[Openvas-commits] r13369 - in trunk/openvas-plugins: . scripts
scm-commit at wald.intevation.org
scm-commit at wald.intevation.org
Wed Apr 25 14:57:40 CEST 2012
Author: antu123
Date: 2012-04-25 14:57:39 +0200 (Wed, 25 Apr 2012)
New Revision: 13369
Added:
trunk/openvas-plugins/scripts/gb_asterisk_http_manager_bof_vuln.nasl
trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln2_apr12_lin.nasl
trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln2_apr12_macosx.nasl
trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln2_apr12_win.nasl
trunk/openvas-plugins/scripts/gb_ms_forefront_unified_access_gateway_detect.nasl
trunk/openvas-plugins/scripts/secpod_ms12-026.nasl
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/scripts/secpod_ms10-013.nasl
Log:
Added new plugins, Microsoft bulletin plugin and Fixed FN issue.
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2012-04-25 11:33:42 UTC (rev 13368)
+++ trunk/openvas-plugins/ChangeLog 2012-04-25 12:57:39 UTC (rev 13369)
@@ -1,3 +1,19 @@
+2012-04-25 Antu Sanadi <santu at secpod.com>
+
+ * scripts/gb_google_chrome_mult_vuln2_apr12_win.nasl,
+ scripts/gb_google_chrome_mult_vuln2_apr12_lin.nasl,
+ scripts/gb_google_chrome_mult_vuln2_apr12_macosx.nasl,
+ scripts/gb_ms_forefront_unified_access_gateway_detect.nasl,
+ scripts/gb_asterisk_http_manager_bof_vuln.nasl:
+ Added new plugins.
+
+ * scripts/secpod_ms12-026.nasl:
+ Added Microsft bulletin plugin april 2012.
+
+ * scripts/secpod_ms10-013.nasl:
+ Corrected FN issue in version_in_range() function and
+ Updated to support GDR and LDR versions.
+
2012-04-25 Michael Meyer <michael.meyer at greenbone.net>
* scripts/gb_WebCalendar_53207.nasl,
@@ -16,6 +32,22 @@
2012-04-25 Antu Sanadi <santu at secpod.com>
+ * scripts/gb_google_chrome_mult_vuln2_apr12_win.nasl,
+ scripts/gb_google_chrome_mult_vuln2_apr12_lin.nasl,
+ scripts/gb_google_chrome_mult_vuln2_apr12_macosx.nasl,
+ scripts/gb_ms_forefront_unified_access_gateway_detect.nasl,
+ scripts/gb_asterisk_http_manager_bof_vuln.nasl:
+ Added new plugins.
+
+ * scripts/secpod_ms12-026.nasl:
+ Added Microsft bulletin plugin april 2012.
+
+ * scripts/secpod_ms10-013.nasl:
+ Corrected FN issue in version_in_range() function and
+ Updated to support GDR and LDR versions.
+
+2012-04-25 Antu Sanadi <santu at secpod.com>
+
* scripts/gb_2532gigs_detect.nasl,
scripts/gb_7zip_detect_win.nasl,
scripts/gb_adobe_captivate_detect.nasl,
Added: trunk/openvas-plugins/scripts/gb_asterisk_http_manager_bof_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_asterisk_http_manager_bof_vuln.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_asterisk_http_manager_bof_vuln.nasl 2012-04-25 12:57:39 UTC (rev 13369)
@@ -0,0 +1,122 @@
+##############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Asterisk HTTP Manager Buffer Overflow Vulnerability
+#
+# Authors:
+# Rachana Shetty <srachana at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802838);
+ script_version("$Revision$");
+ script_cve_id("CVE-2012-1184");
+ script_bugtraq_id(52815);
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-04-23 16:56:33 +0530 (Mon, 23 Apr 2012)");
+ script_name("Asterisk HTTP Manager Buffer Overflow Vulnerability");
+ desc = "
+ Overview: This host is running Asterisk and is prone to buffer overflow
+ vulnerability.
+
+ Vulnerability Insight:
+ The flaw is caused due to an error in the 'ast_parse_digest()' function
+ (main/utils.c) in HTTP Manager, which fails to handle
+ 'HTTP Digest Authentication' information sent via a crafted request with
+ an overly long string.
