[Openvas-commits] r11577 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Wed Sep 7 08:37:03 CEST 2011


Author: veerendragg
Date: 2011-09-07 08:36:57 +0200 (Wed, 07 Sep 2011)
New Revision: 11577

Added:
   trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln_sep11_lin.nasl
   trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln_sep11_macosx.nasl
   trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln_sep11_win.nasl
   trunk/openvas-plugins/scripts/gb_iwork_detect_macosx.nasl
   trunk/openvas-plugins/scripts/gb_knftpd_ftp_srv_mult_cmds_bof_vuln.nasl
   trunk/openvas-plugins/scripts/gb_macosx_iwork_9_1_upd.nasl
   trunk/openvas-plugins/scripts/gb_macosx_su10-007.nasl
   trunk/openvas-plugins/scripts/gb_mongoose_server_put_req_bof_vuln.nasl
   trunk/openvas-plugins/scripts/gb_netsaro_messenger_server_mult_xss_n_csrf_vuln.nasl
   trunk/openvas-plugins/scripts/gb_php_crypt_func_sec_bypass_vuln_win.nasl
   trunk/openvas-plugins/scripts/gb_php_mult_vuln_win_sep11.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/secpod_php_detect_win.nasl
Log:
Added new plugins. Updated to detect older versions.

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2011-09-06 16:33:19 UTC (rev 11576)
+++ trunk/openvas-plugins/ChangeLog	2011-09-07 06:36:57 UTC (rev 11577)
@@ -1,3 +1,21 @@
+2011-08-07  Veerendra G.G <veerendragg at secpod.com>
+
+	* scripts/gb_macosx_su10-007.nasl,
+	scripts/gb_google_chrome_mult_vuln_sep11_lin.nasl,
+	scripts/gb_knftpd_ftp_srv_mult_cmds_bof_vuln.nasl,
+	scripts/gb_iwork_detect_macosx.nasl,
+	scripts/gb_php_mult_vuln_win_sep11.nasl,
+	scripts/gb_netsaro_messenger_server_mult_xss_n_csrf_vuln.nasl,
+	scripts/gb_google_chrome_mult_vuln_sep11_win.nasl,
+	scripts/gb_mongoose_server_put_req_bof_vuln.nasl,
+	scripts/gb_macosx_iwork_9_1_upd.nasl,
+	scripts/gb_google_chrome_mult_vuln_sep11_macosx.nasl,
+	scripts/gb_php_crypt_func_sec_bypass_vuln_win.nasl:
+	Added new plugins.
+
+	* scripts/secpod_php_detect_win.nasl:
+	Updated to detect older versions.
+
 2011-09-06  Michael Meyer <michael.meyer at greenbone.net>
 
 	* scripts/gb_apache_tomcat_detect.nasl:

Added: trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln_sep11_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln_sep11_lin.nasl	2011-09-06 16:33:19 UTC (rev 11576)
+++ trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln_sep11_lin.nasl	2011-09-07 06:36:57 UTC (rev 11577)
@@ -0,0 +1,91 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_google_chrome_mult_vuln_sep11_lin.nasl 16934 2011-09-05 13:29:14 sep $
+#
+# Google Chrome multiple vulnerabilities - September11 (Linux)
+#
+# Authors:
+# Rachana Shetty <srachana at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802327);
+  script_version("$Revision: 1.0$");
+  script_cve_id("CVE-2011-2823", "CVE-2011-2824", "CVE-2011-2825", "CVE-2011-2821",
+                "CVE-2011-2826", "CVE-2011-2826", "CVE-2011-2827", "CVE-2011-2828",
+                "CVE-2011-2829", "CVE-2011-2839");
+  script_bugtraq_id(49279);
+  script_tag(name:"cvss_base", value:"7.5");
+  script_tag(name:"risk_factor", value:"High");
+  script_name("Google Chrome multiple vulnerabilities - September11 (Linux)");
+  desc = "
+  Overview: The host is running Google Chrome and is prone to multiple
+  vulnerabilities.
+
+  Vulnerability Insight:
+  Multiple flaws are due to,
+  - Multiple use-after-free error exists within the handling of features like
+    line boxes, counter nodes, custom fonts and text searching.
+  - A double free error exists in libxml when handling XPath expression.
+  - An error related to empty origins allows attackers to violate the
+    cross-origin policy.
+  - An integer overflow error in uniform arrays.
+  - Improper usage of memset() library function in the PDF implementation.
+
+  Impact:
+  Successful exploitation could allow attackers to execute arbitrary code in
+  the context of the browser, inject scripts, bypass certain security
+  restrictions, or cause a denial-of-service condition.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  Google Chrome version prior to 13.0.782.215 on Linux.
+
+  Fix: Upgrade to the Google Chrome 13.0.782.215 or later,
+  For updates refer, http://www.google.com/chrome
+
+  References:
+  http://secunia.com/advisories/45698/
+  http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html ";
+
+  script_description(desc);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_summary("Check the version of Google Chrome");
+  script_category(ACT_GATHER_INFO);
+  script_family("General");
+  script_dependencies("gb_google_chrome_detect_lin.nasl");
+  script_require_keys("Google-Chrome/Linux/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get the version from KB
+chromeVer = get_kb_item("Google-Chrome/Linux/Ver");
+if(!chromeVer){
+  exit(0);
+}
+
+## Check for Google Chrome Version less than 13.0.782.215
+if(version_is_less(version:chromeVer, test_version:"13.0.782.215")){
+  security_hole(0);
+}

