[Openvas-commits] r11971 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Thu Nov 3 12:22:55 CET 2011


Author: veerendragg
Date: 2011-11-03 12:22:48 +0100 (Thu, 03 Nov 2011)
New Revision: 11971

Added:
   trunk/openvas-plugins/scripts/gb_CESA-2011_1422_openswan_centos5_i386.nasl
   trunk/openvas-plugins/scripts/gb_CESA-2011_1423_php53_centos5_i386.nasl
   trunk/openvas-plugins/scripts/gb_RHSA-2011_1422-01_openswan.nasl
   trunk/openvas-plugins/scripts/gb_RHSA-2011_1423-01_php53_and_php.nasl
   trunk/openvas-plugins/scripts/gb_apple_quicktime_mult_dos_vuln_win_nov11.nasl
   trunk/openvas-plugins/scripts/gb_fedora_2011_13874_perl_fc14.nasl
   trunk/openvas-plugins/scripts/gb_google_chrome_nss_priv_escalation_vuln_macosx.nasl
   trunk/openvas-plugins/scripts/gb_google_chrome_nss_priv_escalation_vuln_win.nasl
   trunk/openvas-plugins/scripts/gb_mandriva_MDVA_2011_067.nasl
   trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2011_162.nasl
   trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2011_163.nasl
   trunk/openvas-plugins/scripts/gb_oracle_glassfish_n_sjas_web_container_dos_vuln.nasl
   trunk/openvas-plugins/scripts/gb_phpldapadmin_debug_xss_vuln.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/gb_zikula_49491.nasl
   trunk/openvas-plugins/scripts/secpod_google_chrome_mult_vuln_sep11_lin.nasl
   trunk/openvas-plugins/scripts/secpod_google_chrome_mult_vuln_sep11_macosx.nasl
   trunk/openvas-plugins/scripts/secpod_google_chrome_mult_vuln_sep11_win.nasl
Log:
Added new LSC plugins. Added new plugins. Updated CVE reference.

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2011-11-03 11:17:12 UTC (rev 11970)
+++ trunk/openvas-plugins/ChangeLog	2011-11-03 11:22:48 UTC (rev 11971)
@@ -1,3 +1,28 @@
+2011-11-03  Veerendra G.G <veerendragg at secpod.com>
+
+	* scripts/gb_mandriva_MDVSA_2011_162.nasl,
+	scripts/gb_CESA-2011_1423_php53_centos5_i386.nasl,
+	scripts/gb_mandriva_MDVSA_2011_163.nasl,
+	scripts/gb_fedora_2011_13874_perl_fc14.nasl,
+	scripts/gb_RHSA-2011_1422-01_openswan.nasl,
+	scripts/gb_CESA-2011_1422_openswan_centos5_i386.nasl,
+	scripts/gb_mandriva_MDVA_2011_067.nasl,
+	scripts/gb_RHSA-2011_1423-01_php53_and_php.nasl:
+	Added new LSC plugins.
+
+	* scripts/gb_google_chrome_nss_priv_escalation_vuln_macosx.nasl,
+	scripts/gb_oracle_glassfish_n_sjas_web_container_dos_vuln.nasl,
+	scripts/gb_google_chrome_nss_priv_escalation_vuln_win.nasl,
+	scripts/gb_phpldapadmin_debug_xss_vuln.nasl,
+	scripts/gb_apple_quicktime_mult_dos_vuln_win_nov11.nasl:
+	Added new plugins.
+
+	* scripts/secpod_google_chrome_mult_vuln_sep11_lin.nasl,
+	scripts/secpod_google_chrome_mult_vuln_sep11_macosx.nasl,
+	scripts/gb_zikula_49491.nasl,
+	scripts/secpod_google_chrome_mult_vuln_sep11_win.nasl:
+	Updated CVE reference.
+
 2011-11-2  Henri Doreau <henri.doreau at greenbone.net>
 
 	* scripts/deb_452_1.nasl,

Added: trunk/openvas-plugins/scripts/gb_CESA-2011_1422_openswan_centos5_i386.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_CESA-2011_1422_openswan_centos5_i386.nasl	2011-11-03 11:17:12 UTC (rev 11970)
+++ trunk/openvas-plugins/scripts/gb_CESA-2011_1422_openswan_centos5_i386.nasl	2011-11-03 11:22:48 UTC (rev 11971)
@@ -0,0 +1,105 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# CentOS Update for openswan CESA-2011:1422 centos5 i386
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(881029);
+  script_version("$Revision: $");
+  script_tag(name:"risk_factor", value:"High");
+  script_xref(name: "CESA", value: "2011:1422");
+  script_cve_id("CVE-2011-4073");
+  script_name("CentOS Update for openswan CESA-2011:1422 centos5 i386");
+  desc = "
+
+  Vulnerability Insight:
+  Openswan is a free implementation of Internet Protocol Security (IPsec)
+  and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide
+  both authentication and encryption services. These services allow you to
+  build secure tunnels through untrusted networks.
+  
+  A use-after-free flaw was found in the way Openswan's pluto IKE daemon used
+  cryptographic helpers. A remote, authenticated attacker could send a
+  specially-crafted IKE packet that would crash the pluto daemon. This issue
+  only affected SMP (symmetric multiprocessing) systems that have the
+  cryptographic helpers enabled. The helpers are disabled by default on Red
+  Hat Enterprise Linux 5, but enabled by default on Red Hat Enterprise Linux
+  6. (CVE-2011-4073)
+  
+  Red Hat would like to thank the Openswan project for reporting this issue.
+  Upstream acknowledges Petar Tsankov, Mohammad Torabi Dashti and David Basin
+  of the information security group at ETH Zurich as the original reporters.
+  
+  All users of openswan are advised to upgrade to these updated packages,
+  which contain a backported patch to correct this issue. After installing
+  this update, the ipsec service will be restarted automatically.
+
+
+  Affected Software/OS:
+  openswan on CentOS 5
+
+  Fix: Please Install the Updated Packages.
+
+  References:
+  http://lists.centos.org/pipermail/centos-announce/2011-November/018143.html
+
+  ";
+
+  script_description(desc);
+  script_summary("Check for the Version of openswan");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("CentOS Local Security Checks");
+  script_dependencies("gather-package-list.nasl");
+  script_require_keys("ssh/login/release");
+  exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+  exit(0);
+}
+
+if(release == "CentOS5")
+{
+
+  if(isrpmvuln(pkg:"openswan", rpm:"openswan~2.6.21~5.el5_7.6", rls:"CentOS5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"openswan-doc", rpm:"openswan-doc~2.6.21~5.el5_7.6", rls:"CentOS5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  exit(0);
+}

