[Openvas-commits] r12142 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Mon Nov 21 11:07:55 CET 2011
Author: jan
Date: 2011-11-21 11:07:50 +0100 (Mon, 21 Nov 2011)
New Revision: 12142
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/scripts/postgresql_detect.nasl
Log:
* scripts/postgresql_detect.nasl: Reworked according to CR#57.
Also reformatted in order to have this script serve as a reference
for remote probe detections.
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2011-11-21 09:58:28 UTC (rev 12141)
+++ trunk/openvas-plugins/ChangeLog 2011-11-21 10:07:50 UTC (rev 12142)
@@ -1,5 +1,11 @@
2011-11-21 Jan-Oliver Wagner <jan-oliver.wagner at greenbone.net>
+ * scripts/postgresql_detect.nasl: Reworked according to CR#57.
+ Also reformatted in order to have this script serve as a reference
+ for remote probe detections.
+
+2011-11-21 Jan-Oliver Wagner <jan-oliver.wagner at greenbone.net>
+
* scripts/gb_java_prdts_detect_lin.nasl: Reworked according to CR#57.
- Replaced script_id() by script_oid() call and moved SCRIPT_OID to top.
- Added cvss_base tag of 0.0.
Modified: trunk/openvas-plugins/scripts/postgresql_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/postgresql_detect.nasl 2011-11-21 09:58:28 UTC (rev 12141)
+++ trunk/openvas-plugins/scripts/postgresql_detect.nasl 2011-11-21 10:07:50 UTC (rev 12142)
@@ -10,8 +10,11 @@
# Updated By: Antu Sanadi <santu at secpod.com> on 2010-03-30
# Modified the regex to detect alpha versions also.
#
+# Updated by: <jan-oliver.wagner at greenbone.net> on 2011-11-21
+# Revsied to comply with Change Request #57.
+#
# Copyright:
-# Copyright (c) 2009 Greenbone Networks GmbH
+# Copyright (c) 2009, 2011 Greenbone Networks GmbH
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
@@ -27,33 +30,29 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
-desc = "
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.100151";
- Overview:
- PostgreSQL, a open source object-relational database system is running at
- this host.
-
- See also:
- http://www.postgresql.org";
-
if (description)
{
- script_id(100151);
- script_version("$Revision$");
- script_tag(name:"last_modification", value:"$Date$");
- script_tag(name:"creation_date", value:"2009-04-23 21:21:19 +0200 (Thu, 23 Apr 2009)");
- script_tag(name:"risk_factor", value:"None");
-
- script_name("PostgreSQL Detection");
-
- script_description(desc);
- script_summary("Check for PostgreSQL");
- script_category(ACT_GATHER_INFO);
- script_family("Service detection");
- script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH");
- script_dependencie("find_service.nes");
- script_require_ports("Services/postgresql", 5432);
- exit(0);
+ script_oid(SCRIPT_OID);
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2009-04-23 21:21:19 +0200 (Thu, 23 Apr 2009)");
+ script_tag(name:"cvss_base", value:"0.0");
+ script_tag(name:"risk_factor", value:"None");
+ script_tag(name:"detection", value:"remote probe");
+ script_name("PostgreSQL Detection");
+ script_description("Detection of PostgreSQL, a open source object-relational
+database system (http://www.postgresql.org).
