalInDllSearch, added after applying workaround
+ value = registry_get_dword(key:key, item:"CWDIllegalInDllSearch");
+ if(isnull(value)){
+ security_hole(0);
+ }
+}
Added: trunk/openvas-plugins/scripts/secpod_ms11-057.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms11-057.nasl 2011-08-10 17:39:32 UTC (rev 11429)
+++ trunk/openvas-plugins/scripts/secpod_ms11-057.nasl 2011-08-11 04:41:03 UTC (rev 11430)
@@ -0,0 +1,184 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_ms11-057.nasl 16605 2011-08-10 11:40:09Z aug $
+#
+# Microsoft Internet Explorer Multiple Vulnerabilities (2559049)
+#
+# Authors:
+# Rachana Shetty <srachana at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(902613);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2011-1257", "CVE-2011-1960", "CVE-2011-1961", "CVE-2011-1962",
+ "CVE-2011-1963", "CVE-2011-1964", "CVE-2011-2383");
+ script_bugtraq_id(48994, 49023, 49027, 49032, 49037, 49039, 47989);
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_name("Microsoft Internet Explorer Multiple Vulnerabilities (2559049)");
+ desc = "
+ Overview: This host has critical security update missing according to
+ Microsoft Bulletin MS11-057.
+
+ Vulnerability Insight:
+ Multiple flaws are due to, the way Internet Explorer handles objects in
+ memory, handles JavaScript event handlers, accesses files stored in the
+ local machine, renders data during certain processes and the way the telnet
+ handler executes the associated application.
+
+ Impact:
+ Successful exploitation could allow remote attackers to execute arbitrary
+ code in the context of the application. Failed exploit attempts will result
+ in denial-of-service conditions.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Microsoft Internet Explorer version 6.x/7.x/8.x/9.x
+
+ Fix:
+ Run Windows Update and update the listed hotfixes or download and
+ update mentioned hotfixes in the advisory from the below link,
+ http://www.microsoft.com/technet/security/bulletin/ms11-057.mspx
+
+ References:
+ http://support.microsoft.com/kb/2559049
+ http://www.microsoft.com/technet/security/bulletin/ms11-057.mspx ";
+
+ script_description(desc);
+ script_summary("Check for the vulnerable 'Mshtml.dll' file version");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2011 SecPod");
+ script_family("Windows : Microsoft Bulletins");
+ script_dependencies("gb_ms_ie_detect.nasl");
+ script_require_keys("MS/IE/Version");
+ script_require_ports(139, 445);
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_reg.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+if(hotfix_check_sp(xp:4, win2003:3, winVista:3, win2008:3, win7:2) <= 0){
+ exit(0);
+}
+
+ieVer = get_kb_item("MS/IE/Version");
+if(!ieVer){
+ exit(0);
+}
+
+## MS11-057 Hotfix (2559049)
+if(hotfix_missing(name:"2559049") == 0){
+ exit(0);
+}
+
+## Get System Path
+sysPath = smb_get_systemroot();
+if(!sysPath ){
+ exit(0);
+}
+
+## Get Version from Mshtml.dll
+dllVer = fetch_file_version(sysPath, file_name:"system32\Mshtml.dll");
+if(!dllVer){
+ exit(0);
+}
+
+## Windows XP
+if(hotfix_check_sp(xp:4) > 0)
+{
+ SP = get_kb_item("SMB/WinXP/ServicePack");
+ if("Service Pack 3" >< SP)
+ {
+ ## Check for Mshtml.dll version
+ if(version_in_range(version:dllVer, test_version:"6.0.2900.0000", test_version2:"6.0.2900.6128") ||
+ version_in_range(version:dllVer, test_version:"7.0.6000.16000", test_version2:"7.0.6000.17101")||
+ version_in_range(version:dllVer, test_version:"7.0.6000.21000", test_version2:"7.0.6000.21304")||
+ version_in_range(version:dllVer, test_version:"8.0.6001.18000", test_version2:"8.0.6001.19119") ||
+ version_in_range(version:dllVer, test_version:"8.0.6001.23000", test_version2:"8.0.6001.23215")){
+ security_hole(0);
+ }
+ exit(0);
+ }
+ security_hole(0);
+}
+
+## Windows 2003
+else if(hotfix_check_sp(win2003:3) > 0)
+{
+ SP = get_kb_item("SMB/Win2003/ServicePack");
+ if("Service Pack 2" >< SP)
+ {
+ ## Check for Mshtml.dll version
+ if(version_in_range(version:dllVer, test_version:"6.0.3790.0000", test_version2:"6.0.3790.4881") ||
+ version_in_range(version:dllVer, test_version:"7.0.6000.16000", test_version2:"7.0.6000.17101")||
+ version_in_range(version:dllVer, test_version:"7.0.6000.21000", test_version2:"7.0.6000.21304")||
+ version_in_range(version:dllVer, test_version:"8.0.6001.18000", test_version2:"8.0.6001.19119") ||
+ version_in_range(version:dllVer, test_version:"8.0.6001.23000", test_version2:"8.0.6001.23215")){
+ security_hole(0);
+ }
+ exit(0);
+ }
+ security_hole(0);
+}
+
+## Windows Vista and Windows Server 2008
+else if(hotfix_check_sp(winVista:3, win2008:3) > 0)
+{
+ SP = get_kb_item("SMB/WinVista/ServicePack");
+
+ if(!SP) {
+ SP = get_kb_item("SMB/Win2008/ServicePack");
+ }
+
+ if("Service Pack 2" >< SP)
+ {
+ ## Check for Mshtml.dll version
+ if(version_in_range(version:dllVer, test_version:"7.0.6002.18000", test_version2:"7.0.6002.18493")||
+ version_in_range(version:dllVer, test_version:"7.0.6002.22000", test_version2:"7.0.6002.22682")||
+ version_in_range(version:dllVer, test_version:"8.0.6001.18000", test_version2:"8.0.6001.19119")||
+ version_in_range(version:dllVer, test_version:"8.0.6001.23000", test_version2:"8.0.6001.23215")||
+ version_in_range(version:dllVer, test_version:"9.0.8112.16000", test_version2:"9.0.8112.16433")||
+ version_in_range(version:dllVer, test_version:"9.0.8112.20000", test_version2:"9.0.8112.20533")){
+ security_hole(0);
+ }
+ exit(0);
+ }
+ security_hole(0);
+}
+
+## Windows 7
+else if(hotfix_check_sp(win7:2) > 0)
+{
+ ## Check for Mshtml.dll version
+ if(version_in_range(version:dllVer, test_version:"8.0.7600.16000", test_version2:"8.0.7600.16852")||
+ version_in_range(version:dllVer, test_version:"8.0.7600.20000", test_version2:"8.0.7600.21012")||
+ version_in_range(version:dllVer, test_version:"8.0.7601.16000", test_version2:"8.0.7601.17654")||
+ version_in_range(version:dllVer, test_version:"8.0.7601.21000", test_version2:"8.0.7601.21775")||
+ version_in_range(version:dllVer, test_version:"9.0.8112.16000", test_version2:"9.0.8112.16433")||
+ version_in_range(version:dllVer, test_version:"9.0.8112.20000", test_version2:"9.0.8112.20533")){
+ security_hole(0);
+ }
+}
Added: trunk/openvas-plugins/scripts/secpod_ms11-058.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms11-058.nasl 2011-08-10 17:39:32 UTC (rev 11429)
+++ trunk/openvas-plugins/scripts/secpod_ms11-058.nasl 2011-08-11 04:41:03 UTC (rev 11430)
@@ -0,0 +1,140 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_ms11-058.nasl 16606 2011-08-10 01:11:11Z aug $
+#
+# Microsoft Windows DNS Server Remote Code Execution Vulnerability (2562485)
+#
+# Authors:
+# Veerendra G.G <veerendragg at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900295);
+ script_version("$Revision: 1.0$");
+ script_bugtraq_id(49019, 49012);
+ script_cve_id("CVE-2011-1966", "CVE-2011-1970");
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_name("Microsoft Windows DNS Server Remote Code Execution Vulnerability (2562485)");
+ desc = "
+ Overview: This host has critical security update missing according to
+ Microsoft Bulletin MS11-058.