Added: trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln_sep11_macosx.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln_sep11_macosx.nasl	2011-09-06 16:33:19 UTC (rev 11576)
+++ trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln_sep11_macosx.nasl	2011-09-07 06:36:57 UTC (rev 11577)
@@ -0,0 +1,90 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_google_chrome_mult_vuln_sep11_macosx.nasl 16934 2011-09-05 14:29:14 sep $
+#
+# Google Chrome multiple vulnerabilities - September11 (Mac OS X)
+#
+# Authors:
+# Rachana Shetty <srachana at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802328);
+  script_version("$Revision: 1.0$");
+  script_cve_id("CVE-2011-2823", "CVE-2011-2824", "CVE-2011-2825", "CVE-2011-2821",
+                "CVE-2011-2826", "CVE-2011-2826", "CVE-2011-2827", "CVE-2011-2828",
+                "CVE-2011-2829");
+  script_bugtraq_id(49279);
+  script_tag(name:"cvss_base", value:"7.5");
+  script_tag(name:"risk_factor", value:"High");
+  script_name("Google Chrome multiple vulnerabilities - September11 (Mac OS X)");
+  desc = "
+  Overview: The host is running Google Chrome and is prone to multiple
+  vulnerabilities.
+
+  Vulnerability Insight:
+  Multiple flaws are due to,
+  - Multiple use-after-free error exists within the handling of features like
+    line boxes, counter nodes, custom fonts and text searching.
+  - A double free error exists in libxml when handling XPath expression.
+  - An error related to empty origins allows attackers to violate the
+    cross-origin policy.
+  - An integer overflow error in uniform arrays.
+
+  Impact:
+  Successful exploitation could allow attackers to execute arbitrary code in
+  the context of the browser, inject scripts, bypass certain security
+  restrictions, or cause a denial-of-service condition.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  Google Chrome version prior to 13.0.782.215 on Mac OS X.
+
+  Fix: Upgrade to the Google Chrome 13.0.782.215 or later,
+  For updates refer, http://www.google.com/chrome
+
+  References:
+  http://secunia.com/advisories/45698/
+  http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html ";
+
+  script_description(desc);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_summary("Check the version of Google Chrome");
+  script_category(ACT_GATHER_INFO);
+  script_family("General");
+  script_dependencies("gb_google_chrome_detect_macosx.nasl");
+  script_require_keys("GoogleChrome/MacOSX/Version");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get the version from KB
+chromeVer = get_kb_item("GoogleChrome/MacOSX/Version");
+if(!chromeVer){
+  exit(0);
+}
+
+## Check for Google Chrome Version less than 13.0.782.215
+if(version_is_less(version:chromeVer, test_version:"13.0.782.215")){
+  security_hole(0);
+}

Added: trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln_sep11_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln_sep11_win.nasl	2011-09-06 16:33:19 UTC (rev 11576)
+++ trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln_sep11_win.nasl	2011-09-07 06:36:57 UTC (rev 11577)
@@ -0,0 +1,91 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_google_chrome_mult_vuln_sep11_win.nasl 16934 2011-09-05 12:29:14 sep $
+#
+# Google Chrome multiple vulnerabilities - September11 (Windows)
+#
+# Authors:
+# Rachana Shetty <srachana at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802326);
+  script_version("$Revision: 1.0$");
+  script_cve_id("CVE-2011-2822", "CVE-2011-2823", "CVE-2011-2824", "CVE-2011-2825",
+                "CVE-2011-2821", "CVE-2011-2826", "CVE-2011-2806", "CVE-2011-2827",
+                "CVE-2011-2828", "CVE-2011-2829");
+  script_tag(name:"cvss_base", value:"7.5");
+  script_tag(name:"risk_factor", value:"High");
+  script_name("Google Chrome multiple vulnerabilities - September11 (Windows)");
+  desc = "
+  Overview: The host is running Google Chrome and is prone to multiple
+  vulnerabilities.
+
+  Vulnerability Insight:
+  Multiple flaws are due to,
+  - URL parsing error when located on the command line.
+  - Multiple use-after-free error exists within the handling of features like
+    line boxes, counter nodes, custom fonts and text searching.
+  - A double free error exists in libxml when handling XPath expression.
+  - Memory corruption error when handling certain vertex data.
+  - An error related to empty origins allows attackers to violate the
+    cross-origin policy.
+  - An integer overflow error in uniform arrays.
+
+  Impact:
+  Successful exploitation could allow attackers to execute arbitrary code in
+  the context of the browser, inject scripts, bypass certain security
+  restrictions, or cause a denial-of-service condition.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  Google Chrome version prior to 13.0.782.215 on Windows.
+
+  Fix: Upgrade to the Google Chrome 13.0.782.215 or later,
+  For updates refer, http://www.google.com/chrome
+
+  References:
+  http://secunia.com/advisories/45698/
+  http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html ";
+
+  script_description(desc);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_summary("Check the version of Google Chrome");
+  script_category(ACT_GATHER_INFO);
+  script_family("General");
+  script_dependencies("gb_google_chrome_detect_win.nasl");
+  script_require_keys("GoogleChrome/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get the version from KB
+chromeVer = get_kb_item("GoogleChrome/Win/Ver");
+if(!chromeVer){
+  exit(0);
+}
+
+## Check for Google Chrome Version less than 13.0.782.215
+if(version_is_less(version:chromeVer, test_version:"13.0.782.215")){
+  security_hole(0);
+}

