[Openvas-commits] r11640 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Tue Sep 20 15:38:59 CEST 2011
Author: veerendragg
Date: 2011-09-20 15:38:54 +0200 (Tue, 20 Sep 2011)
New Revision: 11640
Added:
trunk/openvas-plugins/scripts/gb_fedora_2011_11528_maniadrive_fc15.nasl
trunk/openvas-plugins/scripts/gb_fedora_2011_11528_php-eaccelerator_fc15.nasl
trunk/openvas-plugins/scripts/gb_fedora_2011_11528_php_fc15.nasl
trunk/openvas-plugins/scripts/gb_fedora_2011_11537_maniadrive_fc14.nasl
trunk/openvas-plugins/scripts/gb_fedora_2011_11537_php-eaccelerator_fc14.nasl
trunk/openvas-plugins/scripts/gb_fedora_2011_11537_php_fc14.nasl
trunk/openvas-plugins/scripts/gb_fedora_2011_12224_seamonkey_fc15.nasl
trunk/openvas-plugins/scripts/gb_fedora_2011_12298_bcfg2_fc15.nasl
trunk/openvas-plugins/scripts/gb_fedora_2011_12303_bcfg2_fc14.nasl
trunk/openvas-plugins/scripts/gb_fedora_2011_12369_mantis_fc15.nasl
trunk/openvas-plugins/scripts/gb_fedora_2011_12370_audacious-plugins_fc14.nasl
trunk/openvas-plugins/scripts/gb_fedora_2011_12403_wireshark_fc15.nasl
trunk/openvas-plugins/scripts/gb_fedora_2011_12485_zabbix_fc15.nasl
trunk/openvas-plugins/scripts/gb_fedora_2011_12489_zabbix_fc14.nasl
trunk/openvas-plugins/scripts/gb_fedora_2011_12493_Django_fc15.nasl
trunk/openvas-plugins/scripts/gb_orion_npm_mult_xss_vuln.nasl
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/scripts/gb_esignal_mult_vuln.nasl
trunk/openvas-plugins/scripts/gb_myre_real_estate_mult_xss_n_sql_inj_vuln.nasl
trunk/openvas-plugins/scripts/gb_orion_npm_detect.nasl
Log:
Added new plugin. Updated to detect SP as well. Updated Reference section.
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2011-09-20 12:40:22 UTC (rev 11639)
+++ trunk/openvas-plugins/ChangeLog 2011-09-20 13:38:54 UTC (rev 11640)
@@ -1,3 +1,32 @@
+2011-09-20 Veerendra G.G <veerendragg at secpod.com>
+
+ * scripts/gb_fedora_2011_11537_php_fc14.nasl,
+ scripts/gb_fedora_2011_12370_audacious-plugins_fc14.nasl,
+ scripts/gb_fedora_2011_12298_bcfg2_fc15.nasl,
+ scripts/gb_fedora_2011_12369_mantis_fc15.nasl,
+ scripts/gb_fedora_2011_12485_zabbix_fc15.nasl,
+ scripts/gb_fedora_2011_11528_php-eaccelerator_fc15.nasl,
+ scripts/gb_fedora_2011_11528_maniadrive_fc15.nasl,
+ scripts/gb_fedora_2011_12303_bcfg2_fc14.nasl,
+ scripts/gb_fedora_2011_12493_Django_fc15.nasl,
+ scripts/gb_fedora_2011_12403_wireshark_fc15.nasl,
+ scripts/gb_fedora_2011_12224_seamonkey_fc15.nasl,
+ scripts/gb_fedora_2011_11537_maniadrive_fc14.nasl,
+ scripts/gb_fedora_2011_11537_php-eaccelerator_fc14.nasl,
+ scripts/gb_fedora_2011_11528_php_fc15.nasl,
+ scripts/gb_fedora_2011_12489_zabbix_fc14.nasl:
+ Added new LSC plugins.
+
+ * scripts/gb_orion_npm_mult_xss_vuln.nasl:
+ Added new plugin.
