[Openvas-commits] r11625 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Fri Sep 16 17:22:21 CEST 2011
Author: veerendragg
Date: 2011-09-16 17:22:17 +0200 (Fri, 16 Sep 2011)
New Revision: 11625
Added:
trunk/openvas-plugins/scripts/gb_RHSA-2011_1282-01_nss_and_nspr.nasl
trunk/openvas-plugins/scripts/gb_RHSA-2011_1294-01_httpd.nasl
trunk/openvas-plugins/scripts/gb_cms_faethon_sql_inj_vuln.nasl
trunk/openvas-plugins/scripts/gb_esignal_detect.nasl
trunk/openvas-plugins/scripts/gb_esignal_mult_vuln.nasl
trunk/openvas-plugins/scripts/gb_fedora_2011_11189_hplip_fc15.nasl
trunk/openvas-plugins/scripts/gb_fedora_2011_11594_phpMyAdmin_fc14.nasl
trunk/openvas-plugins/scripts/gb_fedora_2011_11630_phpMyAdmin_fc15.nasl
trunk/openvas-plugins/scripts/gb_fedora_2011_11936_ecryptfs-utils_fc15.nasl
trunk/openvas-plugins/scripts/gb_fedora_2011_11979_ecryptfs-utils_fc14.nasl
trunk/openvas-plugins/scripts/gb_fedora_2011_12131_roundcubemail_fc15.nasl
trunk/openvas-plugins/scripts/gb_fedora_2011_12275_firefox_fc14.nasl
trunk/openvas-plugins/scripts/gb_fedora_2011_12275_galeon_fc14.nasl
trunk/openvas-plugins/scripts/gb_fedora_2011_12275_gnome-python2-extras_fc14.nasl
trunk/openvas-plugins/scripts/gb_fedora_2011_12275_gnome-web-photo_fc14.nasl
trunk/openvas-plugins/scripts/gb_fedora_2011_12275_mozvoikko_fc14.nasl
trunk/openvas-plugins/scripts/gb_fedora_2011_12275_perl-Gtk2-MozEmbed_fc14.nasl
trunk/openvas-plugins/scripts/gb_fedora_2011_12275_thunderbird_fc14.nasl
trunk/openvas-plugins/scripts/gb_fedora_2011_12275_xulrunner_fc14.nasl
trunk/openvas-plugins/scripts/gb_fedora_2011_12282_rsyslog_fc14.nasl
trunk/openvas-plugins/scripts/gb_fedora_2011_12715_httpd_fc15.nasl
trunk/openvas-plugins/scripts/gb_jboss_application_server_mult_vuln.nasl
trunk/openvas-plugins/scripts/gb_manage_engine_servicedesk_plus_auth_bypass_vuln.nasl
trunk/openvas-plugins/scripts/gb_manage_engine_servicedesk_plus_xss_vuln.nasl
trunk/openvas-plugins/scripts/gb_phorum_xss_n_csrf_vuln.nasl
trunk/openvas-plugins/scripts/gb_phorum_xss_vuln.nasl
trunk/openvas-plugins/scripts/gb_simple_machines_forum_session_hijacking_vuln.nasl
trunk/openvas-plugins/scripts/gb_symantec_endpoint_protection_xss_n_csrf_vuln.nasl
trunk/openvas-plugins/scripts/gb_ubuntu_USN_1201_1.nasl
trunk/openvas-plugins/scripts/gb_ubuntu_USN_1202_1.nasl
trunk/openvas-plugins/scripts/gb_ubuntu_USN_1203_1.nasl
trunk/openvas-plugins/scripts/gb_ubuntu_USN_1204_1.nasl
trunk/openvas-plugins/scripts/gb_ubuntu_USN_1205_1.nasl
trunk/openvas-plugins/scripts/gb_ubuntu_USN_1206_1.nasl
trunk/openvas-plugins/scripts/gb_ubuntu_USN_1207_1.nasl
trunk/openvas-plugins/scripts/gb_ubuntu_USN_1208_1.nasl
trunk/openvas-plugins/scripts/gb_wordpress_ip_logger_plugin_sql_inj_vuln.nasl
Modified:
trunk/openvas-plugins/ChangeLog
Log:
Added new LSC plugins. Added new plugins.
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2011-09-16 14:31:46 UTC (rev 11624)
+++ trunk/openvas-plugins/ChangeLog 2011-09-16 15:22:17 UTC (rev 11625)
@@ -1,3 +1,46 @@
+2011-09-16 Veerendra G.G <veerendragg at secpod.com>
+
+ * scripts/gb_fedora_2011_11936_ecryptfs-utils_fc15.nasl,
+ scripts/gb_fedora_2011_11189_hplip_fc15.nasl,
+ scripts/gb_fedora_2011_12275_firefox_fc14.nasl,
+ scripts/gb_ubuntu_USN_1207_1.nasl,
+ scripts/gb_ubuntu_USN_1204_1.nasl,
+ scripts/gb_ubuntu_USN_1201_1.nasl,
+ scripts/gb_RHSA-2011_1294-01_httpd.nasl,
+ scripts/gb_fedora_2011_12131_roundcubemail_fc15.nasl,
+ scripts/gb_fedora_2011_11594_phpMyAdmin_fc14.nasl,
+ scripts/gb_RHSA-2011_1282-01_nss_and_nspr.nasl,
+ scripts/gb_fedora_2011_12275_gnome-web-photo_fc14.nasl,
+ scripts/gb_ubuntu_USN_1206_1.nasl,
+ scripts/gb_ubuntu_USN_1203_1.nasl,
+ scripts/gb_fedora_2011_11979_ecryptfs-utils_fc14.nasl,
+ scripts/gb_fedora_2011_12275_gnome-python2-extras_fc14.nasl,
+ scripts/gb_fedora_2011_12275_galeon_fc14.nasl,
+ scripts/gb_fedora_2011_12275_perl-Gtk2-MozEmbed_fc14.nasl,
+ scripts/gb_fedora_2011_12275_xulrunner_fc14.nasl,
+ scripts/gb_fedora_2011_12715_httpd_fc15.nasl,
+ scripts/gb_fedora_2011_12275_mozvoikko_fc14.nasl,
+ scripts/gb_fedora_2011_12275_thunderbird_fc14.nasl,
+ scripts/gb_ubuntu_USN_1208_1.nasl,
+ scripts/gb_ubuntu_USN_1205_1.nasl,
+ scripts/gb_ubuntu_USN_1202_1.nasl,
+ scripts/gb_fedora_2011_11630_phpMyAdmin_fc15.nasl,
+ scripts/gb_fedora_2011_12282_rsyslog_fc14.nasl:
+ Added new LSC plugins.
+
+ * scripts/gb_manage_engine_servicedesk_plus_auth_bypass_vuln.nasl,
+ scripts/gb_esignal_mult_vuln.nasl,
+ scripts/gb_simple_machines_forum_session_hijacking_vuln.nasl,
+ scripts/gb_phorum_xss_vuln.nasl,
+ scripts/gb_manage_engine_servicedesk_plus_xss_vuln.nasl,
+ scripts/gb_jboss_application_server_mult_vuln.nasl,
+ scripts/gb_symantec_endpoint_protection_xss_n_csrf_vuln.nasl,
+ scripts/gb_wordpress_ip_logger_plugin_sql_inj_vuln.nasl,
+ scripts/gb_phorum_xss_n_csrf_vuln.nasl,
+ scripts/gb_esignal_detect.nasl,
+ scripts/gb_cms_faethon_sql_inj_vuln.nasl:
+ Added new plugins.
+
2011-09-16 Michael Meyer <michael.meyer at greenbone.net>
* scripts/openca_sign_verif.nasl,
Added: trunk/openvas-plugins/scripts/gb_RHSA-2011_1282-01_nss_and_nspr.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_RHSA-2011_1282-01_nss_and_nspr.nasl 2011-09-16 14:31:46 UTC (rev 11624)
+++ trunk/openvas-plugins/scripts/gb_RHSA-2011_1282-01_nss_and_nspr.nasl 2011-09-16 15:22:17 UTC (rev 11625)
@@ -0,0 +1,196 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# RedHat Update for nss and nspr RHSA-2011:1282-01
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(870486);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "RHSA", value: "2011:1282-01");
+ script_name("RedHat Update for nss and nspr RHSA-2011:1282-01");
+ desc = "
+
+ Vulnerability Insight:
+ Network Security Services (NSS) is a set of libraries designed to support
+ the cross-platform development of security-enabled client and server
+ applications.
+
+ Netscape Portable Runtime (NSPR) provides platform independence for non-GUI
+ operating system facilities.
+
+ It was found that a Certificate Authority (CA) issued fraudulent HTTPS
+ certificates. This update renders any HTTPS certificates signed by that CA
+ as untrusted. This covers all uses of the certificates, including SSL,
+ S/MIME, and code signing. (BZ#734316)
+
+ Note: This fix only applies to applications using the NSS Builtin Object
+ Token. It does not render the certificates untrusted for applications that
+ use the NSS library, but do not use the NSS Builtin Object Token.
+
+ These updated packages upgrade NSS to version 3.12.10 on Red Hat Enterprise
+ Linux 4 and 5. As well, they upgrade NSPR to version 4.8.8 on Red Hat
+ Enterprise Linux 4 and 5, as required by the NSS update. The packages for
+ Red Hat Enterprise Linux 6 include a backported patch.
+
+ All NSS and NSPR users should upgrade to these updated packages, which
+ correct this issue. After installing the update, applications using NSS and
+ NSPR must be restarted for the changes to take effect.
+
+
+ Affected Software/OS:
+ nss and nspr on Red Hat Enterprise Linux (v. 5 server),
+ Red Hat Enterprise Linux AS version 4,
+ Red Hat Enterprise Linux ES version 4,
+ Red Hat Enterprise Linux WS version 4
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://www.redhat.com/archives/rhsa-announce/2011-September/msg00012.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of nss and nspr");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Red Hat Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "RHENT_5")
+{
+
+ if(isrpmvuln(pkg:"nspr", rpm:"nspr~4.8.8~1.el5_7", rls:"RHENT_5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"nspr-debuginfo", rpm:"nspr-debuginfo~4.8.8~1.el5_7", rls:"RHENT_5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"nspr-devel", rpm:"nspr-devel~4.8.8~1.el5_7", rls:"RHENT_5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"nss", rpm:"nss~3.12.10~4.el5_7", rls:"RHENT_5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"nss-debuginfo", rpm:"nss-debuginfo~3.12.10~4.el5_7", rls:"RHENT_5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"nss-devel", rpm:"nss-devel~3.12.10~4.el5_7", rls:"RHENT_5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"nss-pkcs11-devel", rpm:"nss-pkcs11-devel~3.12.10~4.el5_7", rls:"RHENT_5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"nss-tools", rpm:"nss-tools~3.12.10~4.el5_7", rls:"RHENT_5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
+
+
+if(release == "RHENT_4")
+{
+
+ if(isrpmvuln(pkg:"nspr", rpm:"nspr~4.8.8~1.el4", rls:"RHENT_4"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"nspr-debuginfo", rpm:"nspr-debuginfo~4.8.8~1.el4", rls:"RHENT_4"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"nspr-devel", rpm:"nspr-devel~4.8.8~1.el4", rls:"RHENT_4"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"nss", rpm:"nss~3.12.10~4.el4", rls:"RHENT_4"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"nss-debuginfo", rpm:"nss-debuginfo~3.12.10~4.el4", rls:"RHENT_4"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"nss-devel", rpm:"nss-devel~3.12.10~4.el4", rls:"RHENT_4"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"nss-tools", rpm:"nss-tools~3.12.10~4.el4", rls:"RHENT_4"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_RHSA-2011_1294-01_httpd.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_RHSA-2011_1294-01_httpd.nasl 2011-09-16 14:31:46 UTC (rev 11624)
+++ trunk/openvas-plugins/scripts/gb_RHSA-2011_1294-01_httpd.nasl 2011-09-16 15:22:17 UTC (rev 11625)
@@ -0,0 +1,114 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# RedHat Update for httpd RHSA-2011:1294-01
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(870487);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"cvss_base", value:"7.8");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "RHSA", value: "2011:1294-01");
+ script_cve_id("CVE-2011-3192");
+ script_name("RedHat Update for httpd RHSA-2011:1294-01");
+ desc = "
+
+ Vulnerability Insight:
+ The Apache HTTP Server is a popular web server.
