[Openvas-commits] r12129 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Thu Nov 17 11:36:28 CET 2011
Author: antu123
Date: 2011-11-17 11:36:14 +0100 (Thu, 17 Nov 2011)
New Revision: 12129
Added:
trunk/openvas-plugins/scripts/gb_ca_gateway_security_remote_code_execution_vuln.nasl
trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln_nov11_lin.nasl
trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln_nov11_macosx.nasl
trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln_nov11_win.nasl
trunk/openvas-plugins/scripts/gb_netart_media_iboutique_mult_sql_inj_n_xss_vuln.nasl
trunk/openvas-plugins/scripts/gb_oracle_java_se_deployment_unspec_vuln_win.nasl
trunk/openvas-plugins/scripts/gb_oracle_java_se_java_runtime_env_unspec_vuln_win.nasl
trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_oct11_win_01.nasl
trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_oct11_win_02.nasl
trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_oct11_win_03.nasl
trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_oct11_win_04.nasl
trunk/openvas-plugins/scripts/gb_sendmail_mail_relay_vuln.nasl
trunk/openvas-plugins/scripts/secpod_macosx_java_10_6_upd_6_and_10_7_upd_1.nasl
trunk/openvas-plugins/scripts/secpod_sshd_gssapi_credential_disclosure_vuln.nasl
trunk/openvas-plugins/scripts/secpod_wordpress_filedownload_remote_file_disc_vuln.nasl
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/scripts/secpod_ca_mult_prdts_detect_win.nasl
Log:
Added new plugins and updated secpod_ca_mult_prdts_detect_win.nasl
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2011-11-16 17:24:13 UTC (rev 12128)
+++ trunk/openvas-plugins/ChangeLog 2011-11-17 10:36:14 UTC (rev 12129)
@@ -1,3 +1,25 @@
+2011-11-17 Antu Sanadi <santu at secpod.com>
+
+ * scripts/gb_oracle_java_se_mult_vuln_oct11_win_01.nasl,
+ scripts/gb_oracle_java_se_mult_vuln_oct11_win_02.nasl,
+ scripts/gb_oracle_java_se_mult_vuln_oct11_win_03.nasl,
+ scripts/gb_oracle_java_se_mult_vuln_oct11_win_04.nasl,
+ scripts/gb_oracle_java_se_java_runtime_env_unspec_vuln_win.nasl,
+ scripts/gb_oracle_java_se_deployment_unspec_vuln_win.nasl,
+ scripts/secpod_sshd_gssapi_credential_disclosure_vuln.nasl,
+ scripts/secpod_macosx_java_10_6_upd_6_and_10_7_upd_1.nasl,
+ scripts/gb_ca_gateway_security_remote_code_execution_vuln.nasl,
+ scripts/gb_netart_media_iboutique_mult_sql_inj_n_xss_vuln.nasl,
+ scripts/secpod_wordpress_filedownload_remote_file_disc_vuln.nasl,
+ scripts/gb_google_chrome_mult_vuln_nov11_win.nasl,
+ scripts/gb_google_chrome_mult_vuln_nov11_lin.nasl,
+ scripts/gb_google_chrome_mult_vuln_nov11_macosx.nasl,
+ scripts/gb_sendmail_mail_relay_vuln.nasl:
+ Added new plugins.
+
+ * scripts/secpod_ca_mult_prdts_detect_win.nasl:
+ Updated to detect CA Gateway Security.
+
2011-11-16 Michael Meyer <michael.meyer at greenbone.net>
* scripts/gb_a-blog_42988.nasl,
Added: trunk/openvas-plugins/scripts/gb_ca_gateway_security_remote_code_execution_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ca_gateway_security_remote_code_execution_vuln.nasl 2011-11-16 17:24:13 UTC (rev 12128)
+++ trunk/openvas-plugins/scripts/gb_ca_gateway_security_remote_code_execution_vuln.nasl 2011-11-17 10:36:14 UTC (rev 12129)
@@ -0,0 +1,87 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_ca_gateway_security_remote_code_execution_vuln.nasl 2011-11-15 15:29:14 nov $
+#
+# CA Gateway Security Remote Code Execution Vulnerability
+#
+# Authors:
+# Rachana Shetty <srachana at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802337);
+ script_version("$Revision$");
+ script_cve_id("CVE-2011-0419");
+ script_bugtraq_id(48813);
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2011-11-15 12:35:07 +0530 (Tue, 15 Nov 2011)");
+ script_name("CA Gateway Security Remote Code Execution Vulnerability");
+ desc = "
+ Overview: This host is installed with CA Gateway Security and is prone to
+ remote code execution Vulnerability.
+
+ Vulnerability Insight:
+ The flaw is caused due to an error in the Icihttp.exe module, which can be
+ exploited by sending a specially-crafted HTTP request to TCP port 8080.
+
+ Impact:
+ Successful exploitation could allow remote attackers to execute arbitrary
+ code and cause denail of service.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ CA Gateway Security 8.1
+
+ Fix: Apply patch for CA Gateway Security r8.1
+ https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={5E404992-6B58-4C44-A29D-027D05B6285D}
+
+ References:
+ http://secunia.com/advisories/45332
+ http://securitytracker.com/id?1025812
+ http://securitytracker.com/id?1025813
+ http://xforce.iss.net/xforce/xfdb/68736
+ https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={5E404992-6B58-4C44-A29D-027D05B6285D} ";
+
+ script_description(desc);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_summary("Check the version of CA Gateway Security");
+ script_category(ACT_GATHER_INFO);
+ script_family("General");
+ script_dependencies("secpod_ca_mult_prdts_detect_win.nasl");
+ script_require_keys("CA/Gateway-Security/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get version from KB
+cagsver = get_kb_item("CA/Gateway-Security/Win/Ver");
+if(!cagsver){
+ exit(0);
+}
+
+## Check for CA Gateway Security Version less than 8.1.0.69
+if(version_is_less(version:cagsver, test_version:"8.1.0.69")){
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln_nov11_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln_nov11_lin.nasl 2011-11-16 17:24:13 UTC (rev 12128)
+++ trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln_nov11_lin.nasl 2011-11-17 10:36:14 UTC (rev 12129)
@@ -0,0 +1,94 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_google_chrome_mult_vuln_nov11_lin.nasl 18510 2011-11-15 10:11:12 nov $
+#
+# Google Chrome Multiple Vulnerabilities - November11 (Linux)
+#
+# Authors:
+# Rachana Shetty <srachana at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802346);
+ script_version("$Revision$");
+ script_cve_id("CVE-2011-3892", "CVE-2011-3893", "CVE-2011-3894", "CVE-2011-3895",
+ "CVE-2011-3896", "CVE-2011-3897", "CVE-2011-3898");
+ script_bugtraq_id(50642);
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"risk_factor", value:"High");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2011-11-15 10:58:03 +0530 (Tue, 15 Nov 2011)");
+ script_name("Google Chrome Multiple Vulnerabilities - November11 (Linux)");
+ desc = "
+ Overview: The host is installed with Google Chrome and is prone to multiple
+ vulnerabilities.
