[Openvas-commits] r12711 - in trunk/openvas-plugins: . scripts
scm-commit at wald.intevation.org
scm-commit at wald.intevation.org
Sun Feb 12 05:35:42 CET 2012
Author: reinke
Date: 2012-02-12 05:35:40 +0100 (Sun, 12 Feb 2012)
New Revision: 12711
Added:
trunk/openvas-plugins/scripts/deb_2263_2.nasl
trunk/openvas-plugins/scripts/deb_2301_2.nasl
trunk/openvas-plugins/scripts/deb_2323_1.nasl
trunk/openvas-plugins/scripts/deb_2324_1.nasl
trunk/openvas-plugins/scripts/deb_2325_1.nasl
trunk/openvas-plugins/scripts/deb_2326_1.nasl
trunk/openvas-plugins/scripts/deb_2327_1.nasl
trunk/openvas-plugins/scripts/deb_2328_1.nasl
trunk/openvas-plugins/scripts/deb_2329_1.nasl
trunk/openvas-plugins/scripts/deb_2330_1.nasl
trunk/openvas-plugins/scripts/deb_2331_1.nasl
trunk/openvas-plugins/scripts/deb_2332_1.nasl
trunk/openvas-plugins/scripts/deb_2333_1.nasl
trunk/openvas-plugins/scripts/deb_2334_1.nasl
trunk/openvas-plugins/scripts/deb_2336_1.nasl
trunk/openvas-plugins/scripts/deb_2337_1.nasl
trunk/openvas-plugins/scripts/deb_2338_1.nasl
trunk/openvas-plugins/scripts/deb_2339_1.nasl
trunk/openvas-plugins/scripts/deb_2341_1.nasl
trunk/openvas-plugins/scripts/deb_2342_1.nasl
trunk/openvas-plugins/scripts/deb_2343_1.nasl
trunk/openvas-plugins/scripts/deb_2344_1.nasl
trunk/openvas-plugins/scripts/deb_2346_1.nasl
trunk/openvas-plugins/scripts/deb_2346_2.nasl
trunk/openvas-plugins/scripts/deb_2347_1.nasl
trunk/openvas-plugins/scripts/deb_2348_1.nasl
trunk/openvas-plugins/scripts/deb_2349_1.nasl
trunk/openvas-plugins/scripts/deb_2350_1.nasl
trunk/openvas-plugins/scripts/deb_2351_1.nasl
trunk/openvas-plugins/scripts/deb_2352_1.nasl
trunk/openvas-plugins/scripts/deb_2353_1.nasl
trunk/openvas-plugins/scripts/deb_2354_1.nasl
trunk/openvas-plugins/scripts/deb_2355_1.nasl
trunk/openvas-plugins/scripts/deb_2356_1.nasl
trunk/openvas-plugins/scripts/deb_2358_1.nasl
trunk/openvas-plugins/scripts/deb_2359_1.nasl
trunk/openvas-plugins/scripts/deb_2361_1.nasl
trunk/openvas-plugins/scripts/deb_2362_1.nasl
trunk/openvas-plugins/scripts/deb_2363_1.nasl
trunk/openvas-plugins/scripts/deb_2364_1.nasl
trunk/openvas-plugins/scripts/deb_2365_1.nasl
trunk/openvas-plugins/scripts/deb_2366_1.nasl
trunk/openvas-plugins/scripts/deb_2367_1.nasl
trunk/openvas-plugins/scripts/deb_2368_1.nasl
trunk/openvas-plugins/scripts/deb_2369_1.nasl
trunk/openvas-plugins/scripts/deb_2370_1.nasl
trunk/openvas-plugins/scripts/deb_2372_1.nasl
trunk/openvas-plugins/scripts/deb_2373_1.nasl
trunk/openvas-plugins/scripts/deb_2374_1.nasl
trunk/openvas-plugins/scripts/deb_2376_1.nasl
trunk/openvas-plugins/scripts/deb_2376_2.nasl
trunk/openvas-plugins/scripts/deb_2377_1.nasl
trunk/openvas-plugins/scripts/deb_2378_1.nasl
trunk/openvas-plugins/scripts/deb_2379_1.nasl
trunk/openvas-plugins/scripts/deb_2380_1.nasl
trunk/openvas-plugins/scripts/deb_2381_1.nasl
trunk/openvas-plugins/scripts/deb_2382_1.nasl
trunk/openvas-plugins/scripts/deb_2383_1.nasl
trunk/openvas-plugins/scripts/deb_2384_1.nasl
trunk/openvas-plugins/scripts/deb_2384_2.nasl
