[Openvas-commits] r11640 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Tue Sep 20 15:38:59 CEST 2011


Author: veerendragg
Date: 2011-09-20 15:38:54 +0200 (Tue, 20 Sep 2011)
New Revision: 11640

Added:
   trunk/openvas-plugins/scripts/gb_fedora_2011_11528_maniadrive_fc15.nasl
   trunk/openvas-plugins/scripts/gb_fedora_2011_11528_php-eaccelerator_fc15.nasl
   trunk/openvas-plugins/scripts/gb_fedora_2011_11528_php_fc15.nasl
   trunk/openvas-plugins/scripts/gb_fedora_2011_11537_maniadrive_fc14.nasl
   trunk/openvas-plugins/scripts/gb_fedora_2011_11537_php-eaccelerator_fc14.nasl
   trunk/openvas-plugins/scripts/gb_fedora_2011_11537_php_fc14.nasl
   trunk/openvas-plugins/scripts/gb_fedora_2011_12224_seamonkey_fc15.nasl
   trunk/openvas-plugins/scripts/gb_fedora_2011_12298_bcfg2_fc15.nasl
   trunk/openvas-plugins/scripts/gb_fedora_2011_12303_bcfg2_fc14.nasl
   trunk/openvas-plugins/scripts/gb_fedora_2011_12369_mantis_fc15.nasl
   trunk/openvas-plugins/scripts/gb_fedora_2011_12370_audacious-plugins_fc14.nasl
   trunk/openvas-plugins/scripts/gb_fedora_2011_12403_wireshark_fc15.nasl
   trunk/openvas-plugins/scripts/gb_fedora_2011_12485_zabbix_fc15.nasl
   trunk/openvas-plugins/scripts/gb_fedora_2011_12489_zabbix_fc14.nasl
   trunk/openvas-plugins/scripts/gb_fedora_2011_12493_Django_fc15.nasl
   trunk/openvas-plugins/scripts/gb_orion_npm_mult_xss_vuln.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/gb_esignal_mult_vuln.nasl
   trunk/openvas-plugins/scripts/gb_myre_real_estate_mult_xss_n_sql_inj_vuln.nasl
   trunk/openvas-plugins/scripts/gb_orion_npm_detect.nasl
Log:
Added new plugin. Updated to detect SP as well. Updated Reference section.

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2011-09-20 12:40:22 UTC (rev 11639)
+++ trunk/openvas-plugins/ChangeLog	2011-09-20 13:38:54 UTC (rev 11640)
@@ -1,3 +1,32 @@
+2011-09-20  Veerendra G.G <veerendragg at secpod.com>
+
+	* scripts/gb_fedora_2011_11537_php_fc14.nasl,
+	scripts/gb_fedora_2011_12370_audacious-plugins_fc14.nasl,
+	scripts/gb_fedora_2011_12298_bcfg2_fc15.nasl,
+	scripts/gb_fedora_2011_12369_mantis_fc15.nasl,
+	scripts/gb_fedora_2011_12485_zabbix_fc15.nasl,
+	scripts/gb_fedora_2011_11528_php-eaccelerator_fc15.nasl,
+	scripts/gb_fedora_2011_11528_maniadrive_fc15.nasl,
+	scripts/gb_fedora_2011_12303_bcfg2_fc14.nasl,
+	scripts/gb_fedora_2011_12493_Django_fc15.nasl,
+	scripts/gb_fedora_2011_12403_wireshark_fc15.nasl,
+	scripts/gb_fedora_2011_12224_seamonkey_fc15.nasl,
+	scripts/gb_fedora_2011_11537_maniadrive_fc14.nasl,
+	scripts/gb_fedora_2011_11537_php-eaccelerator_fc14.nasl,
+	scripts/gb_fedora_2011_11528_php_fc15.nasl,
+	scripts/gb_fedora_2011_12489_zabbix_fc14.nasl:
+	Added new LSC plugins.
+
+	* scripts/gb_orion_npm_mult_xss_vuln.nasl:
+	Added new plugin.
+
+	* scripts/gb_orion_npm_detect.nasl:
+	Updated to detect SP as well.
+
+	* scripts/gb_esignal_mult_vuln.nasl,
+	scripts/gb_myre_real_estate_mult_xss_n_sql_inj_vuln.nasl:
+	Updated Reference section.
+
 2011-09-20  Henri Doreau <henri.doreau at greenbone.net>
 
 	* scripts/gb_phplist_detect.nasl,

Modified: trunk/openvas-plugins/scripts/gb_esignal_mult_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_esignal_mult_vuln.nasl	2011-09-20 12:40:22 UTC (rev 11639)
+++ trunk/openvas-plugins/scripts/gb_esignal_mult_vuln.nasl	2011-09-20 13:38:54 UTC (rev 11640)
@@ -28,6 +28,7 @@
 {
   script_id(802245);
   script_version("$Revision: 1.0$");
+  script_cve_id("CVE-2011-3494", "CVE-2011-3503");
   script_tag(name:"cvss_base", value:"10.0");
   script_tag(name:"risk_factor", value:"Critical");
   script_name("eSignal Multiple Vulnerabilities");

