[Openvas-commits] r11707 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Wed Sep 28 12:51:52 CEST 2011


Author: mime
Date: 2011-09-28 12:51:43 +0200 (Wed, 28 Sep 2011)
New Revision: 11707

Added:
   trunk/openvas-plugins/scripts/gb_IceWarp_49753.nasl
   trunk/openvas-plugins/scripts/gb_ibm_websphere_48890.nasl
   trunk/openvas-plugins/scripts/gb_ibm_websphere_49766.nasl
   trunk/openvas-plugins/scripts/gb_openengine_49794.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
Log:
Added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2011-09-27 18:48:00 UTC (rev 11706)
+++ trunk/openvas-plugins/ChangeLog	2011-09-28 10:51:43 UTC (rev 11707)
@@ -1,3 +1,11 @@
+2011-09-28  Michael Meyer <michael.meyer at greenbone.net>
+
+	* scripts/gb_ibm_websphere_48890.nasl,
+	scripts/gb_openengine_49794.nasl,
+	scripts/gb_ibm_websphere_49766.nasl,
+	scripts/gb_IceWarp_49753.nasl:
+	Added new plugins.
+
 2011-09-27  Veerendra G.G <veerendragg at secpod.com>
 
 	* scripts/secpod_bloggeruniverse_sql_injection_vuln.nasl,

Added: trunk/openvas-plugins/scripts/gb_IceWarp_49753.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_IceWarp_49753.nasl	2011-09-27 18:48:00 UTC (rev 11706)
+++ trunk/openvas-plugins/scripts/gb_IceWarp_49753.nasl	2011-09-28 10:51:43 UTC (rev 11707)
@@ -0,0 +1,93 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# IceWarp Web Mail Multiple Information Disclosure Vulnerabilities
+#
+# Authors:
+# Michael Meyer <michael.meyer at greenbone.net>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(103279);
+ script_bugtraq_id(49753);
+ script_cve_id("CVE-2011-3579","CVE-2011-3580");
+ script_version ("1.0-$Revision$");
+
+ script_name("IceWarp Web Mail Multiple Information Disclosure Vulnerabilities");
+
+desc = "Overview:
+IceWarp Web Mail is prone to multiple information-disclosure
+vulnerabilities.
+
+Attackers can exploit these issues to gain access to potentially
+sensitive information, and possibly cause denial-of-service
+conditions; other attacks may also be possible.
+
+Solution:
+Vendor updates are available. Please see the references for more
+information.
+
+References:
+http://www.securityfocus.com/bid/49753
+http://www.icewarp.com/Products/IceWarp_Web_Mail/
+https://www.trustwave.com/spiderlabs/advisories/TWSL2011-013.txt";
+
+ script_tag(name:"risk_factor", value:"Medium");
+ script_description(desc);
+ script_summary("Determine if installed IceWarp is vulnerable");
+ script_category(ACT_ATTACK);
+ script_family("Web application abuses");
+ script_copyright("This script is Copyright (C) 2011 Greenbone Networks GmbH");
+ script_dependencies("find_service.nes", "http_version.nasl");
+ script_require_ports("Services/www", 80);
+ script_exclude_keys("Settings/disable_cgi_scanning");
+ exit(0);
+}
+
+include("http_func.inc");
+include("host_details.inc");
+include("http_keepalive.inc");
+include("global_settings.inc");
+   
+port = get_http_port(default:80);
+
+if(!get_port_state(port))exit(0);
+if(!can_host_php(port:port))exit(0);
+
+banner = get_http_banner(port:port);
+if(!banner || "IceWarp" >!< banner)exit(0);
+
+dirs = make_list("/webmail",cgi_dirs());
+
+foreach dir (dirs) {
+   
+  url = string(dir, "/server/"); 
+
+  if(http_vuln_check(port:port, url:url,pattern:"<title>phpinfo\(\)")) {
+     
+    security_warning(port:port);
+    exit(0);
+
+  }
+}
+
+exit(0);
+