+
+ Impact:
+ Successful exploitation may allow remote attackers to execute arbitrary code
+ within the context of the application or cause a denial of service condition.
+
+ Impact Level: System/Application
+
+ Affected Software:
+ Asterisk version 1.8.x before 1.8.10.1, 10.x before 10.2.1 and 10.3.0
+
+ Fix: Upgrade to Asterisk 1.8.10.1, 10.2.1 or later,
+ For updates refer, http://downloads.asterisk.org/pub/security/AST-2012-003.html
+
+ References:
+ http://osvdb.org/80126
+ http://secunia.com/advisories/48417/
+ http://securitytracker.com/id/1026813
+ http://xforce.iss.net/xforce/xfdb/74083
+ https://issues.asterisk.org/jira/browse/ASTERISK-19542
+ http://downloads.asterisk.org/pub/security/AST-2012-003.html ";
+
+ script_description(desc);
+ script_summary("Check if Asterisk HTTP Manager is vulnerable to DoS");
+ script_category(ACT_DENIAL);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Buffer overflow");
+ script_require_ports("Services/www", 8080, 8088);
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("http_keepalive.inc");
+
+## Variable Initialization
+req = "";
+res = "";
+host = "";
+asterPort = 0;
+asterBanner = "";
+
+## Asterisk HTTP port
+asterPort = get_http_port(default:8080);
+if(!asterPort){
+ asterPort = 8088;
+}
+
+## Check port state
+if(!get_port_state(asterPort)){
+ exit(0);
+}
+
+## Get Host name
+host = get_host_name();
+if(!host){
+ exit(0);
+}
+
+## Confirm the application before trying exploit
+asterBanner = get_http_banner(port: asterPort);
+if(asterBanner && "Server: Asterisk" >< asterBanner)
+{
+ ##Construct a crafted request
+ req = string("GET /amxml HTTP/1.1\r\n",
+ "Host: ", host, ":", asterPort, "\r\n",
+ "Authorization: Digest ", crap(data: "a", length: 700), "\r\n\r\n");
+
+ ## Send crafted request
+ res = http_keepalive_send_recv(port:asterPort, data:req);
+
+ ## Confirm Asterisk HTTP Manager is dead
+ if(http_is_dead(port:asterPort)){
+ security_hole(asterPort);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_asterisk_http_manager_bof_vuln.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln2_apr12_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln2_apr12_lin.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln2_apr12_lin.nasl 2012-04-25 12:57:39 UTC (rev 13369)
@@ -0,0 +1,101 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Google Chrome Multiple Vulnerabilities-02 - April 12 (Linux)
+#
+# Authors:
+# Rachana Shetty <srachana at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802836);
+ script_version("$Revision$");
+ script_cve_id("CVE-2011-3066", "CVE-2011-3067", "CVE-2011-3068", "CVE-2011-3069",
+ "CVE-2011-3070", "CVE-2011-3071", "CVE-2011-3072", "CVE-2011-3073",
+ "CVE-2011-3074", "CVE-2011-3075", "CVE-2011-3076", "CVE-2011-3077",
+ "CVE-2012-0724", "CVE-2012-0725");
+ script_bugtraq_id(52913, 52914, 52916);
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-04-18 11:25:47 +0530 (Wed, 18 Apr 2012)");
+ script_name("Google Chrome Multiple Vulnerabilities-02 - April 12 (Linux)");
+ desc = "
+ Overview: This host is installed with Google Chrome and is prone to multiple
+ vulnerabilities.
+
+ Vulnerability Insight:
+ The flaws are caused due to,
+ - Unspecified errors in flash player, allows to corrupt memory in the
+ chrome interface.
+ - An out of bounds read error when handling skia clipping.
+ - Errors in the cross origin policy when handling iframe replacement and
+ parenting pop up windows.
+ - Multiple use after free errors when handling line boxes, v8 bindings,
+ HTMLMediaElement, SVG resources, media content, focus events and when
+ applying style commands.
+ - A read after free error in the script bindings.