Added: trunk/openvas-plugins/scripts/gb_fedora_2011_11528_maniadrive_fc15.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_11528_maniadrive_fc15.nasl	2011-09-20 12:40:22 UTC (rev 11639)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_11528_maniadrive_fc15.nasl	2011-09-20 13:38:54 UTC (rev 11640)
@@ -0,0 +1,84 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for maniadrive FEDORA-2011-11528
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(863531);
+  script_version("$Revision$: 1.0");
+  script_tag(name:"cvss_base", value:"7.5");
+  script_tag(name:"risk_factor", value:"High");
+  script_xref(name: "FEDORA", value: "2011-11528");
+  script_cve_id("CVE-2011-2483", "CVE-2011-2202", "CVE-2011-1938", "CVE-2011-1148", "CVE-2011-3182");
+  script_name("Fedora Update for maniadrive FEDORA-2011-11528");
+  desc = "
+
+  Vulnerability Insight:
+  ManiaDrive is an arcade car game on acrobatic tracks, with a quick and nervous
+  gameplay (tracks almost never exceed one minute). Features: Complex car
+  physics, Challenging &quot;story mode&quot;, LAN and Internet mode, Live scores,
+  Track editor, Dedicated server with HTTP interface and More than 30 blocks.
+
+
+  Affected Software/OS:
+  maniadrive on Fedora 15
+
+  Fix: Please Install the Updated Packages.
+
+  References:
+  http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066105.html
+
+  ";
+
+  script_description(desc);
+  script_summary("Check for the Version of maniadrive");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("Fedora Local Security Checks");
+  script_dependencies("gather-package-list.nasl");
+  script_require_keys("ssh/login/release");
+  exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+  exit(0);
+}
+
+if(release == "FC15")
+{
+
+  if(isrpmvuln(pkg:"maniadrive", rpm:"maniadrive~1.2~32.fc15", rls:"FC15"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  exit(0);
+}
\ No newline at end of file

Added: trunk/openvas-plugins/scripts/gb_fedora_2011_11528_php-eaccelerator_fc15.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_11528_php-eaccelerator_fc15.nasl	2011-09-20 12:40:22 UTC (rev 11639)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_11528_php-eaccelerator_fc15.nasl	2011-09-20 13:38:54 UTC (rev 11640)
@@ -0,0 +1,83 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for php-eaccelerator FEDORA-2011-11528
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(863518);
+  script_version("$Revision$: 1.0");
+  script_tag(name:"cvss_base", value:"7.5");
+  script_tag(name:"risk_factor", value:"High");
+  script_xref(name: "FEDORA", value: "2011-11528");
+  script_cve_id("CVE-2011-2483", "CVE-2011-2202", "CVE-2011-1938", "CVE-2011-1148", "CVE-2011-3182");
+  script_name("Fedora Update for php-eaccelerator FEDORA-2011-11528");
+  desc = "
+
+  Vulnerability Insight:
+  eAccelerator is a further development of the MMCache PHP Accelerator &amp; Encoder.
+  It increases performance of PHP scripts by caching them in compiled state, so
+  that the overhead of compiling is almost completely eliminated.
+
+
+  Affected Software/OS:
+  php-eaccelerator on Fedora 15
+
+  Fix: Please Install the Updated Packages.
+
+  References:
+  http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066107.html
+
+  ";
+
+  script_description(desc);
+  script_summary("Check for the Version of php-eaccelerator");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("Fedora Local Security Checks");
+  script_dependencies("gather-package-list.nasl");
+  script_require_keys("ssh/login/release");
+  exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+  exit(0);
+}
+
+if(release == "FC15")
+{
+
+  if(isrpmvuln(pkg:"php-eaccelerator", rpm:"php-eaccelerator~0.9.6.1~9.fc15", rls:"FC15"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  exit(0);
+}
\ No newline at end of file

Added: trunk/openvas-plugins/scripts/gb_fedora_2011_11528_php_fc15.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_11528_php_fc15.nasl	2011-09-20 12:40:22 UTC (rev 11639)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_11528_php_fc15.nasl	2011-09-20 13:38:54 UTC (rev 11640)
@@ -0,0 +1,89 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for php FEDORA-2011-11528
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(863520);
+  script_version("$Revision$: 1.0");
+  script_tag(name:"cvss_base", value:"7.5");
+  script_tag(name:"risk_factor", value:"High");
+  script_xref(name: "FEDORA", value: "2011-11528");
+  script_cve_id("CVE-2011-2483", "CVE-2011-2202", "CVE-2011-1938", "CVE-2011-1148", "CVE-2011-3182");
+  script_name("Fedora Update for php FEDORA-2011-11528");
+  desc = "
+
+  Vulnerability Insight:
+  PHP is an HTML-embedded scripting language. PHP attempts to make it
+  easy for developers to write dynamically generated web pages. PHP also
+  offers built-in database integration for several commercial and
+  non-commercial database management systems, so writing a
+  database-enabled webpage with PHP is fairly simple. The most common
+  use of PHP coding is probably as a replacement for CGI scripts.
+  
+  The php package contains the module which adds support for the PHP
+  language to Apache HTTP Server.
+
+
+  Affected Software/OS:
+  php on Fedora 15
+
+  Fix: Please Install the Updated Packages.
+
+  References:
+  http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066106.html
+
+  ";
+
+  script_description(desc);
+  script_summary("Check for the Version of php");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("Fedora Local Security Checks");
+  script_dependencies("gather-package-list.nasl");
+  script_require_keys("ssh/login/release");
+  exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+  exit(0);
+}
+
+if(release == "FC15")
+{
+
+  if(isrpmvuln(pkg:"php", rpm:"php~5.3.8~1.fc15", rls:"FC15"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  exit(0);
+}
\ No newline at end of file