+
+ A flaw was found in the way the Apache HTTP Server handled Range HTTP
+ headers. A remote attacker could use this flaw to cause httpd to use an
+ excessive amount of memory and CPU time via HTTP requests with a
+ specially-crafted Range header. (CVE-2011-3192)
+
+ All httpd users should upgrade to these updated packages, which contain a
+ backported patch to correct this issue. After installing the updated
+ packages, the httpd daemon must be restarted for the update to take effect.
+
+
+ Affected Software/OS:
+ httpd on Red Hat Enterprise Linux (v. 5 server)
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://www.redhat.com/archives/rhsa-announce/2011-September/msg00017.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of httpd");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Red Hat Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "RHENT_5")
+{
+
+ if(isrpmvuln(pkg:"httpd", rpm:"httpd~2.2.3~45.el5_6.2", rls:"RHENT_5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"httpd-debuginfo", rpm:"httpd-debuginfo~2.2.3~45.el5_6.2", rls:"RHENT_5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"httpd-devel", rpm:"httpd-devel~2.2.3~45.el5_6.2", rls:"RHENT_5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"httpd-manual", rpm:"httpd-manual~2.2.3~45.el5_6.2", rls:"RHENT_5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"mod_ssl", rpm:"mod_ssl~2.2.3~45.el5_6.2", rls:"RHENT_5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_cms_faethon_sql_inj_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_cms_faethon_sql_inj_vuln.nasl 2011-09-16 14:31:46 UTC (rev 11624)
+++ trunk/openvas-plugins/scripts/gb_cms_faethon_sql_inj_vuln.nasl 2011-09-16 15:22:17 UTC (rev 11625)
@@ -0,0 +1,100 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_cms_faethon_sql_inj_vuln.nasl 17115 2011-09-15 17:14:14Z sep $
+#
+# CMS Faethon 'info.php' SQL Injection Vulnerability
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802162);
+ script_version("$Revision: 1.0$");
+ script_cve_id("CVE-2009-5094");
+ script_bugtraq_id(33775);
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"risk_factor", value:"High");
+ script_name("CMS Faethon 'info.php' SQL Injection Vulnerability");
+ desc = "
+ Overview: The host is running CMS Faethon and is prone to SQL injection
+ vulnerability.
+
+ Vulnerability Insight:
+ The flaw is caused due to input passed to the 'item' parameter in 'info.php'
+ is not properly sanitised before being used in SQL queries.
+
+ Impact:
+ Successful exploitation will let the attacker to manipulate SQL queries by
+ injecting arbitrary SQL code.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ CMS Faethon version 2.2 Ultimate.
+
+ Fix: No solution or patch is available as on 15th September, 2011. Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://sourceforge.net/projects/cmsfaethon/
+
+ References:
+ http://secunia.com/advisories/30098
+ http://xforce.iss.net/xforce/xfdb/48758
+ http://www.exploit-db.com/exploits/8054/ ";
+
+ script_description(desc);
+ script_summary("Determine if CMS Faethon is prone to SQL Injection Vulnerability");
+ script_category(ACT_ATTACK);
+ script_copyright("Copyright (C) 2011 Greenbone Networks GmbH");
+ script_family("Web application abuses");
+ script_dependencies("http_version.nasl");
+ script_require_ports("Services/www", 80);
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("http_keepalive.inc");
+
+## Get HTTP Port
+port = get_http_port(default:80);
+if(!port){
+ exit(0);
+}
+
+foreach dir(make_list("/faethon", "/22_ultimate", cgi_dirs()))
+{
+ ## Send and Receive the response
+ req = http_get (item: string (dir,"/index.php"), port:port);
+ res = http_keepalive_send_recv(port:port,data:req);
+
+ ## Confirm the application
+ if('>Powered by <' >< res && '>CMS Faethon' >< res)
+ {
+ ## Try SQL injection and check the response to confirm vulnerability
+ url = dir + "/info.php?item='";
+ if(http_vuln_check(port:port, url:url, pattern:'You have an error in' +
+ ' your SQL syntax;'))
+ {
+ security_hole(port:port);
+ exit(0);
+ }
+ }
+}
Added: trunk/openvas-plugins/scripts/gb_esignal_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_esignal_detect.nasl 2011-09-16 14:31:46 UTC (rev 11624)
+++ trunk/openvas-plugins/scripts/gb_esignal_detect.nasl 2011-09-16 15:22:17 UTC (rev 11625)
@@ -0,0 +1,77 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_esignal_detect.nasl 17102 2011-09-15 15:15:15Z sep $
+#
+# eSignal Version Detection
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802244);
+ script_version("$Revision: 1.0$");
+ script_tag(name:"risk_factor", value:"None");
+ script_name("eSignal Version Detection");
+ desc = "
+ Overview: This script finds the installed eSignal version and saves the
+ result in KB. ";
+
+ script_description(desc);
+ script_summary("Set the Version of eSignal");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2011 Greenbone Networks GmbH");
+ script_family("Service detection");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_keys("SMB/WindowsVersion");
+ script_require_ports(139, 445);
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_smb_func.inc");
+
+## Confirm Windows
+if(!get_kb_item("SMB/WindowsVersion")){
+ exit(0);
+}
+
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
+if(!registry_key_exists(key:key)) {
+ exit(0);
+}
+
+## Get eSignal Version From Registry
+foreach item (registry_enum_keys(key:key))
+{
+ name = registry_get_sz(key:key + item, item:"DisplayName");
+ if("eSignal" >< name)
+ {
+ version = registry_get_sz(key:key + item, item:"DisplayVersion");
+ if(version)
+ {
+ ## Set eSignal Version in KB
+ set_kb_item(name:"eSignal/Win/Ver", value:version);
+ security_note(data:"eSignal version " + version +
+ " was detected on the host");
+ }
+ }
+}
Added: trunk/openvas-plugins/scripts/gb_esignal_mult_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_esignal_mult_vuln.nasl 2011-09-16 14:31:46 UTC (rev 11624)
+++ trunk/openvas-plugins/scripts/gb_esignal_mult_vuln.nasl 2011-09-16 15:22:17 UTC (rev 11625)
@@ -0,0 +1,89 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_esignal_mult_vuln.nasl 17102 2011-09-15 16:16:16Z sep $
+#
+# eSignal Multiple Vulnerabilities
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802245);
+ script_version("$Revision: 1.0$");
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_name("eSignal Multiple Vulnerabilities");
+ desc = "
+ Overview: This host is installed with eSignal and is prone to multiple
+ vulnerabilities.
+
+ Vulnerability Insight:
+ - A boundary error in WinSig.exe when processing QUOTE files can be exploited
+ to cause a stack-based buffer overflow.
+ - A boundary error in WinSig.exe when processing the '<FaceName>' tag can be
+ exploited to cause a heap-based buffer overflow via a specially crafted
+ Time and Sales file.
+ - The application loads libraries in an insecure manner and can be exploited
+ to load arbitrary libraries by tricking a user into opening a QUOTE file
+ located on a remote WebDAV or SMB share.
+
+ Impact:
+ Successful exploitation allows execution of arbitrary code.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ eSignal version 10.6.2425.1208 and prior.
+
+ Fix: No solution or patch is available as on 15th September, 2011. Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://www.esignal.com/esignal/default.aspx
+
+ References:
+ http://secunia.com/advisories/45966/
+ http://www.exploit-db.com/exploits/17837/
+ http://aluigi.altervista.org/adv/esignal_1-adv.txt ";
+
+ script_description(desc);
+ script_summary("Check for the version of eSignal");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2011 Greenbone Networks GmbH");
+ script_family("General");
+ script_dependencies("gb_esignal_detect.nasl");
+ script_require_keys("eSignal/Win/Ver");
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+## Get version from KB
+version = get_kb_item("eSignal/Win/Ver");
+if(!version){
+ exit(0);
+}
+
+## Check for eSignal versions 10.6.2425.1208 and prior.
+if(version_is_less_equal(version:version, test_version:"10.6.2425.1208")){
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/gb_fedora_2011_11189_hplip_fc15.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_11189_hplip_fc15.nasl 2011-09-16 14:31:46 UTC (rev 11624)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_11189_hplip_fc15.nasl 2011-09-16 15:22:17 UTC (rev 11625)
@@ -0,0 +1,81 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for hplip FEDORA-2011-11189
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(863512);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2011-11189");
+ script_cve_id("CVE-2011-2722");
+ script_name("Fedora Update for hplip FEDORA-2011-11189");
+ desc = "
+
+ Vulnerability Insight:
+ The Hewlett-Packard Linux Imaging and Printing Project provides
+ drivers for HP printers and multi-function peripherals.
+
+
+ Affected Software/OS:
+ hplip on Fedora 15
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065817.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of hplip");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC15")
+{
+
+ if(isrpmvuln(pkg:"hplip", rpm:"hplip~3.11.7~2.fc15", rls:"FC15"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_fedora_2011_11594_phpMyAdmin_fc14.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_11594_phpMyAdmin_fc14.nasl 2011-09-16 14:31:46 UTC (rev 11624)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_11594_phpMyAdmin_fc14.nasl 2011-09-16 15:22:17 UTC (rev 11625)
@@ -0,0 +1,98 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for phpMyAdmin FEDORA-2011-11594
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(863507);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"cvss_base", value:"4.3");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_xref(name: "FEDORA", value: "2011-11594");
+ script_cve_id("CVE-2011-3181");
+ script_name("Fedora Update for phpMyAdmin FEDORA-2011-11594");
+ desc = "
+
+ Vulnerability Insight:
+ phpMyAdmin is a tool written in PHP intended to handle the administration of
+ MySQL over the World Wide Web. Most frequently used operations are supported
+ by the user interface (managing databases, tables, fields, relations, indexes,
+ users, permissions), while you still have the ability to directly execute any
+ SQL statement.