+
+ Impact:
+ Successful exploitation could allow attackers to inject scripts, bypass
+ certain security restrictions, execute arbitrary code in the context of the
+ browser or cause a denial of service.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Google Chrome version prior to 18.0.1025.151 on Linux
+
+ Fix: Upgrade to the Google Chrome 18.0.1025.151 or later,
+ For updates refer, http://www.google.com/chrome
+
+ References:
+ http://secunia.com/advisories/48732/
+ http://securitytracker.com/id/1026892
+ http://googlechromereleases.blogspot.in/2012/04/stable-and-beta-channel-updates.html ";
+
+ script_description(desc);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_summary("Check the version of Google Chrome on Linux");
+ script_category(ACT_GATHER_INFO);
+ script_family("General");
+ script_dependencies("gb_google_chrome_detect_lin.nasl");
+ script_require_keys("Google-Chrome/Linux/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+## Variable Initialization
+chromeVer = "";
+
+## Get the version from KB
+chromeVer = get_kb_item("Google-Chrome/Linux/Ver");
+if(!chromeVer){
+ exit(0);
+}
+
+## Check for Google Chrome Versions prior to 18.0.1025.151
+if(version_is_less(version:chromeVer, test_version:"18.0.1025.151")){
+ security_hole(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln2_apr12_lin.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln2_apr12_macosx.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln2_apr12_macosx.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln2_apr12_macosx.nasl 2012-04-25 12:57:39 UTC (rev 13369)
@@ -0,0 +1,101 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Google Chrome Multiple Vulnerabilities-02 - April 12 (Mac OS X)
+#
+# Authors:
+# Rachana Shetty <srachana at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802837);
+ script_version("$Revision$");
+ script_cve_id("CVE-2011-3066", "CVE-2011-3067", "CVE-2011-3068", "CVE-2011-3069",
+ "CVE-2011-3070", "CVE-2011-3071", "CVE-2011-3072", "CVE-2011-3073",
+ "CVE-2011-3074", "CVE-2011-3075", "CVE-2011-3076", "CVE-2011-3077",
+ "CVE-2012-0724", "CVE-2012-0725");
+ script_bugtraq_id(52913, 52914, 52916);
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-04-18 12:25:47 +0530 (Wed, 18 Apr 2012)");
+ script_name("Google Chrome Multiple Vulnerabilities-02 - April 12 (Mac OS X)");
+ desc = "
+ Overview: This host is installed with Google Chrome and is prone to multiple
+ vulnerabilities.
+
+ Vulnerability Insight:
+ The flaws are caused due to,
+ - Unspecified errors in flash player, allows to corrupt memory in the
+ chrome interface.
+ - An out of bounds read error when handling skia clipping.
+ - Errors in the cross origin policy when handling iframe replacement and
+ parenting pop up windows.
+ - Multiple use after free errors when handling line boxes, v8 bindings,
+ HTMLMediaElement, SVG resources, media content, focus events and when
+ applying style commands.
+ - A read after free error in the script bindings.