Added: trunk/openvas-plugins/scripts/gb_iwork_detect_macosx.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_iwork_detect_macosx.nasl	2011-09-06 16:33:19 UTC (rev 11576)
+++ trunk/openvas-plugins/scripts/gb_iwork_detect_macosx.nasl	2011-09-07 06:36:57 UTC (rev 11577)
@@ -0,0 +1,89 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_iwork_detect_macosx.nasl 16497 2011-08-30 11:20:50Z aug $
+#
+# iWork Version Detection (Mac OS X)
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802145);
+  script_version("$Revision: 1.0$");
+  script_tag(name:"risk_factor", value:"None");
+  script_name("iWork Version Detection (Mac OS X)");
+  desc = "
+  Overview: This script finds the installed product version of iWork and sets
+  the result in KB ";
+
+  script_description(desc);
+  script_summary("Set the version of of iWork in KB");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_dependencies("gather-package-list.nasl");
+  script_family("Service detection");
+  exit(0);
+}
+
+
+include("ssh_func.inc");
+include("version_func.inc");
+
+## Checking OS
+sock = ssh_login_or_reuse_connection();
+if(!sock){
+  exit(0);
+}
+
+## Checking for Mac OS X
+if(!get_kb_item("ssh/login/osx_name")){
+   exit(0);
+}
+
+## Get the iWork version
+## For iWork, version is taken from any of its 3 components Keynote, Pages
+## and Numbers. Taking version from Keynote Component
+## Refer below wiki link for version mapping
+## http://en.wikipedia.org/wiki/IWork
+
+foreach ver (make_list("09","08", "07","06"))
+{
+  iworkVer = chomp(ssh_cmd(socket:sock, cmd:"defaults read /Applications/" +
+                 "iWork\ \'"+ ver +"/Keynote.app/Contents/Info " +
+                 "CFBundleShortVersionString"));
+
+  if("does not exist" >!< iworkVer){
+    break;
+  }
+}
+
+## Close Socket
+close(sock);
+
+## Exit if version not found
+if(isnull(iworkVer) || "does not exist" >< iworkVer){
+  exit(0);
+}
+
+## Set the version in KB
+set_kb_item(name: "Apple/iWork/Keynote/MacOSX/Version", value:iworkVer);
+security_note(data:"Apple iWork keynote version " + iworkVer +
+                  " was detected on this host");

Added: trunk/openvas-plugins/scripts/gb_knftpd_ftp_srv_mult_cmds_bof_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_knftpd_ftp_srv_mult_cmds_bof_vuln.nasl	2011-09-06 16:33:19 UTC (rev 11576)
+++ trunk/openvas-plugins/scripts/gb_knftpd_ftp_srv_mult_cmds_bof_vuln.nasl	2011-09-07 06:36:57 UTC (rev 11577)
@@ -0,0 +1,133 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_knftpd_ftp_srv_mult_cmds_bof_vuln.nasl 16989 2011-09-06 17:10:17Z sep $
+#
+# KnFTPd FTP Server Multiple Commands Remote Buffer Overflow Vulnerabilities
+#
+# Authors:
+# Veerendra G.G <veernedragg at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802034);
+  script_version("$Revision: 1.0 $");
+  script_bugtraq_id(49427);
+  script_tag(name:"cvss_base", value:"8.5");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_name("KnFTPd FTP Server Multiple Commands Remote Buffer Overflow Vulnerabilities");
+  desc = "
+  Overview: The host is running KnFTPd Server and is prone to multiple buffer
+  overflow vulnerabilities.
+
+  Vulnerability Insight:
+  The flaws are caused due to an error while processing the multiple commands,
+  which can be exploited to cause a buffer overflow by sending a command with
+  specially-crafted an overly long parameter.
+
+  Impact:
+  Successful exploitation will allow remote attackers to execute arbitrary code
+  on the system or cause the application to crash.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  KnFTPd Server Version 1.0.0
+
+  Fix: No solution or patch is available as on 6th September, 2011. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://sourceforge.net/projects/knftp
+
+  References:
+  http://www.securityfocus.com/archive/1/519498
+  http://xforce.iss.net/xforce/xfdb/69557
+  http://packetstormsecurity.org/files/view/104731
+  ";
+  script_description(desc);
+  script_summary("Determine if KnFTPd Server is prone to buffer overflow vulnerabilities");
+  script_category(ACT_DENIAL);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("FTP");
+  script_require_ports("Services/ftp", 21);
+  exit(0);
+}
+
+##
+## The script code starts here
+##
+include("ftp_func.inc");
+
+## Get the default FTP port
+port = get_kb_item("Services/ftp");
+if(!port){
+  port = 21;
+}
+
+## Check FTP Port Status
+if(!get_port_state(port)){
+  exit(0);
+}
+
+## Confirm the application with FTP banner
+banner = get_ftp_banner(port:port);
+if("220 FTP Server ready" >!< banner){
+  exit(0);
+}
+
+## Open TCP Socket
+soc = open_sock_tcp(port);
+if(!soc) {
+  exit(0);
+}
+
+## Confirm the application once again with the response
+send(socket:soc, data:"OVTest");
+resp =  recv(socket:soc, length:1024);
+if("502 OVTest not found." >!< resp){
+  exit(0);
+}
+
+## Send USER command with huge parameter
+attack = string("USER ", crap(data: "A", length: 700), "\r\n");
+send(socket:soc, data:attack);
+
+## Close FTP socket
+ftp_close(socket:soc);
+
+## Sleep for 2 sec
+sleep(2);
+
+## Open TCP Socket
+soc1 = open_sock_tcp(port);
+if(!soc1) {
+  security_hole(port:port);
+  exit(0);
+}
+
+## Receive data from server
+resp =  recv(socket:soc1, length:1024);
+
+## Close FTP socket
+ftp_close(socket:soc1);
+
+## Confirm FTP Server is still alive and responding
+if("220 FTP Server ready" >!< resp){
+  security_hole(port:port);
+  exit(0);
+}