+
+ Features include an intuitive web interface, support for most MySQL features
+ (browse and drop databases, tables, views, fields and indexes, create, copy,
+ drop, rename and alter databases, tables, fields and indexes, maintenance
+ server, databases and tables, with proposals on server configuration, execute,
+ edit and bookmark any SQL-statement, even batch-queries, manage MySQL users
+ and privileges, manage stored procedures and triggers), import data from CSV
+ and SQL, export data to various formats: CSV, SQL, XML, PDF, OpenDocument Text
+ and Spreadsheet, Word, Excel, LATEX and others, administering multiple servers,
+ creating PDF graphics of your database layout, creating complex queries using
+ Query-by-example (QBE), searching globally in a database or a subset of it,
+ transforming stored data into any format using a set of predefined functions,
+ like displaying BLOB-data as image or download-link and much more...
+
+
+ Affected Software/OS:
+ phpMyAdmin on Fedora 14
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065824.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of phpMyAdmin");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC14")
+{
+
+ if(isrpmvuln(pkg:"phpMyAdmin", rpm:"phpMyAdmin~3.4.4~1.fc14", rls:"FC14"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_fedora_2011_11630_phpMyAdmin_fc15.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_11630_phpMyAdmin_fc15.nasl 2011-09-16 14:31:46 UTC (rev 11624)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_11630_phpMyAdmin_fc15.nasl 2011-09-16 15:22:17 UTC (rev 11625)
@@ -0,0 +1,98 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for phpMyAdmin FEDORA-2011-11630
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(863516);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"cvss_base", value:"4.3");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_xref(name: "FEDORA", value: "2011-11630");
+ script_cve_id("CVE-2011-3181");
+ script_name("Fedora Update for phpMyAdmin FEDORA-2011-11630");
+ desc = "
+
+ Vulnerability Insight:
+ phpMyAdmin is a tool written in PHP intended to handle the administration of
+ MySQL over the World Wide Web. Most frequently used operations are supported
+ by the user interface (managing databases, tables, fields, relations, indexes,
+ users, permissions), while you still have the ability to directly execute any
+ SQL statement.
+
+ Features include an intuitive web interface, support for most MySQL features
+ (browse and drop databases, tables, views, fields and indexes, create, copy,
+ drop, rename and alter databases, tables, fields and indexes, maintenance
+ server, databases and tables, with proposals on server configuration, execute,
+ edit and bookmark any SQL-statement, even batch-queries, manage MySQL users
+ and privileges, manage stored procedures and triggers), import data from CSV
+ and SQL, export data to various formats: CSV, SQL, XML, PDF, OpenDocument Text
+ and Spreadsheet, Word, Excel, LATEX and others, administering multiple servers,
+ creating PDF graphics of your database layout, creating complex queries using
+ Query-by-example (QBE), searching globally in a database or a subset of it,
+ transforming stored data into any format using a set of predefined functions,
+ like displaying BLOB-data as image or download-link and much more...
+
+
+ Affected Software/OS:
+ phpMyAdmin on Fedora 15
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065829.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of phpMyAdmin");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC15")
+{
+
+ if(isrpmvuln(pkg:"phpMyAdmin", rpm:"phpMyAdmin~3.4.4~1.fc15", rls:"FC15"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_fedora_2011_11936_ecryptfs-utils_fc15.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_11936_ecryptfs-utils_fc15.nasl 2011-09-16 14:31:46 UTC (rev 11624)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_11936_ecryptfs-utils_fc15.nasl 2011-09-16 15:22:17 UTC (rev 11625)
@@ -0,0 +1,85 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for ecryptfs-utils FEDORA-2011-11936
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(863505);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2011-11936");
+ script_cve_id("CVE-2011-3145", "CVE-2011-1831", "CVE-2011-1832", "CVE-2011-1833", "CVE-2011-1834", "CVE-2011-1835", "CVE-2011-1836", "CVE-2011-1837");
+ script_name("Fedora Update for ecryptfs-utils FEDORA-2011-11936");
+ desc = "
+
+ Vulnerability Insight:
+ eCryptfs is a stacked cryptographic filesystem that ships in Linux
+ kernel versions 2.6.19 and above. This package provides the mount
+ helper and supporting libraries to perform key management and mount
+ functions.
+
+ Install ecryptfs-utils if you would like to mount eCryptfs.
+
+
+ Affected Software/OS:
+ ecryptfs-utils on Fedora 15
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065965.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of ecryptfs-utils");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC15")
+{
+
+ if(isrpmvuln(pkg:"ecryptfs-utils", rpm:"ecryptfs-utils~90~2.fc15", rls:"FC15"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_fedora_2011_11979_ecryptfs-utils_fc14.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_11979_ecryptfs-utils_fc14.nasl 2011-09-16 14:31:46 UTC (rev 11624)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_11979_ecryptfs-utils_fc14.nasl 2011-09-16 15:22:17 UTC (rev 11625)
@@ -0,0 +1,85 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for ecryptfs-utils FEDORA-2011-11979
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(863503);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2011-11979");
+ script_cve_id("CVE-2011-3145", "CVE-2011-1831", "CVE-2011-1832", "CVE-2011-1833", "CVE-2011-1834", "CVE-2011-1835", "CVE-2011-1836", "CVE-2011-1837");
+ script_name("Fedora Update for ecryptfs-utils FEDORA-2011-11979");
+ desc = "
+
+ Vulnerability Insight:
+ eCryptfs is a stacked cryptographic filesystem that ships in Linux
+ kernel versions 2.6.19 and above. This package provides the mount
+ helper and supporting libraries to perform key management and mount
+ functions.
+
+ Install ecryptfs-utils if you would like to mount eCryptfs.
+
+
+ Affected Software/OS:
+ ecryptfs-utils on Fedora 14
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065952.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of ecryptfs-utils");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC14")
+{
+
+ if(isrpmvuln(pkg:"ecryptfs-utils", rpm:"ecryptfs-utils~90~2.fc14", rls:"FC14"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_fedora_2011_12131_roundcubemail_fc15.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_12131_roundcubemail_fc15.nasl 2011-09-16 14:31:46 UTC (rev 11624)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_12131_roundcubemail_fc15.nasl 2011-09-16 15:22:17 UTC (rev 11625)
@@ -0,0 +1,85 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for roundcubemail FEDORA-2011-12131
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(863508);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2011-12131");
+ script_name("Fedora Update for roundcubemail FEDORA-2011-12131");
+ desc = "
+
+ Vulnerability Insight:
+ RoundCube Webmail is a browser-based multilingual IMAP client
+ with an application-like user interface. It provides full
+ functionality you expect from an e-mail client, including MIME
+ support, address book, folder manipulation, message searching
+ and spell checking. RoundCube Webmail is written in PHP and
+ requires the MySQL database or the PostgreSQL database. The user
+ interface is fully skinnable using XHTML and CSS 2.
+
+
+ Affected Software/OS:
+ roundcubemail on Fedora 15
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065973.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of roundcubemail");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC15")
+{
+
+ if(isrpmvuln(pkg:"roundcubemail", rpm:"roundcubemail~0.5.4~1.fc15", rls:"FC15"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_fedora_2011_12275_firefox_fc14.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_12275_firefox_fc14.nasl 2011-09-16 14:31:46 UTC (rev 11624)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_12275_firefox_fc14.nasl 2011-09-16 15:22:17 UTC (rev 11625)
@@ -0,0 +1,80 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for firefox FEDORA-2011-12275
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(863510);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2011-12275");
+ script_name("Fedora Update for firefox FEDORA-2011-12275");
+ desc = "
+
+ Vulnerability Insight:
+ Mozilla Firefox is an open-source web browser, designed for standards
+ compliance, performance and portability.
+
+
+ Affected Software/OS:
+ firefox on Fedora 14
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065805.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of firefox");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC14")
+{
+
+ if(isrpmvuln(pkg:"firefox", rpm:"firefox~3.6.22~1.fc14", rls:"FC14"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_fedora_2011_12275_galeon_fc14.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_12275_galeon_fc14.nasl 2011-09-16 14:31:46 UTC (rev 11624)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_12275_galeon_fc14.nasl 2011-09-16 15:22:17 UTC (rev 11625)
@@ -0,0 +1,82 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for galeon FEDORA-2011-12275
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(863504);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2011-12275");
+ script_name("Fedora Update for galeon FEDORA-2011-12275");
+ desc = "
+
+ Vulnerability Insight:
+ Galeon is a web browser built around Gecko (Mozilla's rendering
+ engine) and Necko (Mozilla's networking engine). It's a GNOME web
+ browser, designed to take advantage of as many GNOME technologies as
+ makes sense. Galeon was written to do just one thing - browse the web.
+
+
+ Affected Software/OS:
+ galeon on Fedora 14
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065807.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of galeon");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC14")
+{
+
+ if(isrpmvuln(pkg:"galeon", rpm:"galeon~2.0.7~43.fc14.1", rls:"FC14"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_fedora_2011_12275_gnome-python2-extras_fc14.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_12275_gnome-python2-extras_fc14.nasl 2011-09-16 14:31:46 UTC (rev 11624)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_12275_gnome-python2-extras_fc14.nasl 2011-09-16 15:22:17 UTC (rev 11625)
@@ -0,0 +1,80 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for gnome-python2-extras FEDORA-2011-12275
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(863509);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2011-12275");
+ script_name("Fedora Update for gnome-python2-extras FEDORA-2011-12275");
+ desc = "
+
+ Vulnerability Insight:
+ The gnome-python-extra package contains the source packages for additional
+ Python bindings for GNOME. It should be used together with gnome-python.
+
+
+ Affected Software/OS:
+ gnome-python2-extras on Fedora 14
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065808.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of gnome-python2-extras");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC14")
+{
+
+ if(isrpmvuln(pkg:"gnome-python2-extras", rpm:"gnome-python2-extras~2.25.3~33.fc14.1", rls:"FC14"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_fedora_2011_12275_gnome-web-photo_fc14.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_12275_gnome-web-photo_fc14.nasl 2011-09-16 14:31:46 UTC (rev 11624)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_12275_gnome-web-photo_fc14.nasl 2011-09-16 15:22:17 UTC (rev 11625)
@@ -0,0 +1,80 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for gnome-web-photo FEDORA-2011-12275
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(863506);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2011-12275");
+ script_name("Fedora Update for gnome-web-photo FEDORA-2011-12275");
+ desc = "
+
+ Vulnerability Insight:
+ gnome-web-photo contains a thumbnailer that will be used by GNOME applications,
+ including the file manager, to generate screenshots of web pages.
+
+
+ Affected Software/OS:
+ gnome-web-photo on Fedora 14
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065806.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of gnome-web-photo");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC14")
+{
+
+ if(isrpmvuln(pkg:"gnome-web-photo", rpm:"gnome-web-photo~0.9~23.fc14.1", rls:"FC14"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_fedora_2011_12275_mozvoikko_fc14.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_12275_mozvoikko_fc14.nasl 2011-09-16 14:31:46 UTC (rev 11624)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_12275_mozvoikko_fc14.nasl 2011-09-16 15:22:17 UTC (rev 11625)
@@ -0,0 +1,80 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for mozvoikko FEDORA-2011-12275
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(863513);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2011-12275");
+ script_name("Fedora Update for mozvoikko FEDORA-2011-12275");
+ desc = "
+
+ Vulnerability Insight:
+ This is mozvoikko, an extension for Mozilla programs for using the Finnish
+ spell-checker Voikko.