+
+ Vulnerability Insight:
+ The flaws are exists when Windows DNS server processing a query for a NAPTR
+ (Name Authority Pointer) resource record and when processing a query for
+ a non-existent domain.
+
+ Impact:
+ Successful exploitation could allow remote attacker to execute arbitrary
+ code or to cause the DNS server to stop responding.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Microsoft Windows 2K3 Service Pack 2 and prior.
+ Microsoft Windows Server 2008 Service Pack 2 and prior.
+
+ Fix:
+ Run Windows Update and update the listed hotfixes or download and
+ update mentioned hotfixes in the advisory from the below link,
+ http://www.microsoft.com/technet/security/bulletin/ms11-058.mspx
+
+ References:
+ http://secunia.com/advisories/45564
+ http://secunia.com/advisories/45552
+ http://support.microsoft.com/kb/2562485
+ http://www.sophos.com/support/knowledgebase/article/113982.html
+ http://www.microsoft.com/technet/security/bulletin/ms11-058.mspx
+ ";
+
+ script_description(desc);
+ script_summary("Check for the vulnerable 'Dns.exe' file version");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2011 SecPod");
+ script_family("Windows : Microsoft Bulletins");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_ports(139, 445);
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_reg.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+## Check for OS and Service Pack
+if(hotfix_check_sp(win2003:3, win2008:3) <= 0){
+ exit(0);
+}
+
+if(!registry_key_exists(key:"SYSTEM\CurrentControlSet\Services\DNS")){
+ exit(0);
+}
+
+## MS11-058 Hotfix 2562485
+if((hotfix_missing(name:"2562485") == 0)){
+ exit(0);
+}
+
+## Get System Path
+sysPath = smb_get_systemroot();
+if(!sysPath ){
+ exit(0);
+}
+
+## Get Version for Dns.exe
+sysVer = fetch_file_version(sysPath, file_name:"system32\Dns.exe");
+if(!sysVer){
+ exit(0);
+}
+
+## Windows 2003
+if(hotfix_check_sp(win2003:3) > 0)
+{
+ SP = get_kb_item("SMB/Win2003/ServicePack");
+ if("Service Pack 2" >< SP)
+ {
+ ## Check for Dns.exe version
+ if(version_is_less(version:sysVer, test_version:"5.2.3790.4882")){
+ security_hole(0);
+ }
+ exit(0);
+ }
+ security_hole(0);
+}
+
+## Windows Server 2008
+else if(hotfix_check_sp(win2008:3) > 0)
+{
+ SP = get_kb_item("SMB/Win2008/ServicePack");
+
+ if("Service Pack 2" >< SP)
+ {
+ ## Check for Dns.exe version
+ if(version_in_range(version:sysVer, test_version:"6.0.6002.18000", test_version2:"6.0.6002.18485")||
+ version_in_range(version:sysVer, test_version:"6.0.6002.22000", test_version2:"6.0.6002.22664")){
+ security_hole(0);
+ }
+ exit(0);
+ }
+ security_hole(0);
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_ms11-058.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_ms11-059.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms11-059.nasl 2011-08-10 17:39:32 UTC (rev 11429)
+++ trunk/openvas-plugins/scripts/secpod_ms11-059.nasl 2011-08-11 04:41:03 UTC (rev 11430)
@@ -0,0 +1,114 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_ms11-059.nasl 16607 2011-08-09 12:30:35Z aug $
+#
+# Microsoft Data Access Components Remote Code Execution Vulnerabilities (2560656)
+#
+# Authors:
+# Veerendra GG <veerendragg at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900294);
+ script_version("$Revision$:1.0");
+ script_bugtraq_id(49026);
+ script_cve_id("CVE-2011-1975");
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_name("Microsoft Data Access Components Remote Code Execution Vulnerabilities (2560656)");
+ desc = "
+ Overview: This host has important security update missing according to
+ Microsoft Bulletin MS11-059.
+
+ Vulnerability Insight:
+ The flaws are due when the Windows Data Access Tracing component incorrectly
+ restricts the path used for loading external libraries.
+
+ Impact:
+ Successful exploitation could allow remote attacker to execute arbitrary code
+ by tricking a user into opening a Microsoft Excel file (.xlsx) located on a
+ remote WebDAV or SMB share.
+
+ Impact Level: System
+
+ Affected Software/OS:
+ Microsoft Windows 7 Service Pack 1 and prior.