Added: trunk/openvas-plugins/scripts/gb_macosx_iwork_9_1_upd.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_macosx_iwork_9_1_upd.nasl	2011-09-06 16:33:19 UTC (rev 11576)
+++ trunk/openvas-plugins/scripts/gb_macosx_iwork_9_1_upd.nasl	2011-09-07 06:36:57 UTC (rev 11577)
@@ -0,0 +1,86 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_macosx_iwork_9_1_upd.nasl 16497 2011-08-23 15:29:14 aug $
+#
+# Apple Mac OS X iWork 9.1 Update
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802146);
+  script_version("$Revision: 1.0$");
+  script_cve_id("CVE-2010-3785", "CVE-2010-3786", "CVE-2011-1417");
+  script_bugtraq_id(44812, 44799, 46832);
+  script_tag(name:"cvss_base", value:"6.8");
+  script_tag(name:"risk_factor", value:"High");
+  script_name("Apple Mac OS X iWork 9.1 Update");
+  desc = "
+  Overview: This host has important security update missing according to
+  Mac OS X iWork 9.1 Update.
+
+  Vulnerability Insight:
+  The flaws are caused due to,
+  - a buffer overflow error, while handling the 'Excel' files.
+  - a memory corruption issue, while handling the 'Excel' files and Microsoft
+    Word documents.
+
+  Impact:
+  Successful exploitation could allow attackers to opening a maliciously
+  crafted files, which leads to an unexpected application termination or
+  arbitrary code execution.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  Mac OS X iwork version 9.0 through 9.0.5
+
+  Fix: Apply the update from below link
+  For updates refer, http://support.apple.com/downloads/DL1097/en_US/iWork9.1Update.dmg
+
+  References:
+  http://support.apple.com/kb/HT4684
+  http://lists.apple.com/archives/security-announce//2011//Jul/msg00003.html ";
+
+  script_description(desc);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_summary("Checks for Mac OS X iWork 9.1 Update");
+  script_category(ACT_GATHER_INFO);
+  script_family("Mac OS X Local Security Checks");
+  script_dependencies("secpod_iwork_detect_macosx.nasl");
+  script_require_ports("Apple/iWork/Keynote/MacOSX/Version");
+  exit(0);
+}
+
+include("version_func.inc");
+
+iworkVer = get_kb_item("Apple/iWork/Keynote/MacOSX/Version");
+if(!iworkVer){
+  exit(0);
+}
+
+## Refer below wiki link for version mapping
+## http://en.wikipedia.org/wiki/IWork
+## After installing the update, keynote version will gets update
+## Check for iWork keynote version
+if(version_in_range(version:iworkVer, test_version:"5.0", test_version2:"5.0.5")){
+  security_hole(0);
+}