+
+ Vulnerability Insight:
+ Multiple vulnerabilities are due to,
+ - A double free error in the Theora decoder exists when handling a crafted
+ stream.
+ - An error in implementing the MKV and Vorbis media handlers.
+ - A memory corruption regression error in VP8 decoding when handling a
+ crafted stream.
+ - Heap overflow in the Vorbis decoder when handling a crafted stream.
+ - Buffer overflow error in the shader variable mapping.
+ - A use-after-free error exists related to editing.
+ - Fails to ask permission to run applets in Java Runtime Environment (JRE) 7.
+
+ Impact:
+ Successful exploitation could allow attackers to execute arbitrary code,
+ cause a denial of service, and disclose potentially sensitive information,
+ other attacks may also be possible.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Google Chrome version prior to 15.0.874.120 on Linux
+
+ Fix: Upgrade to the Google Chrome 15.0.874.120 or later,
+ For updates refer, http://www.google.com/chrome
+
+ References:
+ http://securitytracker.com/id/1026313
+ http://googlechromereleases.blogspot.com/2011/11/stable-channel-update.html ";
+
+ script_description(desc);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_summary("Check the version of Google Chrome");
+ script_category(ACT_GATHER_INFO);
+ script_family("General");
+ script_dependencies("gb_google_chrome_detect_lin.nasl");
+ script_require_keys("Google-Chrome/Linux/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get the version from KB
+chromeVer = get_kb_item("Google-Chrome/Linux/Ver");
+if(!chromeVer){
+ exit(0);
+}
+
+## Check for Google Chrome Version less than 15.0.874.120
+if(version_is_less(version:chromeVer, test_version:"15.0.874.120")){
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln_nov11_macosx.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln_nov11_macosx.nasl 2011-11-16 17:24:13 UTC (rev 12128)
+++ trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln_nov11_macosx.nasl 2011-11-17 10:36:14 UTC (rev 12129)
@@ -0,0 +1,94 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_google_chrome_mult_vuln_nov11_macosx.nasl 18510 2011-11-15 12:11:12 nov $
+#
+# Google Chrome Multiple Vulnerabilities - November11 (Mac OS X)
+#
+# Authors:
+# Rachana Shetty <srachana at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802347);
+ script_version("$Revision$");
+ script_cve_id("CVE-2011-3892", "CVE-2011-3893", "CVE-2011-3894", "CVE-2011-3895",
+ "CVE-2011-3896", "CVE-2011-3897", "CVE-2011-3898");
+ script_bugtraq_id(50642);
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"risk_factor", value:"High");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2011-11-15 11:56:15 +0530 (Tue, 15 Nov 2011)");
+ script_name("Google Chrome Multiple Vulnerabilities - November11 (Mac OS X)");
+ desc = "
+ Overview: The host is installed with Google Chrome and is prone to multiple
+ vulnerabilities.
+
+ Vulnerability Insight:
+ Multiple vulnerabilities are due to,
+ - A double free error in the Theora decoder exists when handling a crafted
+ stream.
+ - An error in implementing the MKV and Vorbis media handlers.
+ - A memory corruption regression error in VP8 decoding when handling a
+ crafted stream.
+ - Heap overflow in the Vorbis decoder when handling a crafted stream.
+ - Buffer overflow error in the shader variable mapping.
+ - A use-after-free error exists related to editing.
+ - Fails to ask permission to run applets in Java Runtime Environment (JRE) 7.
+
+ Impact:
+ Successful exploitation could allow attackers to execute arbitrary code,
+ cause a denial of service, and disclose potentially sensitive information,
+ other attacks may also be possible.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Google Chrome version prior to 15.0.874.120 on Mac OS X
+
+ Fix: Upgrade to the Google Chrome 15.0.874.120 or later,
+ For updates refer, http://www.google.com/chrome
+
+ References:
+ http://securitytracker.com/id/1026313
+ http://googlechromereleases.blogspot.com/2011/11/stable-channel-update.html ";
+
+ script_description(desc);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_summary("Check the version of Google Chrome");
+ script_category(ACT_GATHER_INFO);
+ script_family("General");
+ script_dependencies("gb_google_chrome_detect_macosx.nasl");
+ script_require_keys("GoogleChrome/MacOSX/Version");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get the version from KB
+chromeVer = get_kb_item("GoogleChrome/MacOSX/Version");
+if(!chromeVer){
+ exit(0);
+}
+
+## Check for Google Chrome Version less than 15.0.874.120
+if(version_is_less(version:chromeVer, test_version:"15.0.874.120")){
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln_nov11_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln_nov11_win.nasl 2011-11-16 17:24:13 UTC (rev 12128)
+++ trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln_nov11_win.nasl 2011-11-17 10:36:14 UTC (rev 12129)
@@ -0,0 +1,94 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_google_chrome_mult_vuln_nov11_win.nasl 18510 2011-11-14 11:12:14 nov $
+#
+# Google Chrome Multiple Vulnerabilities - November11 (Windows)
+#
+# Authors:
+# Rachana Shetty <srachana at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802345);
+ script_version("$Revision$");
+ script_cve_id("CVE-2011-3892", "CVE-2011-3893", "CVE-2011-3894", "CVE-2011-3895",
+ "CVE-2011-3896", "CVE-2011-3897", "CVE-2011-3898");
+ script_bugtraq_id(50642);
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"risk_factor", value:"High");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2011-11-14 11:11:11 +0530 (Mon, 14 Nov 2011)");
+ script_name("Google Chrome Multiple Vulnerabilities - November11 (Windows)");
+ desc = "
+ Overview: The host is installed with Google Chrome and is prone to multiple
+ vulnerabilities.
+
+ Vulnerability Insight:
+ Multiple vulnerabilities are due to,
+ - A double free error in the Theora decoder exists when handling a crafted
+ stream.
+ - An error in implementing the MKV and Vorbis media handlers.
+ - A memory corruption regression error in VP8 decoding when handling a
+ crafted stream.
+ - Heap overflow in the Vorbis decoder when handling a crafted stream.
+ - Buffer overflow error in the shader variable mapping.
+ - A use-after-free error exists related to editing.
+ - Fails to ask permission to run applets in Java Runtime Environment (JRE) 7.