+
+
+ Affected Software/OS:
+ mozvoikko on Fedora 14
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065810.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of mozvoikko");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC14")
+{
+
+ if(isrpmvuln(pkg:"mozvoikko", rpm:"mozvoikko~1.0~24.fc14.1", rls:"FC14"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_fedora_2011_12275_perl-Gtk2-MozEmbed_fc14.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_12275_perl-Gtk2-MozEmbed_fc14.nasl 2011-09-16 14:31:46 UTC (rev 11624)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_12275_perl-Gtk2-MozEmbed_fc14.nasl 2011-09-16 15:22:17 UTC (rev 11625)
@@ -0,0 +1,79 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for perl-Gtk2-MozEmbed FEDORA-2011-12275
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(863517);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2011-12275");
+ script_name("Fedora Update for perl-Gtk2-MozEmbed FEDORA-2011-12275");
+ desc = "
+
+ Vulnerability Insight:
+ This module allows you to use the Mozilla embedding widget from Perl.
+
+
+ Affected Software/OS:
+ perl-Gtk2-MozEmbed on Fedora 14
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065809.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of perl-Gtk2-MozEmbed");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC14")
+{
+
+ if(isrpmvuln(pkg:"perl-Gtk2-MozEmbed", rpm:"perl-Gtk2-MozEmbed~0.08~6.fc14.29", rls:"FC14"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_fedora_2011_12275_thunderbird_fc14.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_12275_thunderbird_fc14.nasl 2011-09-16 14:31:46 UTC (rev 11624)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_12275_thunderbird_fc14.nasl 2011-09-16 15:22:17 UTC (rev 11625)
@@ -0,0 +1,79 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for thunderbird FEDORA-2011-12275
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(863502);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2011-12275");
+ script_name("Fedora Update for thunderbird FEDORA-2011-12275");
+ desc = "
+
+ Vulnerability Insight:
+ Mozilla Thunderbird is a standalone mail and newsgroup client.
+
+
+ Affected Software/OS:
+ thunderbird on Fedora 14
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065804.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of thunderbird");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC14")
+{
+
+ if(isrpmvuln(pkg:"thunderbird", rpm:"thunderbird~3.1.14~1.fc14", rls:"FC14"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_fedora_2011_12275_xulrunner_fc14.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_12275_xulrunner_fc14.nasl 2011-09-16 14:31:46 UTC (rev 11624)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_12275_xulrunner_fc14.nasl 2011-09-16 15:22:17 UTC (rev 11625)
@@ -0,0 +1,79 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for xulrunner FEDORA-2011-12275
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(863515);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2011-12275");
+ script_name("Fedora Update for xulrunner FEDORA-2011-12275");
+ desc = "
+
+ Vulnerability Insight:
+ XULRunner provides the XUL Runtime environment for Gecko applications.
+
+
+ Affected Software/OS:
+ xulrunner on Fedora 14
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065811.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of xulrunner");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC14")
+{
+
+ if(isrpmvuln(pkg:"xulrunner", rpm:"xulrunner~1.9.2.22~1.fc14", rls:"FC14"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_fedora_2011_12282_rsyslog_fc14.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_12282_rsyslog_fc14.nasl 2011-09-16 14:31:46 UTC (rev 11624)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_12282_rsyslog_fc14.nasl 2011-09-16 15:22:17 UTC (rev 11625)
@@ -0,0 +1,86 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for rsyslog FEDORA-2011-12282
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(863511);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"cvss_base", value:"5.0");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_xref(name: "FEDORA", value: "2011-12282");
+ script_cve_id("CVE-2011-3200");
+ script_name("Fedora Update for rsyslog FEDORA-2011-12282");
+ desc = "
+
+ Vulnerability Insight:
+ Rsyslog is an enhanced, multi-threaded syslog daemon. It supports MySQL,
+ syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part,
+ and fine grain output format control. It is compatible with stock sysklogd
+ and can be used as a drop-in replacement. Rsyslog is simple to set up, with
+ advanced features suitable for enterprise-class, encryption-protected syslog
+ relay chains.
+
+
+ Affected Software/OS:
+ rsyslog on Fedora 14
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065941.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of rsyslog");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC14")
+{
+
+ if(isrpmvuln(pkg:"rsyslog", rpm:"rsyslog~4.6.3~3.fc14", rls:"FC14"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_fedora_2011_12715_httpd_fc15.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_12715_httpd_fc15.nasl 2011-09-16 14:31:46 UTC (rev 11624)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_12715_httpd_fc15.nasl 2011-09-16 15:22:17 UTC (rev 11625)
@@ -0,0 +1,82 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for httpd FEDORA-2011-12715
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(863514);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"cvss_base", value:"7.8");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2011-12715");
+ script_cve_id("CVE-2011-3348", "CVE-2011-3192");
+ script_name("Fedora Update for httpd FEDORA-2011-12715");
+ desc = "
+
+ Vulnerability Insight:
+ The Apache HTTP Server is a powerful, efficient, and extensible
+ web server.
+
+
+ Affected Software/OS:
+ httpd on Fedora 15
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066019.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of httpd");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC15")
+{
+
+ if(isrpmvuln(pkg:"httpd", rpm:"httpd~2.2.21~1.fc15", rls:"FC15"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_jboss_application_server_mult_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_jboss_application_server_mult_vuln.nasl 2011-09-16 14:31:46 UTC (rev 11624)
+++ trunk/openvas-plugins/scripts/gb_jboss_application_server_mult_vuln.nasl 2011-09-16 15:22:17 UTC (rev 11625)
@@ -0,0 +1,107 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_jboss_application_server_mult_vuln.nasl 17126 2011-09-16 17:14:14Z sep $
+#
+# JBoss Application Server Multiple Vulnerabilities
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801987);
+ script_version("$Revision: 1.0$");
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"risk_factor", value:"High");
+ script_name("JBoss Application Server Multiple Vulnerabilities");
+ desc = "
+ Overview: The host is running JBoss Application Server and is prone to
+ multiple vulnerabilities.
+
+ Vulnerability Insight:
+ Multiple flaws are due to,
+ - Status page is publicly accessible. Which leads to leakage of logs of last
+ connections and (in second case) leakage of all services (with their paths)
+ on the server.
+ - There is no protection against Brute Force attacks at these resources and
+ other private resources with BF vulnerability. The list of all resources of
+ concrete server can be found at page status?full=true.
+
+ Impact:
+ Successful exploitation will let the attacker to get the all services
+ with their paths on the server and get the sensitive information.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ JBoss Application Server 5.0 and prior.
+
+ Fix: No solution or patch is available as on 16th September, 2011. Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer,http://www.jboss.org/jbossas/downloads/
+
+ References:
+ http://seclists.org/fulldisclosure/2011/Sep/139 ";
+
+ script_description(desc);
+ script_summary("Determine if JBoss Application Server is prone multiple vulnerabilities");
+ script_category(ACT_ATTACK);
+ script_copyright("Copyright (C) 2011 Greenbone Networks GmbH");
+ script_family("Web Servers");
+ script_dependencies("http_version.nasl");
+ script_require_ports("Services/www", 80);
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("http_keepalive.inc");
+
+## Get HTTP Port
+port = get_http_port(default:80);
+
+## Check Port State
+if(!get_port_state(port)){
+ exit(0);
+}
+
+## Confirm the Server
+banner = get_http_banner(port: port);
+if("JBoss" >!< banner){
+ exit(0);
+}
+
+## Send and Receive the response
+req = http_get(item: "/", port:port);
+res = http_keepalive_send_recv(port:port,data:req);
+
+## Confirm the Server
+if('>JBoss Web Console</' >< res && 'Welcome to JBoss' >< res)
+{
+ ## construct the attack request
+ req = http_get(item: "/status?full=true", port:port);
+ res = http_keepalive_send_recv(port:port,data:req);
+
+ ## Confirm the exploit
+ if('Application list' >< res && 'WebCCReports' >< res &&
+ 'PortComponentLinkServlet' >< res){
+ security_hole(port:port);
+ }
+}
Added: trunk/openvas-plugins/scripts/gb_manage_engine_servicedesk_plus_auth_bypass_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_manage_engine_servicedesk_plus_auth_bypass_vuln.nasl 2011-09-16 14:31:46 UTC (rev 11624)
+++ trunk/openvas-plugins/scripts/gb_manage_engine_servicedesk_plus_auth_bypass_vuln.nasl 2011-09-16 15:22:17 UTC (rev 11625)
@@ -0,0 +1,94 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_manage_engine_servicedesk_plus_auth_bypass_vuln.nasl 17096 2011-09-15 15:15:15Z sep $
+#
+# ManageEngine ServiceDesk Plus Authentication Bypass Vulnerability
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801984);
+ script_version("$Revision: 1.0$");
+ script_cve_id("CVE-2011-1509");
+ script_tag(name:"cvss_base", value:"6.5");
+ script_tag(name:"risk_factor", value:"High");
+ script_name("ManageEngine ServiceDesk Plus Authentication Bypass Vulnerability");
+ desc = "
+ Overview: This host is running ManageEngine ServiceDesk Plus and is prone to
+ authentication bypass vulnerability.
+
+ Vulnerability Insight:
+ The flaw is due to an error in authentication process, User passwords are
+ pseudo encrypted and locally stored in user cookies. Having Javascript code
+ encrypt and decrypt passwords in Login.js file.
+
+ Impact:
+ Successful exploitation will let the attacker to get user names and
+ passwords of registered users. This may allow an attacker to steal
+ cookie-based authentications and launch further attacks.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ ManageEngine ServiceDesk Plus 8.0 Build 8013 and prior.
+
+ Fix: No solution or patch is available as on 15th September, 2011. Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://www.manageengine.com/
+
+ References:
+ http://packetstormsecurity.org/files/view/105123/CORE-2011-0506.txt
+ http://www.coresecurity.com/content/multiples-vulnerabilities-manageengine-sdp ";
+
+ script_description(desc);
+ script_summary("Check the version of ManageEngine ServiceDesk Plus");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2011 Greenbone Networks GmbH");
+ script_family("Web application abuses");
+ script_dependencies("gb_ManageEngine_ServiceDesk_Plus_detect.nasl");
+ script_require_ports("Services/www", 8080);
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+## Get HTTP Port
+port = get_http_port(default:8080);
+if(!get_port_state(port)) {
+ exit(0);
+}
+
+## Get ManageEngine ServiceDesk Plus Installed version
+if(!vers = get_version_from_kb(port:port,app:"ManageEngine")){
+ exit(0);
+}
+
+## Check the build version
+if(' Build ' >< vers){
+ vers = ereg_replace(pattern:" Build ", string:vers, replace:".");
+}
+
+if(version_is_less_equal(version:vers, test_version:"8.0.0.8013")){
+ security_hole(port:port);
+}
Added: trunk/openvas-plugins/scripts/gb_manage_engine_servicedesk_plus_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_manage_engine_servicedesk_plus_xss_vuln.nasl 2011-09-16 14:31:46 UTC (rev 11624)
+++ trunk/openvas-plugins/scripts/gb_manage_engine_servicedesk_plus_xss_vuln.nasl 2011-09-16 15:22:17 UTC (rev 11625)
@@ -0,0 +1,93 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_manage_engine_servicedesk_plus_xss_vuln.nasl 17096 2011-09-15 15:15:15Z sep $
+#
+# ManageEngine ServiceDesk Plus 'searchText' XSS Vulnerability
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801983);
+ script_version("$Revision: 1.0$");
+ script_cve_id("CVE-2011-1510");
+ script_tag(name:"cvss_base", value:"4.3");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_name("ManageEngine ServiceDesk Plus 'searchText' XSS Vulnerability");
+ desc = "
+ Overview: This host is running ManageEngine ServiceDesk Plus and is prone to
+ cross site scripting vulnerability.