+
+The script sends a connection request to the server (user:postgres, DB:postgres)
+and attempts to extract the version number from the reply.");
+ script_summary("Check for PostgreSQL");
+ script_category(ACT_GATHER_INFO);
+ script_family("Product detection");
+ script_copyright("This script is Copyright (C) 2009, 2011 Greenbone Networks GmbH");
+ script_require_ports("Services/postgresql", 5432);
+ exit(0);
}
include("cpe.inc");
@@ -62,43 +61,40 @@
include("misc_func.inc");
include("dump.inc");
-## Constant values
-SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.100151";
-SCRIPT_DESC = "PostgreSQL Detection";
-
function bin2string (ddata) {
- local_var tmp, i, j, line, linenumber, len, data, c;
+ local_var tmp, i, j, line, linenumber, len, data, c;
- len = strlen (ddata);
- linenumber = len / 16;
+ len = strlen (ddata);
+ linenumber = len / 16;
- for (i = 0; i <= linenumber; i++)
- {
- line = line2string (line:i, linenumber:len);
- data = "";
+ for (i = 0; i <= linenumber; i++) {
+ line = line2string (line:i, linenumber:len);
+ data = "";
- for (j = 0; j < 16; j++)
- {
- if ( (i*16+j) < len )
- {
- c = ddata[i*16+j];
+ for (j = 0; j < 16; j++) {
+ if ((i*16+j) < len) {
+ c = ddata[i*16+j];
- if (isprint (c:c))
- data += c;
- }
+ if (isprint (c:c))
+ data += c;
+ }
+ }
+ tmp += string (data);
}
-
- tmp += string (data);
- }
-
- return tmp;
+ return tmp;
}
-port = 5432;
-if(!get_tcp_port_state(port))exit(0);
+port = get_kb_item("Services/postgresql");
+if (isnull(port))
+ port = 5432; # Default PostgreSQL port
soc = open_sock_tcp(port);
-if(!soc)exit(0);
+if (!soc) {
+ if (defined_func("error_message"))
+ error_message(port:port,
+ data:"Failed to open socket for port although port was reported open.");
+ exit(-1);
+}
#user: postgres, database: postgres,client_encoding: unicode,
#datestyle: iso
@@ -111,7 +107,12 @@
send(socket:soc, data:req);
res = recv(socket:soc, length:256);
-if (!res || res[0] >!< "(E|R)" )exit(0);
+if (!res || res[0] >!< "(E|R)" ) {
+ # The response was empty or does not match typical PostgrSQL
+ # elements. Therfore it is concluded this is not PostgreSQL
+ # running on this port.
+ exit(0);
+}
dump = bin2string(ddata:res);
b = substr(res, 1, 4);
@@ -128,40 +129,40 @@
"INFO" >< dump ||
"LOG" >< dump
) ||
- dump[0] == "R" && (blen == 8 || blen == 12) )
-{
+ dump[0] == "R" && (blen == 8 || blen == 12)) {
+ if (dump[0] == "R") {
+ version = eregmatch(pattern:"server_version(([0-9.]+)([a-z0-9.]+)?)", string:dump);
- txt = desc;
+ if (!isnull(version[1]) && isnull(version[3])) {
+ vers = version[1];
+ } else if(!isnull(version[2]) && !isnull(version[3])) {
+ vers = version[2] + "." + version[3];
+ }
- if(dump[0] == "R") {
-
- version = eregmatch(pattern:"server_version(([0-9.]+)([a-z0-9.]+)?)", string: dump);
- if(!isnull(version[1]) && isnull(version[3])){
- vers = version[1];
+ if (!isnull(vers)) {
+ set_kb_item(name:"PostgreSQL/Remote/" + port + "/Ver", value:vers);
+ result_txt = 'Detected PostgreSQL Version: ';
+ result_txt += vers;
+ }
}
- else if(!isnull(version[2]) && !isnull(version[3])){
- vers = version[2] + "." + version[3];
- }
+ if (isnull(result_txt))
+ result_txt = 'Detected PostgreSQL: Unknown version';
- if(!isnull(vers))
- {
- set_kb_item(name:"PostgreSQL/Remote/" + port + "/Ver", value: vers);
+ result_txt += '\n\nConcluded from remote probe dump:\n';
+ result_txt += dump;
+ result_txt += '\n';
- ## build cpe and store it as host_detail
- cpe = build_cpe(value: vers, exp:"^([0-9.]+)",base:"cpe:/a:postgresql:postgresql:");
- if(!isnull(cpe))
- register_host_detail(name:"App", value:cpe, nvt:SCRIPT_OID, desc:SCRIPT_DESC);
+ # In case the service wasn't identified before
+ register_service(port:port, proto:"postgresql");
- desc += string("\nPostgreSQL Version '");
- desc += vers;
- desc += string("' was detected on the remote host.\n\n");
- }
- }
+ if (!isnull(vers))
+ cpe = build_cpe(value:vers, exp:"^([0-9.]+)", base:"cpe:/a:postgresql:postgresql:");
+ else
+ cpe = "cpe:/a:postgresql:postgresql";
- register_service(port:port, proto:"postgresql");
- if(report_verbosity > 0) {
- security_note(port:port, data:desc);
- }
+ register_product(cpe:cpe, location:string(port, "/tcp"), nvt:SCRIPT_OID);
+
+ log_message(port:port, data:result_txt);
exit(0);
}
More information about the Openvas-commits
mailing list