[Openvas-commits] r12129 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Thu Nov 17 11:36:28 CET 2011


Author: antu123
Date: 2011-11-17 11:36:14 +0100 (Thu, 17 Nov 2011)
New Revision: 12129

Added:
   trunk/openvas-plugins/scripts/gb_ca_gateway_security_remote_code_execution_vuln.nasl
   trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln_nov11_lin.nasl
   trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln_nov11_macosx.nasl
   trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln_nov11_win.nasl
   trunk/openvas-plugins/scripts/gb_netart_media_iboutique_mult_sql_inj_n_xss_vuln.nasl
   trunk/openvas-plugins/scripts/gb_oracle_java_se_deployment_unspec_vuln_win.nasl
   trunk/openvas-plugins/scripts/gb_oracle_java_se_java_runtime_env_unspec_vuln_win.nasl
   trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_oct11_win_01.nasl
   trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_oct11_win_02.nasl
   trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_oct11_win_03.nasl
   trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_oct11_win_04.nasl
   trunk/openvas-plugins/scripts/gb_sendmail_mail_relay_vuln.nasl
   trunk/openvas-plugins/scripts/secpod_macosx_java_10_6_upd_6_and_10_7_upd_1.nasl
   trunk/openvas-plugins/scripts/secpod_sshd_gssapi_credential_disclosure_vuln.nasl
   trunk/openvas-plugins/scripts/secpod_wordpress_filedownload_remote_file_disc_vuln.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/secpod_ca_mult_prdts_detect_win.nasl
Log:
Added new plugins and updated secpod_ca_mult_prdts_detect_win.nasl

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2011-11-16 17:24:13 UTC (rev 12128)
+++ trunk/openvas-plugins/ChangeLog	2011-11-17 10:36:14 UTC (rev 12129)
@@ -1,3 +1,25 @@
+2011-11-17  Antu Sanadi <santu at secpod.com>
+
+	* scripts/gb_oracle_java_se_mult_vuln_oct11_win_01.nasl,
+	scripts/gb_oracle_java_se_mult_vuln_oct11_win_02.nasl,
+	scripts/gb_oracle_java_se_mult_vuln_oct11_win_03.nasl,
+	scripts/gb_oracle_java_se_mult_vuln_oct11_win_04.nasl,
+	scripts/gb_oracle_java_se_java_runtime_env_unspec_vuln_win.nasl,
+	scripts/gb_oracle_java_se_deployment_unspec_vuln_win.nasl,
+	scripts/secpod_sshd_gssapi_credential_disclosure_vuln.nasl,
+	scripts/secpod_macosx_java_10_6_upd_6_and_10_7_upd_1.nasl,
+	scripts/gb_ca_gateway_security_remote_code_execution_vuln.nasl,
+	scripts/gb_netart_media_iboutique_mult_sql_inj_n_xss_vuln.nasl,
+	scripts/secpod_wordpress_filedownload_remote_file_disc_vuln.nasl,
+	scripts/gb_google_chrome_mult_vuln_nov11_win.nasl,
+	scripts/gb_google_chrome_mult_vuln_nov11_lin.nasl,
+	scripts/gb_google_chrome_mult_vuln_nov11_macosx.nasl,
+	scripts/gb_sendmail_mail_relay_vuln.nasl:
+	Added new plugins.
+
+	* scripts/secpod_ca_mult_prdts_detect_win.nasl:
+	Updated to detect CA Gateway Security.
+
 2011-11-16  Michael Meyer <michael.meyer at greenbone.net>
 
 	* scripts/gb_a-blog_42988.nasl,

Added: trunk/openvas-plugins/scripts/gb_ca_gateway_security_remote_code_execution_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ca_gateway_security_remote_code_execution_vuln.nasl	2011-11-16 17:24:13 UTC (rev 12128)
+++ trunk/openvas-plugins/scripts/gb_ca_gateway_security_remote_code_execution_vuln.nasl	2011-11-17 10:36:14 UTC (rev 12129)
@@ -0,0 +1,87 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_ca_gateway_security_remote_code_execution_vuln.nasl  2011-11-15 15:29:14 nov $
+#
+# CA Gateway Security Remote Code Execution Vulnerability
+#
+# Authors:
+# Rachana Shetty <srachana at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802337);
+  script_version("$Revision$");
+  script_cve_id("CVE-2011-0419");
+  script_bugtraq_id(48813);
+  script_tag(name:"cvss_base", value:"10.0");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_tag(name:"creation_date", value:"2011-11-15 12:35:07 +0530 (Tue, 15 Nov 2011)");
+  script_name("CA Gateway Security Remote Code Execution Vulnerability");
+  desc = "
+  Overview: This host is installed with CA Gateway Security and is prone to
+  remote code execution Vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused due to an error in the Icihttp.exe module, which can be
+  exploited by sending a specially-crafted HTTP request to TCP port 8080.
+
+  Impact:
+  Successful exploitation could allow remote attackers to execute arbitrary
+  code and cause denail of service.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  CA Gateway Security 8.1
+
+  Fix:  Apply patch for CA Gateway Security r8.1
+  https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={5E404992-6B58-4C44-A29D-027D05B6285D}
+
+  References:
+  http://secunia.com/advisories/45332
+  http://securitytracker.com/id?1025812
+  http://securitytracker.com/id?1025813
+  http://xforce.iss.net/xforce/xfdb/68736
+  https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={5E404992-6B58-4C44-A29D-027D05B6285D} ";
+
+  script_description(desc);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_summary("Check the version of CA Gateway Security");
+  script_category(ACT_GATHER_INFO);
+  script_family("General");
+  script_dependencies("secpod_ca_mult_prdts_detect_win.nasl");
+  script_require_keys("CA/Gateway-Security/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get version from KB
+cagsver = get_kb_item("CA/Gateway-Security/Win/Ver");
+if(!cagsver){
+  exit(0);
+}
+
+## Check for CA Gateway Security Version less than 8.1.0.69
+if(version_is_less(version:cagsver, test_version:"8.1.0.69")){
+  security_hole(0);
+}