+
+ Vulnerability Insight:
+ The flaw is due to an input validation error in 'SolutionSearch.do' when
+ handling search action via a 'searchText' parameter.
+
+ Impact:
+ Successful exploitation will let the attacker to execute arbitrary HTML and
+ script code in a user's browser session in the context of a vulnerable site.
+ This may allow an attacker to steal cookie-based authentications and launch
+ further attacks.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ ManageEngine ServiceDesk Plus 8.0 Build 8011 and prior.
+
+ Fix: Upgrade ManageEngine ServiceDesk Plus 8.0 Build 8012 or later,
+ For updates refer, http://www.manageengine.com/
+
+ References:
+ http://packetstormsecurity.org/files/view/105123/CORE-2011-0506.txt
+ http://www.coresecurity.com/content/multiples-vulnerabilities-manageengine-sdp ";
+
+ script_description(desc);
+ script_summary("Check the version of ManageEngine ServiceDesk Plus");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2011 Greenbone Networks GmbH");
+ script_family("Web application abuses");
+ script_dependencies("gb_ManageEngine_ServiceDesk_Plus_detect.nasl");
+ script_require_ports("Services/www", 8080);
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+## Get HTTP Port
+port = get_http_port(default:8080);
+if(!get_port_state(port)) {
+ exit(0);
+}
+
+## Get ManageEngine ServiceDesk Plus Installed version
+if(!vers = get_version_from_kb(port:port,app:"ManageEngine")){
+ exit(0);
+}
+
+## Check the build version
+if(' Build ' >< vers){
+ vers = ereg_replace(pattern:" Build ", string:vers, replace:".");
+}
+
+if(version_is_less(version:vers, test_version:"8.0.0.8012")){
+ security_warning(port:port);
+}
Added: trunk/openvas-plugins/scripts/gb_phorum_xss_n_csrf_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_phorum_xss_n_csrf_vuln.nasl 2011-09-16 14:31:46 UTC (rev 11624)
+++ trunk/openvas-plugins/scripts/gb_phorum_xss_n_csrf_vuln.nasl 2011-09-16 15:22:17 UTC (rev 11625)
@@ -0,0 +1,87 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_phorum_xss_n_csrf_vuln.nasl 17049 2011-09-13 13:10:20Z sep $
+#
+# Phorum Cross-Site Scripting and Cross-site request forgery Vulnerabilities
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802160);
+ script_version("$Revision: 1.0$");
+ script_cve_id("CVE-2011-3381", "CVE-2011-3382");
+ script_tag(name:"cvss_base", value:"6.8");
+ script_tag(name:"risk_factor", value:"High");
+ script_name("Phorum Cross-Site Scripting and Cross-site request forgery Vulnerabilities");
+ desc = "
+ Overview: This host is running Phorum and is prone to cross-site scripting
+ and cross-site request forgery vulnerabilities.
+
+ Vulnerability Insight:
+ The flaws are caused due to unspecified errors in the application.
+
+ Impact:
+ Successful exploitation will let the attacker to execute arbitrary code in
+ the context of an application.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Phorum version prior to 5.2.16
+
+ Fix: Upgrade Phorum to 5.2.16 or later,
+ For updates refer, http://www.phorum.org/downloads.php
+
+ References:
+ http://jvn.jp/en/jp/JVN71435255/index.html
+ http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000068.html ";
+
+ script_description(desc);
+ script_summary("Check version of Phorum");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Web application abuses");
+ script_dependencies("phorum_detect.nasl");
+ script_require_ports("Services/www", 80);
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+## Get HTTP Port
+phorumPort = get_http_port(default:80);
+if(!phorumPort){
+ exit(0);
+}
+
+## Get version from kb
+phorumVer = get_version_from_kb(port:phorumPort,app:"phorum");
+if(!phorumVer){
+ exit(0);
+}
+
+# Check for Phorum Version < 5.2.16
+if(version_is_less(version:phorumVer, test_version:"5.2.16")){
+ security_hole(phorumPort);
+}
Added: trunk/openvas-plugins/scripts/gb_phorum_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_phorum_xss_vuln.nasl 2011-09-16 14:31:46 UTC (rev 11624)
+++ trunk/openvas-plugins/scripts/gb_phorum_xss_vuln.nasl 2011-09-16 15:22:17 UTC (rev 11625)
@@ -0,0 +1,91 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_phorum_xss_vuln.nasl 17049 2011-09-15 11:10:20Z sep $
+#
+# Phorum 'real_name' Parameter Cross-Site Scripting Vulnerability
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802161);
+ script_version("$Revision: 1.0$");
+ script_cve_id("CVE-2011-3392");
+ script_bugtraq_id(49347);
+ script_tag(name:"cvss_base", value:"4.3");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_name("Phorum 'real_name' Parameter Cross-Site Scripting Vulnerability");
+ desc = "
+ Overview: This host is running Phorum and is prone to cross-site scripting
+ vulnerability.
+
+ Vulnerability Insight:
+ The flaw is caused due to input passed via the 'real_name' parameter to the
+ 'control.php' script is not properly sanitised before being returned to the
+ user.
+
+ Impact:
+ Successful exploitation will let the attacker to execute arbitrary HTML and
+ script code in a user's browser session in the context of an affected site.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Phorum version prior to 5.2.17
+
+ Fix: Upgrade Phorum to 5.2.17 or later,
+ For updates refer, http://www.phorum.org/downloads.php
+
+ References:
+ http://secunia.com/advisories/45787
+ http://xforce.iss.net/xforce/xfdb/69456
+ http://holisticinfosec.org/content/view/184/45/ ";
+
+ script_description(desc);
+ script_summary("Check version of Phorum");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Web application abuses");
+ script_dependencies("phorum_detect.nasl");
+ script_require_ports("Services/www", 80);
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+## Get HTTP Port
+phorumPort = get_http_port(default:80);
+if(!phorumPort){
+ exit(0);
+}
+
+## Get version from kb
+phorumVer = get_version_from_kb(port:phorumPort,app:"phorum");
+if(!phorumVer){
+ exit(0);
+}
+
+# Check for Phorum Version < 5.2.17
+if(version_is_less(version:phorumVer, test_version:"5.2.17")){
+ security_warning(phorumPort);
+}
Added: trunk/openvas-plugins/scripts/gb_simple_machines_forum_session_hijacking_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_simple_machines_forum_session_hijacking_vuln.nasl 2011-09-16 14:31:46 UTC (rev 11624)
+++ trunk/openvas-plugins/scripts/gb_simple_machines_forum_session_hijacking_vuln.nasl 2011-09-16 15:22:17 UTC (rev 11625)
@@ -0,0 +1,90 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_simple_machines_forum_session_hijacking_vuln.nasl 16583 2011-09-15 11:25:12Z sep $
+#
+# Simple Machines Forum Session Hijacking Vulnerability
+#
+# Authors:
+# Rachana Shetty <srachana at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802334);
+ script_version("$Revision: 1.0$");
+ script_bugtraq_id(49078);
+ script_tag(name:"cvss_base", value:"4.3");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_name("Simple Machines Forum Session Hijacking Vulnerability");
+ desc = "
+ Overview: The host is installed with Simple Machines Forum and is prone
+ to session hijacking vulnerability.
+
+ Vulnerability Insight:
+ The flaw exists due to improper handling of user's sessions, allowing a
+ remote attacker to hijack a valid user's session via a specially crafted
+ link.
+
+ Impact:
+ Successful exploitation will let the attackers to obtain sensitive
+ information such as user's session credentials and may aid in further
+ attacks.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Simple Machines Forum (SMF) 2.0
+
+ Fix: No solution/patch is available as on 16th September 2011. Information
+ regarding this issue will updated once the solution details are available.
+ For updates refer, http://www.simplemachines.org/
+
+ References:
+ http://xforce.iss.net/xforce/xfdb/69056
+ http://www.exploit-db.com/exploits/17637/ ";
+
+ script_description(desc);
+ script_summary("Check for the version of Simple Machines Forum");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2011 Greenbone Networks GmbH");
+ script_family("Web application abuses");
+ script_dependencies("gb_simple_machines_forum_detect.nasl");
+ script_require_ports("Services/www", 80);
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+## Get the default port
+smfPort = get_http_port(default:80);
+if(!smfPort){
+ exit(0);
+}
+
+## Get the version From kb
+ver = get_version_from_kb(port:smfPort, app:"SMF");
+if(!ver){
+ exit(0);
+}
+
+if(version_is_equal(version:ver, test_version:"2.0")){
+ security_warning(smfPort);
+}
Added: trunk/openvas-plugins/scripts/gb_symantec_endpoint_protection_xss_n_csrf_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_symantec_endpoint_protection_xss_n_csrf_vuln.nasl 2011-09-16 14:31:46 UTC (rev 11624)
+++ trunk/openvas-plugins/scripts/gb_symantec_endpoint_protection_xss_n_csrf_vuln.nasl 2011-09-16 15:22:17 UTC (rev 11625)
@@ -0,0 +1,91 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_symantec_endpoint_protection_xss_n_csrf_vuln.nasl 16762 2011-09-15 12:12:12Z sep $
+#
+# Symantec Endpoint Protection Manager XSS and CSRF Vulnerabilities
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802242);
+ script_version("$Revision: 1.0$");
+ script_cve_id("CVE-2011-0550", "CVE-2011-0551");
+ script_bugtraq_id(48231, 49101);
+ script_tag(name:"cvss_base", value:"6.8");
+ script_tag(name:"risk_factor", value:"High");
+ script_name("Symantec Endpoint Protection Manager XSS and CSRF Vulnerabilities");
+ desc = "
+ Overview: This host is installed with Symantec Endpoint Protection Manager
+ and is prone to cross site scripting and cross site request forgery
+ vulnerabilities.
+
+ Vulnerability Insight:
+ Multiple flaws are caused due to,
+ - Input appended to the URL after /console/apps/sepm is not properly
+ sanitised before being returned to the user.
+ - Input passed via the 'token' parameter to portal/Help.jsp is not properly
+ sanitised before being returned to the user.
+ - The portal application allows users to perform certain actions via HTTP
+ requests without performing any validity checks to verify the requests.