trunk/openvas-plugins/scripts/deb_2385_1.nasl
trunk/openvas-plugins/scripts/deb_2386_1.nasl
trunk/openvas-plugins/scripts/deb_2387_1.nasl
trunk/openvas-plugins/scripts/deb_2388_1.nasl
trunk/openvas-plugins/scripts/deb_2390_1.nasl
trunk/openvas-plugins/scripts/deb_2391_1.nasl
trunk/openvas-plugins/scripts/deb_2392_1.nasl
trunk/openvas-plugins/scripts/deb_2394_1.nasl
trunk/openvas-plugins/scripts/deb_2395_1.nasl
trunk/openvas-plugins/scripts/deb_2396_1.nasl
trunk/openvas-plugins/scripts/deb_2397_1.nasl
trunk/openvas-plugins/scripts/deb_2398_1.nasl
trunk/openvas-plugins/scripts/deb_2399_1.nasl
trunk/openvas-plugins/scripts/deb_2399_2.nasl
trunk/openvas-plugins/scripts/deb_2400_1.nasl
trunk/openvas-plugins/scripts/deb_2401_1.nasl
trunk/openvas-plugins/scripts/deb_2402_1.nasl
trunk/openvas-plugins/scripts/deb_2403_1.nasl
trunk/openvas-plugins/scripts/deb_2403_2.nasl
trunk/openvas-plugins/scripts/deb_2404_1.nasl
trunk/openvas-plugins/scripts/deb_2405_1.nasl
trunk/openvas-plugins/scripts/deb_2407_1.nasl
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/scripts/deb_2204_1.nasl
trunk/openvas-plugins/scripts/deb_2278_1.nasl
Log:
New scripts added
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2012-02-11 23:49:25 UTC (rev 12710)
+++ trunk/openvas-plugins/ChangeLog 2012-02-12 04:35:40 UTC (rev 12711)
@@ -1,3 +1,91 @@
+2012-02-11 Thomas Reinke <reinke at securityspace.com>
+
+ * scripts/deb_2367_1.nasl,
+ scripts/deb_2390_1.nasl,
+ scripts/deb_2364_1.nasl,
+ scripts/deb_2338_1.nasl,
+ scripts/deb_2361_1.nasl,
+ scripts/deb_2332_1.nasl,
+ scripts/deb_2301_2.nasl,
+ scripts/deb_2384_2.nasl,
+ scripts/deb_2386_1.nasl,
+ scripts/deb_2383_1.nasl,
+ scripts/deb_2380_1.nasl,
+ scripts/deb_2354_1.nasl,
+ scripts/deb_2328_1.nasl,
+ scripts/deb_2351_1.nasl,
+ scripts/deb_2325_1.nasl,
+ scripts/deb_2403_1.nasl,
+ scripts/deb_2400_1.nasl,
+ scripts/deb_2379_1.nasl,
+ scripts/deb_2376_1.nasl,
+ scripts/deb_2373_1.nasl,
+ scripts/deb_2347_1.nasl,
+ scripts/deb_2370_1.nasl,
+ scripts/deb_2344_1.nasl,
+ scripts/deb_2341_1.nasl,
+ scripts/deb_2399_2.nasl,
+ scripts/deb_2398_1.nasl,
+ scripts/deb_2395_1.nasl,
+ scripts/deb_2369_1.nasl,
+ scripts/deb_2392_1.nasl,
+ scripts/deb_2366_1.nasl,
+ scripts/deb_2363_1.nasl,
+ scripts/deb_2337_1.nasl,
+ scripts/deb_2334_1.nasl,
+ scripts/deb_2331_1.nasl,
+ scripts/deb_2278_1.nasl,
+ scripts/deb_2388_1.nasl,
+ scripts/deb_2385_1.nasl,
+ scripts/deb_2359_1.nasl,
+ scripts/deb_2382_1.nasl,
+ scripts/deb_2356_1.nasl,
+ scripts/deb_2353_1.nasl,
+ scripts/deb_2327_1.nasl,
+ scripts/deb_2350_1.nasl,
+ scripts/deb_2324_1.nasl,
+ scripts/deb_2403_2.nasl,
+ scripts/deb_2405_1.nasl,
+ scripts/deb_2402_1.nasl,
+ scripts/deb_2263_2.nasl,
+ scripts/deb_2376_2.nasl,
+ scripts/deb_2378_1.nasl,
+ scripts/deb_2349_1.nasl,
+ scripts/deb_2372_1.nasl,
+ scripts/deb_2346_1.nasl,
+ scripts/deb_2204_1.nasl,
+ scripts/deb_2343_1.nasl,
+ scripts/deb_2397_1.nasl,
+ scripts/deb_2394_1.nasl,
+ scripts/deb_2368_1.nasl,
+ scripts/deb_2391_1.nasl,