+
+ * scripts/gb_orion_npm_detect.nasl:
+ Updated to detect SP as well.
+
+ * scripts/gb_esignal_mult_vuln.nasl,
+ scripts/gb_myre_real_estate_mult_xss_n_sql_inj_vuln.nasl:
+ Updated Reference section.
+
2011-09-20 Henri Doreau <henri.doreau at greenbone.net>
* scripts/gb_phplist_detect.nasl,
Modified: trunk/openvas-plugins/scripts/gb_esignal_mult_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_esignal_mult_vuln.nasl 2011-09-20 12:40:22 UTC (rev 11639)
+++ trunk/openvas-plugins/scripts/gb_esignal_mult_vuln.nasl 2011-09-20 13:38:54 UTC (rev 11640)
@@ -28,6 +28,7 @@
{
script_id(802245);
script_version("$Revision: 1.0$");
+ script_cve_id("CVE-2011-3494", "CVE-2011-3503");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"risk_factor", value:"Critical");
script_name("eSignal Multiple Vulnerabilities");
Added: trunk/openvas-plugins/scripts/gb_fedora_2011_11528_maniadrive_fc15.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_11528_maniadrive_fc15.nasl 2011-09-20 12:40:22 UTC (rev 11639)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_11528_maniadrive_fc15.nasl 2011-09-20 13:38:54 UTC (rev 11640)
@@ -0,0 +1,84 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for maniadrive FEDORA-2011-11528
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(863531);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2011-11528");
+ script_cve_id("CVE-2011-2483", "CVE-2011-2202", "CVE-2011-1938", "CVE-2011-1148", "CVE-2011-3182");
+ script_name("Fedora Update for maniadrive FEDORA-2011-11528");
+ desc = "
+
+ Vulnerability Insight:
+ ManiaDrive is an arcade car game on acrobatic tracks, with a quick and nervous
+ gameplay (tracks almost never exceed one minute). Features: Complex car
+ physics, Challenging "story mode", LAN and Internet mode, Live scores,
+ Track editor, Dedicated server with HTTP interface and More than 30 blocks.
+
+
+ Affected Software/OS:
+ maniadrive on Fedora 15
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066105.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of maniadrive");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC15")
+{
+
+ if(isrpmvuln(pkg:"maniadrive", rpm:"maniadrive~1.2~32.fc15", rls:"FC15"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_fedora_2011_11528_php-eaccelerator_fc15.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_11528_php-eaccelerator_fc15.nasl 2011-09-20 12:40:22 UTC (rev 11639)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_11528_php-eaccelerator_fc15.nasl 2011-09-20 13:38:54 UTC (rev 11640)
@@ -0,0 +1,83 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for php-eaccelerator FEDORA-2011-11528
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(863518);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2011-11528");
+ script_cve_id("CVE-2011-2483", "CVE-2011-2202", "CVE-2011-1938", "CVE-2011-1148", "CVE-2011-3182");
+ script_name("Fedora Update for php-eaccelerator FEDORA-2011-11528");
+ desc = "
+
+ Vulnerability Insight:
+ eAccelerator is a further development of the MMCache PHP Accelerator & Encoder.
+ It increases performance of PHP scripts by caching them in compiled state, so
+ that the overhead of compiling is almost completely eliminated.