+
+ Fix:
+ Run Windows Update and update the listed hotfixes or download and
+ update mentioned hotfixes in the advisory from the below link,
+ http://www.microsoft.com/technet/security/bulletin/ms11-059.mspx
+
+ References:
+ http://secunia.com/advisories/45246
+ http://support.microsoft.com/kb/2560656
+ http://www.sophos.com/support/knowledgebase/article/113981.html
+ http://www.microsoft.com/technet/security/bulletin/ms11-059.mspx
+ ";
+
+ script_description(desc);
+ script_summary("Check for the vulnerable 'Odbcjt32.dll' file version");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2011 SecPod");
+ script_family("Windows : Microsoft Bulletins");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_ports(139, 445);
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_reg.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+## Check for OS and Service Pack
+if(hotfix_check_sp(win7:2) <= 0){
+ exit(0);
+}
+
+## MS11-043 Hotfix (2560656)
+if(hotfix_missing(name:"2560656") == 0){
+ exit(0);
+}
+
+## Get System Path
+sysPath = smb_get_systemroot();
+if(!sysPath ){
+ exit(0);
+}
+
+## Get Version from Odbcjt32.dll file
+sysVer = fetch_file_version(sysPath, file_name:"system32\Odbcjt32.dll");
+if(!sysVer){
+ exit(0);
+}
+
+## Windows 7
+if(hotfix_check_sp(win7:2) > 0)
+{
+ ## Check for Odbcjt32.dll version
+ if(version_in_range(version:sysVer, test_version:"6.1.7600.16000", test_version2:"6.1.7600.16832")||
+ version_in_range(version:sysVer, test_version:"6.1.7600.20000", test_version2:"6.1.7600.20986")||
+ version_in_range(version:sysVer, test_version:"6.1.7601.17000", test_version2:"6.1.7601.17631")||
+ version_in_range(version:sysVer, test_version:"6.1.7601.21000", test_version2:"6.1.7601.21746")){
+ security_hole(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_ms11-059.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_ms11-060.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms11-060.nasl 2011-08-10 17:39:32 UTC (rev 11429)
+++ trunk/openvas-plugins/scripts/secpod_ms11-060.nasl 2011-08-11 04:41:03 UTC (rev 11430)
@@ -0,0 +1,99 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_ms11-060.nasl 16608 2011-08-10 15:26:22Z aug $
+#
+# Microsoft Visio Remote Code Execution Vulnerabilities (2560978)
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright (c) 2011 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(902464);
+ script_version("$Revision: 1.0$");
+ script_cve_id("CVE-2011-1972", "CVE-2011-1979");
+ script_bugtraq_id(49024);
+ script_tag(name:"cvss_base", value:"7.6");
+ script_tag(name:"risk_factor", value:"High");
+ script_name("Microsoft Visio Remote Code Execution Vulnerabilities (2560978)");
+ desc = "
+ Overview: This host has important security update missing according to
+ Microsoft Bulletin MS11-060.
+
+ Vulnerability Insight:
+ The flaws are caused due to an error, while validating of Microsoft Visio
+ objects in memory when parsing specially crafted Visio files.
+
+ Impact:
+ Successful exploitation could allow users to execute arbitrary code via a
+ specially crafted Visio file.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Microsoft Visio 2003 Service Pack 3 and prior.
+ Microsoft Visio 2007 Service Pack 2 and prior.
+ Microsoft Visio 2010 Service Pack 1 and prior.
+
+ Fix:
+ Run Windows Update and update the listed hotfixes or download and
+ update mentioned hotfixes in the advisory from the below link,
+ http://www.microsoft.com/technet/security/bulletin/MS11-060.mspx
+
+ References:
+ http://support.microsoft.com/kb/2553009
+ http://support.microsoft.com/kb/2553010
+ http://support.microsoft.com/kb/2553008
+ http://www.microsoft.com/technet/security/bulletin/MS11-060.mspx ";
+
+ script_description(desc);
+ script_summary("Check for version of vulnerable file 'visio.exe'");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2011 SecPod");
+ script_family("Windows : Microsoft Bulletins");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_ports(139, 445);
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+## Check for Office Visio
+sysPath = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion" +
+ "\App Paths\visio.exe", item:"Path");
+## if path is not found exit
+if(!sysPath){
+ exit(0);
+}
+
+## Get file version
+exeVer = fetch_file_version(sysPath, file_name:"visio.exe");
+if(!exeVer){
+ exit(0);
+}
+
+# Check for visio.exe version for 2003 and 2007
+if(version_in_range(version:exeVer, test_version:"11.0", test_version2:"11.0.8206.0000" ) ||
+ version_in_range(version:exeVer, test_version:"12.0", test_version2:"12.0.6556.4999") ||
+ version_in_range(version:exeVer, test_version:"14.0", test_version2:"14.0.6106.4999")){
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/secpod_ms11-062.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms11-062.nasl 2011-08-10 17:39:32 UTC (rev 11429)
+++ trunk/openvas-plugins/scripts/secpod_ms11-062.nasl 2011-08-11 04:41:03 UTC (rev 11430)
@@ -0,0 +1,132 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_ms11-062.nasl 16610 2011-08-10 06:30:35Z aug $
+#
+# MS Windows Remote Access Service NDISTAPI Driver Privilege Elevation Vulnerability (2566454)
+#
+# Authors:
+# Veerendra GG <veerendragg at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900298);
+ script_version("$Revision: 1.0$");
+ script_bugtraq_id(48996);
+ script_cve_id("CVE-2011-1974");
+ script_tag(name:"cvss_base", value:"5.5");
+ script_tag(name:"risk_factor", value:"High");
+ script_name("MS Windows Remote Access Service NDISTAPI Driver Privilege Elevation Vulnerability (2566454)");
+ desc = "
+ Overview: This host has important security update missing according to
+ Microsoft Bulletin MS11-062.
+
+ Vulnerability Insight:
+ The flaws are caused due to an input validation error in the Remote Access
+ Service NDISTAPI driver (NDISTAPI.sys) when passing certain user-mode input
+ to the kernel.
+
+ Impact:
+ Successful exploitation could allow remote attacker to execute arbitrary
+ code with kernel privileges via a specially crafted application.
+
+ Impact Level: System
+
+ Affected Software/OS:
+ Microsoft Windows XP Service Pack 3 and prior.
+ Microsoft Windows 2003 Service Pack 2 and prior.