Property changes on: trunk/openvas-plugins/scripts/gb_IceWarp_49753.nasl
___________________________________________________________________
Name: svn:keywords
   + Id Revision

Added: trunk/openvas-plugins/scripts/gb_ibm_websphere_48890.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ibm_websphere_48890.nasl	2011-09-27 18:48:00 UTC (rev 11706)
+++ trunk/openvas-plugins/scripts/gb_ibm_websphere_48890.nasl	2011-09-28 10:51:43 UTC (rev 11707)
@@ -0,0 +1,86 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# OpenSAML XML Signature Wrapping Security Vulnerability
+#
+# Authors:
+# Michael Meyer <michael.meyer at greenbone.net>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(103276);
+ script_bugtraq_id(48890);
+ script_cve_id("CVE-2011-1411");
+ script_tag(name:"cvss_base", value:"5.8");
+ script_version ("1.0-$Revision$");
+
+ script_name("OpenSAML XML Signature Wrapping Security Vulnerability");
+
+desc = "Overview:
+OpenSAML is prone to a security vulnerability involving XML
+signature wrapping.
+
+Successful exploits may allow unauthenticated attackers to construct
+specially crafted messages that can be successfully verified and
+contain arbitrary content. This may aid in further attacks.
+
+Solution:
+Updates are available. Please see the references for more information.
+
+References:
+http://www.securityfocus.com/bid/48890
+https://spaces.internet2.edu/display/OpenSAML/Home/
+http://www-01.ibm.com/support/docview.wss?uid=swg27014463";
+
+ script_tag(name:"risk_factor", value:"High");
+ script_description(desc);
+ script_summary("Determine if installed IBM Websphere Application Server version is vulnerable");
+ script_category(ACT_GATHER_INFO);
+ script_family("Web Servers");
+ script_copyright("This script is Copyright (C) 2011 Greenbone Networks GmbH");
+ script_dependencies("gb_ibm_websphere_detect.nasl");
+ script_require_ports("Services/www", 80);
+ exit(0);
+}
+
+include("http_func.inc");
+include("version_func.inc");
+
+## Get HTTP Port
+port = get_http_port(default:80);
+if(!get_port_state(port)){
+  exit(0);
+}
+
+## Get Version from KB
+vers = get_kb_item(string("www/", port, "/websphere_application_server"));
+if(isnull(vers)){
+  exit(0);
+}
+
+if(version_in_range(version: vers, test_version: "7.0", test_version2: "7.0.0.18")) {
+
+  security_hole(port:port);
+  exit(0);
+
+}
+
+exit(0);


Property changes on: trunk/openvas-plugins/scripts/gb_ibm_websphere_48890.nasl
___________________________________________________________________
Name: svn:keywords
   + Id Revision

Added: trunk/openvas-plugins/scripts/gb_ibm_websphere_49766.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ibm_websphere_49766.nasl	2011-09-27 18:48:00 UTC (rev 11706)
+++ trunk/openvas-plugins/scripts/gb_ibm_websphere_49766.nasl	2011-09-28 10:51:43 UTC (rev 11707)
@@ -0,0 +1,90 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# IBM WebSphere Application Server Cross-Site Request Forgery Vulnerability
+#
+# Authors:
+# Michael Meyer <michael.meyer at greenbone.net>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(103277);
+ script_bugtraq_id(49766);
+ script_version ("1.0-$Revision$");
+
+ script_name("IBM WebSphere Application Server Cross-Site Request Forgery Vulnerability");
+
+desc = "Overview:
+IBM WebSphere Application Server is prone to a cross-site request
+forgery vulnerability.
+
+Exploiting this issue may allow a remote attacker to perform certain
+actions in the context of an authorized user and gain access to the
+affected application; other attacks are also possible.
+
+IBM WebSphere Application Server versions prior to 8.0.0.1 are
+vulnerable; other versions may also be affected.
+
+Solution:
+Vendor fixes are available. Please see the references for more
+information.
+
+References:
+http://www.securityfocus.com/bid/49766
+http://www-01.ibm.com/support/docview.wss?uid=swg24030916
+http://www-01.ibm.com/support/docview.wss?uid=swg27022958#8001
+http://www-01.ibm.com/software/websphere/";
+
+ script_tag(name:"risk_factor", value:"Medium");
+ script_description(desc);
+ script_summary("Determine if installed IBM WebSphere Application Server version is vulnerable");
+ script_category(ACT_GATHER_INFO);
+ script_family("Web Servers");
+ script_copyright("This script is Copyright (C) 2011 Greenbone Networks GmbH");
+ script_dependencies("gb_ibm_websphere_detect.nasl");
+ script_require_ports("Services/www", 80);
+ exit(0);
+}
+
+include("http_func.inc");
+include("version_func.inc");
+
+## Get HTTP Port
+port = get_http_port(default:80);
+if(!get_port_state(port)){
+  exit(0);
+}
+
+## Get Version from KB
+vers = get_kb_item(string("www/", port, "/websphere_application_server"));
+if(isnull(vers)){
+  exit(0);
+}
+
+if(version_is_equal(version: vers, test_version: "8.0")) {
+
+  security_warning(port:port);
+  exit(0);
+
+}
+
+exit(0);
+