+
+
+ Affected Software/OS:
+ php-eaccelerator on Fedora 15
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066107.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of php-eaccelerator");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC15")
+{
+
+ if(isrpmvuln(pkg:"php-eaccelerator", rpm:"php-eaccelerator~0.9.6.1~9.fc15", rls:"FC15"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_fedora_2011_11528_php_fc15.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_11528_php_fc15.nasl 2011-09-20 12:40:22 UTC (rev 11639)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_11528_php_fc15.nasl 2011-09-20 13:38:54 UTC (rev 11640)
@@ -0,0 +1,89 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for php FEDORA-2011-11528
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(863520);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2011-11528");
+ script_cve_id("CVE-2011-2483", "CVE-2011-2202", "CVE-2011-1938", "CVE-2011-1148", "CVE-2011-3182");
+ script_name("Fedora Update for php FEDORA-2011-11528");
+ desc = "
+
+ Vulnerability Insight:
+ PHP is an HTML-embedded scripting language. PHP attempts to make it
+ easy for developers to write dynamically generated web pages. PHP also
+ offers built-in database integration for several commercial and
+ non-commercial database management systems, so writing a
+ database-enabled webpage with PHP is fairly simple. The most common
+ use of PHP coding is probably as a replacement for CGI scripts.
+
+ The php package contains the module which adds support for the PHP
+ language to Apache HTTP Server.
+
+
+ Affected Software/OS:
+ php on Fedora 15
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066106.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of php");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC15")
+{
+
+ if(isrpmvuln(pkg:"php", rpm:"php~5.3.8~1.fc15", rls:"FC15"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_fedora_2011_11537_maniadrive_fc14.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_11537_maniadrive_fc14.nasl 2011-09-20 12:40:22 UTC (rev 11639)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_11537_maniadrive_fc14.nasl 2011-09-20 13:38:54 UTC (rev 11640)
@@ -0,0 +1,84 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for maniadrive FEDORA-2011-11537
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(863527);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2011-11537");
+ script_cve_id("CVE-2011-2483", "CVE-2011-2202", "CVE-2011-1938", "CVE-2011-1148", "CVE-2011-3182");
+ script_name("Fedora Update for maniadrive FEDORA-2011-11537");
+ desc = "
+
+ Vulnerability Insight:
+ ManiaDrive is an arcade car game on acrobatic tracks, with a quick and nervous
+ gameplay (tracks almost never exceed one minute). Features: Complex car
+ physics, Challenging "story mode", LAN and Internet mode, Live scores,
+ Track editor, Dedicated server with HTTP interface and More than 30 blocks.
+
+
+ Affected Software/OS:
+ maniadrive on Fedora 14
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066103.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of maniadrive");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC14")
+{
+
+ if(isrpmvuln(pkg:"maniadrive", rpm:"maniadrive~1.2~32.fc14", rls:"FC14"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_fedora_2011_11537_php-eaccelerator_fc14.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_11537_php-eaccelerator_fc14.nasl 2011-09-20 12:40:22 UTC (rev 11639)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_11537_php-eaccelerator_fc14.nasl 2011-09-20 13:38:54 UTC (rev 11640)
@@ -0,0 +1,83 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for php-eaccelerator FEDORA-2011-11537
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(863523);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2011-11537");
+ script_cve_id("CVE-2011-2483", "CVE-2011-2202", "CVE-2011-1938", "CVE-2011-1148", "CVE-2011-3182");
+ script_name("Fedora Update for php-eaccelerator FEDORA-2011-11537");
+ desc = "
+
+ Vulnerability Insight:
+ eAccelerator is a further development of the MMCache PHP Accelerator & Encoder.
+ It increases performance of PHP scripts by caching them in compiled state, so
+ that the overhead of compiling is almost completely eliminated.
+
+
+ Affected Software/OS:
+ php-eaccelerator on Fedora 14
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066104.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of php-eaccelerator");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC14")
+{
+
+ if(isrpmvuln(pkg:"php-eaccelerator", rpm:"php-eaccelerator~0.9.6.1~9.fc14", rls:"FC14"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_fedora_2011_11537_php_fc14.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_11537_php_fc14.nasl 2011-09-20 12:40:22 UTC (rev 11639)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_11537_php_fc14.nasl 2011-09-20 13:38:54 UTC (rev 11640)
@@ -0,0 +1,89 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for php FEDORA-2011-11537
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(863524);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2011-11537");
+ script_cve_id("CVE-2011-2483", "CVE-2011-2202", "CVE-2011-1938", "CVE-2011-1148", "CVE-2011-3182");
+ script_name("Fedora Update for php FEDORA-2011-11537");
+ desc = "
+
+ Vulnerability Insight:
+ PHP is an HTML-embedded scripting language. PHP attempts to make it
+ easy for developers to write dynamically generated web pages. PHP also
+ offers built-in database integration for several commercial and
+ non-commercial database management systems, so writing a
+ database-enabled webpage with PHP is fairly simple. The most common
+ use of PHP coding is probably as a replacement for CGI scripts.