+ scripts/deb_2365_1.nasl,
+ scripts/deb_2339_1.nasl,
+ scripts/deb_2362_1.nasl,
+ scripts/deb_2336_1.nasl,
+ scripts/deb_2333_1.nasl,
+ scripts/deb_2330_1.nasl,
+ scripts/deb_2387_1.nasl,
+ scripts/deb_2384_1.nasl,
+ scripts/deb_2358_1.nasl,
+ scripts/deb_2381_1.nasl,
+ scripts/deb_2355_1.nasl,
+ scripts/deb_2329_1.nasl,
+ scripts/deb_2352_1.nasl,
+ scripts/deb_2326_1.nasl,
+ scripts/deb_2323_1.nasl,
+ scripts/deb_2407_1.nasl,
+ scripts/deb_2404_1.nasl,
+ scripts/deb_2401_1.nasl,
+ scripts/deb_2377_1.nasl,
+ scripts/deb_2346_2.nasl,
+ scripts/deb_2374_1.nasl,
+ scripts/deb_2348_1.nasl,
+ scripts/deb_2342_1.nasl,
+ scripts/deb_2399_1.nasl,
+ scripts/deb_2396_1.nasl:
+ New scripts
+
2012-02-10 Matthew Mundell <matthew.mundell at greenbone.net>
* scripts/portscan-strobe.nasl: Remove UDP ranges and TCP range T:
Modified: trunk/openvas-plugins/scripts/deb_2204_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2204_1.nasl 2012-02-11 23:49:25 UTC (rev 12710)
+++ trunk/openvas-plugins/scripts/deb_2204_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -1,5 +1,5 @@
# OpenVAS Vulnerability Test
-# $Id$
+# $Id: deb_2204_1.nasl 12466 2012-01-11 15:50:39Z hdoreau $
# Description: Auto-generated from advisory DSA 2204-1 (imp4)
#
# Authors:
@@ -89,6 +89,9 @@
if ((res = isdpkgvuln(pkg:"imp4", ver:"4.2-4lenny3", rls:"DEB5.0")) != NULL) {
report += res;
}
+if ((res = isdpkgvuln(pkg:"imp4", ver:"4.3.7+debian0-2.1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
if ((res = isdpkgvuln(pkg:"imp4", ver:"4.3.7+debian0-2.1", rls:"DEB7.0")) != NULL) {
report += res;
}
Property changes on: trunk/openvas-plugins/scripts/deb_2204_1.nasl
___________________________________________________________________
Modified: svn:keywords
- Author Date Id Revision
+ Author Date Revision
Added: trunk/openvas-plugins/scripts/deb_2263_2.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2263_2.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2263_2.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,108 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2263-2 (movabletype-opensource)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70694);
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 03:22:33 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2263-2 (movabletype-opensource)");
+
+ desc = "The remote host is missing an update to movabletype-opensource
+announced via advisory DSA 2263-2.
+
+Advisory DSA 2363-1 did not include a package for the Debian 5.0 'Lenny'
+suite at that time. This update adds that package. The original advisory
+text follows.
+
+It was discovered that Movable Type, a weblog publishing system,
+contains several security vulnerabilities:
+
+A remote attacker could execute arbitrary code in a logged-in users'
+web browser.
+
+A remote attacker could read or modify the contents in the system
+under certain circumstances.
+
+For the oldstable distribution (lenny), these problems have been fixed in
+version 4.2.3-1+lenny3.