Added: trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln_nov11_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln_nov11_lin.nasl	2011-11-16 17:24:13 UTC (rev 12128)
+++ trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln_nov11_lin.nasl	2011-11-17 10:36:14 UTC (rev 12129)
@@ -0,0 +1,94 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_google_chrome_mult_vuln_nov11_lin.nasl 18510 2011-11-15 10:11:12 nov $
+#
+# Google Chrome Multiple Vulnerabilities - November11 (Linux)
+#
+# Authors:
+# Rachana Shetty <srachana at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802346);
+  script_version("$Revision$");
+  script_cve_id("CVE-2011-3892", "CVE-2011-3893", "CVE-2011-3894", "CVE-2011-3895",
+                "CVE-2011-3896", "CVE-2011-3897", "CVE-2011-3898");
+  script_bugtraq_id(50642);
+  script_tag(name:"cvss_base", value:"7.5");
+  script_tag(name:"risk_factor", value:"High");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_tag(name:"creation_date", value:"2011-11-15 10:58:03 +0530 (Tue, 15 Nov 2011)");
+  script_name("Google Chrome Multiple Vulnerabilities - November11 (Linux)");
+  desc = "
+  Overview: The host is installed with Google Chrome and is prone to multiple
+  vulnerabilities.
+
+  Vulnerability Insight:
+  Multiple vulnerabilities are due to,
+  - A double free error in the Theora decoder exists when handling a crafted
+    stream.
+  - An error in implementing the MKV and Vorbis media handlers.
+  - A memory corruption regression error in VP8 decoding when handling a
+    crafted stream.
+  - Heap overflow in the Vorbis decoder when handling a crafted stream.
+  - Buffer overflow error in the shader variable mapping.
+  - A use-after-free error exists related to editing.
+  - Fails to ask permission to run applets in Java Runtime Environment (JRE) 7.
+
+  Impact:
+  Successful exploitation could allow attackers to execute arbitrary code,
+  cause a denial of service, and disclose potentially sensitive information,
+  other attacks may also be possible.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  Google Chrome version prior to 15.0.874.120 on Linux
+
+  Fix: Upgrade to the Google Chrome 15.0.874.120 or later,
+  For updates refer, http://www.google.com/chrome
+
+  References:
+  http://securitytracker.com/id/1026313
+  http://googlechromereleases.blogspot.com/2011/11/stable-channel-update.html ";
+
+  script_description(desc);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_summary("Check the version of Google Chrome");
+  script_category(ACT_GATHER_INFO);
+  script_family("General");
+  script_dependencies("gb_google_chrome_detect_lin.nasl");
+  script_require_keys("Google-Chrome/Linux/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get the version from KB
+chromeVer = get_kb_item("Google-Chrome/Linux/Ver");
+if(!chromeVer){
+  exit(0);
+}
+
+## Check for Google Chrome Version less than 15.0.874.120
+if(version_is_less(version:chromeVer, test_version:"15.0.874.120")){
+  security_hole(0);
+}

Added: trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln_nov11_macosx.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln_nov11_macosx.nasl	2011-11-16 17:24:13 UTC (rev 12128)
+++ trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln_nov11_macosx.nasl	2011-11-17 10:36:14 UTC (rev 12129)
@@ -0,0 +1,94 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_google_chrome_mult_vuln_nov11_macosx.nasl 18510 2011-11-15 12:11:12 nov $
+#
+# Google Chrome Multiple Vulnerabilities - November11 (Mac OS X)
+#
+# Authors:
+# Rachana Shetty <srachana at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802347);
+  script_version("$Revision$");
+  script_cve_id("CVE-2011-3892", "CVE-2011-3893", "CVE-2011-3894", "CVE-2011-3895",
+                "CVE-2011-3896", "CVE-2011-3897", "CVE-2011-3898");
+  script_bugtraq_id(50642);
+  script_tag(name:"cvss_base", value:"7.5");
+  script_tag(name:"risk_factor", value:"High");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_tag(name:"creation_date", value:"2011-11-15 11:56:15 +0530 (Tue, 15 Nov 2011)");
+  script_name("Google Chrome Multiple Vulnerabilities - November11 (Mac OS X)");
+  desc = "
+  Overview: The host is installed with Google Chrome and is prone to multiple
+  vulnerabilities.
+
+  Vulnerability Insight:
+  Multiple vulnerabilities are due to,
+  - A double free error in the Theora decoder exists when handling a crafted
+    stream.
+  - An error in implementing the MKV and Vorbis media handlers.
+  - A memory corruption regression error in VP8 decoding when handling a
+    crafted stream.
+  - Heap overflow in the Vorbis decoder when handling a crafted stream.
+  - Buffer overflow error in the shader variable mapping.
+  - A use-after-free error exists related to editing.
+  - Fails to ask permission to run applets in Java Runtime Environment (JRE) 7.
+
+  Impact:
+  Successful exploitation could allow attackers to execute arbitrary code,
+  cause a denial of service, and disclose potentially sensitive information,
+  other attacks may also be possible.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  Google Chrome version prior to 15.0.874.120 on Mac OS X
+
+  Fix: Upgrade to the Google Chrome 15.0.874.120 or later,
+  For updates refer, http://www.google.com/chrome
+
+  References:
+  http://securitytracker.com/id/1026313
+  http://googlechromereleases.blogspot.com/2011/11/stable-channel-update.html ";
+
+  script_description(desc);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_summary("Check the version of Google Chrome");
+  script_category(ACT_GATHER_INFO);
+  script_family("General");
+  script_dependencies("gb_google_chrome_detect_macosx.nasl");
+  script_require_keys("GoogleChrome/MacOSX/Version");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get the version from KB
+chromeVer = get_kb_item("GoogleChrome/MacOSX/Version");
+if(!chromeVer){
+  exit(0);
+}
+
+## Check for Google Chrome Version less than 15.0.874.120
+if(version_is_less(version:chromeVer, test_version:"15.0.874.120")){
+  security_hole(0);
+}

Added: trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln_nov11_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln_nov11_win.nasl	2011-11-16 17:24:13 UTC (rev 12128)
+++ trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln_nov11_win.nasl	2011-11-17 10:36:14 UTC (rev 12129)
@@ -0,0 +1,94 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_google_chrome_mult_vuln_nov11_win.nasl 18510 2011-11-14 11:12:14 nov $
+#
+# Google Chrome Multiple Vulnerabilities - November11 (Windows)
+#
+# Authors:
+# Rachana Shetty <srachana at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802345);
+  script_version("$Revision$");
+  script_cve_id("CVE-2011-3892", "CVE-2011-3893", "CVE-2011-3894", "CVE-2011-3895",
+                "CVE-2011-3896", "CVE-2011-3897", "CVE-2011-3898");
+  script_bugtraq_id(50642);
+  script_tag(name:"cvss_base", value:"7.5");
+  script_tag(name:"risk_factor", value:"High");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_tag(name:"creation_date", value:"2011-11-14 11:11:11 +0530 (Mon, 14 Nov 2011)");
+  script_name("Google Chrome Multiple Vulnerabilities - November11 (Windows)");
+  desc = "
+  Overview: The host is installed with Google Chrome and is prone to multiple
+  vulnerabilities.
+
+  Vulnerability Insight:
+  Multiple vulnerabilities are due to,
+  - A double free error in the Theora decoder exists when handling a crafted
+    stream.
+  - An error in implementing the MKV and Vorbis media handlers.
+  - A memory corruption regression error in VP8 decoding when handling a
+    crafted stream.
+  - Heap overflow in the Vorbis decoder when handling a crafted stream.
+  - Buffer overflow error in the shader variable mapping.
+  - A use-after-free error exists related to editing.
+  - Fails to ask permission to run applets in Java Runtime Environment (JRE) 7.
+
+  Impact:
+  Successful exploitation could allow attackers to execute arbitrary code,
+  cause a denial of service, and disclose potentially sensitive information,
+  other attacks may also be possible.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  Google Chrome version prior to 15.0.874.120 on Windows
+
+  Fix: Upgrade to the Google Chrome 15.0.874.120 or later,
+  For updates refer, http://www.google.com/chrome
+
+  References:
+  http://securitytracker.com/id/1026313
+  http://googlechromereleases.blogspot.com/2011/11/stable-channel-update.html ";
+
+  script_description(desc);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_summary("Check the version of Google Chrome");
+  script_category(ACT_GATHER_INFO);
+  script_family("General");
+  script_dependencies("gb_google_chrome_detect_win.nasl");
+  script_require_keys("GoogleChrome/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get the version from KB
+chromeVer = get_kb_item("GoogleChrome/Win/Ver");
+if(!chromeVer){
+  exit(0);
+}
+
+## Check for Google Chrome Versions prior to 15.0.874.120
+if(version_is_less(version:chromeVer, test_version:"15.0.874.120")){
+  security_hole(0);
+}