Added: trunk/openvas-plugins/scripts/gb_fedora_2011_11537_maniadrive_fc14.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_11537_maniadrive_fc14.nasl	2011-09-20 12:40:22 UTC (rev 11639)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_11537_maniadrive_fc14.nasl	2011-09-20 13:38:54 UTC (rev 11640)
@@ -0,0 +1,84 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for maniadrive FEDORA-2011-11537
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(863527);
+  script_version("$Revision$: 1.0");
+  script_tag(name:"cvss_base", value:"7.5");
+  script_tag(name:"risk_factor", value:"High");
+  script_xref(name: "FEDORA", value: "2011-11537");
+  script_cve_id("CVE-2011-2483", "CVE-2011-2202", "CVE-2011-1938", "CVE-2011-1148", "CVE-2011-3182");
+  script_name("Fedora Update for maniadrive FEDORA-2011-11537");
+  desc = "
+
+  Vulnerability Insight:
+  ManiaDrive is an arcade car game on acrobatic tracks, with a quick and nervous
+  gameplay (tracks almost never exceed one minute). Features: Complex car
+  physics, Challenging &quot;story mode&quot;, LAN and Internet mode, Live scores,
+  Track editor, Dedicated server with HTTP interface and More than 30 blocks.
+
+
+  Affected Software/OS:
+  maniadrive on Fedora 14
+
+  Fix: Please Install the Updated Packages.
+
+  References:
+  http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066103.html
+
+  ";
+
+  script_description(desc);
+  script_summary("Check for the Version of maniadrive");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("Fedora Local Security Checks");
+  script_dependencies("gather-package-list.nasl");
+  script_require_keys("ssh/login/release");
+  exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+  exit(0);
+}
+
+if(release == "FC14")
+{
+
+  if(isrpmvuln(pkg:"maniadrive", rpm:"maniadrive~1.2~32.fc14", rls:"FC14"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  exit(0);
+}
\ No newline at end of file

Added: trunk/openvas-plugins/scripts/gb_fedora_2011_11537_php-eaccelerator_fc14.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_11537_php-eaccelerator_fc14.nasl	2011-09-20 12:40:22 UTC (rev 11639)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_11537_php-eaccelerator_fc14.nasl	2011-09-20 13:38:54 UTC (rev 11640)
@@ -0,0 +1,83 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for php-eaccelerator FEDORA-2011-11537
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(863523);
+  script_version("$Revision$: 1.0");
+  script_tag(name:"cvss_base", value:"7.5");
+  script_tag(name:"risk_factor", value:"High");
+  script_xref(name: "FEDORA", value: "2011-11537");
+  script_cve_id("CVE-2011-2483", "CVE-2011-2202", "CVE-2011-1938", "CVE-2011-1148", "CVE-2011-3182");
+  script_name("Fedora Update for php-eaccelerator FEDORA-2011-11537");
+  desc = "
+
+  Vulnerability Insight:
+  eAccelerator is a further development of the MMCache PHP Accelerator &amp; Encoder.
+  It increases performance of PHP scripts by caching them in compiled state, so
+  that the overhead of compiling is almost completely eliminated.
+
+
+  Affected Software/OS:
+  php-eaccelerator on Fedora 14
+
+  Fix: Please Install the Updated Packages.
+
+  References:
+  http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066104.html
+
+  ";
+
+  script_description(desc);
+  script_summary("Check for the Version of php-eaccelerator");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("Fedora Local Security Checks");
+  script_dependencies("gather-package-list.nasl");
+  script_require_keys("ssh/login/release");
+  exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+  exit(0);
+}
+
+if(release == "FC14")
+{
+
+  if(isrpmvuln(pkg:"php-eaccelerator", rpm:"php-eaccelerator~0.9.6.1~9.fc14", rls:"FC14"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  exit(0);
+}
\ No newline at end of file