+
+ Impact:
+ Successful exploitation will let the attacker to execute arbitrary script
+ code in the browser of an unsuspecting user in the context of the affected
+ site.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Symantec Endpoint Protection (SEP) version 11.0.600x through 11.0.6300
+
+ Fix: Upgrade to Symantec Endpoint Protection (SEP) version 11.0.7000 RU7 or
+ later,For updates refer, http://www.symantec.com/business/endpoint-protection
+
+ References:
+ http://secunia.com/advisories/43662
+ http://securitytracker.com/id/1025919
+ http://xforce.iss.net/xforce/xfdb/69136
+ http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110810_00
+ ";
+
+ script_description(desc);
+ script_summary("Check for the version of Symantec Endpoint Protection Manager");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2011 Greenbone Networks GmbH");
+ script_family("General");
+ script_dependencies("secpod_symantec_prdts_detect.nasl");
+ script_require_keys("Symantec/Endpoint/Protection");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get version from KB
+version = get_kb_item("Symantec/Endpoint/Protection");
+if(version)
+{
+ ## Check for Symantec Endpoint Protection version 11.0.600x through 11.0.6300.
+ if(version_in_range(version:version, test_version:"11.0.600", test_version2:"11.0.6300")){
+ security_hole(0);
+ }
+}
Added: trunk/openvas-plugins/scripts/gb_ubuntu_USN_1201_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ubuntu_USN_1201_1.nasl 2011-09-16 14:31:46 UTC (rev 11624)
+++ trunk/openvas-plugins/scripts/gb_ubuntu_USN_1201_1.nasl 2011-09-16 15:22:17 UTC (rev 11625)
@@ -0,0 +1,150 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Ubuntu Update for linux USN-1201-1
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(840740);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"cvss_base", value:"7.8");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "USN", value: "1201-1");
+ script_cve_id("CVE-2011-1020", "CVE-2011-1493", "CVE-2011-1770", "CVE-2011-2484", "CVE-2011-2492");
+ script_name("Ubuntu Update for linux USN-1201-1");
+ desc = "
+
+ Vulnerability Insight:
+
+ It was discovered that the /proc filesystem did not correctly handle
+ permission changes when programs executed. A local attacker could hold open
+ files to examine details about programs running with higher privileges,
+ potentially increasing the chances of exploiting additional
+ vulnerabilities. (CVE-2011-1020)
+
+ Dan Rosenberg discovered that the X.25 Rose network stack did not correctly
+ handle certain fields. If a system was running with Rose enabled, a remote
+ attacker could send specially crafted traffic to gain root privileges.
+ (CVE-2011-1493)
+
+ Dan Rosenberg discovered that the DCCP stack did not correctly handle
+ certain packet structures. A remote attacker could exploit this to crash
+ the system, leading to a denial of service. (CVE-2011-1770)
+
+ Vasiliy Kulikov discovered that taskstats listeners were not correctly
+ handled. A local attacker could expoit this to exhaust memory and CPU
+ resources, leading to a denial of service. (CVE-2011-2484)
+
+ It was discovered that Bluetooth l2cap and rfcomm did not correctly
+ initialize structures. A local attacker could exploit this to read portions
+ of the kernel stack, leading to a loss of privacy. (CVE-2011-2492)
+
+ Affected Software/OS:
+ linux on Ubuntu 10.10
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-September/001411.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of linux");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Ubuntu Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-deb.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "UBUNTU10.10")
+{
+
+ if(isdpkgvuln(pkg:"linux-image-2.6.35-30-generic", ver:"2.6.35-30.59", rls:"UBUNTU10.10"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isdpkgvuln(pkg:"linux-image-2.6.35-30-generic-pae", ver:"2.6.35-30.59", rls:"UBUNTU10.10"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isdpkgvuln(pkg:"linux-image-2.6.35-30-omap", ver:"2.6.35-30.59", rls:"UBUNTU10.10"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isdpkgvuln(pkg:"linux-image-2.6.35-30-powerpc", ver:"2.6.35-30.59", rls:"UBUNTU10.10"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isdpkgvuln(pkg:"linux-image-2.6.35-30-powerpc-smp", ver:"2.6.35-30.59", rls:"UBUNTU10.10"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isdpkgvuln(pkg:"linux-image-2.6.35-30-powerpc64-smp", ver:"2.6.35-30.59", rls:"UBUNTU10.10"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isdpkgvuln(pkg:"linux-image-2.6.35-30-server", ver:"2.6.35-30.59", rls:"UBUNTU10.10"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isdpkgvuln(pkg:"linux-image-2.6.35-30-versatile", ver:"2.6.35-30.59", rls:"UBUNTU10.10"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isdpkgvuln(pkg:"linux-image-2.6.35-30-virtual", ver:"2.6.35-30.59", rls:"UBUNTU10.10"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_ubuntu_USN_1202_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ubuntu_USN_1202_1.nasl 2011-09-16 14:31:46 UTC (rev 11624)
+++ trunk/openvas-plugins/scripts/gb_ubuntu_USN_1202_1.nasl 2011-09-16 15:22:17 UTC (rev 11625)
@@ -0,0 +1,133 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Ubuntu Update for linux-ti-omap4 USN-1202-1
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(840745);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"cvss_base", value:"7.8");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "USN", value: "1202-1");
+ script_cve_id("CVE-2010-3296", "CVE-2010-3297", "CVE-2010-3858", "CVE-2010-3859", "CVE-2010-3874", "CVE-2010-3880", "CVE-2010-4073", "CVE-2010-4075", "CVE-2010-4076", "CVE-2010-4077", "CVE-2010-4080", "CVE-2010-4081", "CVE-2010-4082", "CVE-2010-4083", "CVE-2010-4157", "CVE-2010-4160", "CVE-2010-4162", "CVE-2010-4163", "CVE-2010-4668", "CVE-2010-4169", "CVE-2010-4175", "CVE-2010-4242", "CVE-2010-4243", "CVE-2010-4248", "CVE-2010-4256", "CVE-2010-4565", "CVE-2010-4649", "CVE-2011-1044", "CVE-2010-4655", "CVE-2010-4656", "CVE-2011-0463", "CVE-2011-0521", "CVE-2011-0695", "CVE-2011-0711", "CVE-2011-0712", "CVE-2011-0726", "CVE-2011-1010", "CVE-2011-1012", "CVE-2011-1013", "CVE-2011-1016", "CVE-2011-1017", "CVE-2011-1019", "CVE-2011-1020", "CVE-2011-1078", "CVE-2011-1079", "CVE-2011-1080", "CVE-2011-1082", "CVE-2011-1090", "CVE-2011-1093", "CVE-2011-1160", "CVE-2011-1163", "CVE-2011-1169", "CVE-2011-1170", "CVE-2011-1171", "CVE-2011-1172", "CVE-2011-2534", "CVE-2011-1173", "CVE-2011-1180", "CVE-2011-1182", "CVE-2011-1478", "CVE-2011-1493", "CVE-2011-1494", "CVE-2011-1495", "CVE-2011-1577", "CVE-2011-1593", "CVE-2011-1598", "CVE-2011-1748", "CVE-2011-1745", "CVE-2011-2022", "CVE-2011-1746", "CVE-2011-1770", "CVE-2011-1833", "CVE-2011-2484", "CVE-2011-2492", "CVE-2011-2699", "CVE-2011-2918");
+ script_name("Ubuntu Update for linux-ti-omap4 USN-1202-1");
+ desc = "
+
+ Vulnerability Insight:
+
+ Dan Rosenberg discovered that several network ioctls did not clear kernel
+ memory correctly. A local user could exploit this to read kernel stack
+ memory, leading to a loss of privacy. (CVE-2010-3296, CVE-2010-3297)
+
+ Brad Spengler discovered that stack memory for new a process was not
+ correctly calculated. A local attacker could exploit this to crash the
+ system, leading to a denial of service. (CVE-2010-3858)
+
+ Dan Rosenberg discovered that the Linux kernel TIPC implementation
+ contained multiple integer signedness errors. A local attacker could
+ exploit this to gain root privileges. (CVE-2010-3859)
+
+ Dan Rosenberg discovered that the CAN protocol on 64bit systems did not
+ correctly calculate the size of certain buffers. A local attacker could
+ exploit this to crash the system or possibly execute arbitrary code as the
+ root user. (CVE-2010-3874)
+
+ Nelson Elhage discovered that the Linux kernel IPv4 implementation did not
+ properly audit certain bytecodes in netlink messages. A local attacker
+ could exploit this to cause the kernel to hang, leading to a denial of
+ service. (CVE-2010-3880)
+
+ Dan Rosenberg discovered that IPC structures were not correctly initialized
+ on 64bit systems. A local attacker could exploit this to read kernel stack
+ memory, leading to a loss of privacy. (CVE-2010-4073)
+
+ Dan Rosenberg discovered that multiple terminal ioctls did not correctly
+ initialize structure memory. A local attacker could exploit this to read
+ portions of kernel stack memory, leading to a loss of privacy.
+ (CVE-2010-4075, CVE-2010-4076, CVE-2010-4077)
+
+ Dan Rosenberg discovered that the RME Hammerfall DSP audio interface driver
+ did not correctly clear kernel memory. A local attacker could exploit this
+ to read kernel stack memory, leading to a loss of privacy. (CVE-2010-4080,
+ CVE-2010-4081)
+
+ Dan Rosenberg discovered that the VIA video driver did not correctly clear
+ kernel memory. A local attacker could exploit this to read kernel stack
+ memory, leading to a loss of privacy. (CVE-2010-4082)
+
+ Dan Rosenberg discovered that the semctl syscall did not correctly clear
+ kernel memory. A local attacker could exploit this to read kernel stack
+ memory, leading to a loss of privacy. (CVE-2010-4083)
+
+ James Bottomley discovered that the ICP vortex storage array controller
+ driver did not validate certain sizes. A local attacker on a 64bit system
+ could exploit this to crash the kernel, leading to a denial of service.
+ (CVE-2010-4157)
+
+ Dan Rosenberg discovered that the Linux kernel L2TP implementation
+ contained multiple integer sign ...
+
+ Description truncated, for more information please check the Reference URL
+
+ Affected Software/OS:
+ linux-ti-omap4 on Ubuntu 10.10
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-September/001412.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of linux-ti-omap4");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Ubuntu Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-deb.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "UBUNTU10.10")
+{
+
+ if(isdpkgvuln(pkg:"linux-image-2.6.35-903-omap4", ver:"2.6.35-903.24", rls:"UBUNTU10.10"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_ubuntu_USN_1203_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ubuntu_USN_1203_1.nasl 2011-09-16 14:31:46 UTC (rev 11624)
+++ trunk/openvas-plugins/scripts/gb_ubuntu_USN_1203_1.nasl 2011-09-16 15:22:17 UTC (rev 11625)
@@ -0,0 +1,131 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Ubuntu Update for linux-mvl-dove USN-1203-1
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(840746);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"cvss_base", value:"6.1");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "USN", value: "1203-1");
+ script_cve_id("CVE-2010-4076", "CVE-2010-4077", "CVE-2010-4251", "CVE-2010-4805", "CVE-2011-1020", "CVE-2011-1493", "CVE-2011-1577", "CVE-2011-2213", "CVE-2011-2484", "CVE-2011-2492", "CVE-2011-2700", "CVE-2011-2723", "CVE-2011-2918");
+ script_name("Ubuntu Update for linux-mvl-dove USN-1203-1");
+ desc = "
+
+ Vulnerability Insight:
+
+ Dan Rosenberg discovered that multiple terminal ioctls did not correctly
+ initialize structure memory. A local attacker could exploit this to read
+ portions of kernel stack memory, leading to a loss of privacy.