+
+ Fix:
+ Run Windows Update and update the listed hotfixes or download and
+ update mentioned hotfixes in the advisory from the below link,
+ http://www.microsoft.com/technet/security/bulletin/ms11-062.mspx
+
+ References:
+ http://secunia.com/advisories/45408
+ http://support.microsoft.com/kb/2566454
+ http://www.microsoft.com/technet/security/bulletin/ms11-062.mspx
+ ";
+
+ script_description(desc);
+ script_summary("Check for the vulnerable 'Ndistapi.sys' file version");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2011 SecPod");
+ script_family("Windows : Microsoft Bulletins");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_ports(139, 445);
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_reg.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+## Check for OS and Service Pack
+if(hotfix_check_sp(xp:4, win2003:3) <= 0){
+ exit(0);
+}
+
+## MS11-062 Hotfix (2566454)
+if(hotfix_missing(name:"2566454") == 0){
+ exit(0);
+}
+
+## Get System Path
+sysPath = smb_get_systemroot();
+if(!sysPath ){
+ exit(0);
+}
+
+## Get Version from Ndistapi.sys file
+sysVer = fetch_file_version(sysPath, file_name:"system32\drivers\Ndistapi.sys");
+if(!sysVer){
+ exit(0);
+}
+
+## Windows XP
+if(hotfix_check_sp(xp:4) > 0)
+{
+ SP = get_kb_item("SMB/WinXP/ServicePack");
+ if("Service Pack 3" >< SP)
+ {
+ ## Check for Ndistapi.sys version < 5.1.2600.6132
+ if(version_is_less(version:sysVer, test_version:"5.1.2600.6132")){
+ security_hole(0);
+ }
+ exit(0);
+ }
+ security_hole(0);
+}
+
+## Windows 2003
+else if(hotfix_check_sp(win2003:3) > 0)
+{
+ SP = get_kb_item("SMB/Win2003/ServicePack");
+ if("Service Pack 2" >< SP)
+ {
+ ## Check for Ndistapi.sys version < 5.2.3790.4885
+ if(version_is_less(version:sysVer, test_version:"5.2.3790.4885")){
+ security_hole(0);
+ }
+ exit(0);
+ }
+ security_hole(0);
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_ms11-062.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_ms11-063.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms11-063.nasl 2011-08-10 17:39:32 UTC (rev 11429)
+++ trunk/openvas-plugins/scripts/secpod_ms11-063.nasl 2011-08-11 04:41:03 UTC (rev 11430)
@@ -0,0 +1,170 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_ms11-063.nasl 16611 2011-08-10 11:30:35Z aug $
+#
+# Microsoft Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability (2567680)
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(902463);
+ script_version("$Revision: 1.0$");
+ script_cve_id("CVE-2011-1967");
+ script_bugtraq_id(48992);
+ script_tag(name:"cvss_base", value:"6.8");
+ script_tag(name:"risk_factor", value:"High");
+ script_name("Microsoft Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability (2567680)");
+ desc = "
+ Overview: This host has critical security update missing according to
+ Microsoft Bulletin MS11-063.
+
+ Vulnerability Insight:
+ The flaw is caused due to error in the Client/Server Run-time Subsystem
+ (CSRSS) when evaluates inter-process device event message permissions.
+
+ Impact:
+ Successful exploitation could allow attacker to execute arbitrary code with
+ system-level privileges. Successfully exploiting this issue will result in
+ the complete compromise of affected computers.
+
+ Impact Level: System
+
+ Affected Software/OS:
+ Micorsoft Windows 7 Service Pack 1 and prior.
+ Microsoft Windows XP Service Pack 3 and prior.
+ Microsoft Windows 2003 Service Pack 2 and prior.
+ Microsoft Windows Vista Service Pack 2 and prior.
+ Microsoft Windows Server 2008 Service Pack 2 and prior.
+
+ Fix:
+ Run Windows Update and update the listed hotfixes or download and
+ update mentioned hotfixes in the advisory from the below link,
+ http://www.microsoft.com/technet/security/bulletin/ms11-063.mspx
+
+ References:
+ http://support.microsoft.com/kb/2567680
+ http://www.microsoft.com/technet/security/bulletin/ms11-063.mspx ";
+
+ script_description(desc);
+ script_summary("Check for the vulnerable 'winsrv.dll' and 'Kernel32.dll' files version");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2011 SecPod");
+ script_family("Windows : Microsoft Bulletins");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_ports(139, 445);
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_reg.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+## Check for OS and Service Pack
+if(hotfix_check_sp(xp:4, win2003:3, winVista:3, win2008:3, win7:2) <= 0){
+ exit(0);
+}
+
+## MS11-063 Hotfix (2567680)
+if(hotfix_missing(name:"2567680") == 0){
+ exit(0);
+}
+
+## Get System Path
+sysPath = smb_get_systemroot();
+if(!sysPath){
+ exit(0);
+}
+
+## Get Version from winsrv.dll file
+sysVer = fetch_file_version(sysPath, file_name:"system32\winsrv.dll");
+if(sysVer)
+{
+ ## Windows XP
+ if(hotfix_check_sp(xp:4) > 0)
+ {
+ SP = get_kb_item("SMB/WinXP/ServicePack");
+ if("Service Pack 3" >< SP)
+ {
+ ## Check for winsrv.dll version < 5.1.2600.6125
+ if(version_is_less(version:sysVer, test_version:"5.1.2600.6125")){
+ security_hole(0);
+ }
+ exit(0);
+ }
+ security_hole(0);
+ }
+
+ ## Windows 2003
+ else if(hotfix_check_sp(win2003:3) > 0)
+ {
+ SP = get_kb_item("SMB/Win2003/ServicePack");
+ if("Service Pack 2" >< SP)
+ {
+ ## Check for winsrv.dll version < 5.2.3790.4877
+ if(version_is_less(version:sysVer, test_version:"5.2.3790.4877")){
+ security_hole(0);
+ }
+ exit(0);
+ }
+ security_hole(0);
+ }
+
+ ## Windows Vista and Windows Server 2008
+ else if(hotfix_check_sp(winVista:3, win2008:3) > 0)
+ {
+ SP = get_kb_item("SMB/WinVista/ServicePack");
+
+ if(!SP) {
+ SP = get_kb_item("SMB/Win2008/ServicePack");
+ }
+
+ if("Service Pack 2" >< SP)
+ {
+ ## Check for winsrv.dll version
+ if(version_in_range(version:sysVer, test_version:"6.0.6002.18000", test_version2:"6.0.6002.18483")||
+ version_in_range(version:sysVer, test_version:"6.0.6002.22000", test_version2:"6.0.6002.22661")){
+ security_hole(0);
+ }
+ exit(0);
+ }
+ security_hole(0);
+ }
+}
+
+if(hotfix_check_sp(win7:2) > 0)
+{
+ ## Get Version from Kernel32.dll file
+ sysVer = fetch_file_version(sysPath, file_name:"system32\Kernel32.dll");
+ if(!sysVer){
+ exit(0);
+ }
+
+ ## Check for Kernel32.dll version
+ if(version_in_range(version:sysVer, test_version:"6.1.7600.16000", test_version2:"6.1.7600.16849")||
+ version_in_range(version:sysVer, test_version:"6.1.7600.20000", test_version2:"6.1.7600.21009")||
+ version_in_range(version:sysVer, test_version:"6.1.7601.17000", test_version2:"6.1.7601.17650")||
+ version_in_range(version:sysVer, test_version:"6.1.7601.21000", test_version2:"6.1.7601.21771")){
+ security_hole(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_ms11-063.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_ms11-064.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms11-064.nasl 2011-08-10 17:39:32 UTC (rev 11429)
+++ trunk/openvas-plugins/scripts/secpod_ms11-064.nasl 2011-08-11 04:41:03 UTC (rev 11430)
@@ -0,0 +1,136 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_ms11-064.nasl 16612 2011-08-10 02:30:35Z aug $
+#
+# Microsoft Windows TCP/IP Stack Denial of Service Vulnerability (2563894)
+#
+# Authors:
+# Veerendra GG <veerendragg at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900296);
+ script_version("$Revision$:1.0");
+ script_bugtraq_id(48987, 48990);
+ script_cve_id("CVE-2011-1871", "CVE-2011-1965");
+ script_tag(name:"cvss_base", value:"7.8");
+ script_tag(name:"risk_factor", value:"High");
+ script_name("Microsoft Windows TCP/IP Stack Denial of Service Vulnerability (2563894)");
+ desc = "
+ Overview: This host has important security update missing according to
+ Microsoft Bulletin MS11-064.