+
+ Impact:
+ Successful exploitation could allow attackers to execute arbitrary code,
+ cause a denial of service, and disclose potentially sensitive information,
+ other attacks may also be possible.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Google Chrome version prior to 15.0.874.120 on Windows
+
+ Fix: Upgrade to the Google Chrome 15.0.874.120 or later,
+ For updates refer, http://www.google.com/chrome
+
+ References:
+ http://securitytracker.com/id/1026313
+ http://googlechromereleases.blogspot.com/2011/11/stable-channel-update.html ";
+
+ script_description(desc);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_summary("Check the version of Google Chrome");
+ script_category(ACT_GATHER_INFO);
+ script_family("General");
+ script_dependencies("gb_google_chrome_detect_win.nasl");
+ script_require_keys("GoogleChrome/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get the version from KB
+chromeVer = get_kb_item("GoogleChrome/Win/Ver");
+if(!chromeVer){
+ exit(0);
+}
+
+## Check for Google Chrome Versions prior to 15.0.874.120
+if(version_is_less(version:chromeVer, test_version:"15.0.874.120")){
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/gb_netart_media_iboutique_mult_sql_inj_n_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_netart_media_iboutique_mult_sql_inj_n_xss_vuln.nasl 2011-11-16 17:24:13 UTC (rev 12128)
+++ trunk/openvas-plugins/scripts/gb_netart_media_iboutique_mult_sql_inj_n_xss_vuln.nasl 2011-11-17 10:36:14 UTC (rev 12129)
@@ -0,0 +1,116 @@
+##############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_netart_media_iboutique_mult_sql_inj_n_xss_vuln.nasl 18372 2011-11-14 14:13:29 nov $
+#
+# NetArt Media iBoutique 'page' SQL Injection and XSS Vulnerabilities
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802404);
+ script_version("$Revision$");
+ script_cve_id("CVE-2010-5020");
+ script_bugtraq_id(41014);
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"risk_factor", value:"High");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2011-11-14 13:46:57 +0530 (Mon, 14 Nov 2011)");
+ script_name("NetArt Media iBoutique 'page' SQL Injection and XSS Vulnerabilities");
+ desc = "
+ Overview: This host is running NetArt Media iBoutique and is prone to multiple
+ SQL injection and cross-site scripting vulnerabilities.
+
+ Vulnerability Insight:
+ Multiple flaws are due to an,
+ - Input passed to the 'cat' and 'key' parameter in index.php (when 'mod'
+ is set to 'products') is not properly sanitised before being used in a
+ SQL query.
+ - Input passed to the 'page' parameter in index.php is not properly sanitised
+ before being used in a SQL query.
+
+ This can further be exploited to conduct cross-site scripting attacks
+ via SQL error messages.
+
+ Impact:
+ Successful exploitation will let the attacker to conduct SQL injection and
+ cross-site scripting attacks.
+
+ Impact Level: Application.
+
+ Affected Software:
+ NetArt Media iBoutique version 4.0
+
+ Fix: No solution or patch is available as on 14th November, 2011. Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://www.netartmedia.net/iboutique/
+
+ References:
+ http://milw0rm.com/exploits/6444
+ http://secunia.com/advisories/31871
+ http://www.exploit-db.com/exploits/13945/ ";
+
+ script_description(desc);
+ script_summary("Check NetArt Media iBoutique SQL Injection attack");
+ script_category(ACT_ATTACK);
+ script_copyright("Copyright (C) 2011 Greenbone Networks GmbH");
+ script_family("Web application abuses");
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+include("http_keepalive.inc");
+
+
+## Get HTTP port
+ibPort = get_http_port(default:80);
+if(!ibPort){
+ exit(0);
+}
+
+if(!can_host_php(port:ibPort)){
+ exit(0);
+}
+
+## Iterate over possible paths
+foreach dir (make_list("/iboutique", cgi_dirs()))
+{
+ ##Request to confirm application
+ sndReq = http_get(item:string(dir, "/index.php"), port:ibPort);
+ rcvRes = http_keepalive_send_recv(port:ibPort, data:sndReq);
+
+ ## Confirm application is NetArt Media Car Portal
+ if(">Why iBoutique?</" >< rcvRes)
+ {
+ ## Construct The Attack Request
+ url = string(dir, "/index.php?page='");
+
+ ## Try attack and check the response to confirm vulnerability
+ if(http_vuln_check(port:ibPort, url:url, pattern:"You have an error" +
+ " in your SQL syntax;", check_header: TRUE))
+ {
+ security_hole(ibPort);
+ exit(0);
+ }
+ }
+}
Added: trunk/openvas-plugins/scripts/gb_oracle_java_se_deployment_unspec_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_oracle_java_se_deployment_unspec_vuln_win.nasl 2011-11-16 17:24:13 UTC (rev 12128)
+++ trunk/openvas-plugins/scripts/gb_oracle_java_se_deployment_unspec_vuln_win.nasl 2011-11-17 10:36:14 UTC (rev 12129)
@@ -0,0 +1,99 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_oracle_java_se_deployment_unspec_vuln_win.nasl 18099 2011-11-15 14:14:14Z nov $
+#
+# Oracle Java SE Java Runtime Environment Unspecified Vulnerability - October 2011 (Windows)
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802278);
+ script_version("$Revision$");
+ script_cve_id("CVE-2011-3516");
+ script_bugtraq_id(50229);
+ script_tag(name:"cvss_base", value:"7.6");
+ script_tag(name:"risk_factor", value:"High");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2011-11-15 14:34:22 +0530 (Tue, 15 Nov 2011)");
+ script_name("Oracle Java SE Java Runtime Environment Unspecified Vulnerability - October 2011 (Windows)");
+ desc = "
+ Overview: This host is installed with Oracle Java SE and is prone to
+ unspecified vulnerability.
+
+ Vulnerability Insight:
+ The flaw is caused due to unspecified error in the 'Deployment' sub-component.
+
+ Impact:
+ Successful exploitation allows remote attackers to affect confidentiality,
+ integrity, and availability via unknown vectors.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Oracle Java SE versions 6 Update 27 and earlier.
+
+ Fix: Upgrade to Oracle Java SE versions 6 Update 29 or later.
+ For updates refer,
+ http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
+
+ References:
+ http://secunia.com/advisories/46512
+ http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html ";
+
+ script_description(desc);
+ script_summary("Check for the version of Sun Java SE JRE/JDK");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("General");
+ script_dependencies("gb_java_prdts_detect_win.nasl");
+ script_require_keys("Sun/Java/JRE/Win/Ver", "Sun/Java/JDK/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get JRE Version from KB
+jreVer = get_kb_item("Sun/Java/JRE/Win/Ver");
+if(jreVer)
+{
+ jreVer = ereg_replace(pattern:"_|-", string:jreVer, replace: ".");
+
+ ## Check for Oracle Java SE versions 6 Update 27 and earlier
+ if(version_in_range(version:jreVer, test_version:"1.6", test_version2:"1.6.0.27"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
+
+# Get JDK Version from KB
+jdkVer = get_kb_item("Sun/Java/JDK/Win/Ver");
+if(jdkVer)
+{
+ jdkVer = ereg_replace(pattern:"_|-", string:jdkVer, replace: ".");
+
+ ## Check for Oracle Java SE versions 6 Update 27 and earlier
+ if(version_in_range(version:jdkVer, test_version:"1.6", test_version2:"1.6.0.27")) {
+ security_hole(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_oracle_java_se_deployment_unspec_vuln_win.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_oracle_java_se_java_runtime_env_unspec_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_oracle_java_se_java_runtime_env_unspec_vuln_win.nasl 2011-11-16 17:24:13 UTC (rev 12128)
+++ trunk/openvas-plugins/scripts/gb_oracle_java_se_java_runtime_env_unspec_vuln_win.nasl 2011-11-17 10:36:14 UTC (rev 12129)
@@ -0,0 +1,100 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_oracle_java_se_java_runtime_env_unspec_vuln_win.nasl 18099 2011-11-15 14:14:14Z nov $
+#
+# Oracle Java SE Java Runtime Environment Unspecified Vulnerability - October 2011 (Windows)
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802277);
+ script_version("$Revision$");
+ script_cve_id("CVE-2011-3555");
+ script_bugtraq_id(50237);
+ script_tag(name:"cvss_base", value:"6.1");
+ script_tag(name:"risk_factor", value:"High");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2011-11-15 14:34:22 +0530 (Tue, 15 Nov 2011)");
+ script_name("Oracle Java SE Java Runtime Environment Unspecified Vulnerability - October 2011 (Windows)");
+ desc = "
+ Overview: This host is installed with Oracle Java SE and is prone to
+ unspecified vulnerability.