Added: trunk/openvas-plugins/scripts/gb_CESA-2011_1423_php53_centos5_i386.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_CESA-2011_1423_php53_centos5_i386.nasl	2011-11-03 11:17:12 UTC (rev 11970)
+++ trunk/openvas-plugins/scripts/gb_CESA-2011_1423_php53_centos5_i386.nasl	2011-11-03 11:22:48 UTC (rev 11971)
@@ -0,0 +1,252 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# CentOS Update for php53 CESA-2011:1423 centos5 i386
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(881028);
+  script_version("$Revision: $");
+  script_tag(name:"cvss_base", value:"7.5");
+  script_tag(name:"risk_factor", value:"High");
+  script_xref(name: "CESA", value: "2011:1423");
+  script_cve_id("CVE-2011-0708", "CVE-2011-1148", "CVE-2011-1466", "CVE-2011-1468",
+                "CVE-2011-1469", "CVE-2011-1471", "CVE-2011-1938", "CVE-2011-2202",
+                "CVE-2011-2483");
+  script_name("CentOS Update for php53 CESA-2011:1423 centos5 i386");
+  desc = "
+
+  Vulnerability Insight:
+  PHP is an HTML-embedded scripting language commonly used with the Apache
+  HTTP Server.
+  
+  A signedness issue was found in the way the PHP crypt() function handled
+  8-bit characters in passwords when using Blowfish hashing. Up to three
+  characters immediately preceding a non-ASCII character (one with the high
+  bit set) had no effect on the hash result, thus shortening the effective
+  password length. This made brute-force guessing more efficient as several
+  different passwords were hashed to the same value. (CVE-2011-2483)
+  
+  Note: Due to the CVE-2011-2483 fix, after installing this update some users
+  may not be able to log in to PHP applications that hash passwords with
+  Blowfish using the PHP crypt() function. Refer to the upstream
+  &quot;CRYPT_BLOWFISH security fix details&quot; document, linked to in the
+  References, for details.
+  
+  An insufficient input validation flaw, leading to a buffer over-read, was
+  found in the PHP exif extension. A specially-crafted image file could cause
+  the PHP interpreter to crash when a PHP script tries to extract
+  Exchangeable image file format (Exif) metadata from the image file.
+  (CVE-2011-0708)
+  
+  An integer overflow flaw was found in the PHP calendar extension. A remote
+  attacker able to make a PHP script call SdnToJulian() with a large value
+  could cause the PHP interpreter to crash. (CVE-2011-1466)
+  
+  Multiple memory leak flaws were found in the PHP OpenSSL extension. A
+  remote attacker able to make a PHP script use openssl_encrypt() or
+  openssl_decrypt() repeatedly could cause the PHP interpreter to use an
+  excessive amount of memory. (CVE-2011-1468)
+  
+  A use-after-free flaw was found in the PHP substr_replace() function. If a
+  PHP script used the same variable as multiple function arguments, a remote
+  attacker could possibly use this to crash the PHP interpreter or, possibly,
+  execute arbitrary code. (CVE-2011-1148)
+  
+  A bug in the PHP Streams component caused the PHP interpreter to crash if
+  an FTP wrapper connection was made through an HTTP proxy. A remote attacker
+  could possibly trigger this issue if a PHP script accepted an untrusted URL
+  to connect to. (CVE-2011-1469)
+  
+  An integer signedness issue was found in the PHP zip extension. An attacker
+  could use a specially-crafted ZIP archive to cause the PHP interpreter to
+  use an excessive amount of CPU time until the script execution time limit
+  is reached. (CVE-2011-1471)
+  
+  A stack-based buffer overflow flaw was found in the way the PHP socket
+  extension handled long AF_UNIX socket addresses. An attacker able to make a
+  PHP script connect to a long AF_ ... 
+
+  Description truncated, for more information please check the Reference URL
+
+  Affected Software/OS:
+  php53 on CentOS 5
+
+  Fix: Please Install the Updated Packages.
+
+  References:
+  http://lists.centos.org/pipermail/centos-announce/2011-November/018145.html
+
+  ";
+
+  script_description(desc);
+  script_summary("Check for the Version of php53");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("CentOS Local Security Checks");
+  script_dependencies("gather-package-list.nasl");
+  script_require_keys("ssh/login/release");
+  exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+  exit(0);
+}
+
+if(release == "CentOS5")
+{
+
+  if(isrpmvuln(pkg:"php53", rpm:"php53~5.3.3~1.el5_7.3", rls:"CentOS5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"php53-bcmath", rpm:"php53-bcmath~5.3.3~1.el5_7.3", rls:"CentOS5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"php53-cli", rpm:"php53-cli~5.3.3~1.el5_7.3", rls:"CentOS5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"php53-common", rpm:"php53-common~5.3.3~1.el5_7.3", rls:"CentOS5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"php53-dba", rpm:"php53-dba~5.3.3~1.el5_7.3", rls:"CentOS5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"php53-devel", rpm:"php53-devel~5.3.3~1.el5_7.3", rls:"CentOS5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"php53-gd", rpm:"php53-gd~5.3.3~1.el5_7.3", rls:"CentOS5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"php53-imap", rpm:"php53-imap~5.3.3~1.el5_7.3", rls:"CentOS5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"php53-intl", rpm:"php53-intl~5.3.3~1.el5_7.3", rls:"CentOS5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"php53-ldap", rpm:"php53-ldap~5.3.3~1.el5_7.3", rls:"CentOS5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"php53-mbstring", rpm:"php53-mbstring~5.3.3~1.el5_7.3", rls:"CentOS5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"php53-mysql", rpm:"php53-mysql~5.3.3~1.el5_7.3", rls:"CentOS5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"php53-odbc", rpm:"php53-odbc~5.3.3~1.el5_7.3", rls:"CentOS5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"php53-pdo", rpm:"php53-pdo~5.3.3~1.el5_7.3", rls:"CentOS5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"php53-pgsql", rpm:"php53-pgsql~5.3.3~1.el5_7.3", rls:"CentOS5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"php53-process", rpm:"php53-process~5.3.3~1.el5_7.3", rls:"CentOS5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"php53-pspell", rpm:"php53-pspell~5.3.3~1.el5_7.3", rls:"CentOS5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"php53-snmp", rpm:"php53-snmp~5.3.3~1.el5_7.3", rls:"CentOS5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"php53-soap", rpm:"php53-soap~5.3.3~1.el5_7.3", rls:"CentOS5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"php53-xml", rpm:"php53-xml~5.3.3~1.el5_7.3", rls:"CentOS5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"php53-xmlrpc", rpm:"php53-xmlrpc~5.3.3~1.el5_7.3", rls:"CentOS5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  exit(0);
+}
\ No newline at end of file