+
+For the stable distribution (squeeze), these problems have been fixed in
+version 4.3.5+dfsg-2+squeeze2.
+
+For the testing distribution (wheezy) and for the unstable
+distribution (sid), these problems have been fixed in version
+4.3.6.1+dfsg-1.
+
+We recommend that you upgrade your movabletype-opensource packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202263-2
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2263-2 (movabletype-opensource)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"movabletype-opensource", ver:"4.2.3-1+lenny3", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"movabletype-plugin-core", ver:"4.2.3-1+lenny3", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"movabletype-opensource", ver:"4.3.5+dfsg-2+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"movabletype-plugin-core", ver:"4.3.5+dfsg-2+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"movabletype-plugin-zemanta", ver:"4.3.5+dfsg-2+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Modified: trunk/openvas-plugins/scripts/deb_2278_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2278_1.nasl 2012-02-11 23:49:25 UTC (rev 12710)
+++ trunk/openvas-plugins/scripts/deb_2278_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -86,6 +86,9 @@
if ((res = isdpkgvuln(pkg:"horde3", ver:"3.2.2+debian0-2+lenny3", rls:"DEB5.0")) != NULL) {
report += res;
}
+if ((res = isdpkgvuln(pkg:"horde3", ver:"3.3.8+debian0-2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
if ((res = isdpkgvuln(pkg:"horde3", ver:"3.3.8+debian0-2", rls:"DEB7.0")) != NULL) {
report += res;
}
Added: trunk/openvas-plugins/scripts/deb_2301_2.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2301_2.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2301_2.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,130 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2301-2 (rails)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70710);
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:NR/C:P/I:P/A:P");
+ script_cve_id("CVE-2011-2930", "CVE-2011-2931", "CVE-2011-3186", "CVE-2009-4214");
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 03:28:39 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2301-2 (rails)");
+
+ desc = "The remote host is missing an update to rails
+announced via advisory DSA 2301-2.
+
+It was discovered that the last security update for Ruby on Rails,
+DSA-2301-1, introduced a regression in the libactionpack-ruby package.
+
+For the oldstable distribution (lenny), this problem has been fixed in
+version 2.1.0-7+lenny2.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 2.3.5-1.2+squeeze2.
+
+We recommend that you upgrade your rails packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202301-2
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2301-2 (rails)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"rails", ver:"2.1.0-7+lenny2", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libactionmailer-ruby", ver:"2.3.5-1.2+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libactionmailer-ruby1.8", ver:"2.3.5-1.2+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libactionpack-ruby", ver:"2.3.5-1.2+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libactionpack-ruby1.8", ver:"2.3.5-1.2+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libactiverecord-ruby", ver:"2.3.5-1.2+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libactiverecord-ruby1.8", ver:"2.3.5-1.2+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libactiverecord-ruby1.9.1", ver:"2.3.5-1.2+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libactiveresource-ruby", ver:"2.3.5-1.2+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libactiveresource-ruby1.8", ver:"2.3.5-1.2+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libactivesupport-ruby", ver:"2.3.5-1.2+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libactivesupport-ruby1.8", ver:"2.3.5-1.2+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libactivesupport-ruby1.9.1", ver:"2.3.5-1.2+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"rails", ver:"2.3.5-1.2+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"rails-doc", ver:"2.3.5-1.2+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"rails-ruby1.8", ver:"2.3.5-1.2+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2323_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2323_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2323_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,119 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2323-1 (radvd)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70546);
+ script_cve_id("CVE-2011-3602", "CVE-2011-3604", "CVE-2011-3605");
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 02:27:04 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2323-1 (radvd)");
+
+ desc = "The remote host is missing an update to radvd
+announced via advisory DSA 2323-1.
+
+Multiple security issues were discovered by Vasiliy Kulikov in radvd, an
+IPv6 Router Advertisement daemon:
+
+CVE-2011-3602
+
+set_interface_var() function doesn't check the interface name, which is
+chosen by an unprivileged user. This could lead to an arbitrary file
+overwrite if the attacker has local access, or specific files overwrites
+otherwise.
+
+CVE-2011-3604
+
+process_ra() function lacks multiple buffer length checks which could
+lead to memory reads outside the stack, causing a crash of the daemon.