+
+ Vulnerability Insight:
+ The flaws are due to errors the TCP/IP stack,
+ - when parsing specially crafted URLs.
+ - when processing a sequence of specially crafted ICMP messages.
+
+ Impact:
+ Successful exploitation could allow remote attacker to cause the system to
+ stop responding and automatically restart.
+
+ Impact Level: System
+
+ Affected Software/OS:
+ Microsoft Windows 7 Service Pack 1 and prior
+ Microsoft Windows Vista Service Pack 2 and prior
+ Microsoft Windows Server 2008 Service Pack 2 and prior
+
+ Fix:
+ Run Windows Update and update the listed hotfixes or download and
+ update mentioned hotfixes in the advisory from the below link,
+ http://www.microsoft.com/technet/security/bulletin/ms11-064.mspx
+
+ References:
+ http://secunia.com/advisories/45500
+ http://support.microsoft.com/kb/2563894
+ http://www.microsoft.com/technet/security/bulletin/ms11-064.mspx
+ ";
+
+ script_description(desc);
+ script_summary("Check for the vulnerable 'tcpip.sys' file version");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2011 SecPod");
+ script_family("Windows : Microsoft Bulletins");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_ports(139, 445);
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_reg.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+## Check for OS and Service Pack
+if(hotfix_check_sp(winVista:3, win2008:3, win7:2) <= 0){
+ exit(0);
+}
+
+## MS11-064 Hotfix (2563894)
+if(hotfix_missing(name:"2563894") == 0){
+ exit(0);
+}
+
+## Get System Path
+sysPath = smb_get_systemroot();
+if(!sysPath ){
+ exit(0);
+}
+
+## Get Version from tcpip.sys file
+sysVer = fetch_file_version(sysPath, file_name:"\system32\drivers\tcpip.sys");
+if(!sysVer){
+ exit(0);
+}
+
+## Windows Vista and Windows Server 2008
+if(hotfix_check_sp(winVista:3, win2008:3) > 0)
+{
+ SP = get_kb_item("SMB/WinVista/ServicePack");
+
+ if(!SP) {
+ SP = get_kb_item("SMB/Win2008/ServicePack");
+ }
+
+ if("Service Pack 2" >< SP)
+ {
+ ## Check for tcpip.sys version
+ if(version_in_range(version:sysVer, test_version:"6.0.6002.18000", test_version2:"6.0.6002.18483")||
+ version_in_range(version:sysVer, test_version:"6.0.6002.22000", test_version2:"6.0.6002.22661")){
+ security_hole(0);
+ }
+ exit(0);
+ }
+ security_hole(0);
+}
+
+## Windows 7
+else if(hotfix_check_sp(win7:2) > 0)
+{
+ ## Check for tcpip.sys version
+ if(version_in_range(version:sysVer, test_version:"6.1.7600.16000", test_version2:"6.1.7600.16838")||
+ version_in_range(version:sysVer, test_version:"6.1.7600.20000", test_version2:"6.1.7600.20991")||
+ version_in_range(version:sysVer, test_version:"6.1.7601.17000", test_version2:"6.1.7601.17637")||
+ version_in_range(version:sysVer, test_version:"6.1.7601.21000", test_version2:"6.1.7601.21753")){
+ security_hole(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_ms11-064.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_ms11-065.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms11-065.nasl 2011-08-10 17:39:32 UTC (rev 11429)
+++ trunk/openvas-plugins/scripts/secpod_ms11-065.nasl 2011-08-11 04:41:03 UTC (rev 11430)
@@ -0,0 +1,129 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_ms11-065.nasl 16613 2011-08-10 08:50:14Z aug $
+#
+# Microsoft Remote Desktop Protocol Denial of Service Vulnerability (2570222)
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(902708);
+ script_version("$Revision: 1.0$");
+ script_cve_id("CVE-2011-1968");
+ script_bugtraq_id(48995);
+ script_tag(name:"cvss_base", value:"9.3");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_name("Microsoft Remote Desktop Protocol Denial of Service Vulnerability (2570222)");
+ desc = "
+ Overview: This host has critical security update missing according to
+ Microsoft Bulletin MS11-065.
+
+ Vulnerability Insight:
+ The flaw is caused due to an error in Remote Desktop Protocol, while
+ accessesing an object in memory that has been improperly initialized
+ or has been deleted.
+
+ Impact:
+ Successful exploitation causes the target system to stop responding and
+ automatically restart.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Microsoft Windows XP Service Pack 3 and prior.
+ Microsoft Windows 2K3 Service Pack 2 and prior.