Added: trunk/openvas-plugins/scripts/gb_macosx_su10-007.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_macosx_su10-007.nasl	2011-09-06 16:33:19 UTC (rev 11576)
+++ trunk/openvas-plugins/scripts/gb_macosx_su10-007.nasl	2011-09-07 06:36:57 UTC (rev 11577)
@@ -0,0 +1,195 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_macosx_su10-007.nasl 16497 2011-09-05 17:29:14 sep $
+#
+# Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802144);
+  script_version("$Revision: 1.0$");
+  script_cve_id("CVE-2010-1828", "CVE-2010-1829", "CVE-2010-1830", "CVE-2009-0796",
+                "CVE-2010-0408", "CVE-2010-0434", "CVE-2010-1842", "CVE-2010-1831",
+                "CVE-2010-1832", "CVE-2010-1833", "CVE-2010-4010", "CVE-2010-1752",
+                "CVE-2010-1834", "CVE-2010-1836", "CVE-2010-1837", "CVE-2010-2941",
+                "CVE-2010-1838", "CVE-2010-1840", "CVE-2010-0105", "CVE-2010-1841",
+                "CVE-2008-4546", "CVE-2009-3793", "CVE-2010-0209", "CVE-2010-1297",
+                "CVE-2010-2160", "CVE-2010-2161", "CVE-2010-2162", "CVE-2010-2163",
+                "CVE-2010-2164", "CVE-2010-2165", "CVE-2010-2166", "CVE-2010-2167",
+                "CVE-2010-2169", "CVE-2010-2170", "CVE-2010-2171", "CVE-2010-2172",
+                "CVE-2010-2173", "CVE-2010-2174", "CVE-2010-2175", "CVE-2010-2176",
+                "CVE-2010-2177", "CVE-2010-2178", "CVE-2010-2179", "CVE-2010-2180",
+                "CVE-2010-2181", "CVE-2010-2182", "CVE-2010-2183", "CVE-2010-2184",
+                "CVE-2010-2185", "CVE-2010-2186", "CVE-2010-2187", "CVE-2010-2189",
+                "CVE-2010-2188", "CVE-2010-2213", "CVE-2010-2214", "CVE-2010-2215",
+                "CVE-2010-2216", "CVE-2010-2884", "CVE-2010-3636", "CVE-2010-3638",
+                "CVE-2010-3639", "CVE-2010-3640", "CVE-2010-3641", "CVE-2010-3642",
+                "CVE-2010-3643", "CVE-2010-3644", "CVE-2010-3645", "CVE-2010-3646",
+                "CVE-2010-3647", "CVE-2010-3648", "CVE-2010-3649", "CVE-2010-3650",
+                "CVE-2010-3652", "CVE-2010-3654", "CVE-2010-3976", "CVE-2010-0001",
+                "CVE-2009-2624", "CVE-2010-1844", "CVE-2010-1845", "CVE-2010-1811",
+                "CVE-2010-1846", "CVE-2010-1847", "CVE-2010-1848", "CVE-2010-1849",
+                "CVE-2010-1850", "CVE-2009-2473", "CVE-2009-2474", "CVE-2010-1843",
+                "CVE-2010-0211", "CVE-2010-0212", "CVE-2010-1378", "CVE-2010-3783",
+                "CVE-2010-0397", "CVE-2010-2531", "CVE-2010-2484", "CVE-2010-3784",
+                "CVE-2009-4134", "CVE-2010-1449", "CVE-2010-1450", "CVE-2010-3785",
+                "CVE-2010-3786", "CVE-2010-3787", "CVE-2010-3788", "CVE-2010-3789",
+                "CVE-2010-3790", "CVE-2010-3791", "CVE-2010-3792", "CVE-2010-3793",
+                "CVE-2010-3794", "CVE-2010-3795", "CVE-2010-3796", "CVE-2010-1803",
+                "CVE-2010-3797", "CVE-2010-0205", "CVE-2010-3798", "CVE-2009-0946",
+                "CVE-2010-2497", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500",
+                "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2805", "CVE-2010-2806",
+                "CVE-2010-2807", "CVE-2010-2808", "CVE-2010-3053", "CVE-2010-3054",
+                "CVE-2011-1417", "CVE-2010-1205", "CVE-2010-2249", "CVE-2011-1290",
+                "CVE-2011-1344");
+  script_bugtraq_id(44812, 44799, 46832, 46849, 46822, 41174, 44803, 44832,
+                    44802, 44805, 44729, 41049, 44811, 44806, 44808, 44530,
+                    31537, 40809, 42363, 40586, 40779, 40781, 40801, 40803,
+                    40780, 40782, 40783, 40802, 40807, 40789, 40784, 40795,
+                    40800, 40805, 40785, 40787, 40788, 40790, 40808, 40791,
+                    40792, 40794, 40793, 40796, 40806, 40786, 40797, 40799,
+                    40798, 42364, 49303, 42361, 42362, 43205, 44691, 44693,
+                    44692, 44675, 44677, 44678, 44679, 44680, 44681, 44682,
+                    44683, 44684, 44685, 44686, 44687, 44504, 44671, 37886,
+                    37888, 44813, 44819, 43076, 44822, 44840, 40109, 40100,
+                    40106, 36080, 36079, 44784, 41770, 44831, 41770, 44833,
+                    38708, 41991, 44835, 44794, 44792, 44790, 44789, 44794,
+                    44792, 44814, 44834, 44829, 38478, 44828, 34550, 41663,
+                    42285, 42624, 42621, 46832, 41174, 46849, 46822);
+  script_tag(name:"cvss_base", value:"10.0");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_name("Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)");
+  desc = "
+  Overview: This host has important security update missing according to
+  Mac OS X 10.6.5 Update/Mac OS X Security Update 2010-007
+
+  Vulnerability Insight:
+  For more information on the vulnerabilities refer to the links below.
+
+  Impact:
+  Successful exploitation could allow attackers to execute arbitrary code in
+  the context of the browser, obtain potentially sensitive information or cause
+  a denial-of-service condition.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  AFP Server
+  Apache mod_perl
+  Apache
+  AppKit
+  ATS
+  CFNetwork
+  CoreGraphics
+  CoreText
+  CUPS
+  Flash Player plug-in
+  gzip
+  Image Capture
+  ImageIO
+  Image RAW
+  MySQL
+  neon
+  OpenLDAP
+  OpenSSL
+  Password Server
+  PHP
+  python
+  Apple iWork
+  Apple Safari
+  Apple iTunes
+  QuickLook
+  QuickTime
+  Wiki Server
+  xar
+  X11
+  Time Machine
+  WebKit Open Source
+
+  Fix: Run Mac Updates and update the Security Update 2010-007
+  For updates refer, http://support.apple.com/kb/HT4435
+
+  References:
+  http://support.apple.com/kb/HT4435
+  http://www.securitytracker.com/id?1024723
+  http://lists.apple.com/archives/security-announce//2011//Jul/msg00003.html
+  http://lists.apple.com/archives/security-announce//2011//Mar/msg00000.html
+  http://lists.apple.com/archives/security-announce//2011//Apr/msg00004.html ";
+
+  script_description(desc);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_summary("Checks for existence of Mac OS X Security Update 2010-007");
+  script_category(ACT_GATHER_INFO);
+  script_family("Mac OS X Local Security Checks");
+  script_dependencies("gather-package-list.nasl");
+  script_require_ports("Services/ssh", 22);
+  exit(0);
+}
+
+
+include("pkg-lib-macosx.inc");
+include("version_func.inc");
+
+## Get the OS name
+osName = get_kb_item("ssh/login/osx_name");
+if(!osName){
+  exit (0);
+}
+
+## Get the OS Version
+osVer = get_kb_item("ssh/login/osx_version");
+if(!osVer){
+ exit(0);
+}
+
+## Check for the Mac OS X
+if("Mac OS X" >< osName && "Server" >!< osName)
+{
+  ## Check the affected OS versions
+  if(version_is_less_equal(version:osVer, test_version:"10.5.8") ||
+     version_in_range(version:osVer, test_version:"10.6.0", test_version2:"10.6.4"))
+  {
+    ## Check for the security update 2010.007
+    if(isosxpkgvuln(fixed:"com.apple.pkg.update.security.", diff:"2010.007"))
+    {
+      security_hole(0);
+      exit(0);
+    }
+  }
+}
+
+##  Check for the Mac OS X Server
+if("Mac OS X Server" >< osName)
+{
+  ## Check the affected OS versions
+  if(version_is_less_equal(version:osVer, test_version:"10.5.8") ||
+     version_in_range(version:osVer, test_version:"10.6", test_version2:"10.6.4"))
+  {
+    ## Check for the security update 2010.007
+    if(isosxpkgvuln(fixed:"com.apple.pkg.update.security.", diff:"2010.007"))
+    {
+      security_hole(0);
+      exit(0);
+    }
+  }
+}