+
+ Vulnerability Insight:
+ The flaw is caused due to unspecified error in the Java Runtime Environment
+ component.
+
+ Impact:
+ Successful exploitation allows remote attackers to cause a denial of service.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Oracle Java SE versions 7.
+
+ Fix: Upgrade to Oracle Java SE versions 7 Update 1 or later.
+ For updates refer,
+ http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
+
+ References:
+ http://secunia.com/advisories/46512
+ http://xforce.iss.net/xforce/xfdb/70838
+ http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html ";
+
+ script_description(desc);
+ script_summary("Check for the version of Sun Java SE JRE/JDK");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("General");
+ script_dependencies("gb_java_prdts_detect_win.nasl");
+ script_require_keys("Sun/Java/JRE/Win/Ver", "Sun/Java/JDK/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get JRE Version from KB
+jreVer = get_kb_item("Sun/Java/JRE/Win/Ver");
+if(jreVer)
+{
+ jreVer = ereg_replace(pattern:"_|-", string:jreVer, replace: ".");
+
+ ## Check for Oracle Java SE versions 7
+ if(version_is_equal(version:jreVer, test_version:"1.7.0"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
+
+# Get JDK Version from KB
+jdkVer = get_kb_item("Sun/Java/JDK/Win/Ver");
+if(jdkVer)
+{
+ jdkVer = ereg_replace(pattern:"_|-", string:jdkVer, replace: ".");
+
+ ## Check for Oracle Java SE versions 7
+ if(version_is_equal(version:jdkVer, test_version:"1.7.0")) {
+ security_hole(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_oracle_java_se_java_runtime_env_unspec_vuln_win.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_oct11_win_01.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_oct11_win_01.nasl 2011-11-16 17:24:13 UTC (rev 12128)
+++ trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_oct11_win_01.nasl 2011-11-17 10:36:14 UTC (rev 12129)
@@ -0,0 +1,114 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_oracle_java_se_mult_vuln_oct11_win_01.nasl 18099 2011-11-15 14:14:14Z nov $
+#
+# Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows01)
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802273);
+ script_version("$Revision$");
+ script_cve_id("CVE-2011-3547", "CVE-2011-3548", "CVE-2011-3552", "CVE-2011-3556",
+ "CVE-2011-3557", "CVE-2011-3560");
+ script_bugtraq_id(50211, 50234, 50236, 50243, 50231, 50248);
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2011-11-15 14:34:22 +0530 (Tue, 15 Nov 2011)");
+ script_name("Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows01)");
+ desc = "
+ Overview: This host is installed with Oracle Java SE and is prone to multiple
+ vulnerabilities.
+
+ Vulnerability Insight:
+ Multiple flaws are caused due to unspecified errors in the following
+ components:
+ - Networking
+ - AWT
+ - RMI
+ - JSSE
+
+ Impact:
+ Successful exploitation allows remote attackers to affect confidentiality,
+ integrity, and availability via unknown vectors.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Oracle Java SE versions 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier,
+ and 1.4.2_33 and earlier.
+
+ Fix: Upgrade to Oracle Java SE versions 7 Update 1, 6 Update 29, 5.0 Update
+ 32, 1.4.2_34 or later. For updates refer,
+ http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
+
+ References:
+ http://secunia.com/advisories/46512
+ http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html ";
+
+ script_description(desc);
+ script_summary("Check for the version of Sun Java SE JRE/JDK");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("General");
+ script_dependencies("gb_java_prdts_detect_win.nasl");
+ script_require_keys("Sun/Java/JRE/Win/Ver", "Sun/Java/JDK/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get JRE Version from KB
+jreVer = get_kb_item("Sun/Java/JRE/Win/Ver");
+if(jreVer)
+{
+ jreVer = ereg_replace(pattern:"_|-", string:jreVer, replace: ".");
+
+ ## Check for Oracle Java SE versions 7, 6 Update 27 and earlier,
+ ## 5.0 Update 31 and earlier, and 1.4.2_33 and earlier
+ if(version_is_equal(version:jreVer, test_version:"1.7.0") ||
+ version_is_less_equal(version:jreVer, test_version:"1.4.2.33") ||
+ version_in_range(version:jreVer, test_version:"1.6", test_version2:"1.6.0.27") ||
+ version_in_range(version:jreVer, test_version:"1.5", test_version2:"1.5.0.31"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
+
+# Get JDK Version from KB
+jdkVer = get_kb_item("Sun/Java/JDK/Win/Ver");
+if(jdkVer)
+{
+ jdkVer = ereg_replace(pattern:"_|-", string:jdkVer, replace: ".");
+
+ ## Check for Oracle Java SE versions 7, 6 Update 27 and earlier,
+ ## 5.0 Update 31 and earlier, and 1.4.2_33 and earlier
+ if(version_is_equal(version:jdkVer, test_version:"1.7.0") ||
+ version_is_less_equal(version:jdkVer, test_version:"1.4.2.33") ||
+ version_in_range(version:jdkVer, test_version:"1.6", test_version2:"1.6.0.27") ||
+ version_in_range(version:jdkVer, test_version:"1.5", test_version2:"1.5.0.31")){
+ security_hole(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_oct11_win_01.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_oct11_win_02.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_oct11_win_02.nasl 2011-11-16 17:24:13 UTC (rev 12128)
+++ trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_oct11_win_02.nasl 2011-11-17 10:36:14 UTC (rev 12129)
@@ -0,0 +1,109 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_oracle_java_se_mult_vuln_oct11_win_02.nasl 18099 2011-11-15 14:14:14Z nov $
+#
+# Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows02)
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802274);
+ script_version("$Revision$");
+ script_cve_id("CVE-2011-3544", "CVE-2011-3546", "CVE-2011-3550", "CVE-2011-3551",
+ "CVE-2011-3553", "CVE-2011-3558", "CVE-2011-3561");
+ script_bugtraq_id(50218, 50224, 50226, 50239, 50242, 50246, 50250);
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2011-11-15 14:34:22 +0530 (Tue, 15 Nov 2011)");
+ script_name("Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows02)");
+ desc = "
+ Overview: This host is installed with Oracle Java SE and is prone to multiple
+ vulnerabilities.
+
+ Vulnerability Insight:
+ Multiple flaws are caused due to unspecified errors in the following
+ components:
+ - Scripting
+ - Deployment
+ - AWT
+ - 2D
+ - JAXWS
+ - HotSpot
+
+ Impact:
+ Successful exploitation allows remote attackers to affect confidentiality,
+ integrity, and availability via unknown vectors.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Oracle Java SE versions 7, 6 Update 27 and earlier.