+
+ The php package contains the module which adds support for the PHP
+ language to Apache HTTP Server.
+
+
+ Affected Software/OS:
+ php on Fedora 14
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066102.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of php");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC14")
+{
+
+ if(isrpmvuln(pkg:"php", rpm:"php~5.3.8~1.fc14", rls:"FC14"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_fedora_2011_12224_seamonkey_fc15.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_12224_seamonkey_fc15.nasl 2011-09-20 12:40:22 UTC (rev 11639)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_12224_seamonkey_fc15.nasl 2011-09-20 13:38:54 UTC (rev 11640)
@@ -0,0 +1,82 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for seamonkey FEDORA-2011-12224
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(863532);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2011-12224");
+ script_name("Fedora Update for seamonkey FEDORA-2011-12224");
+ desc = "
+
+ Vulnerability Insight:
+ SeaMonkey is an all-in-one Internet application suite. It includes
+ a browser, mail/news client, IRC client, JavaScript debugger, and
+ a tool to inspect the DOM for web pages. It is derived from the
+ application formerly known as Mozilla Application Suite.
+
+
+ Affected Software/OS:
+ seamonkey on Fedora 15
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066054.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of seamonkey");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC15")
+{
+
+ if(isrpmvuln(pkg:"seamonkey", rpm:"seamonkey~2.3.3~1.fc15", rls:"FC15"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_fedora_2011_12298_bcfg2_fc15.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_12298_bcfg2_fc15.nasl 2011-09-20 12:40:22 UTC (rev 11639)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_12298_bcfg2_fc15.nasl 2011-09-20 13:38:54 UTC (rev 11640)
@@ -0,0 +1,104 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for bcfg2 FEDORA-2011-12298
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(863529);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"cvss_base", value:"9.3");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_xref(name: "FEDORA", value: "2011-12298");
+ script_cve_id("CVE-2011-3211");
+ script_name("Fedora Update for bcfg2 FEDORA-2011-12298");
+ desc = "
+
+ Vulnerability Insight:
+ Bcfg2 helps system administrators produce a consistent, reproducible,
+ and verifiable description of their environment, and offers
+ visualization and reporting tools to aid in day-to-day administrative
+ tasks. It is the fifth generation of configuration management tools
+ developed in the Mathematics and Computer Science Division of Argonne
+ National Laboratory.
+
+ It is based on an operational model in which the specification can be
+ used to validate and optionally change the state of clients, but in a
+ feature unique to bcfg2 the client's response to the specification can
+ also be used to assess the completeness of the specification. Using
+ this feature, bcfg2 provides an objective measure of how good a job an
+ administrator has done in specifying the configuration of client
+ systems. Bcfg2 is therefore built to help administrators construct an
+ accurate, comprehensive specification.
+
+ Bcfg2 has been designed from the ground up to support gentle
+ reconciliation between the specification and current client states. It
+ is designed to gracefully cope with manual system modifications.
+
+ Finally, due to the rapid pace of updates on modern networks, client
+ systems are constantly changing; if required in your environment,
+ Bcfg2 can enable the construction of complex change management and
+ deployment strategies.