+
+ Impact:
+ Successful exploitation could allow attackers to inject scripts, bypass
+ certain security restrictions, execute arbitrary code in the context of the
+ browser or cause a denial of service.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Google Chrome version prior to 18.0.1025.151 on Mac OS X
+
+ Fix: Upgrade to the Google Chrome 18.0.1025.151 or later,
+ For updates refer, http://www.google.com/chrome
+
+ References:
+ http://secunia.com/advisories/48732/
+ http://securitytracker.com/id/1026892
+ http://googlechromereleases.blogspot.in/2012/04/stable-and-beta-channel-updates.html ";
+
+ script_description(desc);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_summary("Check the version of Google Chrome on Mac OS X");
+ script_category(ACT_GATHER_INFO);
+ script_family("General");
+ script_dependencies("gb_google_chrome_detect_macosx.nasl");
+ script_require_keys("GoogleChrome/MacOSX/Version");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+## Variable Initialization
+chromeVer = "";
+
+## Get the version from KB
+chromeVer = get_kb_item("GoogleChrome/MacOSX/Version");
+if(!chromeVer){
+ exit(0);
+}
+
+## Check for Google Chrome Versions prior to 18.0.1025.151
+if(version_is_less(version:chromeVer, test_version:"18.0.1025.151")){
+ security_hole(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln2_apr12_macosx.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln2_apr12_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln2_apr12_win.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln2_apr12_win.nasl 2012-04-25 12:57:39 UTC (rev 13369)
@@ -0,0 +1,101 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Google Chrome Multiple Vulnerabilities-02 - April 12 (Windows)
+#
+# Authors:
+# Rachana Shetty <srachana at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802835);
+ script_version("$Revision$");
+ script_cve_id("CVE-2011-3066", "CVE-2011-3067", "CVE-2011-3068", "CVE-2011-3069",
+ "CVE-2011-3070", "CVE-2011-3071", "CVE-2011-3072", "CVE-2011-3073",
+ "CVE-2011-3074", "CVE-2011-3075", "CVE-2011-3076", "CVE-2011-3077",
+ "CVE-2012-0724", "CVE-2012-0725");
+ script_bugtraq_id(52913, 52914, 52916);
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-04-18 11:25:47 +0530 (Wed, 18 Apr 2012)");
+ script_name("Google Chrome Multiple Vulnerabilities-02 - April 12 (Windows)");
+ desc = "
+ Overview: The host is installed with Google Chrome and is prone to multiple
+ vulnerabilities.
+
+ Vulnerability Insight:
+ The flaws are caused due to,
+ - Unspecified errors in flash player, allows to corrupt memory in the
+ chrome interface.
+ - An out of bounds read error when handling Skia clipping.
+ - Errors in the cross origin policy when handling iframe replacement and
+ parenting pop up windows.
+ - Multiple use after free errors when handling line boxes, v8 bindings,
+ HTMLMediaElement, SVG resources, media content, focus events and when
+ applying style commands.
+ - A read after free error in the script bindings.
+
+ Impact:
+ Successful exploitation could allow attackers to inject scripts, bypass
+ certain security restrictions, execute arbitrary code in the context of the
+ browser or cause a denial of service.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Google Chrome version prior to 18.0.1025.151 on Windows
+
+ Fix: Upgrade to the Google Chrome 18.0.1025.151 or later,
+ For updates refer, http://www.google.com/chrome
+
+ References:
+ http://secunia.com/advisories/48732/
+ http://securitytracker.com/id/1026892
+ http://googlechromereleases.blogspot.in/2012/04/stable-and-beta-channel-updates.html ";
+
+ script_description(desc);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_summary("Check the version of Google Chrome on Windows");
+ script_category(ACT_GATHER_INFO);
+ script_family("General");
+ script_dependencies("gb_google_chrome_detect_win.nasl");
+ script_require_keys("GoogleChrome/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+## Variable Initialization
+chromeVer = "";
+
+## Get the version from KB
+chromeVer = get_kb_item("GoogleChrome/Win/Ver");
+if(!chromeVer){
+ exit(0);
+}
+
+## Check for Google Chrome Versions prior to 18.0.1025.151
+if(version_is_less(version:chromeVer, test_version:"18.0.1025.151")){
+ security_hole(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln2_apr12_win.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_ms_forefront_unified_access_gateway_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ms_forefront_unified_access_gateway_detect.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_ms_forefront_unified_access_gateway_detect.nasl 2012-04-25 12:57:39 UTC (rev 13369)
@@ -0,0 +1,109 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Microsoft Forefront Unified Access Gateway (UAG) Detection
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.802746";
+
+if(description)
+{
+ script_oid(SCRIPT_OID);
+ script_version("$Revision$");
+ script_tag(name:"cvss_base", value:"0.0");
+ script_tag(name:"risk_factor", value:"None");
+ script_tag(name:"detection", value:"registry version check");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-04-13 10:46:45 +0530 (Fri, 13 Apr 2012)");
+ script_name("Microsoft Forefront Unified Access Gateway (UAG) Detection");
+ script_description("Detection of installed version of Microsoft Forefront
+ Unified Access Gateway (UAG).