+ (CVE-2010-4076, CVE-2010-4077)
+
+ Alex Shi and Eric Dumazet discovered that the network stack did not
+ correctly handle packet backlogs. A remote attacker could exploit this by
+ sending a large amount of network traffic to cause the system to run out of
+ memory, leading to a denial of service. (CVE-2010-4251, CVE-2010-4805)
+
+ It was discovered that the /proc filesystem did not correctly handle
+ permission changes when programs executed. A local attacker could hold open
+ files to examine details about programs running with higher privileges,
+ potentially increasing the chances of exploiting additional
+ vulnerabilities. (CVE-2011-1020)
+
+ Dan Rosenberg discovered that the X.25 Rose network stack did not correctly
+ handle certain fields. If a system was running with Rose enabled, a remote
+ attacker could send specially crafted traffic to gain root privileges.
+ (CVE-2011-1493)
+
+ Timo Warns discovered that the GUID partition parsing routines did not
+ correctly validate certain structures. A local attacker with physical
+ access could plug in a specially crafted block device to crash the system,
+ leading to a denial of service. (CVE-2011-1577)
+
+ Dan Rosenberg discovered that the IPv4 diagnostic routines did not
+ correctly validate certain requests. A local attacker could exploit this to
+ consume CPU resources, leading to a denial of service. (CVE-2011-2213)
+
+ Vasiliy Kulikov discovered that taskstats listeners were not correctly
+ handled. A local attacker could expoit this to exhaust memory and CPU
+ resources, leading to a denial of service. (CVE-2011-2484)
+
+ It was discovered that Bluetooth l2cap and rfcomm did not correctly
+ initialize structures. A local attacker could exploit this to read portions
+ of the kernel stack, leading to a loss of privacy. (CVE-2011-2492)
+
+ Mauro Carvalho Chehab discovered that the si4713 radio driver did not
+ correctly check the length of memory copies. If this hardware was
+ available, a local attacker could exploit this to crash the system or gain
+ root privileges. (CVE-2011-2700)
+
+ Herbert Xu discovered that certain fields were incorrectly handled when
+ Generic Receive Offload (GRO) is enabled. If a system was running with GRO
+ enabled, a remote attacker could send specially crafted traffic to crash
+ the system, leading to a denial of service. (CVE-2011-2723)
+
+ The performance counter subsystem did not correctly handle certain
+ counters. A local attacker could exploit this to crash the system, leading
+ to a denial of service. (CVE-2011-2918)
+
+ Affected Software/OS:
+ linux-mvl-dove on Ubuntu 10.04 LTS
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-September/001413.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of linux-mvl-dove");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Ubuntu Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-deb.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "UBUNTU10.04 LTS")
+{
+
+ if(isdpkgvuln(pkg:"linux-image-2.6.32-218-dove", ver:"2.6.32-218.36", rls:"UBUNTU10.04 LTS"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_ubuntu_USN_1204_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ubuntu_USN_1204_1.nasl 2011-09-16 14:31:46 UTC (rev 11624)
+++ trunk/openvas-plugins/scripts/gb_ubuntu_USN_1204_1.nasl 2011-09-16 15:22:17 UTC (rev 11625)
@@ -0,0 +1,132 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Ubuntu Update for linux-fsl-imx51 USN-1204-1
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(840744);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"cvss_base", value:"7.8");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "USN", value: "1204-1");
+ script_cve_id("CVE-2010-3859", "CVE-2010-4075", "CVE-2010-4076", "CVE-2010-4077", "CVE-2010-4158", "CVE-2010-4160", "CVE-2010-4162", "CVE-2010-4163", "CVE-2010-4668", "CVE-2010-4175", "CVE-2010-4242", "CVE-2010-4243", "CVE-2010-4251", "CVE-2010-4805", "CVE-2010-4526", "CVE-2010-4649", "CVE-2011-1044", "CVE-2011-0726", "CVE-2011-1010", "CVE-2011-1012", "CVE-2011-1013", "CVE-2011-1020", "CVE-2011-1078", "CVE-2011-1079", "CVE-2011-1080", "CVE-2011-1082", "CVE-2011-1090", "CVE-2011-1093", "CVE-2011-1160", "CVE-2011-1163", "CVE-2011-1170", "CVE-2011-1171", "CVE-2011-1172", "CVE-2011-2534", "CVE-2011-1173", "CVE-2011-1180", "CVE-2011-1478", "CVE-2011-1493", "CVE-2011-1577", "CVE-2011-1598", "CVE-2011-1770", "CVE-2011-1833", "CVE-2011-2484", "CVE-2011-2492", "CVE-2011-2699", "CVE-2011-2918");
+ script_name("Ubuntu Update for linux-fsl-imx51 USN-1204-1");
+ desc = "
+
+ Vulnerability Insight:
+
+ Dan Rosenberg discovered that the Linux kernel TIPC implementation
+ contained multiple integer signedness errors. A local attacker could
+ exploit this to gain root privileges. (CVE-2010-3859)
+
+ Dan Rosenberg discovered that multiple terminal ioctls did not correctly
+ initialize structure memory. A local attacker could exploit this to read
+ portions of kernel stack memory, leading to a loss of privacy.
+ (CVE-2010-4075, CVE-2010-4076, CVE-2010-4077)
+
+ Dan Rosenberg discovered that the socket filters did not correctly
+ initialize structure memory. A local attacker could create malicious
+ filters to read portions of kernel stack memory, leading to a loss of
+ privacy. (CVE-2010-4158)
+
+ Dan Rosenberg discovered that the Linux kernel L2TP implementation
+ contained multiple integer signedness errors. A local attacker could
+ exploit this to to crash the kernel, or possibly gain root privileges.
+ (CVE-2010-4160)
+
+ Dan Rosenberg discovered that certain iovec operations did not calculate
+ page counts correctly. A local attacker could exploit this to crash the
+ system, leading to a denial of service. (CVE-2010-4162)
+
+ Dan Rosenberg discovered that the SCSI subsystem did not correctly validate
+ iov segments. A local attacker with access to a SCSI device could send
+ specially crafted requests to crash the system, leading to a denial of
+ service. (CVE-2010-4163, CVE-2010-4668)
+
+ Dan Rosenberg discovered that the RDS protocol did not correctly check
+ ioctl arguments. A local attacker could exploit this to crash the system,
+ leading to a denial of service. (CVE-2010-4175)
+
+ Alan Cox discovered that the HCI UART driver did not correctly check if a
+ write operation was available. If the mmap_min-addr sysctl was changed from
+ the Ubuntu default to a value of 0, a local attacker could exploit this
+ flaw to gain root privileges. (CVE-2010-4242)
+
+ Brad Spengler discovered that the kernel did not correctly account for
+ userspace memory allocations during exec() calls. A local attacker could
+ exploit this to consume all system memory, leading to a denial of service.
+ (CVE-2010-4243)
+
+ Alex Shi and Eric Dumazet discovered that the network stack did not
+ correctly handle packet backlogs. A remote attacker could exploit this by
+ sending a large amount of network traffic to cause the system to run out of
+ memory, leading to a denial of service. (CVE-2010-4251, CVE-2010-4805)
+
+ It was discovered that the ICMP stack did not correctly handle certain
+ unreachable messages. If a remote attacker were able to acquire a socket
+ lock, they could send specially ...
+
+ Description truncated, for more information please check the Reference URL
+
+ Affected Software/OS:
+ linux-fsl-imx51 on Ubuntu 10.04 LTS
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-September/001414.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of linux-fsl-imx51");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Ubuntu Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-deb.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "UBUNTU10.04 LTS")
+{
+
+ if(isdpkgvuln(pkg:"linux-image-2.6.31-610-imx51", ver:"2.6.31-610.28", rls:"UBUNTU10.04 LTS"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_ubuntu_USN_1205_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ubuntu_USN_1205_1.nasl 2011-09-16 14:31:46 UTC (rev 11624)
+++ trunk/openvas-plugins/scripts/gb_ubuntu_USN_1205_1.nasl 2011-09-16 15:22:17 UTC (rev 11625)
@@ -0,0 +1,120 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Ubuntu Update for linux-lts-backport-maverick USN-1205-1
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(840739);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"cvss_base", value:"7.8");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "USN", value: "1205-1");
+ script_cve_id("CVE-2011-1020", "CVE-2011-1493", "CVE-2011-1770", "CVE-2011-2484", "CVE-2011-2492");
+ script_name("Ubuntu Update for linux-lts-backport-maverick USN-1205-1");
+ desc = "
+
+ Vulnerability Insight:
+
+ It was discovered that the /proc filesystem did not correctly handle
+ permission changes when programs executed. A local attacker could hold open
+ files to examine details about programs running with higher privileges,
+ potentially increasing the chances of exploiting additional
+ vulnerabilities. (CVE-2011-1020)
+
+ Dan Rosenberg discovered that the X.25 Rose network stack did not correctly
+ handle certain fields. If a system was running with Rose enabled, a remote
+ attacker could send specially crafted traffic to gain root privileges.
+ (CVE-2011-1493)
+
+ Dan Rosenberg discovered that the DCCP stack did not correctly handle
+ certain packet structures. A remote attacker could exploit this to crash
+ the system, leading to a denial of service. (CVE-2011-1770)
+
+ Vasiliy Kulikov discovered that taskstats listeners were not correctly
+ handled. A local attacker could expoit this to exhaust memory and CPU
+ resources, leading to a denial of service. (CVE-2011-2484)
+
+ It was discovered that Bluetooth l2cap and rfcomm did not correctly
+ initialize structures. A local attacker could exploit this to read portions
+ of the kernel stack, leading to a loss of privacy. (CVE-2011-2492)
+
+ Affected Software/OS:
+ linux-lts-backport-maverick on Ubuntu 10.04 LTS
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-September/001415.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of linux-lts-backport-maverick");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Ubuntu Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-deb.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "UBUNTU10.04 LTS")
+{
+
+ if(isdpkgvuln(pkg:"linux-image-2.6.35-30-generic", ver:"2.6.35-30.59~lucid1", rls:"UBUNTU10.04 LTS"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isdpkgvuln(pkg:"linux-image-2.6.35-30-generic-pae", ver:"2.6.35-30.59~lucid1", rls:"UBUNTU10.04 LTS"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isdpkgvuln(pkg:"linux-image-2.6.35-30-server", ver:"2.6.35-30.59~lucid1", rls:"UBUNTU10.04 LTS"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isdpkgvuln(pkg:"linux-image-2.6.35-30-virtual", ver:"2.6.35-30.59~lucid1", rls:"UBUNTU10.04 LTS"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_ubuntu_USN_1206_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ubuntu_USN_1206_1.nasl 2011-09-16 14:31:46 UTC (rev 11624)
+++ trunk/openvas-plugins/scripts/gb_ubuntu_USN_1206_1.nasl 2011-09-16 15:22:17 UTC (rev 11625)
@@ -0,0 +1,164 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Ubuntu Update for librsvg USN-1206-1
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(840742);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "USN", value: "1206-1");
+ script_cve_id("CVE-2011-3146");
+ script_name("Ubuntu Update for librsvg USN-1206-1");
+ desc = "
+
+ Vulnerability Insight:
+
+ Sauli Pahlman discovered that librsvg did not correctly handle malformed
+ filter names. If a user or automated system were tricked into processing a
+ specially crafted SVG image, a remote attacker could gain user privileges.