Property changes on: trunk/openvas-plugins/scripts/gb_ibm_websphere_49766.nasl
___________________________________________________________________
Name: svn:keywords
   + Id Revision

Added: trunk/openvas-plugins/scripts/gb_openengine_49794.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_openengine_49794.nasl	2011-09-27 18:48:00 UTC (rev 11706)
+++ trunk/openvas-plugins/scripts/gb_openengine_49794.nasl	2011-09-28 10:51:43 UTC (rev 11707)
@@ -0,0 +1,85 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# openEngine 'id' Parameter SQL Injection Vulnerability
+#
+# Authors:
+# Michael Meyer <michael.meyer at greenbone.net>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(103278);
+ script_bugtraq_id(49794);
+ script_version ("1.0-$Revision$");
+
+ script_name("openEngine 'id' Parameter SQL Injection Vulnerability");
+
+desc = "Overview:
+openEngine is prone to an SQL Injection vulnerability because it
+fails to sufficiently sanitize user-supplied data before using it in
+an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the
+application, access or modify data, or exploit latent vulnerabilities
+in the underlying database implementation.
+
+openEngine 2.0 is vulnerable; other versions may also be affected.
+
+References:
+http://www.securityfocus.com/bid/49794
+http://www.rul3z.de/advisories/SSCHADV2011-019.txt
+http://www.openengine.de/";
+
+ script_tag(name:"risk_factor", value:"Medium");
+ script_description(desc);
+ script_summary("Determine if installed openEngine is prone to an SQL Injection vulnerability");
+ script_category(ACT_ATTACK);
+ script_family("Web application abuses");
+ script_copyright("This script is Copyright (C) 2011 Greenbone Networks GmbH");
+ script_dependencies("gb_openengine_detect.nasl");
+ script_require_ports("Services/www", 80);
+ script_exclude_keys("Settings/disable_cgi_scanning");
+ exit(0);
+}
+
+include("http_func.inc");
+include("host_details.inc");
+include("http_keepalive.inc");
+include("version_func.inc");
+   
+port = get_http_port(default:80);
+if(!get_port_state(port))exit(0);
+
+if(!can_host_php(port:port))exit(0);
+
+if(!dir = get_dir_from_kb(port:port,app:"openengine"))exit(0);
+   
+url = string(dir,"/cms/website.php?id=/de/sendpage.htm%27)%20AND%201=1%20AND%20(%27a%27=%27a&key="); 
+
+if(http_vuln_check(port:port, url:url,pattern:"Warning: mysql_num_fields")) {
+    
+  security_warning(port:port);
+  exit(0);
+
+}
+
+exit(0);
+


Property changes on: trunk/openvas-plugins/scripts/gb_openengine_49794.nasl
___________________________________________________________________
Name: svn:keywords
   + Id Revision



More information about the Openvas-commits mailing list