+
+The script logs in via smb, searches for Microsoft Forefront Unified Access
+Gateway (UAG) in the registry and gets the version from 'Version' string in
+registry");
+ script_summary("Detection of installed version of MS Forefront Unified Access Gateway");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Product detection");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_keys("SMB/WindowsVersion");
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_smb_func.inc");
+include("cpe.inc");
+include("host_details.inc");
+
+## Variable Initialization
+key = "";
+uagName = "";
+uagVer = "";
+cpe = "";
+
+if(!get_kb_item("SMB/WindowsVersion")){
+ exit(0);
+}
+
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
+if(!registry_key_exists(key:key)){
+ exit(0);
+}
+
+foreach item (registry_enum_keys(key:key))
+{
+ uagName = registry_get_sz(key:key + item, item:"DisplayName");
+
+ if(!uagName){
+ continue;
+ }
+
+ ## Confirm the application
+ if("Microsoft Forefront Unified Access Gateway" >< uagName)
+ {
+ ## Get version from registry
+ uagVer = registry_get_sz(key:key + item, item:"DisplayVersion");
+
+ if(uagVer)
+ {
+ ## Set the KB item
+ set_kb_item(name:"MS/Forefront/UAG/Ver", value:uagVer);
+ cpe = build_cpe(value:uagVer, exp:"^([0-9.]+)",
+ base:"cpe:/a:microsoft:forefront_unified_access_gateway:");
+
+ insPath= 'Could not determine InstallLocation from Registry\n';
+ if(cpe)
+ register_product(cpe:cpe, location:insPath, nvt:SCRIPT_OID);
+
+ log_message(data:'Detected MS Forefront Unified Access Gateway version: ' + uagVer +
+ '\nLocation: ' + insPath +
+ '\nCPE: '+ cpe +
+ '\n\nConcluded from version identification result:\n' +
+ 'MS ForefrontUnified Access Gateway ' + uagVer);
+
+ }
+ }
+}
+
Property changes on: trunk/openvas-plugins/scripts/gb_ms_forefront_unified_access_gateway_detect.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Modified: trunk/openvas-plugins/scripts/secpod_ms10-013.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms10-013.nasl 2012-04-25 11:33:42 UTC (rev 13368)
+++ trunk/openvas-plugins/scripts/secpod_ms10-013.nasl 2012-04-25 12:57:39 UTC (rev 13369)
@@ -8,7 +8,8 @@
# Antu Sanadi <santu at secpod.com>
#
# Updated By: Madhuri D <dmadhuri at secpod.com> on 2010-11-18
-# - To detect file version 'Quartz.dll' on vista, win 2008 and win 7
+# - To detect file version 'Quartz.dll' on vista, win 2008 and win 7
+# - Updated to support GDR and LDR versions on 2012-04-23
#
# Copyright:
# Copyright (c) 2010 SecPod, http://www.secpod.com
@@ -55,12 +56,12 @@
Impact Level: System
Affected Software/OS:
- Micorsoft Windows 7
+ Microsoft Windows 7
Microsoft Windows 2000 Service Pack 4 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2003 Service Pack 2 and prior
- Microsoft Windows Vista Service Pack 1/2 and prior.
- Microsoft Windows Server 2008 Service Pack 1/2 and prior.