+
+ Fix: Upgrade to Oracle Java SE versions 7 Update 1, 6 Update 29 or later.
+ For updates refer,
+ http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
+
+ References:
+ http://secunia.com/advisories/46512
+ http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html ";
+
+ script_description(desc);
+ script_summary("Check for the version of Sun Java SE JRE/JDK");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("General");
+ script_dependencies("gb_java_prdts_detect_win.nasl");
+ script_require_keys("Sun/Java/JRE/Win/Ver", "Sun/Java/JDK/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get JRE Version from KB
+jreVer = get_kb_item("Sun/Java/JRE/Win/Ver");
+if(jreVer)
+{
+ jreVer = ereg_replace(pattern:"_|-", string:jreVer, replace: ".");
+
+ ## Check for Oracle Java SE versions 7, 6 Update 27 and earlier
+ if(version_is_equal(version:jreVer, test_version:"1.7.0") ||
+ version_in_range(version:jreVer, test_version:"1.6", test_version2:"1.6.0.27"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
+
+# Get JDK Version from KB
+jdkVer = get_kb_item("Sun/Java/JDK/Win/Ver");
+if(jdkVer)
+{
+ jdkVer = ereg_replace(pattern:"_|-", string:jdkVer, replace: ".");
+
+ ## Check for Oracle Java SE versions 7, 6 Update 27 and earlier
+ if(version_is_equal(version:jdkVer, test_version:"1.7.0") ||
+ version_in_range(version:jdkVer, test_version:"1.6", test_version2:"1.6.0.27")) {
+ security_hole(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_oct11_win_02.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_oct11_win_03.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_oct11_win_03.nasl 2011-11-16 17:24:13 UTC (rev 12128)
+++ trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_oct11_win_03.nasl 2011-11-17 10:36:14 UTC (rev 12129)
@@ -0,0 +1,109 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_oracle_java_se_mult_vuln_oct11_win_03.nasl 18099 2011-11-15 14:14:14Z nov $
+#
+# Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows03)
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802275);
+ script_version("$Revision$");
+ script_cve_id("CVE-2011-3545", "CVE-2011-3549");
+ script_bugtraq_id(50220, 50223);
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2011-11-15 14:34:22 +0530 (Tue, 15 Nov 2011)");
+ script_name("Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows03)");
+ desc = "
+ Overview: This host is installed with Oracle Java SE and is prone to multiple
+ vulnerabilities.
+
+ Vulnerability Insight:
+ Multiple flaws are caused due to unspecified errors in the following
+ components:
+ - Sound
+ - Swing
+
+ Impact:
+ Successful exploitation allows remote attackers to affect confidentiality,
+ integrity, and availability via unknown vectors.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Oracle Java SE versions 6 Update 27 and earlier, 5.0 Update 31 and earlier,
+ and 1.4.2_33 and earlier.
+
+ Fix: Upgrade to Oracle Java SE versions 6 Update 29, 5.0 Update 32, 1.4.2_34
+ or later. For updates refer,
+ http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
+
+ References:
+ http://secunia.com/advisories/46512
+ http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html ";
+
+ script_description(desc);
+ script_summary("Check for the version of Sun Java SE JRE/JDK");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("General");
+ script_dependencies("gb_java_prdts_detect_win.nasl");
+ script_require_keys("Sun/Java/JRE/Win/Ver", "Sun/Java/JDK/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get JRE Version from KB
+jreVer = get_kb_item("Sun/Java/JRE/Win/Ver");
+if(jreVer)
+{
+ jreVer = ereg_replace(pattern:"_|-", string:jreVer, replace: ".");
+
+ ## Check for Oracle Java SE versions 6 Update 27 and earlier,
+ ## 5.0 Update 31 and earlier, and 1.4.2_33 and earlier
+ if(version_is_less_equal(version:jreVer, test_version:"1.4.2.33") ||
+ version_in_range(version:jreVer, test_version:"1.6", test_version2:"1.6.0.27") ||
+ version_in_range(version:jreVer, test_version:"1.5", test_version2:"1.5.0.31"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
+
+# Get JDK Version from KB
+jdkVer = get_kb_item("Sun/Java/JDK/Win/Ver");
+if(jdkVer)
+{
+ jdkVer = ereg_replace(pattern:"_|-", string:jdkVer, replace: ".");
+
+ ## Check for Oracle Java SE versions 6 Update 27 and earlier,
+ ## 5.0 Update 31 and earlier, and 1.4.2_33 and earlier
+ if(version_is_less_equal(version:jdkVer, test_version:"1.4.2.33") ||
+ version_in_range(version:jdkVer, test_version:"1.6", test_version2:"1.6.0.27") ||
+ version_in_range(version:jdkVer, test_version:"1.5", test_version2:"1.5.0.31")){
+ security_hole(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_oct11_win_03.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_oct11_win_04.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_oct11_win_04.nasl 2011-11-16 17:24:13 UTC (rev 12128)
+++ trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_oct11_win_04.nasl 2011-11-17 10:36:14 UTC (rev 12129)
@@ -0,0 +1,110 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_oracle_java_se_mult_vuln_oct11_win_04.nasl 18099 2011-11-15 14:14:14Z nov $
+#
+# Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows04)
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802276);
+ script_version("$Revision$");
+ script_cve_id("CVE-2011-3521", "CVE-2011-3554");
+ script_bugtraq_id(50215, 50216);
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2011-11-15 14:34:22 +0530 (Tue, 15 Nov 2011)");
+ script_name("Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows04)");
+ desc = "
+ Overview: This host is installed with Oracle Java SE and is prone to multiple
+ vulnerabilities.
+
+ Vulnerability Insight:
+ Multiple flaws are caused due to unspecified errors in the following
+ components:
+ - Deserialization
+ - Java Runtime Environment
+
+ Impact:
+ Successful exploitation allows remote attackers to affect confidentiality,
+ integrity, and availability via unknown vectors.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Oracle Java SE versions 7, 6 Update 27 and earlier, 5.0 Update 31 and
+ earlier.