Added: trunk/openvas-plugins/scripts/gb_netart_media_iboutique_mult_sql_inj_n_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_netart_media_iboutique_mult_sql_inj_n_xss_vuln.nasl	2011-11-16 17:24:13 UTC (rev 12128)
+++ trunk/openvas-plugins/scripts/gb_netart_media_iboutique_mult_sql_inj_n_xss_vuln.nasl	2011-11-17 10:36:14 UTC (rev 12129)
@@ -0,0 +1,116 @@
+##############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_netart_media_iboutique_mult_sql_inj_n_xss_vuln.nasl 18372 2011-11-14 14:13:29 nov $
+#
+# NetArt Media iBoutique 'page' SQL Injection and XSS Vulnerabilities
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802404);
+  script_version("$Revision$");
+  script_cve_id("CVE-2010-5020");
+  script_bugtraq_id(41014);
+  script_tag(name:"cvss_base", value:"7.5");
+  script_tag(name:"risk_factor", value:"High");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_tag(name:"creation_date", value:"2011-11-14 13:46:57 +0530 (Mon, 14 Nov 2011)");
+  script_name("NetArt Media iBoutique 'page' SQL Injection and XSS Vulnerabilities");
+  desc = "
+  Overview: This host is running NetArt Media iBoutique and is prone to multiple
+  SQL injection and cross-site scripting vulnerabilities.
+
+  Vulnerability Insight:
+  Multiple flaws are due to an,
+  - Input passed to the 'cat' and 'key'  parameter in index.php (when 'mod'
+    is set to 'products') is not properly sanitised before being used in a
+    SQL query.
+  - Input passed to the 'page' parameter in index.php is not properly sanitised
+    before being used in a SQL query.
+
+  This can further be exploited to conduct cross-site scripting attacks
+  via SQL error messages.
+
+  Impact:
+  Successful exploitation will let the attacker to conduct SQL injection and
+  cross-site scripting attacks.
+
+  Impact Level: Application.
+
+  Affected Software:
+  NetArt Media iBoutique version 4.0
+
+  Fix: No solution or patch is available as on 14th November, 2011. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://www.netartmedia.net/iboutique/
+
+  References:
+  http://milw0rm.com/exploits/6444
+  http://secunia.com/advisories/31871
+  http://www.exploit-db.com/exploits/13945/ ";
+
+  script_description(desc);
+  script_summary("Check NetArt Media iBoutique SQL Injection attack");
+  script_category(ACT_ATTACK);
+  script_copyright("Copyright (C) 2011 Greenbone Networks GmbH");
+  script_family("Web application abuses");
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+include("http_keepalive.inc");
+
+
+## Get HTTP port
+ibPort = get_http_port(default:80);
+if(!ibPort){
+  exit(0);
+}
+
+if(!can_host_php(port:ibPort)){
+  exit(0);
+}
+
+## Iterate over possible paths
+foreach dir (make_list("/iboutique", cgi_dirs()))
+{
+  ##Request to confirm application
+  sndReq = http_get(item:string(dir, "/index.php"), port:ibPort);
+  rcvRes = http_keepalive_send_recv(port:ibPort, data:sndReq);
+
+  ## Confirm application is NetArt Media Car Portal
+  if(">Why iBoutique?</" >< rcvRes)
+  {
+    ## Construct The Attack Request
+    url = string(dir, "/index.php?page='");
+
+    ## Try attack and check the response to confirm vulnerability
+    if(http_vuln_check(port:ibPort, url:url, pattern:"You have an error" +
+                      " in your SQL syntax;", check_header: TRUE))
+    {
+      security_hole(ibPort);
+      exit(0);
+    }
+  }
+}