+
+CVE-2011-3605
+
+process_rs() function calls mdelay() (a function to wait for a defined
+time) unconditionnally when running in unicast-only mode. As this call
+is in the main thread, that means all request processing is delayed (for
+a time up to MAX_RA_DELAY_TIME, 500 ms by default). An attacked could
+flood the daemon with router solicitations in order to fill the input
+queue, causing a temporary denial of service (processing would be
+stopped during all the mdelay() calls).
+Note: upstream and Debian default is to use anycast mode.
+
+
+For the oldstable distribution (lenny), this problem has been fixed in
+version 1:1.1-3.1.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 1:1.6-1.1.
+
+For the testing distribution (wheezy), this problem has been fixed in
+version 1:1.8-1.2.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 1:1.8-1.2.
+
+We recommend that you upgrade your radvd packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202323-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2323-1 (radvd)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"radvd", ver:"1:1.1-3.1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"radvd", ver:"1:1.6-1.1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"radvd", ver:"1:1.8.4-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2324_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2324_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2324_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,112 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2324-1 (wireshark)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70539);
+ script_tag(name:"cvss_base", value:"6.9");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:H/Au:NR/C:C/I:C/A:C");
+ script_cve_id("CVE-2011-3360");
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 02:25:37 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2324-1 (wireshark)");
+
+ desc = "The remote host is missing an update to wireshark
+announced via advisory DSA 2324-1.
+
+The Microsoft Vulnerability Research group discovered that insecure
+load path handling could lead to execution of arbitrary Lua script code.
+
+For the oldstable distribution (lenny), this problem has been fixed in
+version 1.0.2-3+lenny15. This build will be released shortly.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 1.2.11-6+squeeze4.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 1.6.2-1.
+
+We recommend that you upgrade your wireshark packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202324-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2324-1 (wireshark)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"tshark", ver:"1.0.2-3+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"wireshark", ver:"1.0.2-3+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"wireshark-common", ver:"1.0.2-3+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"wireshark-dev", ver:"1.0.2-3+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"tshark", ver:"1.2.11-6+squeeze6", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"wireshark", ver:"1.2.11-6+squeeze6", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"wireshark-common", ver:"1.2.11-6+squeeze6", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"wireshark-dbg", ver:"1.2.11-6+squeeze6", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"wireshark-dev", ver:"1.2.11-6+squeeze6", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2325_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2325_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2325_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,139 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2325-1 (kfreebsd-8)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70540);
+ script_tag(name:"cvss_base", value:"7.2");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:NR/C:C/I:C/A:C");
+ script_cve_id("CVE-2011-4062");
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 02:26:03 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2325-1 (kfreebsd-8)");
+
+ desc = "The remote host is missing an update to kfreebsd-8
+announced via advisory DSA 2325-1.
+
+Buffer overflow in the linux emulation support in FreeBSD kernel
+allows local users to cause a denial of service (panic) and possibly
+execute arbitrary code by calling the bind system call with a long path
+for a UNIX-domain socket, which is not properly handled when the
+address is used by other unspecified system calls.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 8.1+dfsg-8+squeeze2.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 8.2-9.
+
+We recommend that you upgrade your kfreebsd-8 packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202325-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2325-1 (kfreebsd-8)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"kfreebsd-headers-8-486", ver:"8.1+dfsg-8+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"kfreebsd-headers-8-686", ver:"8.1+dfsg-8+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"kfreebsd-headers-8-686-smp", ver:"8.1+dfsg-8+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"kfreebsd-headers-8-amd64", ver:"8.1+dfsg-8+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"kfreebsd-headers-8.1-1", ver:"8.1+dfsg-8+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"kfreebsd-headers-8.1-1-486", ver:"8.1+dfsg-8+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"kfreebsd-headers-8.1-1-686", ver:"8.1+dfsg-8+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"kfreebsd-headers-8.1-1-686-smp", ver:"8.1+dfsg-8+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"kfreebsd-headers-8.1-1-amd64", ver:"8.1+dfsg-8+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"kfreebsd-image-8-486", ver:"8.1+dfsg-8+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"kfreebsd-image-8-686", ver:"8.1+dfsg-8+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"kfreebsd-image-8-686-smp", ver:"8.1+dfsg-8+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"kfreebsd-image-8-amd64", ver:"8.1+dfsg-8+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"kfreebsd-image-8.1-1-486", ver:"8.1+dfsg-8+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"kfreebsd-image-8.1-1-686", ver:"8.1+dfsg-8+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"kfreebsd-image-8.1-1-686-smp", ver:"8.1+dfsg-8+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"kfreebsd-image-8.1-1-amd64", ver:"8.1+dfsg-8+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"kfreebsd-source-8.1", ver:"8.1+dfsg-8+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2326_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2326_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2326_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,102 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2326-1 (pam)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70541);
+ script_cve_id("CVE-2011-3148", "CVE-2011-3149");
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 02:26:19 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2326-1 (pam)");
+
+ desc = "The remote host is missing an update to pam
+announced via advisory DSA 2326-1.