Added: trunk/openvas-plugins/scripts/gb_RHSA-2011_1422-01_openswan.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_RHSA-2011_1422-01_openswan.nasl	2011-11-03 11:17:12 UTC (rev 11970)
+++ trunk/openvas-plugins/scripts/gb_RHSA-2011_1422-01_openswan.nasl	2011-11-03 11:22:48 UTC (rev 11971)
@@ -0,0 +1,111 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# RedHat Update for openswan RHSA-2011:1422-01
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(870509);
+  script_version("$Revision: $");
+  script_tag(name:"risk_factor", value:"High");
+  script_xref(name: "RHSA", value: "2011:1422-01");
+  script_cve_id("CVE-2011-4073");
+  script_name("RedHat Update for openswan RHSA-2011:1422-01");
+  desc = "
+
+  Vulnerability Insight:
+  Openswan is a free implementation of Internet Protocol Security (IPsec)
+  and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide
+  both authentication and encryption services. These services allow you to
+  build secure tunnels through untrusted networks.
+  
+  A use-after-free flaw was found in the way Openswan's pluto IKE daemon used
+  cryptographic helpers. A remote, authenticated attacker could send a
+  specially-crafted IKE packet that would crash the pluto daemon. This issue
+  only affected SMP (symmetric multiprocessing) systems that have the
+  cryptographic helpers enabled. The helpers are disabled by default on Red
+  Hat Enterprise Linux 5, but enabled by default on Red Hat Enterprise Linux
+  6. (CVE-2011-4073)
+  
+  Red Hat would like to thank the Openswan project for reporting this issue.
+  Upstream acknowledges Petar Tsankov, Mohammad Torabi Dashti and David Basin
+  of the information security group at ETH Zurich as the original reporters.
+  
+  All users of openswan are advised to upgrade to these updated packages,
+  which contain a backported patch to correct this issue. After installing
+  this update, the ipsec service will be restarted automatically.
+
+
+  Affected Software/OS:
+  openswan on Red Hat Enterprise Linux (v. 5 server)
+
+  Fix: Please Install the Updated Packages.
+
+  References:
+  https://www.redhat.com/archives/rhsa-announce/2011-November/msg00002.html
+
+  ";
+
+  script_description(desc);
+  script_summary("Check for the Version of openswan");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("Red Hat Local Security Checks");
+  script_dependencies("gather-package-list.nasl");
+  script_require_keys("ssh/login/release");
+  exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+  exit(0);
+}
+
+if(release == "RHENT_5")
+{
+
+  if(isrpmvuln(pkg:"openswan", rpm:"openswan~2.6.21~5.el5_7.6", rls:"RHENT_5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"openswan-debuginfo", rpm:"openswan-debuginfo~2.6.21~5.el5_7.6", rls:"RHENT_5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"openswan-doc", rpm:"openswan-doc~2.6.21~5.el5_7.6", rls:"RHENT_5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  exit(0);
+}
\ No newline at end of file

Added: trunk/openvas-plugins/scripts/gb_RHSA-2011_1423-01_php53_and_php.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_RHSA-2011_1423-01_php53_and_php.nasl	2011-11-03 11:17:12 UTC (rev 11970)
+++ trunk/openvas-plugins/scripts/gb_RHSA-2011_1423-01_php53_and_php.nasl	2011-11-03 11:22:48 UTC (rev 11971)
@@ -0,0 +1,257 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# RedHat Update for php53 and php RHSA-2011:1423-01
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(870510);
+  script_version("$Revision: $");
+  script_tag(name:"cvss_base", value:"7.5");
+  script_tag(name:"risk_factor", value:"High");
+  script_xref(name: "RHSA", value: "2011:1423-01");
+  script_cve_id("CVE-2011-0708", "CVE-2011-1148", "CVE-2011-1466", "CVE-2011-1468",
+                "CVE-2011-1469", "CVE-2011-1471", "CVE-2011-1938", "CVE-2011-2202",
+                "CVE-2011-2483");
+  script_name("RedHat Update for php53 and php RHSA-2011:1423-01");
+  desc = "
+
+  Vulnerability Insight:
+  PHP is an HTML-embedded scripting language commonly used with the Apache
+  HTTP Server.
+  
+  A signedness issue was found in the way the PHP crypt() function handled
+  8-bit characters in passwords when using Blowfish hashing. Up to three
+  characters immediately preceding a non-ASCII character (one with the high
+  bit set) had no effect on the hash result, thus shortening the effective
+  password length. This made brute-force guessing more efficient as several
+  different passwords were hashed to the same value. (CVE-2011-2483)
+  
+  Note: Due to the CVE-2011-2483 fix, after installing this update some users
+  may not be able to log in to PHP applications that hash passwords with
+  Blowfish using the PHP crypt() function. Refer to the upstream
+  &quot;CRYPT_BLOWFISH security fix details&quot; document, linked to in the
+  References, for details.
+  
+  An insufficient input validation flaw, leading to a buffer over-read, was
+  found in the PHP exif extension. A specially-crafted image file could cause
+  the PHP interpreter to crash when a PHP script tries to extract
+  Exchangeable image file format (Exif) metadata from the image file.
+  (CVE-2011-0708)
+  
+  An integer overflow flaw was found in the PHP calendar extension. A remote
+  attacker able to make a PHP script call SdnToJulian() with a large value
+  could cause the PHP interpreter to crash. (CVE-2011-1466)
+  
+  Multiple memory leak flaws were found in the PHP OpenSSL extension. A
+  remote attacker able to make a PHP script use openssl_encrypt() or
+  openssl_decrypt() repeatedly could cause the PHP interpreter to use an
+  excessive amount of memory. (CVE-2011-1468)
+  
+  A use-after-free flaw was found in the PHP substr_replace() function. If a
+  PHP script used the same variable as multiple function arguments, a remote
+  attacker could possibly use this to crash the PHP interpreter or, possibly,
+  execute arbitrary code. (CVE-2011-1148)
+  
+  A bug in the PHP Streams component caused the PHP interpreter to crash if
+  an FTP wrapper connection was made through an HTTP proxy. A remote attacker
+  could possibly trigger this issue if a PHP script accepted an untrusted URL
+  to connect to. (CVE-2011-1469)
+  
+  An integer signedness issue was found in the PHP zip extension. An attacker
+  could use a specially-crafted ZIP archive to cause the PHP interpreter to
+  use an excessive amount of CPU time until the script execution time limit
+  is reached. (CVE-2011-1471)
+  
+  A stack-based buffer overflow flaw was found in the way the PHP socket
+  extension handled long AF_UNIX socket addresses. An attacker able to mak ... 
+
+  Description truncated, for more information please check the Reference URL
+
+  Affected Software/OS:
+  php53 and php on Red Hat Enterprise Linux (v. 5 server)
+
+  Fix: Please Install the Updated Packages.
+
+  References:
+  https://www.redhat.com/archives/rhsa-announce/2011-November/msg00003.html
+
+  ";
+
+  script_description(desc);
+  script_summary("Check for the Version of php53 and php");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("Red Hat Local Security Checks");
+  script_dependencies("gather-package-list.nasl");
+  script_require_keys("ssh/login/release");
+  exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+  exit(0);
+}
+
+if(release == "RHENT_5")
+{
+
+  if(isrpmvuln(pkg:"php53", rpm:"php53~5.3.3~1.el5_7.3", rls:"RHENT_5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"php53-bcmath", rpm:"php53-bcmath~5.3.3~1.el5_7.3", rls:"RHENT_5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"php53-cli", rpm:"php53-cli~5.3.3~1.el5_7.3", rls:"RHENT_5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"php53-common", rpm:"php53-common~5.3.3~1.el5_7.3", rls:"RHENT_5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"php53-dba", rpm:"php53-dba~5.3.3~1.el5_7.3", rls:"RHENT_5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"php53-debuginfo", rpm:"php53-debuginfo~5.3.3~1.el5_7.3", rls:"RHENT_5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"php53-devel", rpm:"php53-devel~5.3.3~1.el5_7.3", rls:"RHENT_5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"php53-gd", rpm:"php53-gd~5.3.3~1.el5_7.3", rls:"RHENT_5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"php53-imap", rpm:"php53-imap~5.3.3~1.el5_7.3", rls:"RHENT_5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"php53-intl", rpm:"php53-intl~5.3.3~1.el5_7.3", rls:"RHENT_5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"php53-ldap", rpm:"php53-ldap~5.3.3~1.el5_7.3", rls:"RHENT_5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"php53-mbstring", rpm:"php53-mbstring~5.3.3~1.el5_7.3", rls:"RHENT_5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"php53-mysql", rpm:"php53-mysql~5.3.3~1.el5_7.3", rls:"RHENT_5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"php53-odbc", rpm:"php53-odbc~5.3.3~1.el5_7.3", rls:"RHENT_5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"php53-pdo", rpm:"php53-pdo~5.3.3~1.el5_7.3", rls:"RHENT_5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"php53-pgsql", rpm:"php53-pgsql~5.3.3~1.el5_7.3", rls:"RHENT_5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"php53-process", rpm:"php53-process~5.3.3~1.el5_7.3", rls:"RHENT_5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"php53-pspell", rpm:"php53-pspell~5.3.3~1.el5_7.3", rls:"RHENT_5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"php53-snmp", rpm:"php53-snmp~5.3.3~1.el5_7.3", rls:"RHENT_5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"php53-soap", rpm:"php53-soap~5.3.3~1.el5_7.3", rls:"RHENT_5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"php53-xml", rpm:"php53-xml~5.3.3~1.el5_7.3", rls:"RHENT_5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"php53-xmlrpc", rpm:"php53-xmlrpc~5.3.3~1.el5_7.3", rls:"RHENT_5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  exit(0);
+}
\ No newline at end of file