Added: trunk/openvas-plugins/scripts/gb_fedora_2011_11537_php_fc14.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_11537_php_fc14.nasl	2011-09-20 12:40:22 UTC (rev 11639)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_11537_php_fc14.nasl	2011-09-20 13:38:54 UTC (rev 11640)
@@ -0,0 +1,89 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for php FEDORA-2011-11537
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(863524);
+  script_version("$Revision$: 1.0");
+  script_tag(name:"cvss_base", value:"7.5");
+  script_tag(name:"risk_factor", value:"High");
+  script_xref(name: "FEDORA", value: "2011-11537");
+  script_cve_id("CVE-2011-2483", "CVE-2011-2202", "CVE-2011-1938", "CVE-2011-1148", "CVE-2011-3182");
+  script_name("Fedora Update for php FEDORA-2011-11537");
+  desc = "
+
+  Vulnerability Insight:
+  PHP is an HTML-embedded scripting language. PHP attempts to make it
+  easy for developers to write dynamically generated web pages. PHP also
+  offers built-in database integration for several commercial and
+  non-commercial database management systems, so writing a
+  database-enabled webpage with PHP is fairly simple. The most common
+  use of PHP coding is probably as a replacement for CGI scripts.
+  
+  The php package contains the module which adds support for the PHP
+  language to Apache HTTP Server.
+
+
+  Affected Software/OS:
+  php on Fedora 14
+
+  Fix: Please Install the Updated Packages.
+
+  References:
+  http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066102.html
+
+  ";
+
+  script_description(desc);
+  script_summary("Check for the Version of php");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("Fedora Local Security Checks");
+  script_dependencies("gather-package-list.nasl");
+  script_require_keys("ssh/login/release");
+  exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+  exit(0);
+}
+
+if(release == "FC14")
+{
+
+  if(isrpmvuln(pkg:"php", rpm:"php~5.3.8~1.fc14", rls:"FC14"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  exit(0);
+}
\ No newline at end of file

Added: trunk/openvas-plugins/scripts/gb_fedora_2011_12224_seamonkey_fc15.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_12224_seamonkey_fc15.nasl	2011-09-20 12:40:22 UTC (rev 11639)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_12224_seamonkey_fc15.nasl	2011-09-20 13:38:54 UTC (rev 11640)
@@ -0,0 +1,82 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for seamonkey FEDORA-2011-12224
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(863532);
+  script_version("$Revision$: 1.0");
+  script_tag(name:"risk_factor", value:"High");
+  script_xref(name: "FEDORA", value: "2011-12224");
+  script_name("Fedora Update for seamonkey FEDORA-2011-12224");
+  desc = "
+
+  Vulnerability Insight:
+  SeaMonkey is an all-in-one Internet application suite. It includes
+  a browser, mail/news client, IRC client, JavaScript debugger, and
+  a tool to inspect the DOM for web pages. It is derived from the
+  application formerly known as Mozilla Application Suite.
+
+
+  Affected Software/OS:
+  seamonkey on Fedora 15
+
+  Fix: Please Install the Updated Packages.
+
+  References:
+  http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066054.html
+
+  ";
+
+  script_description(desc);
+  script_summary("Check for the Version of seamonkey");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("Fedora Local Security Checks");
+  script_dependencies("gather-package-list.nasl");
+  script_require_keys("ssh/login/release");
+  exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+  exit(0);
+}
+
+if(release == "FC15")
+{
+
+  if(isrpmvuln(pkg:"seamonkey", rpm:"seamonkey~2.3.3~1.fc15", rls:"FC15"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  exit(0);
+}
\ No newline at end of file

Added: trunk/openvas-plugins/scripts/gb_fedora_2011_12298_bcfg2_fc15.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_12298_bcfg2_fc15.nasl	2011-09-20 12:40:22 UTC (rev 11639)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_12298_bcfg2_fc15.nasl	2011-09-20 13:38:54 UTC (rev 11640)
@@ -0,0 +1,104 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for bcfg2 FEDORA-2011-12298
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(863529);
+  script_version("$Revision$: 1.0");
+  script_tag(name:"cvss_base", value:"9.3");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_xref(name: "FEDORA", value: "2011-12298");
+  script_cve_id("CVE-2011-3211");
+  script_name("Fedora Update for bcfg2 FEDORA-2011-12298");
+  desc = "
+
+  Vulnerability Insight:
+  Bcfg2 helps system administrators produce a consistent, reproducible,
+  and verifiable description of their environment, and offers
+  visualization and reporting tools to aid in day-to-day administrative
+  tasks. It is the fifth generation of configuration management tools
+  developed in the Mathematics and Computer Science Division of Argonne
+  National Laboratory.
+  
+  It is based on an operational model in which the specification can be
+  used to validate and optionally change the state of clients, but in a
+  feature unique to bcfg2 the client's response to the specification can
+  also be used to assess the completeness of the specification. Using
+  this feature, bcfg2 provides an objective measure of how good a job an
+  administrator has done in specifying the configuration of client
+  systems. Bcfg2 is therefore built to help administrators construct an
+  accurate, comprehensive specification.
+  
+  Bcfg2 has been designed from the ground up to support gentle
+  reconciliation between the specification and current client states. It
+  is designed to gracefully cope with manual system modifications.
+  
+  Finally, due to the rapid pace of updates on modern networks, client
+  systems are constantly changing; if required in your environment,
+  Bcfg2 can enable the construction of complex change management and
+  deployment strategies.
+
+
+  Affected Software/OS:
+  bcfg2 on Fedora 15
+
+  Fix: Please Install the Updated Packages.
+
+  References:
+  http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066071.html
+
+  ";
+
+  script_description(desc);
+  script_summary("Check for the Version of bcfg2");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("Fedora Local Security Checks");
+  script_dependencies("gather-package-list.nasl");
+  script_require_keys("ssh/login/release");
+  exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+  exit(0);
+}
+
+if(release == "FC15")
+{
+
+  if(isrpmvuln(pkg:"bcfg2", rpm:"bcfg2~1.1.2~2.fc15", rls:"FC15"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  exit(0);
+}
\ No newline at end of file