+ Microsoft Windows Vista Service Pack 1/2 and prior
+ Microsoft Windows Server 2008 Service Pack 1/2 and prior
Fix:
Run Windows Update and update the listed hotfixes or download and
@@ -87,48 +88,37 @@
include("version_func.inc");
include("secpod_smb_func.inc");
-function Get_dllversion(path, dllfile)
-{
- share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:path);
- file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1",
- string:path + dllfile);
- sysVer = GetVer(file:file, share:share);
- if(isnull(sysVer)){
- return 0;
- }
- else
- return sysVer;
-}
+## Variable Initialization
+sysPath = "";
+sysVer1 = "";
+sysVer2 = "";
+SP = "";
+## Check for OS and Service Pack
if(hotfix_check_sp(win2k:5, xp:4, win2003:3, winVista:3, win7:1, win2008:3) <= 0){
exit(0);
}
-# Check for MS10-013 Hotfixes 977914, 975560
-if((hotfix_missing(name:"977914") == 0) && (hotfix_missing(name:"975560") == 0)){
+## Get System Path
+sysPath = smb_get_systemroot();
+if(! sysPath){
exit(0);
}
-sysPath = registry_get_sz(key:"SOFTWARE\Microsoft\COM3\Setup",
- item:"Install Path");
-if(!sysPath){
+## Get Version from Avifil32.dll and Quartz.dll file
+sysVer1 = fetch_file_version(sysPath, file_name:"system32\Avifil32.dll");
+sysVer2 = fetch_file_version(sysPath, file_name:"system32\Quartz.dll");
+if(!sysVer1 && !sysVer2){
exit(0);
}
-sysVer1 = Get_dllversion(path:sysPath, dllfile:"\Avifil32.dll");
-sysVer2 = Get_dllversion(path:sysPath, dllfile:"\Quartz.dll");
-
-if(!(sysVer1 && sysVer2)){
- exit(0);
-}
-
# Windows 2K
if(hotfix_check_sp(win2k:5) > 0)
{
# Grep for Avifil32.dll version < 5.0.2195.7359, Quartz.dll < 6.5.1.913, 6.1.9.738
if(version_is_less(version:sysVer1, test_version:"5.0.2195.7359") ||
- version_in_range(version:sysVer2, test_version:"6.5", test_version:"6.5.1.912") ||
- version_in_range(version:sysVer2, test_version:"6.1", test_version:"6.1.9.737")) {
+ version_in_range(version:sysVer2, test_version:"6.5", test_version2:"6.5.1.912") ||
+ version_in_range(version:sysVer2, test_version:"6.1", test_version2:"6.1.9.737")) {
security_hole(0);
}
}
@@ -174,27 +164,20 @@
security_hole(0);
}
-## Get System32 path
-sysPath = registry_get_sz(key:"SOFTWARE\Microsoft\Windows NT\CurrentVersion",
- item:"PathName");
-if(!sysPath){
- exit (0);
-}
-
-dllVer = Get_dllversion(path:sysPath, dllfile:"\System32\Quartz.dll");
-
-if(!dllVer){
- exit(0);
-}
-
-# Windows Vista
-if(hotfix_check_sp(winVista:3) > 0)
+## Windows Vista and Windows Server 2008
+else if(hotfix_check_sp(winVista:3, win2008:3) > 0)
{
SP = get_kb_item("SMB/WinVista/ServicePack");
+
+ if(!SP) {
+ SP = get_kb_item("SMB/Win2008/ServicePack");
+ }
+
if("Service Pack 1" >< SP)
{
- # Grep for Quartz.dll version < 6.6.6001.18389
- if(version_is_less(version:dllVer, test_version:"6.6.6001.18389")){
+ # Grep for Quartz.dll version
+ if(version_is_less(version:sysVer2, test_version:"6.6.6001.18389") ||
+ version_in_range(version:sysVer2, test_version:"6.6.6001.22000", test_version2:"6.6.6001.22589")){
security_hole(0);
}
exit(0);
@@ -202,8 +185,9 @@
if("Service Pack 2" >< SP)
{
- # Grep for Quartz.dll version < 6.6.6002.18158
- if(version_is_less(version:dllVer, test_version:"6.6.6002.18158")){
+ # Grep for Quartz.dll version
+ if(version_is_less(version:sysVer2, test_version:"6.6.6002.18158") ||
+ version_in_range(version:sysVer2, test_version:"6.6.6002.22000", test_version2:"6.6.6002.22294")){
security_hole(0);
}
exit(0);
@@ -211,36 +195,12 @@
security_hole(0);
}
-# Windows Server 2008
-else if(hotfix_check_sp(win2008:3) > 0)
-{
- SP = get_kb_item("SMB/Win2008/ServicePack");
- if("Service Pack 1" >< SP)
- {
- # Grep for Quartz.dll version < 6.6.6001.18389
- if(version_is_less(version:dllVer, test_version:"6.6.6001.18389")){
- security_hole(0);
- }
- exit(0);
- }
-
- if("Service Pack 2" >< SP)
- {
- # Grep for Quartz.dll version < 6.6.6002.18158
- if(version_is_less(version:dllVer, test_version:"6.6.6002.18158")){
- security_hole(0);
- }
- exit(0);
- }
- security_hole(0);
-}
-
# Windows 7
else if(hotfix_check_sp(win7:1) > 0)
{