Added: trunk/openvas-plugins/scripts/gb_mongoose_server_put_req_bof_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_mongoose_server_put_req_bof_vuln.nasl	2011-09-06 16:33:19 UTC (rev 11576)
+++ trunk/openvas-plugins/scripts/gb_mongoose_server_put_req_bof_vuln.nasl	2011-09-07 06:36:57 UTC (rev 11577)
@@ -0,0 +1,102 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_mongoose_server_put_req_bof_vuln.nasl 16601 2011-08-11 19:29:24Z aug $
+#
+# Mongoose Web Server Remote Buffer Overflow Vulnerability
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802139);
+  script_version("$Revision: 1.0$");
+  script_cve_id("CVE-2011-2900");
+  script_bugtraq_id(48980);
+  script_tag(name:"cvss_base", value:"5.0");
+  script_tag(name:"risk_factor", value:"Medium");
+  script_name("Mongoose Web Server Remote Buffer Overflow Vulnerability");
+  desc = "
+  Overview: The host is running Mongoose Web Server and is prone to remote
+  buffer overflow vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused due to an error in the 'put_dir()' function (mongoose.c)
+  when processing HTTP PUT web requests. This can be exploited to cause an
+  assertion error or a stack-based buffer overflow.
+
+  Impact:
+  Successful exploitation will allow remote attackers to execute arbitrary code
+  within the context of the affected application. Failed exploit attempts will
+  result in a denial-of-service condition.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  Mongoose Web Server version 3.0
+
+  Fix: No solution or patch is available as on 11th august, 2011. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://code.google.com/p/mongoose/
+
+  References:
+  http://secunia.com/advisories/45464
+  http://xforce.iss.net/xforce/xfdb/68991
+  http://www.openwall.com/lists/oss-security/2011/08/03/5 ";
+
+  script_description(desc);
+  script_summary("Check if Mongoose Web Serveris vulnerable to BOF");
+  script_category(ACT_ATTACK);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("Web Servers");
+  script_dependencies("find_service.nes");
+  script_require_ports("Services/www", 80, 8080);
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("http_keepalive.inc");
+
+## Get the port
+port = get_http_port(default:8080);
+if(!get_port_state(port)){
+  exit(0);
+}
+
+## Get the banner
+banner = get_http_banner(port:port);
+if(!banner || "Server:" >< banner){
+  exit(0);
+}
+
+## Construct attack request
+req = string('PUT /exp/put.cgi HTTP/1.1\r\n',
+             'Host: ', get_host_name(), '\r\n',
+             'Content-Length: -2147483648\r\n\r\n');
+
+## Send crafted Request
+res = http_send_recv(port:port, data:req);
+res = http_send_recv(port:port, data:req);
+
+## Confirm  exploit worked by checking port state
+if(http_is_dead(port:port)){
+  security_hole(port);
+}