+
+
+ Affected Software/OS:
+ bcfg2 on Fedora 15
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066071.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of bcfg2");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC15")
+{
+
+ if(isrpmvuln(pkg:"bcfg2", rpm:"bcfg2~1.1.2~2.fc15", rls:"FC15"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_fedora_2011_12303_bcfg2_fc14.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_12303_bcfg2_fc14.nasl 2011-09-20 12:40:22 UTC (rev 11639)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_12303_bcfg2_fc14.nasl 2011-09-20 13:38:54 UTC (rev 11640)
@@ -0,0 +1,104 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for bcfg2 FEDORA-2011-12303
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(863525);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"cvss_base", value:"9.3");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_xref(name: "FEDORA", value: "2011-12303");
+ script_cve_id("CVE-2011-3211");
+ script_name("Fedora Update for bcfg2 FEDORA-2011-12303");
+ desc = "
+
+ Vulnerability Insight:
+ Bcfg2 helps system administrators produce a consistent, reproducible,
+ and verifiable description of their environment, and offers
+ visualization and reporting tools to aid in day-to-day administrative
+ tasks. It is the fifth generation of configuration management tools
+ developed in the Mathematics and Computer Science Division of Argonne
+ National Laboratory.
+
+ It is based on an operational model in which the specification can be
+ used to validate and optionally change the state of clients, but in a
+ feature unique to bcfg2 the client's response to the specification can
+ also be used to assess the completeness of the specification. Using
+ this feature, bcfg2 provides an objective measure of how good a job an
+ administrator has done in specifying the configuration of client
+ systems. Bcfg2 is therefore built to help administrators construct an
+ accurate, comprehensive specification.
+
+ Bcfg2 has been designed from the ground up to support gentle
+ reconciliation between the specification and current client states. It
+ is designed to gracefully cope with manual system modifications.
+
+ Finally, due to the rapid pace of updates on modern networks, client
+ systems are constantly changing; if required in your environment,
+ Bcfg2 can enable the construction of complex change management and
+ deployment strategies.
+
+
+ Affected Software/OS:
+ bcfg2 on Fedora 14
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066070.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of bcfg2");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC14")
+{
+
+ if(isrpmvuln(pkg:"bcfg2", rpm:"bcfg2~1.1.2~2.fc14", rls:"FC14"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_fedora_2011_12369_mantis_fc15.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_12369_mantis_fc15.nasl 2011-09-20 12:40:22 UTC (rev 11639)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_12369_mantis_fc15.nasl 2011-09-20 13:38:54 UTC (rev 11640)
@@ -0,0 +1,89 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for mantis FEDORA-2011-12369
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(863528);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2011-12369");
+ script_cve_id("CVE-2011-2938", "CVE-2011-3356", "CVE-2011-3357", "CVE-2011-3358");
+ script_name("Fedora Update for mantis FEDORA-2011-12369");
+ desc = "
+
+ Vulnerability Insight:
+ Mantis is a free popular web-based issue tracking system.
+ It is written in the PHP scripting language and works with MySQL, MS SQL,
+ and PostgreSQL databases and a web server.
+ Almost any web browser should be able to function as a client.
+
+ Documentation can be found in: /usr/share/doc/mantis-1.2.8
+
+ When the package has finished installing, you will need to perform some
+ additional configuration steps; these are described in:
+ /usr/share/doc/mantis-1.2.8/README.Fedora
+
+
+ Affected Software/OS:
+ mantis on Fedora 15
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of mantis");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC15")
+{
+
+ if(isrpmvuln(pkg:"mantis", rpm:"mantis~1.2.8~1.fc15", rls:"FC15"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_fedora_2011_12370_audacious-plugins_fc14.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_12370_audacious-plugins_fc14.nasl 2011-09-20 12:40:22 UTC (rev 11639)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_12370_audacious-plugins_fc14.nasl 2011-09-20 13:38:54 UTC (rev 11640)
@@ -0,0 +1,86 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for audacious-plugins FEDORA-2011-12370
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(863519);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2011-12370");
+ script_name("Fedora Update for audacious-plugins FEDORA-2011-12370");
+ desc = "
+
+ Vulnerability Insight:
+ This package provides essential plugins for the Audacious audio player.