+
+ Affected Software/OS:
+ librsvg on Ubuntu 11.04 ,
+ Ubuntu 10.10 ,
+ Ubuntu 10.04 LTS
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-September/001416.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of librsvg");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Ubuntu Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-deb.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "UBUNTU10.10")
+{
+
+ if(isdpkgvuln(pkg:"librsvg2-2", ver:"2.32.0-0ubuntu1.1", rls:"UBUNTU10.10"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isdpkgvuln(pkg:"librsvg2-bin", ver:"2.32.0-0ubuntu1.1", rls:"UBUNTU10.10"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isdpkgvuln(pkg:"librsvg2-common", ver:"2.32.0-0ubuntu1.1", rls:"UBUNTU10.10"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isdpkgvuln(pkg:"librsvg2-dev", ver:"2.32.0-0ubuntu1.1", rls:"UBUNTU10.10"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
+
+
+if(release == "UBUNTU10.04 LTS")
+{
+
+ if(isdpkgvuln(pkg:"librsvg2-2", ver:"2.26.3-0ubuntu1.1", rls:"UBUNTU10.04 LTS"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isdpkgvuln(pkg:"librsvg2-bin", ver:"2.26.3-0ubuntu1.1", rls:"UBUNTU10.04 LTS"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isdpkgvuln(pkg:"librsvg2-common", ver:"2.26.3-0ubuntu1.1", rls:"UBUNTU10.04 LTS"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isdpkgvuln(pkg:"librsvg2-dev", ver:"2.26.3-0ubuntu1.1", rls:"UBUNTU10.04 LTS"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
+
+
+if(release == "UBUNTU11.04")
+{
+
+ if(isdpkgvuln(pkg:"librsvg2-2", ver:"2.32.1-0ubuntu3.1", rls:"UBUNTU11.04"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isdpkgvuln(pkg:"librsvg2-bin", ver:"2.32.1-0ubuntu3.1", rls:"UBUNTU11.04"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isdpkgvuln(pkg:"librsvg2-common", ver:"2.32.1-0ubuntu3.1", rls:"UBUNTU11.04"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isdpkgvuln(pkg:"librsvg2-dev", ver:"2.32.1-0ubuntu3.1", rls:"UBUNTU11.04"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_ubuntu_USN_1207_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ubuntu_USN_1207_1.nasl 2011-09-16 14:31:46 UTC (rev 11624)
+++ trunk/openvas-plugins/scripts/gb_ubuntu_USN_1207_1.nasl 2011-09-16 15:22:17 UTC (rev 11625)
@@ -0,0 +1,125 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Ubuntu Update for cups USN-1207-1
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(840741);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"cvss_base", value:"5.1");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "USN", value: "1207-1");
+ script_cve_id("CVE-2011-2896", "CVE-2011-3170");
+ script_name("Ubuntu Update for cups USN-1207-1");
+ desc = "
+
+ Vulnerability Insight:
+
+ Tomas Hoger discovered that the CUPS image library incorrectly handled LZW
+ streams. A remote attacker could use this flaw to cause a denial of service
+ or possibly execute arbitrary code.
+
+ Affected Software/OS:
+ cups on Ubuntu 11.04 ,
+ Ubuntu 10.10 ,
+ Ubuntu 10.04 LTS ,
+ Ubuntu 8.04 LTS
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-September/001417.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of cups");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Ubuntu Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-deb.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "UBUNTU10.10")
+{
+
+ if(isdpkgvuln(pkg:"libcupsimage2", ver:"1.4.4-6ubuntu2.4", rls:"UBUNTU10.10"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
+
+
+if(release == "UBUNTU10.04 LTS")
+{
+
+ if(isdpkgvuln(pkg:"libcupsimage2", ver:"1.4.3-1ubuntu1.5", rls:"UBUNTU10.04 LTS"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
+
+
+if(release == "UBUNTU11.04")
+{
+
+ if(isdpkgvuln(pkg:"libcupsimage2", ver:"1.4.6-5ubuntu1.4", rls:"UBUNTU11.04"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
+
+
+if(release == "UBUNTU8.04 LTS")
+{
+
+ if(isdpkgvuln(pkg:"libcupsimage2", ver:"1.3.7-1ubuntu3.13", rls:"UBUNTU8.04 LTS"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_ubuntu_USN_1208_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ubuntu_USN_1208_1.nasl 2011-09-16 14:31:46 UTC (rev 11624)
+++ trunk/openvas-plugins/scripts/gb_ubuntu_USN_1208_1.nasl 2011-09-16 15:22:17 UTC (rev 11625)
@@ -0,0 +1,129 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Ubuntu Update for linux-mvl-dove USN-1208-1
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(840743);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"cvss_base", value:"6.1");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "USN", value: "1208-1");
+ script_cve_id("CVE-2010-4076", "CVE-2010-4077", "CVE-2010-4251", "CVE-2010-4805", "CVE-2011-1020", "CVE-2011-1493", "CVE-2011-1577", "CVE-2011-2213", "CVE-2011-2484", "CVE-2011-2492", "CVE-2011-2700", "CVE-2011-2723", "CVE-2011-2918");
+ script_name("Ubuntu Update for linux-mvl-dove USN-1208-1");
+ desc = "
+
+ Vulnerability Insight:
+
+ Dan Rosenberg discovered that multiple terminal ioctls did not correctly
+ initialize structure memory. A local attacker could exploit this to read
+ portions of kernel stack memory, leading to a loss of privacy.
+ (CVE-2010-4076, CVE-2010-4077)
+
+ Alex Shi and Eric Dumazet discovered that the network stack did not
+ correctly handle packet backlogs. A remote attacker could exploit this by
+ sending a large amount of network traffic to cause the system to run out of
+ memory, leading to a denial of service. (CVE-2010-4251, CVE-2010-4805)
+
+ It was discovered that the /proc filesystem did not correctly handle
+ permission changes when programs executed. A local attacker could hold open
+ files to examine details about programs running with higher privileges,
+ potentially increasing the chances of exploiting additional
+ vulnerabilities. (CVE-2011-1020)
+
+ Dan Rosenberg discovered that the X.25 Rose network stack did not correctly
+ handle certain fields. If a system was running with Rose enabled, a remote
+ attacker could send specially crafted traffic to gain root privileges.
+ (CVE-2011-1493)
+
+ Timo Warns discovered that the GUID partition parsing routines did not
+ correctly validate certain structures. A local attacker with physical
+ access could plug in a specially crafted block device to crash the system,
+ leading to a denial of service. (CVE-2011-1577)
+
+ Dan Rosenberg discovered that the IPv4 diagnostic routines did not
+ correctly validate certain requests. A local attacker could exploit this to
+ consume CPU resources, leading to a denial of service. (CVE-2011-2213)
+
+ Vasiliy Kulikov discovered that taskstats listeners were not correctly
+ handled. A local attacker could expoit this to exhaust memory and CPU
+ resources, leading to a denial of service. (CVE-2011-2484)
+
+ It was discovered that Bluetooth l2cap and rfcomm did not correctly
+ initialize structures. A local attacker could exploit this to read portions
+ of the kernel stack, leading to a loss of privacy. (CVE-2011-2492)
+
+ Mauro Carvalho Chehab discovered that the si4713 radio driver did not
+ correctly check the length of memory copies. If this hardware was
+ available, a local attacker could exploit this to crash the system or gain
+ root privileges. (CVE-2011-2700)
+
+ Herbert Xu discovered that certain fields were incorrectly handled when
+ Generic Receive Offload (CVE-2011-2723)
+
+ The performance counter subsystem did not correctly handle certain
+ counters. A local attacker could exploit this to crash the system, leading
+ to a denial of service. (CVE-2011-2918)
+
+ Affected Software/OS:
+ linux-mvl-dove on Ubuntu 10.10
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-September/001418.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of linux-mvl-dove");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Ubuntu Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-deb.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "UBUNTU10.10")
+{
+
+ if(isdpkgvuln(pkg:"linux-image-2.6.32-418-dove", ver:"2.6.32-418.36", rls:"UBUNTU10.10"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_wordpress_ip_logger_plugin_sql_inj_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_ip_logger_plugin_sql_inj_vuln.nasl 2011-09-16 14:31:46 UTC (rev 11624)
+++ trunk/openvas-plugins/scripts/gb_wordpress_ip_logger_plugin_sql_inj_vuln.nasl 2011-09-16 15:22:17 UTC (rev 11625)
@@ -0,0 +1,104 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_wordpress_ip_logger_plugin_sql_inj_vuln.nasl 16760 2011-09-13 18:15:15Z sep $
+#
+# WordPress IP Logger Plugin map-details.php SQL Injection Vulnerability
+#
+# Authors:
+# Veerendra G.G <veerendragg at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802035);
+ script_version("$Revision: 1.0$");
+ script_bugtraq_id(49168);
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"risk_factor", value:"High");
+ script_name("WordPress IP Logger Plugin map-details.php SQL Injection Vulnerability");
+ desc = "
+ Overview: This host is installed with WordPress IP Logger plugin and is prone
+ to sql injection vulnerability.
+
+ Vulnerability Insight:
+ The flaw is caused due to improper validation of user-supplied input passed
+ via multiple parameters to '/wp-content/plugins/ip-logger/map-details.php',
+ which allows attackers to manipulate SQL queries by injecting arbitrary
+ SQL code.
+
+ Impact:
+ Successful exploitation will let the attacker to perform SQL Injection attack
+ and gain sensitive information.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ WordPress IP Logger Version 3.0, Other versions may also be affected.
+
+ Fix: No solution or patch is available as on 13th September 2011. Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://wordpress.org/extend/plugins
+
+ References:
+ http://xforce.iss.net/xforce/xfdb/69255
+ http://www.exploit-db.com/exploits/17673
+ http://packetstormsecurity.org/files/view/104086
+ ";
+
+ script_description(desc);
+ script_summary("Check if WordPress IP Logger plugin is vulnerable to SQL Injection");
+ script_category(ACT_ATTACK);
+ script_copyright("Copyright (C) 2011 Greenbone Networks GmbH");
+ script_family("Web application abuses");
+ script_dependencies("secpod_wordpress_detect_900182.nasl");
+ script_require_ports("Services/www", 80);
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+include("http_keepalive.inc");
+
+## Get HTTP Port
+port = get_http_port(default:80);
+if(!port){
+ exit(0);
+}
+
+## Check Host Supports PHP
+if(!can_host_php(port:port)){
+ exit(0);
+}
+
+## Get WordPress Installed Location
+if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
+ exit(0);
+}
+
+## Construct the Attack Request
+url = dir + "/wp-content/plugins/ip-logger/map-details.php?lat=-1'[SQLi]--";
+
+## Try attack and check the response to confirm vulnerability.
+if(http_vuln_check(port:port, url:url, pattern:"mysql_fetch_assoc\(\): suppli"+
+ "ed argument is not a valid MySQL result|You have an error in your SQL " +
+ "syntax;")){
+ security_hole(port);
+ exit(0);
+}
More information about the Openvas-commits
mailing list