Added: trunk/openvas-plugins/scripts/gb_fedora_2011_12303_bcfg2_fc14.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_12303_bcfg2_fc14.nasl	2011-09-20 12:40:22 UTC (rev 11639)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_12303_bcfg2_fc14.nasl	2011-09-20 13:38:54 UTC (rev 11640)
@@ -0,0 +1,104 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for bcfg2 FEDORA-2011-12303
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(863525);
+  script_version("$Revision$: 1.0");
+  script_tag(name:"cvss_base", value:"9.3");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_xref(name: "FEDORA", value: "2011-12303");
+  script_cve_id("CVE-2011-3211");
+  script_name("Fedora Update for bcfg2 FEDORA-2011-12303");
+  desc = "
+
+  Vulnerability Insight:
+  Bcfg2 helps system administrators produce a consistent, reproducible,
+  and verifiable description of their environment, and offers
+  visualization and reporting tools to aid in day-to-day administrative
+  tasks. It is the fifth generation of configuration management tools
+  developed in the Mathematics and Computer Science Division of Argonne
+  National Laboratory.
+  
+  It is based on an operational model in which the specification can be
+  used to validate and optionally change the state of clients, but in a
+  feature unique to bcfg2 the client's response to the specification can
+  also be used to assess the completeness of the specification. Using
+  this feature, bcfg2 provides an objective measure of how good a job an
+  administrator has done in specifying the configuration of client
+  systems. Bcfg2 is therefore built to help administrators construct an
+  accurate, comprehensive specification.
+  
+  Bcfg2 has been designed from the ground up to support gentle
+  reconciliation between the specification and current client states. It
+  is designed to gracefully cope with manual system modifications.
+  
+  Finally, due to the rapid pace of updates on modern networks, client
+  systems are constantly changing; if required in your environment,
+  Bcfg2 can enable the construction of complex change management and
+  deployment strategies.
+
+
+  Affected Software/OS:
+  bcfg2 on Fedora 14
+
+  Fix: Please Install the Updated Packages.
+
+  References:
+  http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066070.html
+
+  ";
+
+  script_description(desc);
+  script_summary("Check for the Version of bcfg2");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("Fedora Local Security Checks");
+  script_dependencies("gather-package-list.nasl");
+  script_require_keys("ssh/login/release");
+  exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+  exit(0);
+}
+
+if(release == "FC14")
+{
+
+  if(isrpmvuln(pkg:"bcfg2", rpm:"bcfg2~1.1.2~2.fc14", rls:"FC14"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  exit(0);
+}
\ No newline at end of file

Added: trunk/openvas-plugins/scripts/gb_fedora_2011_12369_mantis_fc15.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_12369_mantis_fc15.nasl	2011-09-20 12:40:22 UTC (rev 11639)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_12369_mantis_fc15.nasl	2011-09-20 13:38:54 UTC (rev 11640)
@@ -0,0 +1,89 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for mantis FEDORA-2011-12369
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(863528);
+  script_version("$Revision$: 1.0");
+  script_tag(name:"risk_factor", value:"High");
+  script_xref(name: "FEDORA", value: "2011-12369");
+  script_cve_id("CVE-2011-2938", "CVE-2011-3356", "CVE-2011-3357", "CVE-2011-3358");
+  script_name("Fedora Update for mantis FEDORA-2011-12369");
+  desc = "
+
+  Vulnerability Insight:
+  Mantis is a free popular web-based issue tracking system.
+  It is written in the PHP scripting language and works with MySQL, MS SQL,
+  and PostgreSQL databases and a web server.
+  Almost any web browser should be able to function as a client.
+  
+  Documentation can be found in: /usr/share/doc/mantis-1.2.8
+  
+  When the package has finished installing, you will need to perform some
+  additional configuration steps; these are described in:
+  /usr/share/doc/mantis-1.2.8/README.Fedora
+
+
+  Affected Software/OS:
+  mantis on Fedora 15
+
+  Fix: Please Install the Updated Packages.
+
+  References:
+  http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html
+
+  ";
+
+  script_description(desc);
+  script_summary("Check for the Version of mantis");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("Fedora Local Security Checks");
+  script_dependencies("gather-package-list.nasl");
+  script_require_keys("ssh/login/release");
+  exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+  exit(0);
+}
+
+if(release == "FC15")
+{
+
+  if(isrpmvuln(pkg:"mantis", rpm:"mantis~1.2.8~1.fc15", rls:"FC15"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  exit(0);
+}
\ No newline at end of file