+
+ Audacious is an advanced audio player. It is free, lightweight, based on
+ GTK2, runs on Linux and many other *nix platforms and is focused on audio
+ quality and supporting a wide range of audio codecs. It still features
+ an alternative skinned user interface (based on Winamp 2.x skins).
+ Historically, it started as a fork of Beep Media Player (BMP), which
+ itself forked from XMMS.
+
+
+ Affected Software/OS:
+ audacious-plugins on Fedora 14
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066044.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of audacious-plugins");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC14")
+{
+
+ if(isrpmvuln(pkg:"audacious-plugins", rpm:"audacious-plugins~2.4.5~4.fc14", rls:"FC14"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_fedora_2011_12403_wireshark_fc15.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_12403_wireshark_fc15.nasl 2011-09-20 12:40:22 UTC (rev 11639)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_12403_wireshark_fc15.nasl 2011-09-20 13:38:54 UTC (rev 11640)
@@ -0,0 +1,86 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for wireshark FEDORA-2011-12403
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(863521);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"cvss_base", value:"2.6");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_xref(name: "FEDORA", value: "2011-12403");
+ script_cve_id("CVE-2011-3266");
+ script_name("Fedora Update for wireshark FEDORA-2011-12403");
+ desc = "
+
+ Vulnerability Insight:
+ Wireshark is a network traffic analyzer for Unix-ish operating systems.
+
+ This package lays base for libpcap, a packet capture and filtering
+ library, contains command-line utilities, contains plugins and
+ documentation for wireshark. A graphical user interface is packaged
+ separately to GTK+ package.
+
+
+ Affected Software/OS:
+ wireshark on Fedora 15
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066086.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of wireshark");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC15")
+{
+
+ if(isrpmvuln(pkg:"wireshark", rpm:"wireshark~1.4.9~1.fc15", rls:"FC15"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_fedora_2011_12485_zabbix_fc15.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_12485_zabbix_fc15.nasl 2011-09-20 12:40:22 UTC (rev 11639)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_12485_zabbix_fc15.nasl 2011-09-20 13:38:54 UTC (rev 11640)
@@ -0,0 +1,96 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for zabbix FEDORA-2011-12485
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(863526);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"cvss_base", value:"5.0");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_xref(name: "FEDORA", value: "2011-12485");
+ script_cve_id("CVE-2011-3265");
+ script_name("Fedora Update for zabbix FEDORA-2011-12485");
+ desc = "
+
+ Vulnerability Insight:
+ ZABBIX is software that monitors numerous parameters of a network and
+ the health and integrity of servers. ZABBIX uses a flexible
+ notification mechanism that allows users to configure e-mail based
+ alerts for virtually any event. This allows a fast reaction to server
+ problems. ZABBIX offers excellent reporting and data visualisation
+ features based on the stored data. This makes ZABBIX ideal for
+ capacity planning.
+
+ ZABBIX supports both polling and trapping. All ZABBIX reports and
+ statistics, as well as configuration parameters are accessed through a
+ web-based front end. A web-based front end ensures that the status of
+ your network and the health of your servers can be assessed from any
+ location. Properly configured, ZABBIX can play an important role in
+ monitoring IT infrastructure. This is equally true for small
+ organisations with a few servers and for large companies with a
+ multitude of servers.
+
+
+ Affected Software/OS:
+ zabbix on Fedora 15
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066110.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of zabbix");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC15")
+{
+
+ if(isrpmvuln(pkg:"zabbix", rpm:"zabbix~1.8.7~2.fc15", rls:"FC15"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_fedora_2011_12489_zabbix_fc14.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_12489_zabbix_fc14.nasl 2011-09-20 12:40:22 UTC (rev 11639)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_12489_zabbix_fc14.nasl 2011-09-20 13:38:54 UTC (rev 11640)
@@ -0,0 +1,96 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for zabbix FEDORA-2011-12489
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(863530);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"cvss_base", value:"5.0");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_xref(name: "FEDORA", value: "2011-12489");
+ script_cve_id("CVE-2011-3265");
+ script_name("Fedora Update for zabbix FEDORA-2011-12489");
+ desc = "
+
+ Vulnerability Insight:
+ ZABBIX is software that monitors numerous parameters of a network and
+ the health and integrity of servers. ZABBIX uses a flexible
+ notification mechanism that allows users to configure e-mail based
+ alerts for virtually any event. This allows a fast reaction to server
+ problems. ZABBIX offers excellent reporting and data visualisation
+ features based on the stored data. This makes ZABBIX ideal for
+ capacity planning.