+
+ Fix:
+ Run Windows Update and update the listed hotfixes or download and
+ update mentioned hotfixes in the advisory from the below link,
+ http://www.microsoft.com/technet/security/bulletin/ms11-065.mspx
+
+ References:
+ http://secunia.com/advisories/45562/
+ http://www.microsoft.com/technet/security/bulletin/ms11-065.mspx ";
+
+ script_description(desc);
+ script_summary("Check for the version of Rdpwd.sys file");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2011 SecPod");
+ script_family("Windows : Microsoft Bulletins");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_ports(139, 445);
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_reg.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+## Check for OS and Service Pack
+if(hotfix_check_sp(xp:4, win2003:3) <= 0){
+ exit(0);
+}
+
+## MS11-065 Hotfix
+if((hotfix_missing(name:"2570222") == 0)){
+ exit(0);
+}
+
+## Get System Path
+sysPath = smb_get_systemroot();
+if(!sysPath ){
+ exit(0);
+}
+
+sysVer = fetch_file_version(sysPath, file_name:"system32\drivers\Rdpwd.sys");
+if(!sysVer){
+ exit(0);
+}
+
+# Windows XP
+if(hotfix_check_sp(xp:4) > 0)
+{
+ SP = get_kb_item("SMB/WinXP/ServicePack");
+ if("Service Pack 3" >< SP)
+ {
+ # Grep for Rdpwd.sys version < 5.1.2600.6128
+ if(version_is_less(version:sysVer, test_version:"5.1.2600.6128")){
+ security_hole(0);
+ }
+ exit(0);
+ }
+ security_hole(0);
+}
+
+# Windows 2003
+else if(hotfix_check_sp(win2003:3) > 0)
+{
+ SP = get_kb_item("SMB/Win2003/ServicePack");
+ if("Service Pack 2" >< SP)
+ {
+ # Grep for Rdpwd.sys version < 5.2.3790.4881
+ if(version_is_less(version:sysVer, test_version:"5.2.3790.4881")){
+ security_hole(0);
+ }
+ exit(0);
+ }
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/secpod_ms11-066.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms11-066.nasl 2011-08-10 17:39:32 UTC (rev 11429)
+++ trunk/openvas-plugins/scripts/secpod_ms11-066.nasl 2011-08-11 04:41:03 UTC (rev 11430)
@@ -0,0 +1,143 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_ms11-066.nasl 16614 2011-08-10 11:11:11Z aug $
+#
+# Microsoft .NET Framework Chart Control Information Disclosure Vulnerability (2567943)
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(902552);
+ script_version("$Revision: 1.0$");
+ script_cve_id("CVE-2011-1977");
+ script_bugtraq_id(48985);
+ script_tag(name:"cvss_base", value:"5.0");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_name("Microsoft .NET Framework Chart Control Information Disclosure Vulnerability (2567943)");
+ desc = "
+ Overview: This host has important security update missing according to
+ Microsoft Bulletin MS11-066.
+
+ Vulnerability Insight:
+ The flaw is caused due to an error in the ASP.NET Chart controls when
+ encountering special characters within a URI. This can be exploited to read
+ the contents of arbitrary files in the web site directory or subdirectories
+ via a specially crafted GET request to a server hosting the Chart controls.
+
+ Impact:
+ Successful exploitation could allow attacker to gain access to sensitive
+ information that may aid in further attacks.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Microsoft .NET Framework 4.0
+ Microsoft Chart Control for .NET Framework 3.5 SP1
+
+ Fix:
+ Run Windows Update and update the listed hotfixes or download and
+ update mentioned hotfixes in the advisory from the below link,
+ http://www.microsoft.com/technet/security/bulletin/ms11-066.mspx
+
+ References:
+ http://secunia.com/advisories/45508/
+ http://support.microsoft.com/kb/2487367
+ http://support.microsoft.com/kb/2500170
+ http://www.microsoft.com/technet/security/bulletin/ms11-066.mspx ";
+
+ script_description(desc);
+ script_summary("Check for the version of 'System.web.datavisualization.dll' file");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2011 SecPod");
+ script_family("Windows : Microsoft Bulletins");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_ports(139, 445);
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_reg.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+## Check for OS and Service Pack
+if(hotfix_check_sp(xp:4, win2003:3, winVista:3, win2008:3, win7:2) <= 0){
+ exit(0);
+}
+
+## MS11-066 Hotfix
+if((hotfix_missing(name:"2487367") == 0) ||
+ (hotfix_missing(name:"2500170") == 0)) {
+ exit(0);
+}
+
+## Confirm .NET
+key = "SOFTWARE\Microsoft\ASP.NET\";
+if(!registry_key_exists(key:key)){
+ exit(0);
+}
+
+## Try to Get Version
+foreach item (registry_enum_keys(key:key))
+{
+ path = registry_get_sz(key:key + item, item:"Path");
+ if("\Microsoft.NET\Framework" >< path)
+ {
+ ## Get version from System.Web.DataVisualization.dll file
+ dllVer = fetch_file_version(sysPath:path,
+ file_name:"System.Web.DataVisualization.dll");
+ if(dllVer)
+ {
+ ## .NET Framework 4.0 GDR 4.0.30319.236 LDR 4.0.30319.461
+ if(version_in_range(version:dllVer, test_version:"4.0.30319.000", test_version2:"4.0.30319.235")||
+ version_in_range(version:dllVer, test_version:"4.0.30319.400", test_version2:"4.0.30319.460"))
+ {
+ security_warning(0);
+ exit(0);
+ }
+ }
+ }
+}
+
+## Confirm Microsoft Chart Controls for .NET Framework 3.5 Service Pack 1
+key = "SOFTWARE\Microsoft\NET Framework Chart Setup\NDP\v3.5";
+if(!registry_key_exists(key:key)){
+ exit(0);
+}
+
+## Get InstallPath
+chartPath = registry_get_sz(key:key, item:"InstallPath");
+if(! chartPath){
+ exit(0);
+}
+
+## Get Version from System.Web.DataVisualization.dll
+chartVer = fetch_file_version(sysPath:chartPath, file_name:"System.Web.DataVisualization.dll");
+if(! chartVer){
+ exit(0);
+}
+
+## Check for Microsoft Chart Controls version < 3.5.30729.5681
+if(version_in_range(version:chartVer, test_version:"3.5.30729.0000", test_version2:"3.5.30729.5680")){
+ security_warning(0);
+}
Added: trunk/openvas-plugins/scripts/secpod_ms11-067.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms11-067.nasl 2011-08-10 17:39:32 UTC (rev 11429)
+++ trunk/openvas-plugins/scripts/secpod_ms11-067.nasl 2011-08-11 04:41:03 UTC (rev 11430)
@@ -0,0 +1,148 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_ms11-067.nasl 16615 2011-08-10 11:06:09Z aug $
+#
+# Microsoft Report Viewer Information Disclosure Vulnerability (2578230)
+#
+# Authors:
+# Veerendra GG <veerendragg at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900299);
+ script_version("$Revision:1.0$");
+ script_bugtraq_id(49033);
+ script_cve_id("CVE-2011-1976");
+ script_tag(name:"cvss_base", value:"4.3");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_name("Microsoft Report Viewer Information Disclosure Vulnerability (2578230)");
+ desc = "
+
+ Overview: This host has important security update missing according to
+ Microsoft Bulletin MS11-067.
+
+ Vulnerability Insight:
+ A flaw is caused due to unspecified input passed to the Microsoft Report
+ Viewer Control is not properly sanitised before being returned to the user.
+
+ Impact:
+ Successful exploitation will let the attacker execute arbitrary HTML and
+ script code in a user's browser session in context of an affected site.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Microsoft Visual Studio 2005 Service Pack 1
+ Microsoft Report Viewer 2005 Service Pack 1 Re-distributable Package
+
+ Fix:
+ Run Windows Update and update the listed hotfixes or download and
+ update mentioned hotfixes in the advisory from the below link.