Added: trunk/openvas-plugins/scripts/gb_oracle_java_se_deployment_unspec_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_oracle_java_se_deployment_unspec_vuln_win.nasl	2011-11-16 17:24:13 UTC (rev 12128)
+++ trunk/openvas-plugins/scripts/gb_oracle_java_se_deployment_unspec_vuln_win.nasl	2011-11-17 10:36:14 UTC (rev 12129)
@@ -0,0 +1,99 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_oracle_java_se_deployment_unspec_vuln_win.nasl 18099 2011-11-15 14:14:14Z nov $
+#
+# Oracle Java SE Java Runtime Environment Unspecified Vulnerability - October 2011 (Windows)
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802278);
+  script_version("$Revision$");
+  script_cve_id("CVE-2011-3516");
+  script_bugtraq_id(50229);
+  script_tag(name:"cvss_base", value:"7.6");
+  script_tag(name:"risk_factor", value:"High");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_tag(name:"creation_date", value:"2011-11-15 14:34:22 +0530 (Tue, 15 Nov 2011)");
+  script_name("Oracle Java SE Java Runtime Environment Unspecified Vulnerability - October 2011 (Windows)");
+  desc = "
+  Overview: This host is installed with Oracle Java SE and is prone to
+  unspecified vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused due to unspecified error in the 'Deployment' sub-component.
+
+  Impact:
+  Successful exploitation allows remote attackers to affect confidentiality,
+  integrity, and availability via unknown vectors.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  Oracle Java SE versions 6 Update 27 and earlier.
+
+  Fix: Upgrade to Oracle Java SE versions 6 Update 29 or later.
+  For updates refer,
+  http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
+
+  References:
+  http://secunia.com/advisories/46512
+  http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html ";
+
+  script_description(desc);
+  script_summary("Check for the version of Sun Java SE JRE/JDK");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("General");
+  script_dependencies("gb_java_prdts_detect_win.nasl");
+  script_require_keys("Sun/Java/JRE/Win/Ver", "Sun/Java/JDK/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get JRE Version from KB
+jreVer = get_kb_item("Sun/Java/JRE/Win/Ver");
+if(jreVer)
+{
+  jreVer = ereg_replace(pattern:"_|-", string:jreVer, replace: ".");
+
+  ## Check for Oracle Java SE versions 6 Update 27 and earlier
+  if(version_in_range(version:jreVer, test_version:"1.6", test_version2:"1.6.0.27"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+}
+
+# Get JDK Version from KB
+jdkVer = get_kb_item("Sun/Java/JDK/Win/Ver");
+if(jdkVer)
+{
+  jdkVer = ereg_replace(pattern:"_|-", string:jdkVer, replace: ".");
+
+  ## Check for Oracle Java SE versions 6 Update 27 and earlier
+  if(version_in_range(version:jdkVer, test_version:"1.6", test_version2:"1.6.0.27")) {
+    security_hole(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_oracle_java_se_deployment_unspec_vuln_win.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_oracle_java_se_java_runtime_env_unspec_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_oracle_java_se_java_runtime_env_unspec_vuln_win.nasl	2011-11-16 17:24:13 UTC (rev 12128)
+++ trunk/openvas-plugins/scripts/gb_oracle_java_se_java_runtime_env_unspec_vuln_win.nasl	2011-11-17 10:36:14 UTC (rev 12129)
@@ -0,0 +1,100 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_oracle_java_se_java_runtime_env_unspec_vuln_win.nasl 18099 2011-11-15 14:14:14Z nov $
+#
+# Oracle Java SE Java Runtime Environment Unspecified Vulnerability - October 2011 (Windows)
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802277);
+  script_version("$Revision$");
+  script_cve_id("CVE-2011-3555");
+  script_bugtraq_id(50237);
+  script_tag(name:"cvss_base", value:"6.1");
+  script_tag(name:"risk_factor", value:"High");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_tag(name:"creation_date", value:"2011-11-15 14:34:22 +0530 (Tue, 15 Nov 2011)");
+  script_name("Oracle Java SE Java Runtime Environment Unspecified Vulnerability - October 2011 (Windows)");
+  desc = "
+  Overview: This host is installed with Oracle Java SE and is prone to
+  unspecified vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused due to unspecified error in the Java Runtime Environment
+  component.
+
+  Impact:
+  Successful exploitation allows remote attackers to cause a denial of service.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  Oracle Java SE versions 7.
+
+  Fix: Upgrade to Oracle Java SE versions 7 Update 1 or later.
+  For updates refer,
+  http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
+
+  References:
+  http://secunia.com/advisories/46512
+  http://xforce.iss.net/xforce/xfdb/70838
+  http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html ";
+
+  script_description(desc);
+  script_summary("Check for the version of Sun Java SE JRE/JDK");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("General");
+  script_dependencies("gb_java_prdts_detect_win.nasl");
+  script_require_keys("Sun/Java/JRE/Win/Ver", "Sun/Java/JDK/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get JRE Version from KB
+jreVer = get_kb_item("Sun/Java/JRE/Win/Ver");
+if(jreVer)
+{
+  jreVer = ereg_replace(pattern:"_|-", string:jreVer, replace: ".");
+
+  ## Check for Oracle Java SE versions 7
+  if(version_is_equal(version:jreVer, test_version:"1.7.0"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+}
+
+# Get JDK Version from KB
+jdkVer = get_kb_item("Sun/Java/JDK/Win/Ver");
+if(jdkVer)
+{
+  jdkVer = ereg_replace(pattern:"_|-", string:jdkVer, replace: ".");
+
+  ## Check for Oracle Java SE versions 7
+  if(version_is_equal(version:jdkVer, test_version:"1.7.0")) {
+    security_hole(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_oracle_java_se_java_runtime_env_unspec_vuln_win.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_oct11_win_01.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_oct11_win_01.nasl	2011-11-16 17:24:13 UTC (rev 12128)
+++ trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_oct11_win_01.nasl	2011-11-17 10:36:14 UTC (rev 12129)
@@ -0,0 +1,114 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_oracle_java_se_mult_vuln_oct11_win_01.nasl 18099 2011-11-15 14:14:14Z nov $
+#
+# Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows01)
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802273);
+  script_version("$Revision$");
+  script_cve_id("CVE-2011-3547", "CVE-2011-3548", "CVE-2011-3552", "CVE-2011-3556",
+                "CVE-2011-3557", "CVE-2011-3560");
+  script_bugtraq_id(50211, 50234, 50236, 50243, 50231, 50248);
+  script_tag(name:"cvss_base", value:"10.0");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_tag(name:"creation_date", value:"2011-11-15 14:34:22 +0530 (Tue, 15 Nov 2011)");
+  script_name("Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows01)");
+  desc = "
+  Overview: This host is installed with Oracle Java SE and is prone to multiple
+  vulnerabilities.
+
+  Vulnerability Insight:
+  Multiple flaws are caused due to unspecified errors in the following
+  components:
+  - Networking
+  - AWT
+  - RMI
+  - JSSE
+
+  Impact:
+  Successful exploitation allows remote attackers to affect confidentiality,
+  integrity, and availability via unknown vectors.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  Oracle Java SE versions 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier,
+  and 1.4.2_33 and earlier.
+
+  Fix: Upgrade to Oracle Java SE versions 7 Update 1, 6 Update 29, 5.0 Update
+  32, 1.4.2_34 or later. For updates refer,
+  http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
+
+  References:
+  http://secunia.com/advisories/46512
+  http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html ";
+
+  script_description(desc);
+  script_summary("Check for the version of Sun Java SE JRE/JDK");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("General");
+  script_dependencies("gb_java_prdts_detect_win.nasl");
+  script_require_keys("Sun/Java/JRE/Win/Ver", "Sun/Java/JDK/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get JRE Version from KB
+jreVer = get_kb_item("Sun/Java/JRE/Win/Ver");
+if(jreVer)
+{
+  jreVer = ereg_replace(pattern:"_|-", string:jreVer, replace: ".");
+
+  ## Check for Oracle Java SE versions 7, 6 Update 27 and earlier,
+  ## 5.0 Update 31 and earlier, and 1.4.2_33 and earlier
+  if(version_is_equal(version:jreVer, test_version:"1.7.0") ||
+     version_is_less_equal(version:jreVer, test_version:"1.4.2.33") ||
+     version_in_range(version:jreVer, test_version:"1.6", test_version2:"1.6.0.27") ||
+     version_in_range(version:jreVer, test_version:"1.5", test_version2:"1.5.0.31"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+}
+
+# Get JDK Version from KB
+jdkVer = get_kb_item("Sun/Java/JDK/Win/Ver");
+if(jdkVer)
+{
+  jdkVer = ereg_replace(pattern:"_|-", string:jdkVer, replace: ".");
+
+  ## Check for Oracle Java SE versions 7, 6 Update 27 and earlier,
+  ## 5.0 Update 31 and earlier, and 1.4.2_33 and earlier
+  if(version_is_equal(version:jdkVer, test_version:"1.7.0") ||
+     version_is_less_equal(version:jdkVer, test_version:"1.4.2.33") ||
+     version_in_range(version:jdkVer, test_version:"1.6", test_version2:"1.6.0.27") ||
+     version_in_range(version:jdkVer, test_version:"1.5", test_version2:"1.5.0.31")){
+     security_hole(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_oct11_win_01.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_oct11_win_02.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_oct11_win_02.nasl	2011-11-16 17:24:13 UTC (rev 12128)
+++ trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_oct11_win_02.nasl	2011-11-17 10:36:14 UTC (rev 12129)
@@ -0,0 +1,109 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_oracle_java_se_mult_vuln_oct11_win_02.nasl 18099 2011-11-15 14:14:14Z nov $
+#
+# Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows02)
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802274);
+  script_version("$Revision$");
+  script_cve_id("CVE-2011-3544", "CVE-2011-3546", "CVE-2011-3550", "CVE-2011-3551",
+                "CVE-2011-3553", "CVE-2011-3558", "CVE-2011-3561");
+  script_bugtraq_id(50218, 50224, 50226, 50239, 50242, 50246, 50250);
+  script_tag(name:"cvss_base", value:"10.0");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_tag(name:"creation_date", value:"2011-11-15 14:34:22 +0530 (Tue, 15 Nov 2011)");
+  script_name("Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows02)");
+  desc = "
+  Overview: This host is installed with Oracle Java SE and is prone to multiple
+  vulnerabilities.
+
+  Vulnerability Insight:
+  Multiple flaws are caused due to unspecified errors in the following
+  components:
+  - Scripting
+  - Deployment
+  - AWT
+  - 2D
+  - JAXWS
+  - HotSpot
+
+  Impact:
+  Successful exploitation allows remote attackers to affect confidentiality,
+  integrity, and availability via unknown vectors.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  Oracle Java SE versions 7, 6 Update 27 and earlier.
+
+  Fix: Upgrade to Oracle Java SE versions 7 Update 1, 6 Update 29 or later.
+  For updates refer,
+  http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
+
+  References:
+  http://secunia.com/advisories/46512
+  http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html ";
+
+  script_description(desc);
+  script_summary("Check for the version of Sun Java SE JRE/JDK");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("General");
+  script_dependencies("gb_java_prdts_detect_win.nasl");