+
+Kees Cook of the ChromeOS security team discovered a buffer overflow
+in pam_env, a PAM module to set environment variables through the
+PAM stack, which allowed the execution of arbitrary code. An additional
+issue in argument parsing allows denial of service.
+
+The oldstable distribution (lenny) is not affected.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 1.1.1-6.1+squeeze1.
+
+For the unstable distribution (sid), this problem will be fixed soon
+(the impact in sid is limited to denial of service for both issues)
+
+We recommend that you upgrade your pam packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202326-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2326-1 (pam)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"libpam-cracklib", ver:"1.1.1-6.1+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libpam-doc", ver:"1.1.1-6.1+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libpam-modules", ver:"1.1.1-6.1+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libpam-runtime", ver:"1.1.1-6.1+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libpam0g", ver:"1.1.1-6.1+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libpam0g-dev", ver:"1.1.1-6.1+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2327_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2327_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2327_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,96 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2327-1 (libfcgi-perl)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70542);
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:NR/C:P/I:P/A:P");
+ script_cve_id("CVE-2011-2766");
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 02:26:22 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2327-1 (libfcgi-perl)");
+
+ desc = "The remote host is missing an update to libfcgi-perl
+announced via advisory DSA 2327-1.
+
+Ferdinand Smit discovered that libfcgi-perl, a Perl module for writing
+FastCGI applications, is incorrectly restoring environment variables of
+a prior request in subsequent requests. In some cases this may lead
+to authentication bypasses or worse.
+
+
+The oldstable distribution (lenny) is not affected by this problem.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 0.71-1+squeeze1.
+
+For the testing distribution (wheezy), this problem has been fixed in
+version 0.73-2.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 0.73-2.
+
+We recommend that you upgrade your libfcgi-perl packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202327-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2327-1 (libfcgi-perl)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"libfcgi-perl", ver:"0.71-1+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libfcgi-perl", ver:"0.74-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2328_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2328_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2328_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,110 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2328-1 (freetype)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70543);
+ script_tag(name:"cvss_base", value:"4.3");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:H/Au:NR/C:N/I:P/A:N");
+ script_cve_id("CVE-2011-3256");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 02:26:31 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2328-1 (freetype)");
+
+ desc = "The remote host is missing an update to freetype
+announced via advisory DSA 2328-1.
+
+It was discovered that missing input sanitising in Freetype's glyph
+handling could lead to memory corruption, resulting in denial of service
+or the execution of arbitrary code.
+
+For the oldstable distribution (lenny), this problem has been fixed in
+version 2.3.7-2+lenny7.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 2.4.2-2.1+squeeze2.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 2.4.7-1.
+
+We recommend that you upgrade your freetype packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202328-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2328-1 (freetype)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"freetype2-demos", ver:"2.3.7-2+lenny8", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libfreetype6", ver:"2.3.7-2+lenny8", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libfreetype6-dev", ver:"2.3.7-2+lenny8", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libfreetype6-udeb", ver:"2.3.7-2+lenny6", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"freetype2-demos", ver:"2.4.2-2.1+squeeze3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libfreetype6", ver:"2.4.2-2.1+squeeze3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libfreetype6-dev", ver:"2.4.2-2.1+squeeze3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libfreetype6-udeb", ver:"2.4.2-2.1+squeeze3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2329_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2329_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2329_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,143 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2329-1 (torque)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70544);
+ script_tag(name:"cvss_base", value:"8.5");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:H/Au:R/C:C/I:C/A:C");
+ script_cve_id("CVE-2011-2193");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 02:26:55 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2329-1 (torque)");
+
+ desc = "The remote host is missing an update to torque
+announced via advisory DSA 2329-1.