Added: trunk/openvas-plugins/scripts/gb_fedora_2011_12370_audacious-plugins_fc14.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_12370_audacious-plugins_fc14.nasl	2011-09-20 12:40:22 UTC (rev 11639)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_12370_audacious-plugins_fc14.nasl	2011-09-20 13:38:54 UTC (rev 11640)
@@ -0,0 +1,86 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for audacious-plugins FEDORA-2011-12370
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(863519);
+  script_version("$Revision$: 1.0");
+  script_tag(name:"risk_factor", value:"High");
+  script_xref(name: "FEDORA", value: "2011-12370");
+  script_name("Fedora Update for audacious-plugins FEDORA-2011-12370");
+  desc = "
+
+  Vulnerability Insight:
+  This package provides essential plugins for the Audacious audio player.
+  
+  Audacious is an advanced audio player. It is free, lightweight, based on
+  GTK2, runs on Linux and many other *nix platforms and is focused on audio
+  quality and supporting a wide range of audio codecs. It still features
+  an alternative skinned user interface (based on Winamp 2.x skins).
+  Historically, it started as a fork of Beep Media Player (BMP), which
+  itself forked from XMMS.
+
+
+  Affected Software/OS:
+  audacious-plugins on Fedora 14
+
+  Fix: Please Install the Updated Packages.
+
+  References:
+  http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066044.html
+
+  ";
+
+  script_description(desc);
+  script_summary("Check for the Version of audacious-plugins");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("Fedora Local Security Checks");
+  script_dependencies("gather-package-list.nasl");
+  script_require_keys("ssh/login/release");
+  exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+  exit(0);
+}
+
+if(release == "FC14")
+{
+
+  if(isrpmvuln(pkg:"audacious-plugins", rpm:"audacious-plugins~2.4.5~4.fc14", rls:"FC14"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  exit(0);
+}
\ No newline at end of file

Added: trunk/openvas-plugins/scripts/gb_fedora_2011_12403_wireshark_fc15.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_12403_wireshark_fc15.nasl	2011-09-20 12:40:22 UTC (rev 11639)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_12403_wireshark_fc15.nasl	2011-09-20 13:38:54 UTC (rev 11640)
@@ -0,0 +1,86 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for wireshark FEDORA-2011-12403
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(863521);
+  script_version("$Revision$: 1.0");
+  script_tag(name:"cvss_base", value:"2.6");
+  script_tag(name:"risk_factor", value:"Medium");
+  script_xref(name: "FEDORA", value: "2011-12403");
+  script_cve_id("CVE-2011-3266");
+  script_name("Fedora Update for wireshark FEDORA-2011-12403");
+  desc = "
+
+  Vulnerability Insight:
+  Wireshark is a network traffic analyzer for Unix-ish operating systems.
+  
+  This package lays base for libpcap, a packet capture and filtering
+  library, contains command-line utilities, contains plugins and
+  documentation for wireshark. A graphical user interface is packaged
+  separately to GTK+ package.
+
+
+  Affected Software/OS:
+  wireshark on Fedora 15
+
+  Fix: Please Install the Updated Packages.
+
+  References:
+  http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066086.html
+
+  ";
+
+  script_description(desc);
+  script_summary("Check for the Version of wireshark");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("Fedora Local Security Checks");
+  script_dependencies("gather-package-list.nasl");
+  script_require_keys("ssh/login/release");
+  exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+  exit(0);
+}
+
+if(release == "FC15")
+{
+
+  if(isrpmvuln(pkg:"wireshark", rpm:"wireshark~1.4.9~1.fc15", rls:"FC15"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  exit(0);
+}
\ No newline at end of file

Added: trunk/openvas-plugins/scripts/gb_fedora_2011_12485_zabbix_fc15.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_12485_zabbix_fc15.nasl	2011-09-20 12:40:22 UTC (rev 11639)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_12485_zabbix_fc15.nasl	2011-09-20 13:38:54 UTC (rev 11640)
@@ -0,0 +1,96 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for zabbix FEDORA-2011-12485
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(863526);
+  script_version("$Revision$: 1.0");
+  script_tag(name:"cvss_base", value:"5.0");
+  script_tag(name:"risk_factor", value:"Medium");
+  script_xref(name: "FEDORA", value: "2011-12485");
+  script_cve_id("CVE-2011-3265");
+  script_name("Fedora Update for zabbix FEDORA-2011-12485");
+  desc = "
+
+  Vulnerability Insight:
+  ZABBIX is software that monitors numerous parameters of a network and
+  the health and integrity of servers. ZABBIX uses a flexible
+  notification mechanism that allows users to configure e-mail based
+  alerts for virtually any event.  This allows a fast reaction to server
+  problems. ZABBIX offers excellent reporting and data visualisation
+  features based on the stored data. This makes ZABBIX ideal for
+  capacity planning.
+  
+  ZABBIX supports both polling and trapping. All ZABBIX reports and
+  statistics, as well as configuration parameters are accessed through a
+  web-based front end. A web-based front end ensures that the status of
+  your network and the health of your servers can be assessed from any
+  location. Properly configured, ZABBIX can play an important role in
+  monitoring IT infrastructure. This is equally true for small
+  organisations with a few servers and for large companies with a
+  multitude of servers.
+
+
+  Affected Software/OS:
+  zabbix on Fedora 15
+
+  Fix: Please Install the Updated Packages.
+
+  References:
+  http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066110.html
+
+  ";
+
+  script_description(desc);
+  script_summary("Check for the Version of zabbix");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("Fedora Local Security Checks");
+  script_dependencies("gather-package-list.nasl");
+  script_require_keys("ssh/login/release");
+  exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+  exit(0);
+}
+
+if(release == "FC15")
+{
+
+  if(isrpmvuln(pkg:"zabbix", rpm:"zabbix~1.8.7~2.fc15", rls:"FC15"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  exit(0);
+}
\ No newline at end of file