Added: trunk/openvas-plugins/scripts/gb_netsaro_messenger_server_mult_xss_n_csrf_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_netsaro_messenger_server_mult_xss_n_csrf_vuln.nasl	2011-09-06 16:33:19 UTC (rev 11576)
+++ trunk/openvas-plugins/scripts/gb_netsaro_messenger_server_mult_xss_n_csrf_vuln.nasl	2011-09-07 06:36:57 UTC (rev 11577)
@@ -0,0 +1,109 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_netsaro_messenger_server_mult_xss_n_csrf_vuln.nasl 16993 2011-09-06 15:57:29Z sep $
+#
+# NetSaro Enterprise Messenger Multiple XSS and CSRF Vulnerabilities
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801971);
+  script_version("$Revision: 1.0$");
+  script_tag(name:"cvss_base", value:"4.3");
+  script_tag(name:"risk_factor", value:"Medium");
+  script_name("NetSaro Enterprise Messenger Multiple XSS and CSRF Vulnerabilities");
+  desc = "
+  Overview: The host is running NetSaro Enterprise Messenger Server and is
+  prone to multiple cross-site scripting and cross-site request forgery
+  vulnerabilities.
+
+  Vulnerability Insight:
+  Multiple flaws are exists as the user supplied input received via various
+  parameters is not properly sanitized. This can be exploited by submitting
+  specially crafted input to the affected software.
+
+  Impact:
+  Successful exploitation could allow remote attackers to execute arbitrary
+  script code within the users browser session in the security context of the
+  target site and the attacker could gain access to users cookies (including
+  authentication cookies).
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  NetSaro Enterprise Messenger Server version 2.0 and prior.
+
+  Fix: No solution/patch is available as on 06th September, 2011. Information
+  regarding this issue will updated once the solution details are available.
+  For updates refer, http://www.netsaro.com/
+
+  References:
+  http://www.1337day.com/exploits/16809
+  http://www.exploit-db.com/exploits/17766/ ";
+
+  script_description(desc);
+  script_summary("Check for cross-site scripting vulnerability in NetSaro Enterprise Messenger Server");
+  script_category(ACT_ATTACK);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("General");
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("http_keepalive.inc");
+
+## Check for the default port
+port = get_http_port(default:4990);
+if(!port){
+  port = 4990;
+}
+
+## Check port status
+if(!get_port_state(port)){
+  exit(0);
+}
+
+## Send the request and receive response
+sndReq = http_get(item:"/", port:port);
+rcvRes = http_keepalive_send_recv(port:port, data:sndReq);
+
+## Confirm the server
+if("<title>NetSaro Administration Console</title>" >< rcvRes)
+{
+  ## Construct the crafted request
+  authVariables = "username=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document"+
+                  ".cookie%29%3C%2Fscript%3E&password=&login=Log+In&postback="+
+                  "postback";
+
+  sndReq1 = string("POST /login.nsp HTTP/1.1\r\n",
+                   "Host: ", get_host_name(), "\r\n",
+                   "Content-Type: application/x-www-form-urlencoded\r\n",
+                   "Content-Length: ", strlen(authVariables), "\r\n\r\n",
+                    authVariables);
+  rcvRes1 = http_send_recv(port:port, data:sndReq1);
+
+  ## Check for the response and confirm the exploit
+  if("></script><script>alert(document.cookie)</script>" >< rcvRes1){
+    security_warning(port);
+  }
+}

Added: trunk/openvas-plugins/scripts/gb_php_crypt_func_sec_bypass_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_php_crypt_func_sec_bypass_vuln_win.nasl	2011-09-06 16:33:19 UTC (rev 11576)
+++ trunk/openvas-plugins/scripts/gb_php_crypt_func_sec_bypass_vuln_win.nasl	2011-09-07 06:36:57 UTC (rev 11577)
@@ -0,0 +1,84 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_php_crypt_func_sec_bypass_vuln_win.nasl 16883 2011-09-06 15:42:56Z sep $
+#
+# PHP 'crypt()' Function Security Bypass Vulnerability
+#
+# Authors:
+# Rachana Shetty <srachana at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802329);
+  script_version("$Revision: 1.0$");
+  script_cve_id("CVE-2011-3189");
+  script_bugtraq_id(48259);
+  script_tag(name:"cvss_base", value:"4.3");
+  script_tag(name:"risk_factor", value:"Medium");
+  script_name("PHP 'crypt()' Function Security Bypass Vulnerability");
+  desc = "
+  Overview: This host is running PHP and is prone to security bypass
+  vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused due to an error in 'crypt()' function which returns the
+  salt value instead of hash value when executed with MD5 hash, which allows
+  attacker to bypass authentication via an arbitrary password.
+
+  Impact:
+  Successful exploitation could allow remote attackers to bypass authentication
+  via an arbitrary password.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  PHP version 5.3.7
+
+  Fix: Upgrade to PHP version 5.3.8 or later.
+  For updates refer, http://www.php.net/downloads.php
+
+  References:
+  http://osvdb.org/show/osvdb/74726
+  http://secunia.com/advisories/45678
+  http://www.php.net/archive/2011.php#id2011-08-22-1 ";
+
+  script_description(desc);
+  script_summary("Check for the version of PHP");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("General");
+  script_dependencies("secpod_php_detect_win.nasl");
+  script_require_keys("PHP/Ver/win");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get version from KB
+phpVer = get_kb_item("PHP/Ver/win");
+
+if(phpVer != NULL)
+{
+  ##To check PHP version equal to 5.3.7
+  if(version_is_equal(version:phpVer, test_version:"5.3.7")){
+    security_warning(0);
+  }
+}