Added: trunk/openvas-plugins/scripts/gb_apple_quicktime_mult_dos_vuln_win_nov11.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_apple_quicktime_mult_dos_vuln_win_nov11.nasl	2011-11-03 11:17:12 UTC (rev 11970)
+++ trunk/openvas-plugins/scripts/gb_apple_quicktime_mult_dos_vuln_win_nov11.nasl	2011-11-03 11:22:48 UTC (rev 11971)
@@ -0,0 +1,90 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_apple_quicktime_mult_dos_vuln_win_nov11.nasl 18219 2011-11-03 10:14:17 nov $
+#
+# Apple QuickTime Multiple Denial of Service Vulnerabilities - (Windows)
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802198);
+  script_version("$Revision: $");
+  script_cve_id("CVE-2011-3251", "CVE-2011-3250", "CVE-2011-3249",
+                "CVE-2011-3248", "CVE-2011-3247");
+  script_bugtraq_id(50403, 50401, 50404, 50400, 50399);
+  script_tag(name:"cvss_base", value:"9.3");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_name("Apple QuickTime Multiple Denial of Service Vulnerabilities - (Windows)");
+  desc = "
+  Overview: The host is installed with Apple QuickTime and is prone to multiple
+  denial of service vulnerabilities.
+
+  Vulnerability Insight:
+  The flaws are caused due to,
+  - A integer overflow while handling the PICT files and JPEG2000 encoded
+    movie files.
+  - A signedness issue existed in the handling of font tables embedded in
+    QuickTime movie files.
+  - A buffer overflow issue while handling FLC encoded movie files.
+  - A memory corruption issue, while handling of TKHD atoms in QuickTime
+    movie files.
+
+  Impact:
+  Successful exploitation could allow attackers to execute arbitrary code or
+  cause a denial of service via crafted files.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  QuickTime Player version prior to 7.7.1
+
+  Fix: Upgrade to QuickTime Player version 7.7.1 or later
+  For updates refer, http://www.apple.com/quicktime/download/
+
+  References:
+  http://support.apple.com/kb/HT5016
+  http://www.zerodayinitiative.com/advisories/ZDI-11-314/
+  http://www.zerodayinitiative.com/advisories/ZDI-11-315/ ";
+
+  script_description(desc);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_summary("Check the version of QuickTime Player");
+  script_category(ACT_GATHER_INFO);
+  script_family("Denial of Service");
+  script_dependencies("secpod_apple_quicktime_detection_win_900124.nasl");
+  script_require_keys("QuickTime/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get the version from KB
+quickVer = get_kb_item("QuickTime/Win/Ver");
+if(!quickVer){
+  exit(0);
+}
+
+## Check for QuickTime Playe Version less than 7.7.1
+if(version_is_less(version:quickVer, test_version:"7.7.1")){
+  security_hole(0);
+}

Added: trunk/openvas-plugins/scripts/gb_fedora_2011_13874_perl_fc14.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_13874_perl_fc14.nasl	2011-11-03 11:17:12 UTC (rev 11970)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_13874_perl_fc14.nasl	2011-11-03 11:22:48 UTC (rev 11971)
@@ -0,0 +1,91 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for perl FEDORA-2011-13874
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(863605);
+  script_version("$Revision: $");
+  script_tag(name:"risk_factor", value:"High");
+  script_xref(name: "FEDORA", value: "2011-13874");
+  script_cve_id("CVE-2011-3597", "CVE-2011-2939");
+  script_name("Fedora Update for perl FEDORA-2011-13874");
+  desc = "
+
+  Vulnerability Insight:
+  Perl is a high-level programming language with roots in C, sed, awk
+  and shell scripting.  Perl is good at handling processes and files,
+  and is especially good at handling text.  Perl's hallmarks are
+  practicality and efficiency.  While it is used to do a lot of
+  different things, Perl's most common applications are system
+  administration utilities and web programming.  A large proportion of
+  the CGI scripts on the web are written in Perl.  You need the perl
+  package installed on your system so that your system can handle Perl
+  scripts.
+  
+  Install this package if you want to program in Perl or enable your
+  system to handle Perl scripts.
+
+
+  Affected Software/OS:
+  perl on Fedora 14
+
+  Fix: Please Install the Updated Packages.
+
+  References:
+  http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068753.html
+
+  ";
+
+  script_description(desc);
+  script_summary("Check for the Version of perl");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("Fedora Local Security Checks");
+  script_dependencies("gather-package-list.nasl");
+  script_require_keys("ssh/login/release");
+  exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+  exit(0);
+}
+
+if(release == "FC14")
+{
+
+  if(isrpmvuln(pkg:"perl", rpm:"perl~5.12.4~147.fc14", rls:"FC14"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  exit(0);
+}
\ No newline at end of file