+
+ ZABBIX supports both polling and trapping. All ZABBIX reports and
+ statistics, as well as configuration parameters are accessed through a
+ web-based front end. A web-based front end ensures that the status of
+ your network and the health of your servers can be assessed from any
+ location. Properly configured, ZABBIX can play an important role in
+ monitoring IT infrastructure. This is equally true for small
+ organisations with a few servers and for large companies with a
+ multitude of servers.
+
+
+ Affected Software/OS:
+ zabbix on Fedora 14
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066092.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of zabbix");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC14")
+{
+
+ if(isrpmvuln(pkg:"zabbix", rpm:"zabbix~1.8.7~2.fc14", rls:"FC14"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_fedora_2011_12493_Django_fc15.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_12493_Django_fc15.nasl 2011-09-20 12:40:22 UTC (rev 11639)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_12493_Django_fc15.nasl 2011-09-20 13:38:54 UTC (rev 11640)
@@ -0,0 +1,82 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for Django FEDORA-2011-12493
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(863522);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2011-12493");
+ script_name("Fedora Update for Django FEDORA-2011-12493");
+ desc = "
+
+ Vulnerability Insight:
+ Django is a high-level Python Web framework that encourages rapid
+ development and a clean, pragmatic design. It focuses on automating as
+ much as possible and adhering to the DRY (Don't Repeat Yourself)
+ principle.
+
+
+ Affected Software/OS:
+ Django on Fedora 15
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066043.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of Django");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC15")
+{
+
+ if(isrpmvuln(pkg:"Django", rpm:"Django~1.3.1~2.fc15", rls:"FC15"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Modified: trunk/openvas-plugins/scripts/gb_myre_real_estate_mult_xss_n_sql_inj_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_myre_real_estate_mult_xss_n_sql_inj_vuln.nasl 2011-09-20 12:40:22 UTC (rev 11639)
+++ trunk/openvas-plugins/scripts/gb_myre_real_estate_mult_xss_n_sql_inj_vuln.nasl 2011-09-20 13:38:54 UTC (rev 11640)
@@ -28,6 +28,8 @@
{
script_id(802157);
script_version("$Revision: 1.0$");
+ script_bugtraq_id(49540);
+ script_cve_id("CVE-2011-3393", "CVE-2011-3394");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"risk_factor", value:"High");
script_name("MYRE Real Estate Software Multiple XSS and SQL Injection Vulnerabilities");
Modified: trunk/openvas-plugins/scripts/gb_orion_npm_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_orion_npm_detect.nasl 2011-09-20 12:40:22 UTC (rev 11639)
+++ trunk/openvas-plugins/scripts/gb_orion_npm_detect.nasl 2011-09-20 13:38:54 UTC (rev 11640)
@@ -7,6 +7,9 @@
# Authors:
# Michael Meyer <michael.meyer at greenbone.net>
#
+# Updated by : Antu Sanadi <santu at secpod.com> on 2011-09-15
+# Updated to detect for the sp versions
+#
# Copyright:
# Copyright (c) 2010 Greenbone Networks GmbH
#
@@ -34,7 +37,6 @@
if (description)
{
-
script_tag(name:"risk_factor", value:"None");
script_id(100940);
script_version ("1.0-$Revision$");
@@ -64,10 +66,12 @@
dir = "/Orion";
url = string(dir, "/Login.aspx");
req = http_get(item:url, port:port);
-buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE);
+buf = http_keepalive_send_recv(port:port, data:req, bodyonly:TRUE);