Added: trunk/openvas-plugins/scripts/gb_php_mult_vuln_win_sep11.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_php_mult_vuln_win_sep11.nasl	2011-09-06 16:33:19 UTC (rev 11576)
+++ trunk/openvas-plugins/scripts/gb_php_mult_vuln_win_sep11.nasl	2011-09-07 06:36:57 UTC (rev 11577)
@@ -0,0 +1,89 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_php_mult_vuln_win_sep11.nasl 16883 2011-09-06 15:42:56Z sep $
+#
+# PHP Multiple Vulnerabilities (Windows) - Sep 2011
+#
+# Authors:
+# Rachana Shetty <srachana at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802330);
+  script_version("$Revision: 1.0$");
+  script_cve_id("CVE-2011-2483", "CVE-2011-1657", "CVE-2011-3182", "CVE-2011-3267",
+                "CVE-2011-3268");
+  script_bugtraq_id(49241, 49252);
+  script_tag(name:"cvss_base", value:"10.0");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_name("PHP Multiple Vulnerabilities (Windows) - Sep 2011");
+  desc = "
+  Overview: This host is running PHP and is prone to multiple vulnerabilities.
+
+  Vulnerability Insight:
+  Multiple flaws are due to,
+  - Improper handling of passwords with 8-bit characters by 'crypt_blowfish'
+    function.
+  - An error in 'ZipArchive::addGlob' and 'ZipArchive::addPattern' functions
+    in ext/zip/php_zip.c file allows remote attackers to cause denial of
+    service via certain flags arguments.
+  - Improper validation of the return values of the malloc, calloc and realloc
+    library functions.
+  - Improper implementation of the error_log function.
+
+  Impact:
+  Successful exploitation allows remote attackers to execute arbitrary code,
+  obtain sensitive information or cause a denial of service.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  PHP version prior to 5.3.7
+
+  Fix: Upgrade to PHP version 5.3.8 or later.
+  For updates refer, http://www.php.net/downloads.php
+
+  References:
+  http://secunia.com/advisories/44874/
+  http://www.php.net/archive/2011.php#id2011-08-18-1 ";
+
+  script_description(desc);
+  script_summary("Check for the version of PHP");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("General");
+  script_dependencies("secpod_php_detect_win.nasl");
+  script_require_keys("PHP/Ver/win");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get version from KB
+phpVer = get_kb_item("PHP/Ver/win");
+
+if(phpVer != NULL)
+{
+  ##To check PHP version prior to 5.3.7
+  if(version_is_less(version:phpVer, test_version:"5.3.7")){
+    security_hole(0);
+  }
+}

Modified: trunk/openvas-plugins/scripts/secpod_php_detect_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_php_detect_win.nasl	2011-09-06 16:33:19 UTC (rev 11576)
+++ trunk/openvas-plugins/scripts/secpod_php_detect_win.nasl	2011-09-07 06:36:57 UTC (rev 11577)
@@ -7,6 +7,9 @@
 # Authors:
 # Antu Sanadi <santu at secpod.com>
 #
+# Updated By : Rachana Shetty <srachana at secpod.com> on 2011-09-06
+# Updated to detect old versions.
+#
 # Copyright:
 # Copyright (c) 2011 SecPod, http://www.secpod.com
 #
@@ -47,6 +50,7 @@
 
 
 include("smb_nt.inc");
+include("secpod_smb_func.inc");
 
 ## Confirm Windows
 if(!get_kb_item("SMB/WindowsVersion")){
@@ -62,6 +66,25 @@
 ## Get PHP version
 phpVer = registry_get_sz(key:key, item:"version");
 
+##Get PHP version for old version
+if(!phpVer)
+{
+  key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
+  if(!registry_key_exists(key:key)){
+    exit(0);
+  }
+
+  foreach item (registry_enum_keys(key:key))
+  {
+    phpName = registry_get_sz(key:key + item, item:"DisplayName");
+
+    if("PHP" >< phpName)
+    {
+      phpVer = registry_get_sz(key:key + item, item:"DisplayVersion");
+    }
+  }
+}
+
 if(phpVer != NULL)
 {
   ## Set PHP version in KB



More information about the Openvas-commits mailing list