+
+ Fix: Upgrade to Oracle Java SE versions 7 Update 1, 6 Update 29, 5.0 Update
+ 32 or later. For updates refer,
+ http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
+
+ References:
+ http://secunia.com/advisories/46512
+ http://xforce.iss.net/xforce/xfdb/70839
+ http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html ";
+
+ script_description(desc);
+ script_summary("Check for the version of Sun Java SE JRE/JDK");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("General");
+ script_dependencies("gb_java_prdts_detect_win.nasl");
+ script_require_keys("Sun/Java/JRE/Win/Ver", "Sun/Java/JDK/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get JRE Version from KB
+jreVer = get_kb_item("Sun/Java/JRE/Win/Ver");
+if(jreVer)
+{
+ jreVer = ereg_replace(pattern:"_|-", string:jreVer, replace: ".");
+
+ ## Check for Oracle Java SE versions 7, 6 Update 27 and earlier,
+ ## 5.0 Update 31 and earlier
+ if(version_is_equal(version:jreVer, test_version:"1.7.0") ||
+ version_in_range(version:jreVer, test_version:"1.6", test_version2:"1.6.0.27") ||
+ version_in_range(version:jreVer, test_version:"1.5", test_version2:"1.5.0.31"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
+
+# Get JDK Version from KB
+jdkVer = get_kb_item("Sun/Java/JDK/Win/Ver");
+if(jdkVer)
+{
+ jdkVer = ereg_replace(pattern:"_|-", string:jdkVer, replace: ".");
+
+ ## Check for Oracle Java SE versions 7, 6 Update 27 and earlier,
+ ## 5.0 Update 31 and earlier
+ if(version_is_equal(version:jdkVer, test_version:"1.7.0") ||
+ version_in_range(version:jdkVer, test_version:"1.6", test_version2:"1.6.0.27") ||
+ version_in_range(version:jdkVer, test_version:"1.5", test_version2:"1.5.0.31")){
+ security_hole(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_oct11_win_04.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_sendmail_mail_relay_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_sendmail_mail_relay_vuln.nasl 2011-11-16 17:24:13 UTC (rev 12128)
+++ trunk/openvas-plugins/scripts/gb_sendmail_mail_relay_vuln.nasl 2011-11-17 10:36:14 UTC (rev 12129)
@@ -0,0 +1,157 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_sendmail_mail_relay_vuln.nasl 17221 2011-11-15 12:51:12Z nov $
+#
+# SendMail Mail Relay Vulnerability
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802194);
+ script_version("$Revision$");
+ script_cve_id("CVE-2002-1278");
+ script_bugtraq_id(6118);
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"risk_factor", value:"High");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2011-11-15 12:51:12 +0530 (Tue, 15 Nov 2011)");
+ script_name("SendMail Mail Relay Vulnerability");
+ desc = "
+ Overview:
+ This host is installed with SendMail and is prone to mail relay
+ vulnerability.
+
+ Vulnerability Insight:
+ The flaw is caused due to an error in the mailconf module in Linuxconf which
+ generates the Sendmail configuration file (sendmail.cf) and configures
+ Sendmail to run as an open mail relay, which allows remote attackers to send
+ Spam email.
+
+ Impact:
+ Successful exploitation will let the attackers to send email messages outside
+ of the served network. This could result in unauthorized messages being sent
+ from the vulnerable server.
+
+ Impact Level: Application/System
+
+ Affected Software/OS:
+ Linuxconf versions 1.24 r2, 1.2.5 r3
+ Linuxconf versions 1.24 r2, 1.2.5 r3 on Conectiva Linux 6.0 through 8
+
+ Fix: Upgrade to the latest version of Linuxconf version 1.29r1 or later
+ For updates refer, http://www.solucorp.qc.ca/linuxconf/
+
+ References:
+ http://osvdb.org/6066
+ http://xforce.iss.net/xforce/xfdb/10554
+ http://www.securityfocus.com/bid/6118/solution ";
+
+ script_description(desc);
+ script_summary("check if SendMail is prone to open mail relay vulnerability");
+ script_category(ACT_ATTACK);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("SMTP problems");
+ script_dependencie("smtpserver_detect.nasl","sendmail_expn.nasl","smtp_settings.nasl");
+ script_require_ports("Services/smtp", 25);
+ exit(0);
+}
+
+
+include("smtp_func.inc");
+include("misc_func.inc");
+include("network_func.inc");
+
+## Get the SMTP port
+port = get_kb_item("Services/smtp");
+if(!port){
+ port = 25;
+}
+
+## Get SMTP banner to confirm sendmail
+banner = get_smtp_banner(port);
+if(!banner || "Sendmail" >!< banner){
+ exit(0);
+}
+
+## Get the domain
+domain = get_kb_item("Settings/third_party_domain");
+if(!domain){
+ domain = 'example.com';
+}
+
+## Open the Socket
+soc = smtp_open(port:port, helo:NULL);
+if(!soc){
+ exit(0);
+}
+
+## Source Name
+src_name = this_host_name();
+FROM = string('openvas@', src_name);
+TO = string('openvas@', domain);
+
+## Send normal request
+send(socket:soc, data:strcat('EHLO ', src_name, '\r\n'));
+ans = smtp_recv_line(socket:soc);
+if("250" >!< ans){
+ exit(0);
+}
+
+mail_from = strcat('MAIL FROM: <', FROM , '>\r\n');
+
+send(socket:soc, data:mail_from);
+recv = smtp_recv_line(socket:soc);
+
+## Check if Domain of sender exists
+if(!recv || recv =~ '^5[0-9][0-9]'){
+ exit(0);
+}
+
+## Check for the receiver
+mail_to = strcat('RCPT TO: <', TO , '>\r\n');
+send(socket:soc, data:mail_to);
+
+## Receive response
+recv = smtp_recv_line(socket: soc);
+
+if(recv =~ '^2[0-9][0-9]')
+{
+ data = string("data\r\n");
+ send(socket:soc, data:data);
+ data_rcv = smtp_recv_line(socket:soc);
+
+ if(egrep(pattern:"3[0-9][0-9]", string:data_rcv))
+ {
+ ## Constuct and send mail
+ send(socket:soc, data:string("OpenVAS-Relay-Test\r\n.\r\n"));
+ mail_send = smtp_recv_line(socket:soc);
+
+ ## Checking mail is accepted
+ if("250" >< mail_send)
+ {
+ security_hole(port:port);
+ smtp_close(socket:soc);
+ exit(0);
+ }
+ }
+}
+smtp_close(socket: soc);
Modified: trunk/openvas-plugins/scripts/secpod_ca_mult_prdts_detect_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ca_mult_prdts_detect_win.nasl 2011-11-16 17:24:13 UTC (rev 12128)
+++ trunk/openvas-plugins/scripts/secpod_ca_mult_prdts_detect_win.nasl 2011-11-17 10:36:14 UTC (rev 12129)
@@ -7,6 +7,13 @@
# Authors:
# Nikita MR <rnikita at secpod.com>
#
+# Updated By : Sooraj KS <kssooraj at secpod.com> on 2011-03-07
+# Added HIPS Engine and HIPS Management Server Detection.
+#
+# Updated By:
+# Rachana Shetty <srachana at secpod.com> on 2011-11-02
+# Updated to detect CA Gateway Security
+#
# Copyright:
# Copyright (c) 2009 SecPod, http//www.secpod.com
#
@@ -28,14 +35,16 @@
{
script_id(900966);
script_version("$Revision$");
+ script_tag(name:"risk_factor", value:"None");
script_tag(name:"last_modification", value:"$Date$");
- script_tag(name:"creation_date", value:"2009-10-29 07:53:15 +0100 (Thu, 29 Oct 2009)");
- script_tag(name:"risk_factor", value:"None");
+ script_tag(name:"creation_date", value:"2011-11-15 12:44:36 +0530 (Tue, 15 Nov 2011)");
script_name("CA Multiple Products Version Detection (Win)");
desc = "
Overview : This script detects the installed version of CA multiple
- products and sets the result in KB.";
+ products and sets the result in KB.