Added: trunk/openvas-plugins/scripts/gb_fedora_2011_12489_zabbix_fc14.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_12489_zabbix_fc14.nasl	2011-09-20 12:40:22 UTC (rev 11639)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_12489_zabbix_fc14.nasl	2011-09-20 13:38:54 UTC (rev 11640)
@@ -0,0 +1,96 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for zabbix FEDORA-2011-12489
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(863530);
+  script_version("$Revision$: 1.0");
+  script_tag(name:"cvss_base", value:"5.0");
+  script_tag(name:"risk_factor", value:"Medium");
+  script_xref(name: "FEDORA", value: "2011-12489");
+  script_cve_id("CVE-2011-3265");
+  script_name("Fedora Update for zabbix FEDORA-2011-12489");
+  desc = "
+
+  Vulnerability Insight:
+  ZABBIX is software that monitors numerous parameters of a network and
+  the health and integrity of servers. ZABBIX uses a flexible
+  notification mechanism that allows users to configure e-mail based
+  alerts for virtually any event.  This allows a fast reaction to server
+  problems. ZABBIX offers excellent reporting and data visualisation
+  features based on the stored data. This makes ZABBIX ideal for
+  capacity planning.
+  
+  ZABBIX supports both polling and trapping. All ZABBIX reports and
+  statistics, as well as configuration parameters are accessed through a
+  web-based front end. A web-based front end ensures that the status of
+  your network and the health of your servers can be assessed from any
+  location. Properly configured, ZABBIX can play an important role in
+  monitoring IT infrastructure. This is equally true for small
+  organisations with a few servers and for large companies with a
+  multitude of servers.
+
+
+  Affected Software/OS:
+  zabbix on Fedora 14
+
+  Fix: Please Install the Updated Packages.
+
+  References:
+  http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066092.html
+
+  ";
+
+  script_description(desc);
+  script_summary("Check for the Version of zabbix");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("Fedora Local Security Checks");
+  script_dependencies("gather-package-list.nasl");
+  script_require_keys("ssh/login/release");
+  exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+  exit(0);
+}
+
+if(release == "FC14")
+{
+
+  if(isrpmvuln(pkg:"zabbix", rpm:"zabbix~1.8.7~2.fc14", rls:"FC14"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  exit(0);
+}
\ No newline at end of file

Added: trunk/openvas-plugins/scripts/gb_fedora_2011_12493_Django_fc15.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_12493_Django_fc15.nasl	2011-09-20 12:40:22 UTC (rev 11639)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_12493_Django_fc15.nasl	2011-09-20 13:38:54 UTC (rev 11640)
@@ -0,0 +1,82 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for Django FEDORA-2011-12493
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(863522);
+  script_version("$Revision$: 1.0");
+  script_tag(name:"risk_factor", value:"High");
+  script_xref(name: "FEDORA", value: "2011-12493");
+  script_name("Fedora Update for Django FEDORA-2011-12493");
+  desc = "
+
+  Vulnerability Insight:
+  Django is a high-level Python Web framework that encourages rapid
+  development and a clean, pragmatic design. It focuses on automating as
+  much as possible and adhering to the DRY (Don't Repeat Yourself)
+  principle.
+
+
+  Affected Software/OS:
+  Django on Fedora 15
+
+  Fix: Please Install the Updated Packages.
+
+  References:
+  http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066043.html
+
+  ";
+
+  script_description(desc);
+  script_summary("Check for the Version of Django");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("Fedora Local Security Checks");
+  script_dependencies("gather-package-list.nasl");
+  script_require_keys("ssh/login/release");
+  exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+  exit(0);
+}
+
+if(release == "FC15")
+{
+
+  if(isrpmvuln(pkg:"Django", rpm:"Django~1.3.1~2.fc15", rls:"FC15"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  exit(0);
+}
\ No newline at end of file

Modified: trunk/openvas-plugins/scripts/gb_myre_real_estate_mult_xss_n_sql_inj_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_myre_real_estate_mult_xss_n_sql_inj_vuln.nasl	2011-09-20 12:40:22 UTC (rev 11639)
+++ trunk/openvas-plugins/scripts/gb_myre_real_estate_mult_xss_n_sql_inj_vuln.nasl	2011-09-20 13:38:54 UTC (rev 11640)
@@ -28,6 +28,8 @@
 {
   script_id(802157);
   script_version("$Revision: 1.0$");
+  script_bugtraq_id(49540);
+  script_cve_id("CVE-2011-3393", "CVE-2011-3394");
   script_tag(name:"cvss_base", value:"7.5");
   script_tag(name:"risk_factor", value:"High");
   script_name("MYRE Real Estate Software Multiple XSS and SQL Injection Vulnerabilities");