Added: trunk/openvas-plugins/scripts/gb_google_chrome_nss_priv_escalation_vuln_macosx.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_google_chrome_nss_priv_escalation_vuln_macosx.nasl	2011-11-03 11:17:12 UTC (rev 11970)
+++ trunk/openvas-plugins/scripts/gb_google_chrome_nss_priv_escalation_vuln_macosx.nasl	2011-11-03 11:22:48 UTC (rev 11971)
@@ -0,0 +1,83 @@
+######################################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_google_chrome_nss_priv_escalation_vuln_macosx.nasl 18221 2011-11-02 15:20:12 nov $
+#
+# Google Chrome Mozilla Network Security Services Privilege Escalation Vulnerability (Mac OS X)
+#
+# Authors:
+# Rachana Shetty <srachana at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802339);
+  script_version("$Revision: $");
+  script_cve_id("CVE-2011-3640");
+  script_tag(name:"cvss_base", value:"6.9");
+  script_tag(name:"risk_factor", value:"High");
+  script_name("Google Chrome Mozilla Network Security Services Privilege Escalation Vulnerability (Mac OS X)");
+  desc = "
+  Overview: The host is installed with Google Chrome and is prone to privilege
+  escalation vulnerability
+
+  Vulnerability Insight:
+  The flaw is caused due to an error in the Mozilla Network Security Services
+  (NSS) library, which can be exploited by sending Trojan horse pkcs11.txt
+  file in a top-level directory.
+
+  Impact:
+  Successful exploitation will let the local attacker to execute arbitrary
+  code with an elevated privileges.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  Google Chrome version 16.0.912.21 and prior on Mac OS X
+
+  Fix: Upgrade to the Google Chrome 17 or later,
+  For updates refer, http://www.google.com/chrome
+
+  References:
+  https://bugzilla.mozilla.org/show_bug.cgi?id=641052
+  http://code.google.com/p/chromium/issues/detail?id=97426
+  http://blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.html ";
+
+  script_description(desc);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_summary("Check the version of Google Chrome");
+  script_category(ACT_GATHER_INFO);
+  script_family("General");
+  script_dependencies("gb_google_chrome_detect_macosx.nasl");
+  script_require_keys("GoogleChrome/MacOSX/Version");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get the version from KB
+chromeVer = get_kb_item("GoogleChrome/MacOSX/Version");
+if(!chromeVer){
+  exit(0);
+}
+
+## Check for Google Chrome Versions 16.0.912.21 and prior
+if(version_is_less_equal(version:chromeVer, test_version:"16.0.912.21")){
+  security_hole(0);
+}

Added: trunk/openvas-plugins/scripts/gb_google_chrome_nss_priv_escalation_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_google_chrome_nss_priv_escalation_vuln_win.nasl	2011-11-03 11:17:12 UTC (rev 11970)
+++ trunk/openvas-plugins/scripts/gb_google_chrome_nss_priv_escalation_vuln_win.nasl	2011-11-03 11:22:48 UTC (rev 11971)
@@ -0,0 +1,83 @@
+######################################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_google_chrome_nss_priv_escalation_vuln_win.nasl 18221 2011-11-02 12:12:12 nov $
+#
+# Google Chrome Mozilla Network Security Services Privilege Escalation Vulnerability (Windows)
+#
+# Authors:
+# Rachana Shetty <srachana at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802338);
+  script_version("$Revision: $");
+  script_cve_id("CVE-2011-3640");
+  script_tag(name:"cvss_base", value:"6.9");
+  script_tag(name:"risk_factor", value:"High");
+  script_name("Google Chrome Mozilla Network Security Services Privilege Escalation Vulnerability (Windows)");
+  desc = "
+  Overview: The host is installed with Google Chrome and is prone to privilege
+  escalation vulnerability
+
+  Vulnerability Insight:
+  The flaw is caused due to an error in the Mozilla Network Security Services
+  (NSS) library, which can be exploited by sending Trojan horse pkcs11.txt
+  file in a top-level directory.
+
+  Impact:
+  Successful exploitation will let the local attacker to execute arbitrary
+  code with an elevated privileges.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  Google Chrome version 16.0.912.21 and prior on Windows
+
+  Fix: Upgrade to the Google Chrome 17 or later,
+  For updates refer, http://www.google.com/chrome
+
+  References:
+  https://bugzilla.mozilla.org/show_bug.cgi?id=641052
+  http://code.google.com/p/chromium/issues/detail?id=97426
+  http://blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.html ";
+
+  script_description(desc);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_summary("Check the version of Google Chrome");
+  script_category(ACT_GATHER_INFO);
+  script_family("General");
+  script_dependencies("gb_google_chrome_detect_win.nasl");
+  script_require_keys("GoogleChrome/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get the version from KB
+chromeVer = get_kb_item("GoogleChrome/Win/Ver");
+if(!chromeVer){
+  exit(0);
+}
+
+## Check for Google Chrome Versions prior to 17
+if(version_is_less_equal(version:chromeVer, test_version:"16.0.912.21")){
+  security_hole(0);
+}

Added: trunk/openvas-plugins/scripts/gb_mandriva_MDVA_2011_067.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_mandriva_MDVA_2011_067.nasl	2011-11-03 11:17:12 UTC (rev 11970)
+++ trunk/openvas-plugins/scripts/gb_mandriva_MDVA_2011_067.nasl	2011-11-03 11:22:48 UTC (rev 11971)
@@ -0,0 +1,226 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Mandriva Update for mds MDVA-2011:067 (mds)
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(831483);
+  script_version("$Revision: $");
+  script_tag(name:"risk_factor", value:"High");
+  script_xref(name: "MDVA", value: "2011:067");
+  script_name("Mandriva Update for mds MDVA-2011:067 (mds)");
+  desc = "
+
+  Vulnerability Insight:
+
+  This updates the version of Mandriva Directory Server
+  to 2.4.2.1. See the ReleaseNotes page for more details:
+  http://mds.mandriva.org/wiki/ReleaseNotes#Releasedate:Oct27th2011
+
+  Affected Software/OS:
+  mds on Mandriva Enterprise Server 5,
+  Mandriva Enterprise Server 5/X86_64
+
+  Fix: Please Install the Updated Packages.
+
+  References:
+  http://lists.mandriva.com/security-announce/2011-10/msg00046.php
+
+  ";
+
+  script_description(desc);
+  script_summary("Check for the Version of mds");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("Mandrake Local Security Checks");
+  script_dependencies("gather-package-list.nasl");
+  script_require_keys("ssh/login/release");
+  exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+  exit(0);
+}
+
+if(release == "MNDK_mes5")
+{
+
+  if(isrpmvuln(pkg:"mmc-agent", rpm:"mmc-agent~3.0.3.1~0.6mdvmes5.2", rls:"MNDK_mes5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"mmc-check-password", rpm:"mmc-check-password~3.0.3.1~0.6mdvmes5.2", rls:"MNDK_mes5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"mmc-web-base", rpm:"mmc-web-base~3.0.3.1~0.6mdvmes5.2", rls:"MNDK_mes5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"mmc-web-bulkimport", rpm:"mmc-web-bulkimport~2.4.2.1~0.6mdvmes5.2", rls:"MNDK_mes5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"mmc-web-mail", rpm:"mmc-web-mail~2.4.2.1~0.6mdvmes5.2", rls:"MNDK_mes5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"mmc-web-network", rpm:"mmc-web-network~2.4.2.1~0.6mdvmes5.2", rls:"MNDK_mes5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"mmc-web-ppolicy", rpm:"mmc-web-ppolicy~3.0.3.1~0.6mdvmes5.2", rls:"MNDK_mes5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"mmc-web-proxy", rpm:"mmc-web-proxy~2.4.2.1~0.6mdvmes5.2", rls:"MNDK_mes5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"mmc-web-samba", rpm:"mmc-web-samba~2.4.2.1~0.6mdvmes5.2", rls:"MNDK_mes5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"mmc-web-sshlpk", rpm:"mmc-web-sshlpk~2.4.2.1~0.6mdvmes5.2", rls:"MNDK_mes5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"mmc-web-userquota", rpm:"mmc-web-userquota~2.4.2.1~0.6mdvmes5.2", rls:"MNDK_mes5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"python-mmc-base", rpm:"python-mmc-base~3.0.3.1~0.6mdvmes5.2", rls:"MNDK_mes5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"python-mmc-bulkimport", rpm:"python-mmc-bulkimport~2.4.2.1~0.6mdvmes5.2", rls:"MNDK_mes5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"python-mmc-core", rpm:"python-mmc-core~3.0.3.1~0.6mdvmes5.2", rls:"MNDK_mes5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"python-mmc-mail", rpm:"python-mmc-mail~2.4.2.1~0.6mdvmes5.2", rls:"MNDK_mes5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"python-mmc-network", rpm:"python-mmc-network~2.4.2.1~0.6mdvmes5.2", rls:"MNDK_mes5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"python-mmc-plugins-tools", rpm:"python-mmc-plugins-tools~3.0.3.1~0.6mdvmes5.2", rls:"MNDK_mes5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"python-mmc-ppolicy", rpm:"python-mmc-ppolicy~3.0.3.1~0.6mdvmes5.2", rls:"MNDK_mes5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"python-mmc-proxy", rpm:"python-mmc-proxy~2.4.2.1~0.6mdvmes5.2", rls:"MNDK_mes5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"python-mmc-samba", rpm:"python-mmc-samba~2.4.2.1~0.6mdvmes5.2", rls:"MNDK_mes5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"python-mmc-sshlpk", rpm:"python-mmc-sshlpk~2.4.2.1~0.6mdvmes5.2", rls:"MNDK_mes5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"python-mmc-userquota", rpm:"python-mmc-userquota~2.4.2.1~0.6mdvmes5.2", rls:"MNDK_mes5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"python-smbpasswd", rpm:"python-smbpasswd~1.0.1~0.1mdvmes5.2", rls:"MNDK_mes5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"mds", rpm:"mds~2.4.2.1~0.6mdvmes5.2", rls:"MNDK_mes5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"mmc-core", rpm:"mmc-core~3.0.3.1~0.6mdvmes5.2", rls:"MNDK_mes5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  exit(0);
+}
\ No newline at end of file