- # Grep for Quartz.dll version < 6.6.7600.16490
- if(version_is_less(version:dllVer, test_version:"6.6.7600.16490")){
+ # Grep for Quartz.dll version
+ if(version_is_less(version:sysVer2, test_version:"6.6.7600.16490")||
+ version_in_range(version:sysVer2, test_version:"6.6.7600.20000", test_version2:"6.6.7600.20599")){
security_hole(0);
}
}
-
Property changes on: trunk/openvas-plugins/scripts/secpod_ms10-013.nasl
___________________________________________________________________
Modified: svn:keywords
- Author Date Id Revision
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/secpod_ms12-026.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms12-026.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/secpod_ms12-026.nasl 2012-04-25 12:57:39 UTC (rev 13369)
@@ -0,0 +1,117 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# MS Forefront Unified Access Gateway Information Disclosure Vulnerability (2663860)
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(903018);
+ script_version("$Revision$");
+ script_cve_id("CVE-2012-0146", "CVE-2012-0147");
+ script_bugtraq_id(52909, 52903);
+ script_tag(name:"cvss_base", value:"5.8");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:N");
+ script_tag(name:"risk_factor", value:"High");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-04-12 16:00:48 +0530 (Thu, 12 Apr 2012)");
+ script_name("MS Forefront Unified Access Gateway Information Disclosure Vulnerability (2663860)");
+ desc = "
+ Overview: This host has important security update missing according to
+ Microsoft Bulletin MS12-026.
+
+ Vulnerability Insight:
+ The flaws are caused due to an error,
+ - In UAG allows redirecting users to an untrusted site.
+ - Within the default website configuration allows access to certain content
+ from the external network.
+
+ Impact:
+ Successful exploitation could allow attackers to obtain potentially sensitive
+ information.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Microsoft Forefront Unified Access Gateway 2010 Service Pack 1
+ Microsoft Forefront Unified Access Gateway 2010 Service Pack 1 Update 1
+
+ Fix: Run Windows Update and update the listed hotfixes or download and
+ update mentioned hotfixes in the advisory from the below link,
+ http://technet.microsoft.com/en-us/security/bulletin/MS12-026
+
+ References:
+ http://secunia.com/advisories/48787
+ http://xforce.iss.net/xforce/xfdb/74367
+ http://xforce.iss.net/xforce/xfdb/74368
+ http://xforce.iss.net/xforce/xfdb/74369
+ http://www.securitytracker.com/id/1026909
+ http://technet.microsoft.com/en-us/security/bulletin/MS12-026 ";
+
+ script_description(desc);
+ script_summary("Check for the version of vulnerable 'Whlfilter' file");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2012 SecPod");
+ script_family("Windows : Microsoft Bulletins");
+ script_dependencies("gb_ms_forefront_unified_access_gateway_detect.nasl");
+ script_require_keys("MS/Forefront/UAG/Ver");
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_reg.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+## Variable Initialization
+dllVer = "";
+uagVer = "";
+path = "";
+
+## Get the version from KB to confirm application is installed
+uagVer = get_kb_item("MS/Forefront/UAG/Ver");
+if(!uagVer){
+ exit(0);
+}
+
+## Get Program Files Path
+path = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion",
+ item:"ProgramFilesDir");
+if(!path){
+ exit(0);
+}
+
+## Get the Whlfilter.dll file version
+dllVer = fetch_file_version(sysPath:path,
+ file_name:"Microsoft Forefront Unified Access Gateway\von\bin\Whlfilter.dll");
+
+if(!dllVer){
+ exit(0);
+}
+
+## Checking for Whlfilter.dll file version
+if(version_in_range(version:dllVer, test_version:"4.0.1752.10000", test_version2:"4.0.1753.10075")||
+ version_in_range(version:dllVer, test_version:"4.0.1773.10100", test_version2:"4.0.1773.10189")){
+ security_hole(0);
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_ms12-026.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
More information about the Openvas-commits
mailing list