+ http://www.microsoft.com/technet/security/bulletin/ms11-067.mspx
+
+ References:
+ http://secunia.com/advisories/45514
+ http://support.microsoft.com/kb/2548826
+ http://support.microsoft.com/kb/2579115
+ http://www.microsoft.com/technet/security/bulletin/ms11-067.mspx ";
+
+ script_description(desc);
+ script_summary("Check for the vulnerable Report Viewer Versions");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2011 SecPod");
+ script_family("Windows : Microsoft Bulletins");
+ script_dependencies("secpod_ms_visual_prdts_detect.nasl");
+ script_require_keys("Microsoft/VisualStudio/Ver");
+ script_require_ports(139, 445);
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_reg.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+## Check for Visual Studio 2005 SP1
+if(egrep(pattern:"^8\..*", string:get_kb_item("Microsoft/VisualStudio/Ver")))
+{
+ ## MS11-067 Hotfix check
+ if((hotfix_missing(name:"2548826") == 1))
+ {
+ ## Get Visual Studio 2005 Path
+ studioPath = registry_get_sz(key:"SOFTWARE\Microsoft\VisualStudio\8.0",
+ item:"InstallDir");
+ if(studioPath){
+ ## Construct complete path and get version
+ reportViewPath = studioPath - "\Common7\IDE\" + "\ReportViewer";
+ sysVer = fetch_file_version(sysPath:reportViewPath,
+ file_name:"Microsoft.ReportViewer.WebForms.dll");
+
+ if(sysVer)
+ {
+ ## Check version range from 8.0 <= 8.0.50727.5677
+ if(version_in_range(version:sysVer, test_version:"8.0", test_version2:"8.0.50727.5676")){
+ security_warning(0);
+ }
+ }
+ }
+ }
+}
+
+## Check Microsoft Report Viewer 2005 Service Pack 1 Re-distributable Package
+## Check Microsoft Report Viewer Installed or not
+key = "SOFTWARE\Microsoft\ReportViewer";
+if(!registry_key_exists(key:key)){
+ exit(0);
+}
+
+## MS11-067 Hotfix check
+if((hotfix_missing(name:"2579115") == 0)){
+ exit(0);
+}
+
+## Get the path for Microsoft Report Viewer 2005
+key = "SOFTWARE\Microsoft\ASP.NET\";
+if(!registry_key_exists(key:key)){
+ exit(0);
+}
+
+## Get Microsoft Report Viewer Installed Path
+foreach item (registry_enum_keys(key:key))
+{
+ path = registry_get_sz(key:key + item, item:"Path");
+ if("\Microsoft.NET\Framework" >< path)
+ {
+ ## Construct complete path and get version
+ reportViewPath = path + "\Microsoft Report Viewer Redistributable 2005";
+ sysVer = fetch_file_version(sysPath:reportViewPath,
+ file_name:"Install.res.1025.dll");
+
+ if(sysVer)
+ {
+ ## Check version range from 8.0 <= 8.0.50727.5677
+ if(version_in_range(version:sysVer, test_version:"8.0.50727", test_version2:"8.0.50727.5676"))
+ {
+ security_warning(0);
+ exit(0);
+ }
+ }
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_ms11-067.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_ms11-068.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms11-068.nasl 2011-08-10 17:39:32 UTC (rev 11429)
+++ trunk/openvas-plugins/scripts/secpod_ms11-068.nasl 2011-08-11 04:41:03 UTC (rev 11430)
@@ -0,0 +1,134 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_ms11-068.nasl 16616 2011-08-10 04:00:35Z aug $
+#
+# Microsoft Windows Kernel Denial of Service Vulnerability (2556532)
+#
+# Authors:
+# Veerendra GG <veerendragg at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900297);
+ script_version("$Revision:1.0$");
+ script_cve_id("CVE-2011-1971");
+ script_bugtraq_id(48997);
+ script_tag(name:"cvss_base", value:"7.8");
+ script_tag(name:"risk_factor", value:"High");
+ script_name("Microsoft Windows Kernel Denial of Service Vulnerability (2556532)");
+ desc = "
+ Overview: This host has important security update missing according to
+ Microsoft Bulletin MS11-068.
+
+ Vulnerability Insight:
+ The flaw is due to an error in the kernel when parsing meta data information
+ in files.
+
+ Impact:
+ Successful exploitation could allow remote attacker to cause the system to
+ stop responding or system to restart.
+
+ Impact Level: System
+
+ Affected Software/OS:
+ Microsoft Windows 7 Service Pack 1 and prior.
+ Microsoft Windows Vista Service Pack 2 and prior.
+ Microsoft Windows Server 2008 Service Pack 2 and prior.
+
+ Fix:
+ Run Windows Update and update the listed hotfixes or download and
+ update mentioned hotfixes in the advisory from the below link,
+ http://www.microsoft.com/technet/security/bulletin/ms11-068.mspx
+
+ References:
+ http://secunia.com/advisories/45510
+ http://support.microsoft.com/kb/2556532
+ http://www.microsoft.com/technet/security/bulletin/ms11-068.mspx ";
+
+ script_description(desc);
+ script_summary("Check for the vulnerable 'ntoskrnl.exe' file version");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2011 SecPod");
+ script_family("Windows : Microsoft Bulletins");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_ports(139, 445);
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_reg.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+## Check for OS and Service Pack
+if(hotfix_check_sp(winVista:3, win2008:3, win7:2) <= 0){
+ exit(0);
+}
+
+## MS11-068 Hotfix (2556532)
+if(hotfix_missing(name:"2556532") == 0){
+ exit(0);
+}
+
+## Get System Path
+sysPath = smb_get_systemroot();
+if(!sysPath ){
+ exit(0);
+}
+
+## Get Version from ntoskrnl.exe file
+sysVer = fetch_file_version(sysPath, file_name:"system32\ntoskrnl.exe");
+if(!sysVer){
+ exit(0);
+}
+
+## Windows Vista and Windows Server 2008
+if(hotfix_check_sp(winVista:3, win2008:3) > 0)
+{
+ SP = get_kb_item("SMB/WinVista/ServicePack");
+
+ if(!SP) {
+ SP = get_kb_item("SMB/Win2008/ServicePack");
+ }
+
+ if("Service Pack 2" >< SP)
+ {
+ ## Check for ntoskrnl.exe version
+ if(version_in_range(version:sysVer, test_version:"6.0.6002.18000", test_version2:"6.0.6002.18483")||
+ version_in_range(version:sysVer, test_version:"6.0.6002.22000", test_version2:"6.0.6002.22661")){
+ security_hole(0);
+ }
+ exit(0);
+ }
+ security_hole(0);
+}
+
+## Windows 7
+else if(hotfix_check_sp(win7:2) > 0)
+{
+ ## Check for ntoskrnl.exe version
+ if(version_in_range(version:sysVer, test_version:"6.1.7600.16000", test_version2:"6.1.7600.16840")||
+ version_in_range(version:sysVer, test_version:"6.1.7600.20000", test_version2:"6.1.7600.20993")||
+ version_in_range(version:sysVer, test_version:"6.1.7601.17000", test_version2:"6.1.7601.17639")||
+ version_in_range(version:sysVer, test_version:"6.1.7601.21000", test_version2:"6.1.7601.21754")){
+ security_hole(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_ms11-068.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_ms11-069.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms11-069.nasl 2011-08-10 17:39:32 UTC (rev 11429)
+++ trunk/openvas-plugins/scripts/secpod_ms11-069.nasl 2011-08-11 04:41:03 UTC (rev 11430)
@@ -0,0 +1,168 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_ms11-069.nasl 16617 2011-08-10 10:10:10Z aug $
+#
+# Microsoft .NET Framework Information Disclosure Vulnerability (2567951)
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(902551);
+ script_version("$Revision: 1.0$");
+ script_cve_id("CVE-2011-1978");
+ script_bugtraq_id(48991);
+ script_tag(name:"cvss_base", value:"5.8");
+ script_tag(name:"risk_factor", value:"High");
+ script_name("Microsoft .NET Framework Information Disclosure Vulnerability (2567951)");
+ desc = "
+ Overview: This host has important security update missing according to
+ Microsoft Bulletin MS11-069.