Added: trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2011_162.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2011_162.nasl	2011-11-03 11:17:12 UTC (rev 11970)
+++ trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2011_162.nasl	2011-11-03 11:22:48 UTC (rev 11971)
@@ -0,0 +1,494 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Mandriva Update for kdelibs4 MDVSA-2011:162 (kdelibs4)
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(831482);
+  script_version("$Revision: $");
+  script_tag(name:"cvss_base", value:"7.5");
+  script_tag(name:"risk_factor", value:"High");
+  script_xref(name: "MDVSA", value: "2011:162");
+  script_cve_id("CVE-2009-2408", "CVE-2009-2702", "CVE-2011-3365");
+  script_name("Mandriva Update for kdelibs4 MDVSA-2011:162 (kdelibs4)");
+  desc = "
+
+  Vulnerability Insight:
+
+  Multiple vulnerabilities was discovered and corrected in kdelibs4:
+  
+  KDE KSSL in kdelibs does not properly handle a \&amp;#039;\0\&amp;#039; (NUL)
+  character in a domain name in the Subject Alternative Name field of
+  an X.509 certificate, which allows man-in-the-middle attackers to
+  spoof arbitrary SSL servers via a crafted certificate issued by a
+  legitimate Certification Authority, a related issue to CVE-2009-2408
+  (CVE-2009-2702).
+  
+  An input sanitization flaw was found in the KSSL (KDE SSL Wrapper)
+  API. An attacker could supply a specially-crafted SSL certificate
+  (for example, via a web page) to an application using KSSL, such
+  as the Konqueror web browser, causing misleading information to be
+  presented to the user, possibly tricking them into accepting the
+  certificate as valid (CVE-2011-3365).
+  
+  The updated packages have been patched to correct these issues.
+
+  Affected Software/OS:
+  kdelibs4 on Mandriva Linux 2010.1,
+  Mandriva Linux 2010.1/X86_64
+
+  Fix: Please Install the Updated Packages.
+
+  References:
+  http://lists.mandriva.com/security-announce/2011-11/msg00000.php
+
+  ";
+
+  script_description(desc);
+  script_summary("Check for the Version of kdelibs4");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("Mandrake Local Security Checks");
+  script_dependencies("gather-package-list.nasl");
+  script_require_keys("ssh/login/release");
+  exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+  exit(0);
+}
+
+if(release == "MNDK_2010.1")
+{
+
+  if(isrpmvuln(pkg:"kdelibs4-core", rpm:"kdelibs4-core~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"kdelibs4-devel", rpm:"kdelibs4-devel~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"libkde3support4", rpm:"libkde3support4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"libkdecore5", rpm:"libkdecore5~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"libkdefakes5", rpm:"libkdefakes5~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"libkdesu5", rpm:"libkdesu5~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"libkdeui5", rpm:"libkdeui5~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"libkdewebkit5", rpm:"libkdewebkit5~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"libkdnssd4", rpm:"libkdnssd4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"libkfile4", rpm:"libkfile4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"libkhtml5", rpm:"libkhtml5~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"libkimproxy4", rpm:"libkimproxy4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"libkio5", rpm:"libkio5~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"libkjs4", rpm:"libkjs4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"libkjsapi4", rpm:"libkjsapi4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"libkjsembed4", rpm:"libkjsembed4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"libkmediaplayer4", rpm:"libkmediaplayer4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"libknewstuff2_4", rpm:"libknewstuff2_4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"libknewstuff34", rpm:"libknewstuff34~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"libknotifyconfig4", rpm:"libknotifyconfig4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"libkntlm4", rpm:"libkntlm4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"libkparts4", rpm:"libkparts4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"libkpty4", rpm:"libkpty4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"libkrosscore4", rpm:"libkrosscore4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"libkrossui4", rpm:"libkrossui4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"libktexteditor4", rpm:"libktexteditor4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"libkunitconversion4", rpm:"libkunitconversion4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"libkunittest4", rpm:"libkunittest4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"libkutils4", rpm:"libkutils4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"libnepomuk4", rpm:"libnepomuk4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"libnepomukquery4", rpm:"libnepomukquery4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"libplasma3", rpm:"libplasma3~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"libsolid4", rpm:"libsolid4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"libthreadweaver4", rpm:"libthreadweaver4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"kdelibs4", rpm:"kdelibs4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"lib64kde3support4", rpm:"lib64kde3support4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"lib64kdecore5", rpm:"lib64kdecore5~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"lib64kdefakes5", rpm:"lib64kdefakes5~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"lib64kdesu5", rpm:"lib64kdesu5~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"lib64kdeui5", rpm:"lib64kdeui5~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"lib64kdewebkit5", rpm:"lib64kdewebkit5~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"lib64kdnssd4", rpm:"lib64kdnssd4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"lib64kfile4", rpm:"lib64kfile4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"lib64khtml5", rpm:"lib64khtml5~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"lib64kimproxy4", rpm:"lib64kimproxy4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"lib64kio5", rpm:"lib64kio5~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"lib64kjs4", rpm:"lib64kjs4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"lib64kjsapi4", rpm:"lib64kjsapi4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"lib64kjsembed4", rpm:"lib64kjsembed4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"lib64kmediaplayer4", rpm:"lib64kmediaplayer4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"lib64knewstuff2_4", rpm:"lib64knewstuff2_4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"lib64knewstuff34", rpm:"lib64knewstuff34~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"lib64knotifyconfig4", rpm:"lib64knotifyconfig4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"lib64kntlm4", rpm:"lib64kntlm4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"lib64kparts4", rpm:"lib64kparts4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"lib64kpty4", rpm:"lib64kpty4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"lib64krosscore4", rpm:"lib64krosscore4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"lib64krossui4", rpm:"lib64krossui4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"lib64ktexteditor4", rpm:"lib64ktexteditor4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"lib64kunitconversion4", rpm:"lib64kunitconversion4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"lib64kunittest4", rpm:"lib64kunittest4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"lib64kutils4", rpm:"lib64kutils4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"lib64nepomuk4", rpm:"lib64nepomuk4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"lib64nepomukquery4", rpm:"lib64nepomukquery4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"lib64plasma3", rpm:"lib64plasma3~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"lib64solid4", rpm:"lib64solid4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  if(isrpmvuln(pkg:"lib64threadweaver4", rpm:"lib64threadweaver4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  exit(0);
+}
\ No newline at end of file