+ Risk factor : None";
+
script_description(desc);
script_summary("Sets the version of multiple CA products in KB");
script_category(ACT_GATHER_INFO);
@@ -48,10 +57,11 @@
}
+include("cpe.inc");
include("smb_nt.inc");
+include("version_func.inc");
+include("host_details.inc");
include("secpod_smb_func.inc");
-include("cpe.inc");
-include("host_details.inc");
## Constant values
SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.900966";
@@ -100,7 +110,7 @@
caavVer = registry_get_sz(key:key + "\av", item:"Version");
if(caavVer){
set_kb_item(name:"CA/AV/Win/Ver", value:caavVer);
- security_note(data:"CA Antivirus version " + caavVer +
+ security_note(data:"CA Antivirus version " + caavVer +
" was detected on the host");
## build cpe and store it as host_detail
@@ -115,10 +125,70 @@
caissVer = registry_get_sz(key:key + "\suite", item:"Version");
if(caissVer){
set_kb_item(name:"CA/ISS/Win/Ver", value:caissVer);
- security_note(data:"CA Internet Security version " + caissVer +
+ security_note(data:"CA Internet Security version " + caissVer +
" was detected on the host");
## build cpe and store it as host_detail
register_cpe(tmpVers:caissVer, tmpExpr:"^([0-9.]+)", tmpBase:"cpe:/a:ca:internet_security_suite");
}
}
+
+# Check for CA HIPS Engine
+key = "SOFTWARE\CA\HIPSEngine";
+cahipsVer = registry_get_sz(key:key, item:"Version");
+if(cahipsVer){
+ set_kb_item(name:"CA/HIPS/Engine/Win/Ver", value:cahipsVer);
+ security_note(data:"CA HIPS Engine version " + cahipsVer +
+ " was detected on the host");
+}
+
+# Check for HIPS Management Server
+if(registry_key_exists(key:"SOFTWARE\CA\HIPSManagementServer"))
+{
+ # Get HIPS Management Server Version From Registry
+ key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
+ if(registry_key_exists(key:key))
+ {
+ foreach item (registry_enum_keys(key:key))
+ {
+ name = registry_get_sz(key:key + item, item:"DisplayName");
+ if(eregmatch(pattern:"^CA HIPS Management Server", string:name))
+ {
+ hipsVer = registry_get_sz(key:key + item, item:"DisplayVersion");
+ if(hipsVer != NULL)
+ {
+ set_kb_item(name:"CA/HIPS/Server/Win/Ver", value:hipsVer);
+ security_note(data:"CA HIPS Management Server version " + hipsVer +
+ " was detected on the host");
+ }
+ }
+ }
+ }
+}
+
+# Check for CA Gateway Security
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
+if(registry_key_exists(key:key))
+{
+ foreach item (registry_enum_keys(key:key))
+ {
+ if("CA Gateway Security" >< registry_get_sz(key:key + item,
+ item:"DisplayName"))
+ {
+ ## Get the install path for Gateway security
+ cagsPath = registry_get_sz(key:key + item, item:"InstallLocation");
+ cagsPath = cagsPath + "Bin";
+
+ cagsVer = fetch_file_version(sysPath:cagsPath, file_name:"ManagerConsole.exe");
+ if(cagsVer)
+ {
+ set_kb_item(name:"CA/Gateway-Security/Win/Ver", value:cagsVer);
+ security_note(data:"CA Gateway Security version " + cagsVer +
+ " was detected on the host");
+
+ ## build cpe and store it as host_detail
+ register_cpe(tmpVers:cagsVer, tmpExpr:"^([0-9.]+)", tmpBase:"cpe:/a:ca:gateway_security:");
+ }
+ }
+ }
+}
Added: trunk/openvas-plugins/scripts/secpod_macosx_java_10_6_upd_6_and_10_7_upd_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_macosx_java_10_6_upd_6_and_10_7_upd_1.nasl 2011-11-16 17:24:13 UTC (rev 12128)
+++ trunk/openvas-plugins/scripts/secpod_macosx_java_10_6_upd_6_and_10_7_upd_1.nasl 2011-11-17 10:36:14 UTC (rev 12129)
@@ -0,0 +1,116 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_macosx_java_10_6_upd_6_and_10_7_upd_1.nasl 18447 2011-11-15 15:15:15 aug $
+#
+# Java for Mac OS X 10.6 Update 6 And 10.7 Update 1
+#
+# Authors:
+# Rachana Shetty <srachana at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(902630);
+ script_version("$Revision$");
+ script_cve_id("CVE-2011-3389", "CVE-2011-3521", "CVE-2011-3544", "CVE-2011-3545",
+ "CVE-2011-3546", "CVE-2011-3547", "CVE-2011-3548", "CVE-2011-3549",
+ "CVE-2011-3551", "CVE-2011-3552", "CVE-2011-3553", "CVE-2011-3554",
+ "CVE-2011-3556", "CVE-2011-3557", "CVE-2011-3558", "CVE-2011-3560",
+ "CVE-2011-3561");
+ script_bugtraq_id(49388, 50215, 50218, 50220, 50239, 50243, 50211, 50223, 50224,
+ 50248, 50246, 50216, 50231, 50234, 50242, 50236, 50250);
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_name("Java for Mac OS X 10.6 Update 6 And 10.7 Update 1");
+ desc = "
+ Overview: This host has important security update missing according to
+ Java for Mac OS X 10.6 Update 6 and 10.7 Update 1.
+
+ Vulnerability Insight:
+ For more information on the vulnerabilities refer the below links.
+
+ Impact:
+ Successful exploitation may allow an untrusted Java applet to execute
+ arbitrary code outside the Java sandbox. Visiting a web page containing
+ a maliciously crafted untrusted Java applet may lead to arbitrary code
+ execution with the privileges of the current user.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Java for Mac OS X v10.6.6 and v10.7.2 or Mac OS X Server v10.6.8 and v10.7.2.