+
+ Vulnerability Insight:
+ The flaw is caused due to an error when validating the trust level within
+ the System.Net.Sockets namespace and can be exploited to bypass CAS (Code
+ Access Security) restrictions or disclose information via a specially
+ crafted web page viewed using a browser that supports XBAPs (XAML Browser
+ Applications).
+
+ Impact:
+ Successful exploitation could allow attacker to bypass certain security
+ restrictions or gain knowledge of sensitive information.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Microsoft .NET Framework 4.0
+ Microsoft .NET Framework 3.5.1
+ Microsoft .NET Framework 2.0 Service Pack 2
+
+ Fix:
+ Run Windows Update and update the listed hotfixes or download and
+ update mentioned hotfixes in the advisory from the below link,
+ http://www.microsoft.com/technet/security/bulletin/ms11-069.mspx
+
+ References:
+ http://secunia.com/advisories/45517
+ http://support.microsoft.com/kb/2567951
+ http://www.microsoft.com/technet/security/bulletin/ms11-069.mspx ";
+
+ script_description(desc);
+ script_summary("Check for the version of 'System.dll' file");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2011 SecPod");
+ script_family("Windows : Microsoft Bulletins");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_ports(139, 445);
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_reg.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+## Check for OS and Service Pack
+if(hotfix_check_sp(xp:4, win2003:3, winVista:3, win2008:3, win7:2) <= 0){
+ exit(0);
+}
+
+## MS11-069 Hotfix
+if((hotfix_missing(name:"2539636") == 0) || (hotfix_missing(name:"2539635") == 0) ||
+ (hotfix_missing(name:"2539634") == 0) || (hotfix_missing(name:"2539633") == 0) ||
+ (hotfix_missing(name:"2539631") == 0) ){
+ exit(0);
+}
+
+## Confirm .NET
+key = "SOFTWARE\Microsoft\ASP.NET\";
+if(!registry_key_exists(key:key)){
+ exit(0);
+}
+
+## Try to Get Version
+foreach item (registry_enum_keys(key:key))
+{
+ path = registry_get_sz(key:key + item, item:"Path");
+ if("\Microsoft.NET\Framework" >< path)
+ {
+ ## Get version from System.dll file
+ dllVer = fetch_file_version(sysPath:path, file_name:"System.dll");
+ if(!dllVer){
+ exit(0);
+ }
+ }
+}
+
+## Windows XP and Windows 2003
+if(hotfix_check_sp(xp:4, win2003:3) > 0)
+{
+ ## .NET Framework 4.0 GDR 4.0.30319.236, LDR 4.0.30319.463
+ ## .NET Framework 2.0 SP2 GDR 2.0.50727.3624, LDR 2.0.50727.5668
+ if(version_in_range(version:dllVer, test_version:"4.0.30319.000", test_version2:"4.0.30319.235")||
+ version_in_range(version:dllVer, test_version:"4.0.30319.400", test_version2:"4.0.30319.462")||
+ version_in_range(version:dllVer, test_version:"2.0.50727.3000", test_version2:"2.0.50727.3623")||
+ version_in_range(version:dllVer, test_version:"2.0.50727.5000", test_version2:"2.0.50727.5667"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
+
+## Windows Vista and Windows Server 2008
+if(hotfix_check_sp(winVista:3, win2008:3) > 0)
+{
+ SP = get_kb_item("SMB/WinVista/ServicePack");
+
+ if(!SP) {
+ SP = get_kb_item("SMB/Win2008/ServicePack");
+ }
+
+ ## .NET Framework 4.0 GDR 4.0.30319.236, LDR 4.0.30319.463
+ ## .NET Framework 2.0 SP2 GDR 2.0.50727.4215, LDR 2.0.50727.5668
+ if("Service Pack 2" >< SP)
+ {
+ if(version_in_range(version:dllVer, test_version:"4.0.30319.000", test_version2:"4.0.30319.235")||
+ version_in_range(version:dllVer, test_version:"4.0.30319.400", test_version2:"4.0.30319.462")||
+ version_in_range(version:dllVer, test_version:"2.0.50727.4000", test_version2:"2.0.50727.4214")||
+ version_in_range(version:dllVer, test_version:"2.0.50727.5000", test_version2:"2.0.50727.5667"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+ }
+}
+
+## .NET Framework 4.0 GDR 4.0.30319.236, , LDR 4.0.30319.463
+## .NET Framework 3.5.1 GDR 2.0.50727.5447, LDR 2.0.50727.5668 on win7 SP1
+## .NET Framework 3.5.1 2.0.50727.4962, LDR 2.0.50727.5668 on win7
+if(hotfix_check_sp(win7:2) > 0)
+{
+ ## Check for mscorlib.dll version
+ if(version_in_range(version:dllVer, test_version:"4.0.30319.000", test_version2:"4.0.30319.235")||
+ version_in_range(version:dllVer, test_version:"4.0.30319.400", test_version2:"4.0.30319.462")||
+ version_in_range(version:dllVer, test_version:"2.0.50727.5000", test_version2:"2.0.50727.5446")||
+ version_in_range(version:dllVer, test_version:"2.0.50727.5600", test_version2:"2.0.50727.5667")||
+ version_in_range(version:dllVer, test_version:"2.0.50727.4000", test_version2:"2.0.50727.4961")){
+ security_hole(0);
+ }
+}
More information about the Openvas-commits
mailing list