if( buf == NULL )continue;
-if("SolarWinds Orion" >< buf && "NPM" >< buf && "SolarWinds Orion Core" >< buf)
+
+if("SolarWinds Orion" >< buf || "Orion Network Performance Monitor" >< buf
+ || "SolarWinds Orion Core" >< buf)
{
if(strlen(dir)>0) {
install=dir;
@@ -76,11 +80,11 @@
}
vers = string("unknown");
- ### try to get version
- version = eregmatch(string: buf, pattern: "NPM ([0-9.]+),",icase:TRUE);
- if ( !isnull(version[1]) ) {
- vers=chomp(version[1]);
+ ### try to get version
+ version = eregmatch(string: buf, pattern: "(NPM|Network Performance Monitor) (([0-9.]+).?([A-Z0-9]+)?)",icase:TRUE);
+ if(!isnull(version[2]) ) {
+ vers=chomp(version[2]);
}
set_kb_item(name: string("www/", port, "/orion_npm"), value: string(vers," under ",install));
Added: trunk/openvas-plugins/scripts/gb_orion_npm_mult_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_orion_npm_mult_xss_vuln.nasl 2011-09-20 12:40:22 UTC (rev 11639)
+++ trunk/openvas-plugins/scripts/gb_orion_npm_mult_xss_vuln.nasl 2011-09-20 13:38:54 UTC (rev 11640)
@@ -0,0 +1,97 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_orion_npm_mult_xss_vuln.nasl 17058 2011-09-15 18:15:15Z sep $
+#
+# SolarWinds Orion NPM Multiple Cross Site Scripting Vulnerabilities
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801986);
+ script_version("$Revision: 1.0$");
+ script_tag(name:"cvss_base", value:"4.3");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_name("SolarWinds Orion NPM Multiple Cross Site Scripting Vulnerabilities");
+ desc = "
+ Overview: This host is running SolarWinds Orion NPM and is prone to cross
+ site scripting vulnerabilities.
+
+ Vulnerability Insight:
+ The flaws are due to an input validation error in NetPerfMon/CustomChart.aspx
+ and NetPerfMon/MapView.aspx pages when processing the 'Title' parameter.
+
+ Impact:
+ Successful exploitation will let the attacker to execute arbitrary HTML and
+ script code in a user's browser session in the context of a vulnerable site.
+ This may allow an attacker to steal cookie-based authentications and launch
+ further attacks.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ SolarWinds Orion Network Performance Monitor (NPM) 10.1.2 SP1
+
+ Fix: No solution or patch is available as on 20th September, 2011. Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://www.solarwinds.com/home/
+
+ References:
+ http://seclists.org/fulldisclosure/2011/Sep/107
+ http://packetstormsecurity.org/files/view/105020/orionsolarwinds-xss.txt
+ http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2011-09/msg00144.html ";
+
+ script_description(desc);
+ script_summary("Check the version of SolarWinds Orion Network Performance Monitor");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2011 Greenbone Networks GmbH");
+ script_family("Web application abuses");
+ script_dependencies("gb_orion_npm_detect.nasl");
+ script_require_ports("Services/www", 8787);
+ exit(0);
+}
+
+include("http_func.inc");
+include("http_keepalive.inc");
+include("version_func.inc");
+
+## Check for the default port
+port = get_http_port(default:8787);
+if(!get_port_state(port)){
+ exit(0);
+}
+
+## Check for the asp support
+if(!can_host_asp(port:port)){
+ exit(0);
+}
+
+## Get the version from KB
+vers = get_version_from_kb(port:port,app:"orion_npm");
+if(vers)
+{
+ ver = ereg_replace(pattern:" ", replace:".", string:vers);
+
+ ## Check vulnerable version
+ if(version_is_equal(version: ver, test_version: "10.1.2.SP1")){
+ security_warning(port:port);
+ }
+}
More information about the Openvas-commits
mailing list