+
+ Fix: Upgrade to Java for Mac OS X 10.6 Update 6 and 10.7 Update 1,
+ For updates refer, http://support.apple.com/kb/HT5045
+
+ References:
+ http://support.apple.com/kb/HT5045
+ http://support.apple.com/kb/HT4884
+ http://support.apple.com/kb/HT4885
+ http://lists.apple.com/archives/Security-announce//2011/Nov/msg00000.html ";
+
+ script_description(desc);
+ script_copyright("Copyright (c) 2011 SecPod");
+ script_summary("Checks for existence of Java for Mac OS X 10.6 Update 6 Or 10.7 Update 1");
+ script_category(ACT_GATHER_INFO);
+ script_family("Mac OS X Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_ports("Services/ssh", 22);
+ exit(0);
+}
+
+
+include("pkg-lib-macosx.inc");
+include("version_func.inc");
+
+## Get the OS name
+osName = get_kb_item("ssh/login/osx_name");
+if(!osName){
+ exit (0);
+}
+
+## Get the OS Version
+osVer = get_kb_item("ssh/login/osx_version");
+if(!osVer){
+ exit(0);
+}
+
+## Check for the Mac OS X and Mac OS X Server
+if("Mac OS X" >< osName || "Mac OS X Server" >< osName)
+{
+ ## Check the affected OS versions
+ if(version_is_equal(version:osVer, test_version:"10.6.8"))
+ {
+ ## Check for the security update
+ if(isosxpkgvuln(fixed:"com.apple.pkg.JavaForMacOSX10.6", diff:"6"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+ }
+
+ ## Check the affected OS versions
+ if(version_is_equal(version:osVer, test_version:"10.7.2"))
+ {
+ ## Check for the security update
+ if(isosxpkgvuln(fixed:"com.apple.pkg.JavaForMacOSX10.7", diff:"1")){
+ security_hole(0);
+ }
+ }
+}
Added: trunk/openvas-plugins/scripts/secpod_sshd_gssapi_credential_disclosure_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_sshd_gssapi_credential_disclosure_vuln.nasl 2011-11-16 17:24:13 UTC (rev 12128)
+++ trunk/openvas-plugins/scripts/secpod_sshd_gssapi_credential_disclosure_vuln.nasl 2011-11-17 10:36:14 UTC (rev 12129)
@@ -0,0 +1,111 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_sshd_gssapi_credential_disclosure_vuln.nasl 18527 2011-11-16 19:06:24Z nov $
+#
+# OpenSSH 'sshd' GSSAPI Credential Disclosure Vulnerability
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(902488);
+ script_version("$Revision$");
+ script_cve_id("CVE-2005-2798");
+ script_bugtraq_id(14729);
+ script_tag(name:"cvss_base", value:"5.0");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2011-11-16 12:24:22 +0530 (Wed, 16 Nov 2011)");
+ script_name("OpenSSH 'sshd' GSSAPI Credential Disclosure Vulnerability");
+ desc = "
+ Overview: The host is running OpenSSH sshd with GSSAPI enabled and is prone
+ to credential disclosure vulnerability.
+
+ Vulnerability Insight:
+ The flaw is caused due to an error in handling GSSAPI credential delegation,
+ Which allow GSSAPI credentials to be delegated to users who log in with
+ methods other than GSSAPI authentication (e.g. public key) when the client
+ requests it.
+
+ Impact:
+ Successful exploitation could allows remote attackers to bypass security
+ restrictions and gain escalated privileges.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ OpenSSH version prior to 4.2
+
+ Fix: Upgrade OpenSSH to 4.2 or later,
+ For Updates Refer, http://www.openssh.com/
+
+ References:
+ http://osvdb.org/19141
+ http://secunia.com/advisories/16686
+ http://securitytracker.com/id?1014845
+ https://lists.mindrot.org/pipermail/openssh-unix-announce/2005-September/000083.html ";
+
+ script_description(desc);
+ script_summary("Check for the credential disclosure vulnerability OpenSSH");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2011 SecPod ");
+ script_family("General");
+ script_dependencies("ssh_detect.nasl");
+ script_require_ports("Services/ssh", 22);
+ exit(0);
+}
+
+include("backport.inc");
+include("version_func.inc");
+
+## Get the default port
+port = get_kb_item("Services/ssh");
+if(!port){
+ port = 22;
+}
+
+## Get th SSH banner
+banner = get_kb_item("SSH/banner/" + port );
+if(!banner){
+ exit(0);
+}
+
+banner = tolower(get_backport_banner(banner:banner));
+ver = eregmatch(pattern:"ssh-.*openssh[_-]{1}([0-9.]+[p0-9]*)", string:banner);
+
+## Get version from the banner
+if(isnull(ver[1])){
+ exit(0);
+}
+
+## Check the versions prior to 4.2
+if(version_is_less(version:ver[1], test_version:"4.2"))
+{
+ ## Get the supported protocols versions from kb
+ auth = get_kb_item("SSH/supportedauth/" + port);
+ if(auth)
+ {
+ ## Check the authentication method and confirm the vulnerability
+ if("gssapi" >< auth){
+ security_warning(port);
+ }
+ }
+}
Added: trunk/openvas-plugins/scripts/secpod_wordpress_filedownload_remote_file_disc_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_wordpress_filedownload_remote_file_disc_vuln.nasl 2011-11-16 17:24:13 UTC (rev 12128)
+++ trunk/openvas-plugins/scripts/secpod_wordpress_filedownload_remote_file_disc_vuln.nasl 2011-11-17 10:36:14 UTC (rev 12129)
@@ -0,0 +1,111 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_wordpress_filedownload_remote_file_disc_vuln.nasl 17195 2011-11-17 12:30:17Z sep $
+#
+# WordPress Filedownload Plugin (download.php) Remote File Disclosure Vulnerability
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(902753);
+ script_version("$Revision$");
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"risk_factor", value:"High");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2011-11-17 12:30:17 +0530 (Thu, 17 Nov 2011)");
+ script_name("WordPress Filedownload Plugin (download.php) Remote File Disclosure Vulnerability");
+ desc = "
+ Overview:
+ This host is installed with WordPress Filedownload Plugin and is prone to
+ remote file disclosure vulnerability.
+
+ Vulnerability Insight:
+ Input passed to the 'path' parameter in
+ 'wp-content/plugins/filedownload/download.php' is not properly verified
+ before being used to download files. This can be exploited to disclose
+ the contents of arbitrary files via directory traversal attacks.
+
+ Impact:
+ Successful exploitation could allow attackers to perform directory traversal
+ attacks and read arbitrary files on the affected application.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ WordPress Filedownload Plugin version 0.1
+
+ Fix: No solution or patch is available as on 17th November, 2011. Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://wordpress.org/extend/plugins/filedownload/
+
+ References:
+ http://secunia.com/advisories/46047/
+ http://www.exploit-db.com/exploits/17858/
+ http://securityreason.com/exploitalert/10856
+ http://www.securelist.com/en/advisories/46047 ";
+
+ script_description(desc);
+ script_summary("Check Remote File Disclosure vulnerability in WordPress Filedownload Plugin");
+ script_category(ACT_ATTACK);
+ script_copyright("Copyright (C) 2011 SecPod");
+ script_family("Web application abuses");
+ script_dependencies("secpod_wordpress_detect_900182.nasl");
+ script_require_ports("Services/www", 80);
+ exit(0);
+}
+
+##
+## The script code starts here
+##
+
+include("http_func.inc");
+include("host_details.inc");
+include("version_func.inc");
+include("http_keepalive.inc");
+
+## Get HTTP Port
+port = get_http_port(default:80);
+if(!port){
+ exit(0);
+}
+
+## Check Host Supports PHP
+if(!can_host_php(port:port)){
+ exit(0);
+}
+
+## Get WordPress Installed Location
+if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
+ exit(0);
+}
+
+## Construct an attack
+url = string(dir, "/wp-content/plugins/filedownload/download.php/?path=" +
+ "../../../wp-config.php");
+
+## Confirm exploit worked properly or not
+if(http_vuln_check(port:port, url:url,pattern:"The base configurations of" +
+ " the WordPress", extra_check:make_list("MySQL settings",
+ "DB_NAME", "DB_USER", "DB_PASSWORD"))) {
+ security_hole(port:port);
+ exit(0);
+}
More information about the Openvas-commits
mailing list