+  script_require_keys("Sun/Java/JRE/Win/Ver", "Sun/Java/JDK/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get JRE Version from KB
+jreVer = get_kb_item("Sun/Java/JRE/Win/Ver");
+if(jreVer)
+{
+  jreVer = ereg_replace(pattern:"_|-", string:jreVer, replace: ".");
+
+  ## Check for Oracle Java SE versions 7, 6 Update 27 and earlier
+  if(version_is_equal(version:jreVer, test_version:"1.7.0") ||
+     version_in_range(version:jreVer, test_version:"1.6", test_version2:"1.6.0.27"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+}
+
+# Get JDK Version from KB
+jdkVer = get_kb_item("Sun/Java/JDK/Win/Ver");
+if(jdkVer)
+{
+  jdkVer = ereg_replace(pattern:"_|-", string:jdkVer, replace: ".");
+
+  ## Check for Oracle Java SE versions 7, 6 Update 27 and earlier
+  if(version_is_equal(version:jdkVer, test_version:"1.7.0") ||
+     version_in_range(version:jdkVer, test_version:"1.6", test_version2:"1.6.0.27")) {
+     security_hole(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_oct11_win_02.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_oct11_win_03.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_oct11_win_03.nasl	2011-11-16 17:24:13 UTC (rev 12128)
+++ trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_oct11_win_03.nasl	2011-11-17 10:36:14 UTC (rev 12129)
@@ -0,0 +1,109 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_oracle_java_se_mult_vuln_oct11_win_03.nasl 18099 2011-11-15 14:14:14Z nov $
+#
+# Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows03)
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802275);
+  script_version("$Revision$");
+  script_cve_id("CVE-2011-3545", "CVE-2011-3549");
+  script_bugtraq_id(50220, 50223);
+  script_tag(name:"cvss_base", value:"10.0");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_tag(name:"creation_date", value:"2011-11-15 14:34:22 +0530 (Tue, 15 Nov 2011)");
+  script_name("Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows03)");
+  desc = "
+  Overview: This host is installed with Oracle Java SE and is prone to multiple
+  vulnerabilities.
+
+  Vulnerability Insight:
+  Multiple flaws are caused due to unspecified errors in the following
+  components:
+  - Sound
+  - Swing
+
+  Impact:
+  Successful exploitation allows remote attackers to affect confidentiality,
+  integrity, and availability via unknown vectors.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  Oracle Java SE versions 6 Update 27 and earlier, 5.0 Update 31 and earlier,
+  and 1.4.2_33 and earlier.
+
+  Fix: Upgrade to Oracle Java SE versions 6 Update 29, 5.0 Update 32, 1.4.2_34
+  or later. For updates refer,
+  http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
+
+  References:
+  http://secunia.com/advisories/46512
+  http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html ";
+
+  script_description(desc);
+  script_summary("Check for the version of Sun Java SE JRE/JDK");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("General");
+  script_dependencies("gb_java_prdts_detect_win.nasl");
+  script_require_keys("Sun/Java/JRE/Win/Ver", "Sun/Java/JDK/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get JRE Version from KB
+jreVer = get_kb_item("Sun/Java/JRE/Win/Ver");
+if(jreVer)
+{
+  jreVer = ereg_replace(pattern:"_|-", string:jreVer, replace: ".");
+
+  ## Check for Oracle Java SE versions 6 Update 27 and earlier,
+  ## 5.0 Update 31 and earlier, and 1.4.2_33 and earlier
+  if(version_is_less_equal(version:jreVer, test_version:"1.4.2.33") ||
+     version_in_range(version:jreVer, test_version:"1.6", test_version2:"1.6.0.27") ||
+     version_in_range(version:jreVer, test_version:"1.5", test_version2:"1.5.0.31"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+}
+
+# Get JDK Version from KB
+jdkVer = get_kb_item("Sun/Java/JDK/Win/Ver");
+if(jdkVer)
+{
+  jdkVer = ereg_replace(pattern:"_|-", string:jdkVer, replace: ".");
+
+  ## Check for Oracle Java SE versions 6 Update 27 and earlier,
+  ## 5.0 Update 31 and earlier, and 1.4.2_33 and earlier
+  if(version_is_less_equal(version:jdkVer, test_version:"1.4.2.33") ||
+     version_in_range(version:jdkVer, test_version:"1.6", test_version2:"1.6.0.27") ||
+     version_in_range(version:jdkVer, test_version:"1.5", test_version2:"1.5.0.31")){
+     security_hole(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_oct11_win_03.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_oct11_win_04.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_oct11_win_04.nasl	2011-11-16 17:24:13 UTC (rev 12128)
+++ trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_oct11_win_04.nasl	2011-11-17 10:36:14 UTC (rev 12129)
@@ -0,0 +1,110 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_oracle_java_se_mult_vuln_oct11_win_04.nasl 18099 2011-11-15 14:14:14Z nov $
+#
+# Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows04)
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802276);
+  script_version("$Revision$");
+  script_cve_id("CVE-2011-3521", "CVE-2011-3554");
+  script_bugtraq_id(50215, 50216);
+  script_tag(name:"cvss_base", value:"10.0");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_tag(name:"creation_date", value:"2011-11-15 14:34:22 +0530 (Tue, 15 Nov 2011)");
+  script_name("Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows04)");
+  desc = "
+  Overview: This host is installed with Oracle Java SE and is prone to multiple
+  vulnerabilities.
+
+  Vulnerability Insight:
+  Multiple flaws are caused due to unspecified errors in the following
+  components:
+  - Deserialization
+  - Java Runtime Environment
+
+  Impact:
+  Successful exploitation allows remote attackers to affect confidentiality,
+  integrity, and availability via unknown vectors.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  Oracle Java SE versions 7, 6 Update 27 and earlier, 5.0 Update 31 and
+  earlier.
+
+  Fix: Upgrade to Oracle Java SE versions 7 Update 1, 6 Update 29, 5.0 Update
+  32 or later. For updates refer,
+  http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
+
+  References:
+  http://secunia.com/advisories/46512
+  http://xforce.iss.net/xforce/xfdb/70839
+  http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html ";
+
+  script_description(desc);
+  script_summary("Check for the version of Sun Java SE JRE/JDK");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("General");
+  script_dependencies("gb_java_prdts_detect_win.nasl");
+  script_require_keys("Sun/Java/JRE/Win/Ver", "Sun/Java/JDK/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get JRE Version from KB
+jreVer = get_kb_item("Sun/Java/JRE/Win/Ver");
+if(jreVer)
+{
+  jreVer = ereg_replace(pattern:"_|-", string:jreVer, replace: ".");
+
+  ## Check for Oracle Java SE versions 7, 6 Update 27 and earlier,
+  ## 5.0 Update 31 and earlier
+  if(version_is_equal(version:jreVer, test_version:"1.7.0") ||
+     version_in_range(version:jreVer, test_version:"1.6", test_version2:"1.6.0.27") ||
+     version_in_range(version:jreVer, test_version:"1.5", test_version2:"1.5.0.31"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+}
+
+# Get JDK Version from KB
+jdkVer = get_kb_item("Sun/Java/JDK/Win/Ver");
+if(jdkVer)
+{
+  jdkVer = ereg_replace(pattern:"_|-", string:jdkVer, replace: ".");
+
+  ## Check for Oracle Java SE versions 7, 6 Update 27 and earlier,
+  ## 5.0 Update 31 and earlier
+  if(version_is_equal(version:jdkVer, test_version:"1.7.0") ||
+     version_in_range(version:jdkVer, test_version:"1.6", test_version2:"1.6.0.27") ||
+     version_in_range(version:jdkVer, test_version:"1.5", test_version2:"1.5.0.31")){
+     security_hole(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_oct11_win_04.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_sendmail_mail_relay_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_sendmail_mail_relay_vuln.nasl	2011-11-16 17:24:13 UTC (rev 12128)
+++ trunk/openvas-plugins/scripts/gb_sendmail_mail_relay_vuln.nasl	2011-11-17 10:36:14 UTC (rev 12129)
@@ -0,0 +1,157 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_sendmail_mail_relay_vuln.nasl 17221 2011-11-15 12:51:12Z nov $
+#
+# SendMail Mail Relay Vulnerability
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802194);
+  script_version("$Revision$");
+  script_cve_id("CVE-2002-1278");
+  script_bugtraq_id(6118);
+  script_tag(name:"cvss_base", value:"7.5");
+  script_tag(name:"risk_factor", value:"High");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_tag(name:"creation_date", value:"2011-11-15 12:51:12 +0530 (Tue, 15 Nov 2011)");
+  script_name("SendMail Mail Relay Vulnerability");
+  desc = "
+  Overview:
+  This host is installed with SendMail and is prone to mail relay
+  vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused due to an error in the mailconf module in Linuxconf which
+  generates the Sendmail configuration file (sendmail.cf) and configures
+  Sendmail to run as an open mail relay, which allows remote attackers to send
+  Spam email.
+
+  Impact:
+  Successful exploitation will let the attackers to send email messages outside
+  of the served network. This could result in unauthorized messages being sent
+  from the vulnerable server.
+
+  Impact Level: Application/System
+
+  Affected Software/OS:
+  Linuxconf versions 1.24 r2, 1.2.5 r3
+  Linuxconf versions 1.24 r2, 1.2.5 r3 on Conectiva Linux 6.0 through 8
+
+  Fix: Upgrade to the latest version of Linuxconf version 1.29r1 or later
+  For updates refer, http://www.solucorp.qc.ca/linuxconf/
+
+  References:
+  http://osvdb.org/6066
+  http://xforce.iss.net/xforce/xfdb/10554
+  http://www.securityfocus.com/bid/6118/solution ";
+
+  script_description(desc);
+  script_summary("check if SendMail is prone to open mail relay vulnerability");
+  script_category(ACT_ATTACK);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("SMTP problems");
+  script_dependencie("smtpserver_detect.nasl","sendmail_expn.nasl","smtp_settings.nasl");
+  script_require_ports("Services/smtp", 25);
+  exit(0);
+}
+
+
+include("smtp_func.inc");
+include("misc_func.inc");
+include("network_func.inc");
+
+## Get the SMTP port
+port = get_kb_item("Services/smtp");
+if(!port){
+  port = 25;
+}
+
+## Get SMTP banner to confirm sendmail
+banner = get_smtp_banner(port);
+if(!banner || "Sendmail" >!< banner){
+  exit(0);
+}
+
+## Get the domain
+domain = get_kb_item("Settings/third_party_domain");
+if(!domain){
+  domain = 'example.com';
+}
+
+## Open the Socket
+soc = smtp_open(port:port, helo:NULL);
+if(!soc){
+  exit(0);
+}
+
+## Source Name
+src_name = this_host_name();
+FROM = string('openvas@', src_name);
+TO = string('openvas@', domain);
+
+## Send normal request
+send(socket:soc, data:strcat('EHLO ', src_name, '\r\n'));
+ans = smtp_recv_line(socket:soc);
+if("250" >!< ans){
+  exit(0);
+}
+
+mail_from = strcat('MAIL FROM: <', FROM , '>\r\n');
+
+send(socket:soc, data:mail_from);
+recv = smtp_recv_line(socket:soc);
+
+## Check if Domain of sender exists
+if(!recv || recv =~ '^5[0-9][0-9]'){
+  exit(0);
+}
+
+## Check for the receiver
+mail_to = strcat('RCPT TO: <', TO , '>\r\n');
+send(socket:soc, data:mail_to);
+
+## Receive response
+recv = smtp_recv_line(socket: soc);
+
+if(recv =~ '^2[0-9][0-9]')
+{
+  data = string("data\r\n");
+  send(socket:soc, data:data);
+  data_rcv = smtp_recv_line(socket:soc);
+
+  if(egrep(pattern:"3[0-9][0-9]", string:data_rcv))
+  {
+    ## Constuct and send mail
+    send(socket:soc, data:string("OpenVAS-Relay-Test\r\n.\r\n"));
+    mail_send = smtp_recv_line(socket:soc);
+
+    ## Checking mail is accepted
+    if("250" >< mail_send)
+    {
+      security_hole(port:port);
+      smtp_close(socket:soc);
+      exit(0);
+    }
+  }
+}
+smtp_close(socket: soc);