Added: trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2011_163.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2011_163.nasl	2011-11-03 11:17:12 UTC (rev 11970)
+++ trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2011_163.nasl	2011-11-03 11:22:48 UTC (rev 11971)
@@ -0,0 +1,95 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Mandriva Update for phpldapadmin MDVSA-2011:163 (phpldapadmin)
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(831481);
+  script_version("$Revision: $");
+  script_tag(name:"risk_factor", value:"High");
+  script_xref(name: "MDVSA", value: "2011:163");
+  script_cve_id("CVE-2011-4074", "CVE-2011-4075");
+  script_name("Mandriva Update for phpldapadmin MDVSA-2011:163 (phpldapadmin)");
+  desc = "
+
+  Vulnerability Insight:
+
+  Multiple vulnerabilities was discovered and corrected in phpldapadmin:
+  
+  Input appended to the URL in cmd.php \(when cmd is set to _debug\)
+  is not properly sanitised before being returned to the user. This can
+  be exploited to execute arbitrary HTML and script code in a user&amp;#039;s
+  browser session in context of an affected site (CVE-2011-4074).
+  
+  Input passed to the orderby parameter in cmd.php \(when cmd is set
+  to query_engine, query is set to none, and search is set to e.g. 1\)
+  is not properly sanitised in lib/functions.php before being used in
+  a create_function() function call. This can be exploited to inject
+  and execute arbitrary PHP code (CVE-2011-4075).
+  
+  The updated packages have been upgraded to the latest version (1.2.2)
+  which is not vulnerable to these issues.
+
+  Affected Software/OS:
+  phpldapadmin on Mandriva Enterprise Server 5,
+  Mandriva Enterprise Server 5/X86_64
+
+  Fix: Please Install the Updated Packages.
+
+  References:
+  http://lists.mandriva.com/security-announce/2011-11/msg00001.php
+
+  ";
+
+  script_description(desc);
+  script_summary("Check for the Version of phpldapadmin");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("Mandrake Local Security Checks");
+  script_dependencies("gather-package-list.nasl");
+  script_require_keys("ssh/login/release");
+  exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+  exit(0);
+}
+
+if(release == "MNDK_mes5")
+{
+
+  if(isrpmvuln(pkg:"phpldapadmin", rpm:"phpldapadmin~1.2.2~0.1mdvmes5.2", rls:"MNDK_mes5"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  exit(0);
+}
\ No newline at end of file

Added: trunk/openvas-plugins/scripts/gb_oracle_glassfish_n_sjas_web_container_dos_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_oracle_glassfish_n_sjas_web_container_dos_vuln.nasl	2011-11-03 11:17:12 UTC (rev 11970)
+++ trunk/openvas-plugins/scripts/gb_oracle_glassfish_n_sjas_web_container_dos_vuln.nasl	2011-11-03 11:22:48 UTC (rev 11971)
@@ -0,0 +1,113 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_oracle_glassfish_n_sjas_web_container_dos_vuln.nasl 18055 2011-10-31 15:57:29Z oct $
+#
+# Oracle Sun GlassFish/System Application Server Web Container DOS Vulnerability
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801997);
+  script_version("$Revision: $");
+  script_cve_id("CVE-2011-3559");
+  script_bugtraq_id(50204);
+  script_tag(name:"cvss_base", value:"7.8");
+  script_tag(name:"risk_factor", value:"High");
+  script_name("Oracle Sun GlassFish/System Application Server Web Container DOS Vulnerability");
+  desc = "
+  Overview: The host is running GlassFish/System Application Server and is
+  prone to denial of service vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused due to an unspecified error within the Web Container
+  component, which allows remote users to cause denial of service conditions.
+
+  Impact:
+  Successful exploitation could allow malicious attackers to cause a denial
+  of service.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Oracle GlassFish version 2.1.1, 3.0.1 and 3.1.1
+  Oracle Sun Java System Application Server version 8.1 and 8.2
+
+  Fix: Apply the security updates.
+  http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html
+
+  *****
+  NOTE: Ignore this warning, if above mentioned patch is manually applied.
+  *****
+
+  References:
+  http://secunia.com/advisories/46524
+  http://secunia.com/advisories/46523
+  http://xforce.iss.net/xforce/xfdb/70816
+  http://www.securitytracker.com/id?1026222 ";
+
+  script_description(desc);
+  script_summary("Check for the version of Oracle Sun Java GlassFish/System Application Server");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("Denial of Service");
+  script_dependencies("GlassFish_detect.nasl", "secpod_sun_java_app_serv_detect.nasl");
+  script_require_ports("Services/www", 8080);
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+## Check for the default port
+if(!port = get_http_port(default:8080)){
+  port = 8080;
+}
+
+## Check port status
+if(!get_port_state(port)){
+  exit(0);
+}
+
+## Get the version form KB
+vers = get_kb_item(string("www/", port, "/GlassFish"));
+if(vers)
+{
+  if(version_in_range(version: vers, test_version:"3.0", test_version2:"3.1.1") ||
+     version_in_range(version: vers, test_version:"2.1", test_version2:"2.1.1"))
+  {
+    security_hole(port:port);
+    exit(0);
+  }
+}
+
+ver = get_kb_item("Sun/Java/AppServer/Ver");
+if(ver)
+{
+  ver = ereg_replace(pattern:"_", replace:".", string:ver);
+
+  # Check for Java Application Server version 8.1 and 8.2
+  if(version_is_equal(version:ver, test_version:"8.0.01") ||
+     version_is_equal(version:ver, test_version:"8.0.02")){
+    security_hole(port:port);
+  }
+}