Modified: trunk/openvas-plugins/scripts/gb_orion_npm_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_orion_npm_detect.nasl	2011-09-20 12:40:22 UTC (rev 11639)
+++ trunk/openvas-plugins/scripts/gb_orion_npm_detect.nasl	2011-09-20 13:38:54 UTC (rev 11640)
@@ -7,6 +7,9 @@
 # Authors:
 # Michael Meyer <michael.meyer at greenbone.net>
 #
+# Updated by : Antu Sanadi <santu at secpod.com> on 2011-09-15
+#  Updated to detect for the sp versions
+#
 # Copyright:
 # Copyright (c) 2010 Greenbone Networks GmbH
 #
@@ -34,7 +37,6 @@
 
 if (description)
 {
- 
  script_tag(name:"risk_factor", value:"None");
  script_id(100940);
  script_version ("1.0-$Revision$");
@@ -64,10 +66,12 @@
 dir = "/Orion";
 url = string(dir, "/Login.aspx");
 req = http_get(item:url, port:port);
-buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE);
+buf = http_keepalive_send_recv(port:port, data:req, bodyonly:TRUE);
 if( buf == NULL )continue;
 
-if("SolarWinds Orion" >< buf && "NPM" >< buf && "SolarWinds Orion Core" >< buf)
+
+if("SolarWinds Orion" >< buf || "Orion Network Performance Monitor" >< buf
+   || "SolarWinds Orion Core" >< buf)
 {
     if(strlen(dir)>0) {
        install=dir;
@@ -76,11 +80,11 @@
     }
 
    vers = string("unknown");
-   ### try to get version 
-   version = eregmatch(string: buf, pattern: "NPM ([0-9.]+),",icase:TRUE);
 
-   if ( !isnull(version[1]) ) {
-      vers=chomp(version[1]);
+   ### try to get version
+   version = eregmatch(string: buf, pattern: "(NPM|Network Performance Monitor) (([0-9.]+).?([A-Z0-9]+)?)",icase:TRUE);
+   if(!isnull(version[2]) ) {
+      vers=chomp(version[2]);
    }
 
    set_kb_item(name: string("www/", port, "/orion_npm"), value: string(vers," under ",install));

Added: trunk/openvas-plugins/scripts/gb_orion_npm_mult_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_orion_npm_mult_xss_vuln.nasl	2011-09-20 12:40:22 UTC (rev 11639)
+++ trunk/openvas-plugins/scripts/gb_orion_npm_mult_xss_vuln.nasl	2011-09-20 13:38:54 UTC (rev 11640)
@@ -0,0 +1,97 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_orion_npm_mult_xss_vuln.nasl 17058 2011-09-15 18:15:15Z sep $
+#
+# SolarWinds Orion NPM Multiple Cross Site Scripting Vulnerabilities
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801986);
+  script_version("$Revision: 1.0$");
+  script_tag(name:"cvss_base", value:"4.3");
+  script_tag(name:"risk_factor", value:"Medium");
+  script_name("SolarWinds Orion NPM Multiple Cross Site Scripting Vulnerabilities");
+  desc = "
+  Overview: This host is running SolarWinds Orion NPM and is prone to cross
+  site scripting vulnerabilities.
+
+  Vulnerability Insight:
+  The flaws are due to an input validation error in NetPerfMon/CustomChart.aspx
+  and NetPerfMon/MapView.aspx pages when processing the 'Title' parameter.
+
+  Impact:
+  Successful exploitation will let the attacker to execute arbitrary HTML and
+  script code in a user's browser session in the context of a vulnerable site.
+  This may allow an attacker to steal cookie-based authentications and launch
+  further attacks.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  SolarWinds Orion Network Performance Monitor (NPM) 10.1.2 SP1
+
+  Fix: No solution or patch is available as on 20th September, 2011. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://www.solarwinds.com/home/
+
+  References:
+  http://seclists.org/fulldisclosure/2011/Sep/107
+  http://packetstormsecurity.org/files/view/105020/orionsolarwinds-xss.txt
+  http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2011-09/msg00144.html ";
+
+  script_description(desc);
+  script_summary("Check the version of SolarWinds Orion Network Performance Monitor");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2011 Greenbone Networks GmbH");
+  script_family("Web application abuses");
+  script_dependencies("gb_orion_npm_detect.nasl");
+  script_require_ports("Services/www", 8787);
+  exit(0);
+}
+
+include("http_func.inc");
+include("http_keepalive.inc");
+include("version_func.inc");
+
+## Check for the default port
+port = get_http_port(default:8787);
+if(!get_port_state(port)){
+  exit(0);
+}
+
+## Check for the asp support
+if(!can_host_asp(port:port)){
+  exit(0);
+}
+
+## Get the version from KB
+vers = get_version_from_kb(port:port,app:"orion_npm");
+if(vers)
+{
+  ver = ereg_replace(pattern:" ", replace:".", string:vers);
+
+  ## Check vulnerable version
+  if(version_is_equal(version: ver, test_version: "10.1.2.SP1")){
+    security_warning(port:port);
+  }
+}



More information about the Openvas-commits mailing list