Modified: trunk/openvas-plugins/scripts/secpod_ca_mult_prdts_detect_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ca_mult_prdts_detect_win.nasl	2011-11-16 17:24:13 UTC (rev 12128)
+++ trunk/openvas-plugins/scripts/secpod_ca_mult_prdts_detect_win.nasl	2011-11-17 10:36:14 UTC (rev 12129)
@@ -7,6 +7,13 @@
 # Authors:
 # Nikita MR <rnikita at secpod.com>
 #
+# Updated By : Sooraj KS <kssooraj at secpod.com> on 2011-03-07
+# Added HIPS Engine and HIPS Management Server Detection.
+#
+# Updated By:
+# Rachana Shetty <srachana at secpod.com> on 2011-11-02
+# Updated to detect CA Gateway Security
+#
 # Copyright:
 # Copyright (c) 2009 SecPod, http//www.secpod.com
 #
@@ -28,14 +35,16 @@
 {
   script_id(900966);
   script_version("$Revision$");
+  script_tag(name:"risk_factor", value:"None");
   script_tag(name:"last_modification", value:"$Date$");
-  script_tag(name:"creation_date", value:"2009-10-29 07:53:15 +0100 (Thu, 29 Oct 2009)");
-  script_tag(name:"risk_factor", value:"None");
+  script_tag(name:"creation_date", value:"2011-11-15 12:44:36 +0530 (Tue, 15 Nov 2011)");
   script_name("CA Multiple Products Version Detection (Win)");
   desc = "
   Overview : This script detects the installed version of CA multiple
-  products and sets the result in KB.";
+  products and sets the result in KB.
 