Added: trunk/openvas-plugins/scripts/gb_phpldapadmin_debug_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_phpldapadmin_debug_xss_vuln.nasl	2011-11-03 11:17:12 UTC (rev 11970)
+++ trunk/openvas-plugins/scripts/gb_phpldapadmin_debug_xss_vuln.nasl	2011-11-03 11:22:48 UTC (rev 11971)
@@ -0,0 +1,120 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_phpldapadmin_debug_xss_vuln.nasl 18159 2011-11-02 17:17:17Z nov $
+#
+# phpLDAPadmin '_debug' Cross Site Scripting Vulnerability
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802265);
+  script_version("$Revision: $");
+  script_cve_id("CVE-2011-4074");
+  script_bugtraq_id(50331);
+  script_tag(name:"cvss_base", value:"4.3");
+  script_tag(name:"risk_factor", value:"Medium");
+  script_name("phpLDAPadmin '_debug' Cross Site Scripting Vulnerability");
+  desc = "
+  Overview: This host is running phpLDAPadmin and is prone to cross site
+  scripting vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused due to improper validation of user-supplied input appended
+  to the URL in cmd.php (when 'cmd' is set to '_debug'), which allows attackers
+  to execute arbitrary HTML and script code in a user's browser session in the
+  context of an affected site.
+
+  Impact:
+  Successful exploitation will allow remote attackers to insert arbitrary HTML
+  and script code, which will be executed in a user's browser session in the
+  context of an affected site.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  phpLDAPadmin versions 1.2.0 through 1.2.1.1
+
+  Fix: Apply patch from below link,
+  http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin;a=commit;h=64668e882b8866fae0fa1b25375d1a2f3b4672e2
+
+  References:
+  http://secunia.com/advisories/46551
+  http://xforce.iss.net/xforce/xfdb/70918
+  http://openwall.com/lists/oss-security/2011/10/24/9
+  https://bugzilla.redhat.com/show_bug.cgi?id=748538 ";
+
+  script_description(desc);
+  script_summary("Check if phpLDAPadmin is vulnerable to Cross-Site Scripting");
+  script_category(ACT_ATTACK);
+  script_copyright("Copyright (C) 2011 Greenbone Networks GmbH");
+  script_family("Web application abuses");
+  script_dependencies("phpldapadmin_detect.nasl");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+include("http_keepalive.inc");
+
+## Get HTTP Port
+port = get_http_port(default:80);
+
+## Check Port State
+if(!get_port_state(port)) {
+  exit(0);
+}
+
+## Check Host Supports PHP
+if(!can_host_php(port:port)){
+  exit(0);
+}
+
+## Get phpLDAPadmin Directory
+if(! dir = get_dir_from_kb(port:port,app:"phpldapadmin")){
+  exit(0);
+}
+
+## Send and Receive the response
+req = http_get(item:string(dir, "/index.php"),  port:port);
+res = http_keepalive_send_recv(port:port, data:req);
+
+## Get Session ID
+cookie = eregmatch(pattern:"Set-Cookie: ([^;]*);", string:res);
+if(isnull(cookie[1])) {
+  exit(0);
+}
+cookie = cookie[1];
+
+## Construct attack request
+url = "/cmd.php?cmd=_debug&<script>alert('OV-XSS-Attack-Test')</script>";
+req = http_get(item:dir + url, port:port);
+req = string(chomp(req), '\r\nCookie: ', cookie, '\r\n\r\n');
+
+## Send request and receive the response
+res = http_keepalive_send_recv(port:port, data:req);
+
+## Confirm exploit worked by checking the response
+if("<script>alert('OV-XSS-Attack-Test')</script>" >< res){
+  security_warning(port);
+}

Modified: trunk/openvas-plugins/scripts/gb_zikula_49491.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_zikula_49491.nasl	2011-11-03 11:17:12 UTC (rev 11970)
+++ trunk/openvas-plugins/scripts/gb_zikula_49491.nasl	2011-11-03 11:22:48 UTC (rev 11971)
@@ -31,7 +31,7 @@
  script_tag(name:"last_modification", value:"$Date$");
  script_tag(name:"creation_date", value:"2011-09-12 14:00:02 +0200 (Mon, 12 Sep 2011)");
  script_bugtraq_id(49491);
-
+ script_cve_id("CVE-2011-3979");
  script_name("Zikula Application Framework 'themename' Parameter Cross Site Scripting Vulnerability");
 
 desc = "Overview:

Modified: trunk/openvas-plugins/scripts/secpod_google_chrome_mult_vuln_sep11_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_google_chrome_mult_vuln_sep11_lin.nasl	2011-11-03 11:17:12 UTC (rev 11970)
+++ trunk/openvas-plugins/scripts/secpod_google_chrome_mult_vuln_sep11_lin.nasl	2011-11-03 11:22:48 UTC (rev 11971)
@@ -35,7 +35,7 @@
                 "CVE-2011-2853", "CVE-2011-2854", "CVE-2011-2855", "CVE-2011-2856",
                 "CVE-2011-2857", "CVE-2011-2858", "CVE-2011-2859", "CVE-2011-2860",
                 "CVE-2011-2861", "CVE-2011-2862", "CVE-2011-2864", "CVE-2011-2874",
-                "CVE-2011-2875", "CVE-2011-3234", "CVE-2011-2837");
+                "CVE-2011-2875", "CVE-2011-3234", "CVE-2011-2837", "CVE-2011-2830");
   script_bugtraq_id(49658);
   script_tag(name:"cvss_base", value:"7.5");
   script_tag(name:"risk_factor", value:"High");

Modified: trunk/openvas-plugins/scripts/secpod_google_chrome_mult_vuln_sep11_macosx.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_google_chrome_mult_vuln_sep11_macosx.nasl	2011-11-03 11:17:12 UTC (rev 11970)
+++ trunk/openvas-plugins/scripts/secpod_google_chrome_mult_vuln_sep11_macosx.nasl	2011-11-03 11:22:48 UTC (rev 11971)
@@ -35,7 +35,7 @@
                 "CVE-2011-2853", "CVE-2011-2854", "CVE-2011-2855", "CVE-2011-2856",
                 "CVE-2011-2857", "CVE-2011-2858", "CVE-2011-2859", "CVE-2011-2860",
                 "CVE-2011-2861", "CVE-2011-2862", "CVE-2011-2864", "CVE-2011-2874",
-                "CVE-2011-2875", "CVE-2011-3234", "CVE-2011-2842");
+                "CVE-2011-2875", "CVE-2011-3234", "CVE-2011-2842", "CVE-2011-2830");
   script_bugtraq_id(49658);
   script_tag(name:"cvss_base", value:"7.5");
   script_tag(name:"risk_factor", value:"High");

Modified: trunk/openvas-plugins/scripts/secpod_google_chrome_mult_vuln_sep11_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_google_chrome_mult_vuln_sep11_win.nasl	2011-11-03 11:17:12 UTC (rev 11970)
+++ trunk/openvas-plugins/scripts/secpod_google_chrome_mult_vuln_sep11_win.nasl	2011-11-03 11:22:48 UTC (rev 11971)
@@ -35,7 +35,7 @@
                 "CVE-2011-2853", "CVE-2011-2854", "CVE-2011-2855", "CVE-2011-2856",
                 "CVE-2011-2857", "CVE-2011-2858", "CVE-2011-2859", "CVE-2011-2860",
                 "CVE-2011-2861", "CVE-2011-2862", "CVE-2011-2864", "CVE-2011-2874",
-                "CVE-2011-2875", "CVE-2011-3234");
+                "CVE-2011-2875", "CVE-2011-3234", "CVE-2011-2830");
   script_bugtraq_id(49658);
   script_tag(name:"cvss_base", value:"7.5");
   script_tag(name:"risk_factor", value:"High");



More information about the Openvas-commits mailing list