+  Risk factor : None";
+
   script_description(desc);
   script_summary("Sets the version of multiple CA products in KB");
   script_category(ACT_GATHER_INFO);
@@ -48,10 +57,11 @@
 }
 
 
+include("cpe.inc");
 include("smb_nt.inc");
+include("version_func.inc");
+include("host_details.inc");
 include("secpod_smb_func.inc");
-include("cpe.inc");
-include("host_details.inc");
 
 ## Constant values
 SCRIPT_OID  = "1.3.6.1.4.1.25623.1.0.900966";
@@ -100,7 +110,7 @@
   caavVer = registry_get_sz(key:key + "\av", item:"Version");
   if(caavVer){
     set_kb_item(name:"CA/AV/Win/Ver", value:caavVer);
-    security_note(data:"CA Antivirus version " + caavVer + 
+    security_note(data:"CA Antivirus version " + caavVer +
                                               " was detected on the host");
 
     ## build cpe and store it as host_detail
@@ -115,10 +125,70 @@
   caissVer = registry_get_sz(key:key + "\suite", item:"Version");
   if(caissVer){
     set_kb_item(name:"CA/ISS/Win/Ver", value:caissVer);
-    security_note(data:"CA Internet Security version " + caissVer +          
+    security_note(data:"CA Internet Security version " + caissVer +
                                               " was detected on the host");
 
     ## build cpe and store it as host_detail
     register_cpe(tmpVers:caissVer, tmpExpr:"^([0-9.]+)", tmpBase:"cpe:/a:ca:internet_security_suite");
   }
 }
+
+# Check for CA HIPS Engine
+key = "SOFTWARE\CA\HIPSEngine";
+cahipsVer = registry_get_sz(key:key, item:"Version");
+if(cahipsVer){
+  set_kb_item(name:"CA/HIPS/Engine/Win/Ver", value:cahipsVer);
+  security_note(data:"CA HIPS Engine version " + cahipsVer +
+                     " was detected on the host");
+}
+
+# Check for HIPS Management Server
+if(registry_key_exists(key:"SOFTWARE\CA\HIPSManagementServer"))
+{
+  # Get HIPS Management Server Version From Registry
+  key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
+  if(registry_key_exists(key:key))
+  {
+    foreach item (registry_enum_keys(key:key))
+    {
+      name = registry_get_sz(key:key + item, item:"DisplayName");
+      if(eregmatch(pattern:"^CA HIPS Management Server", string:name))
+      {
+        hipsVer = registry_get_sz(key:key + item, item:"DisplayVersion");
+        if(hipsVer != NULL)
+        {
+          set_kb_item(name:"CA/HIPS/Server/Win/Ver", value:hipsVer);
+          security_note(data:"CA HIPS Management Server version " + hipsVer +
+                             " was detected on the host");
+        }
+      }
+    }
+  }
+}
+
+# Check for CA Gateway Security
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
+if(registry_key_exists(key:key))
+{
+  foreach item (registry_enum_keys(key:key))
+  {
+    if("CA Gateway Security" >< registry_get_sz(key:key + item,
+                                                item:"DisplayName"))
+    {
+      ## Get the install path for Gateway security
+      cagsPath = registry_get_sz(key:key + item, item:"InstallLocation");
+      cagsPath = cagsPath + "Bin";
+
+      cagsVer = fetch_file_version(sysPath:cagsPath, file_name:"ManagerConsole.exe");
+      if(cagsVer)
+      {
+        set_kb_item(name:"CA/Gateway-Security/Win/Ver", value:cagsVer);
+        security_note(data:"CA Gateway Security version " + cagsVer +
+                                                " was detected on the host");
+
+        ## build cpe and store it as host_detail
+        register_cpe(tmpVers:cagsVer, tmpExpr:"^([0-9.]+)", tmpBase:"cpe:/a:ca:gateway_security:");
+      }
+    }
+  }
+}

Added: trunk/openvas-plugins/scripts/secpod_macosx_java_10_6_upd_6_and_10_7_upd_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_macosx_java_10_6_upd_6_and_10_7_upd_1.nasl	2011-11-16 17:24:13 UTC (rev 12128)
+++ trunk/openvas-plugins/scripts/secpod_macosx_java_10_6_upd_6_and_10_7_upd_1.nasl	2011-11-17 10:36:14 UTC (rev 12129)
@@ -0,0 +1,116 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_macosx_java_10_6_upd_6_and_10_7_upd_1.nasl 18447 2011-11-15 15:15:15 aug $
+#
+# Java for Mac OS X 10.6 Update 6 And 10.7 Update 1
+#
+# Authors:
+# Rachana Shetty <srachana at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(902630);
+  script_version("$Revision$");
+  script_cve_id("CVE-2011-3389", "CVE-2011-3521", "CVE-2011-3544", "CVE-2011-3545",
+                "CVE-2011-3546", "CVE-2011-3547", "CVE-2011-3548", "CVE-2011-3549",
+                "CVE-2011-3551", "CVE-2011-3552", "CVE-2011-3553", "CVE-2011-3554",
+                "CVE-2011-3556", "CVE-2011-3557", "CVE-2011-3558", "CVE-2011-3560",
+                "CVE-2011-3561");
+  script_bugtraq_id(49388, 50215, 50218, 50220, 50239, 50243, 50211, 50223, 50224,
+                    50248, 50246, 50216, 50231, 50234, 50242, 50236, 50250);
+  script_tag(name:"cvss_base", value:"10.0");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_name("Java for Mac OS X 10.6 Update 6 And 10.7 Update 1");
+  desc = "
+  Overview: This host has important security update missing according to
+  Java for Mac OS X 10.6 Update 6 and 10.7 Update 1.
+
+  Vulnerability Insight:
+  For more information on the vulnerabilities refer the below links.
+
+  Impact:
+  Successful exploitation may allow an untrusted Java applet to execute
+  arbitrary code outside the Java sandbox. Visiting a web page containing
+  a maliciously crafted untrusted Java applet may lead to arbitrary code
+  execution with the privileges of the current user.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  Java for Mac OS X v10.6.6 and v10.7.2 or Mac OS X Server v10.6.8 and v10.7.2.
+
+  Fix: Upgrade to Java for Mac OS X 10.6 Update 6 and 10.7 Update 1,
+  For updates refer, http://support.apple.com/kb/HT5045
+
+  References:
+  http://support.apple.com/kb/HT5045
+  http://support.apple.com/kb/HT4884
+  http://support.apple.com/kb/HT4885
+  http://lists.apple.com/archives/Security-announce//2011/Nov/msg00000.html ";
+
+  script_description(desc);
+  script_copyright("Copyright (c) 2011 SecPod");
+  script_summary("Checks for existence of Java for Mac OS X 10.6 Update 6 Or 10.7 Update 1");
+  script_category(ACT_GATHER_INFO);
+  script_family("Mac OS X Local Security Checks");
+  script_dependencies("gather-package-list.nasl");
+  script_require_ports("Services/ssh", 22);
+  exit(0);
+}
+
+
+include("pkg-lib-macosx.inc");
+include("version_func.inc");
+
+## Get the OS name
+osName = get_kb_item("ssh/login/osx_name");
+if(!osName){
+  exit (0);
+}
+
+## Get the OS Version
+osVer = get_kb_item("ssh/login/osx_version");
+if(!osVer){
+ exit(0);
+}
+
+## Check for the Mac OS X and Mac OS X Server
+if("Mac OS X" >< osName || "Mac OS X Server" >< osName)
+{
+  ## Check the affected OS versions
+  if(version_is_equal(version:osVer, test_version:"10.6.8"))
+  {
+    ## Check for the security update
+    if(isosxpkgvuln(fixed:"com.apple.pkg.JavaForMacOSX10.6", diff:"6"))
+    {
+      security_hole(0);
+      exit(0);
+    }
+  }
+
+  ## Check the affected OS versions
+  if(version_is_equal(version:osVer, test_version:"10.7.2"))
+  {
+    ## Check for the security update
+    if(isosxpkgvuln(fixed:"com.apple.pkg.JavaForMacOSX10.7", diff:"1")){
+      security_hole(0);
+    }
+  }
+}

Added: trunk/openvas-plugins/scripts/secpod_sshd_gssapi_credential_disclosure_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_sshd_gssapi_credential_disclosure_vuln.nasl	2011-11-16 17:24:13 UTC (rev 12128)
+++ trunk/openvas-plugins/scripts/secpod_sshd_gssapi_credential_disclosure_vuln.nasl	2011-11-17 10:36:14 UTC (rev 12129)
@@ -0,0 +1,111 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_sshd_gssapi_credential_disclosure_vuln.nasl 18527 2011-11-16 19:06:24Z nov $
+#
+# OpenSSH 'sshd' GSSAPI Credential Disclosure Vulnerability
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(902488);
+  script_version("$Revision$");
+  script_cve_id("CVE-2005-2798");
+  script_bugtraq_id(14729);
+  script_tag(name:"cvss_base", value:"5.0");
+  script_tag(name:"risk_factor", value:"Medium");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_tag(name:"creation_date", value:"2011-11-16 12:24:22 +0530 (Wed, 16 Nov 2011)");
+  script_name("OpenSSH 'sshd' GSSAPI Credential Disclosure Vulnerability");
+  desc = "
+  Overview: The host is running OpenSSH sshd with GSSAPI enabled and is prone
+  to credential disclosure vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused due to an error in handling GSSAPI credential delegation,
+  Which allow GSSAPI credentials to be delegated to users who log in with
+  methods other than GSSAPI authentication (e.g. public key) when the client
+  requests it.
+
+  Impact:
+  Successful exploitation could allows remote attackers to bypass security
+  restrictions and gain escalated privileges.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  OpenSSH version prior to 4.2
+
+  Fix: Upgrade OpenSSH to 4.2 or later,
+  For Updates Refer, http://www.openssh.com/
+
+  References:
+  http://osvdb.org/19141
+  http://secunia.com/advisories/16686
+  http://securitytracker.com/id?1014845
+  https://lists.mindrot.org/pipermail/openssh-unix-announce/2005-September/000083.html ";
+
+  script_description(desc);
+  script_summary("Check for the credential disclosure vulnerability OpenSSH");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2011 SecPod ");
+  script_family("General");
+  script_dependencies("ssh_detect.nasl");
+  script_require_ports("Services/ssh", 22);
+  exit(0);
+}
+
+include("backport.inc");
+include("version_func.inc");
+
+## Get the default port
+port = get_kb_item("Services/ssh");
+if(!port){
+  port = 22;
+}
+
+## Get th SSH banner
+banner = get_kb_item("SSH/banner/" + port );
+if(!banner){
+  exit(0);
+}
+
+banner = tolower(get_backport_banner(banner:banner));
+ver = eregmatch(pattern:"ssh-.*openssh[_-]{1}([0-9.]+[p0-9]*)", string:banner);
+
+## Get version from the banner
+if(isnull(ver[1])){
+ exit(0);
+}
+
+## Check the versions prior to 4.2
+if(version_is_less(version:ver[1], test_version:"4.2"))
+{
+  ## Get the supported protocols versions from kb
+  auth = get_kb_item("SSH/supportedauth/" + port);
+  if(auth)
+  {
+    ## Check the authentication method and confirm the vulnerability
+    if("gssapi" >< auth){
+      security_warning(port);
+    }
+  }
+}

Added: trunk/openvas-plugins/scripts/secpod_wordpress_filedownload_remote_file_disc_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_wordpress_filedownload_remote_file_disc_vuln.nasl	2011-11-16 17:24:13 UTC (rev 12128)
+++ trunk/openvas-plugins/scripts/secpod_wordpress_filedownload_remote_file_disc_vuln.nasl	2011-11-17 10:36:14 UTC (rev 12129)
@@ -0,0 +1,111 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_wordpress_filedownload_remote_file_disc_vuln.nasl 17195 2011-11-17 12:30:17Z sep $
+#
+# WordPress Filedownload Plugin (download.php) Remote File Disclosure Vulnerability
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(902753);
+  script_version("$Revision$");
+  script_tag(name:"cvss_base", value:"7.5");
+  script_tag(name:"risk_factor", value:"High");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_tag(name:"creation_date", value:"2011-11-17 12:30:17 +0530 (Thu, 17 Nov 2011)");
+  script_name("WordPress Filedownload Plugin (download.php) Remote File Disclosure Vulnerability");
+  desc = "
+  Overview:
+  This host is installed with WordPress Filedownload Plugin and is prone to
+  remote file disclosure vulnerability.
+
+  Vulnerability Insight:
+  Input passed to the 'path' parameter in
+  'wp-content/plugins/filedownload/download.php' is not properly verified
+  before being used to download files. This can be exploited to disclose
+  the contents of arbitrary files via directory traversal attacks.
+
+  Impact:
+  Successful exploitation could allow attackers to perform directory traversal
+  attacks and read arbitrary files on the affected application.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  WordPress Filedownload Plugin version 0.1
+
+  Fix: No solution or patch is available as on 17th November, 2011. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://wordpress.org/extend/plugins/filedownload/
+
+  References:
+  http://secunia.com/advisories/46047/
+  http://www.exploit-db.com/exploits/17858/
+  http://securityreason.com/exploitalert/10856
+  http://www.securelist.com/en/advisories/46047 ";
+
+  script_description(desc);
+  script_summary("Check Remote File Disclosure vulnerability in WordPress Filedownload Plugin");
+  script_category(ACT_ATTACK);
+  script_copyright("Copyright (C) 2011 SecPod");
+  script_family("Web application abuses");
+  script_dependencies("secpod_wordpress_detect_900182.nasl");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+##
+## The script code starts here
+##
+
+include("http_func.inc");
+include("host_details.inc");
+include("version_func.inc");
+include("http_keepalive.inc");
+
+## Get HTTP Port
+port = get_http_port(default:80);
+if(!port){
+  exit(0);
+}
+
+## Check Host Supports PHP
+if(!can_host_php(port:port)){
+  exit(0);
+}
+
+## Get WordPress Installed Location
+if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
+  exit(0);
+}
+
+## Construct an attack
+url = string(dir, "/wp-content/plugins/filedownload/download.php/?path=" +
+                     "../../../wp-config.php");
+
+## Confirm exploit worked properly or not
+if(http_vuln_check(port:port, url:url,pattern:"The base configurations of" +
+                      " the WordPress", extra_check:make_list("MySQL settings",
+                      "DB_NAME", "DB_USER", "DB_PASSWORD"))) {
+  security_hole(port:port);
+  exit(0);
+}



More information about the Openvas-commits mailing list