+
+Bartlomiej Balcerek discovered several buffer overflows in torque server,
+a PBS-derived batch processing server. This allows an attacker to crash the
+service or execute arbitrary code with privileges of the server via crafted
+job or host names.
+
+The oldstable distribution (lenny) does not contain torque.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 2.4.8+dfsg-9squeeze1.
+
+For the testing distribution (wheezy), this problem has been fixed in
+version 2.4.15+dfsg-1.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 2.4.15+dfsg-1.
+
+We recommend that you upgrade your torque packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202329-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2329-1 (torque)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"libtorque2", ver:"2.4.8+dfsg-9squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libtorque2-dev", ver:"2.4.8+dfsg-9squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"torque-client", ver:"2.4.8+dfsg-9squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"torque-client-x11", ver:"2.4.8+dfsg-9squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"torque-common", ver:"2.4.8+dfsg-9squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"torque-mom", ver:"2.4.8+dfsg-9squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"torque-pam", ver:"2.4.8+dfsg-9squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"torque-scheduler", ver:"2.4.8+dfsg-9squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"torque-server", ver:"2.4.8+dfsg-9squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libtorque2", ver:"2.4.16+dfsg-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libtorque2-dev", ver:"2.4.16+dfsg-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"torque-client", ver:"2.4.16+dfsg-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"torque-client-x11", ver:"2.4.16+dfsg-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"torque-common", ver:"2.4.16+dfsg-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"torque-mom", ver:"2.4.16+dfsg-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"torque-pam", ver:"2.4.16+dfsg-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"torque-scheduler", ver:"2.4.16+dfsg-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"torque-server", ver:"2.4.16+dfsg-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2330_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2330_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2330_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,94 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2330-1 (simplesamlphp)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70545);
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 02:26:59 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2330-1 (simplesamlphp)");
+
+ desc = "The remote host is missing an update to simplesamlphp
+announced via advisory DSA 2330-1.
+
+Issues were found in the handling of XML encryption in simpleSAMLphp,
+an application for federated authentication. The following two issues
+have been addressed:
+
+It may be possible to use an SP as an oracle to decrypt encrypted
+messages sent to that SP.
+
+It may be possible to use the SP as a key oracle which can be used
+to forge messages from that SP by issuing 300000-2000000 queries to
+the SP.
+
+The oldstable distribution (lenny) does not contain simplesamlphp.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 1.6.3-2.
+
+The testing distribution (wheezy) will be fixed soon.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 1.8.2-1.
+
+We recommend that you upgrade your simplesamlphp packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202330-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2330-1 (simplesamlphp)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"simplesamlphp", ver:"1.6.3-3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2331_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2331_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2331_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,118 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2331-1 (tor)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70547);
+ script_tag(name:"cvss_base", value:"5.8");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:H/Au:NR/C:P/I:P/A:N");
+ script_cve_id("CVE-2011-2768", "CVE-2011-2769");
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 02:27:18 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2331-1 (tor)");
+
+ desc = "The remote host is missing an update to tor
+announced via advisory DSA 2331-1.
+
+It has been discovered by frosty_un that a design flaw in Tor, an online
+privacy tool, allows malicious relay servers to learn certain information
+that they should not be able to learn. Specifically, a relay that a user
+connects to directly could learn which other relays that user is
+connected to directly. In combination with other attacks, this issue
+can lead to deanonymizing the user. The Common Vulnerabilities and
+Exposures project has assigned CVE-2011-2768 to this issue.
+
+In addition to fixing the above mentioned issues, the updates to oldstable
+and stable fix a number of less critical issues (CVE-2011-2769). Please
+see this posting from the Tor blog for more information:
+https://blog.torproject.org/blog/tor-02234-released-security-patches
+
+For the oldstable distribution (lenny), this problem has been fixed in
+version 0.2.1.31-1~lenny+1. Due to technical limitations in the Debian
+archive scripts, the update cannot be released synchronously with the
+packages for stable. It will be released shortly.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 0.2.1.31-1.
+
+For the unstable and testing distributions, this problem has been fixed in
+version 0.2.2.34-1.
+
+For the experimental distribution, this problem have has fixed in version
+0.2.3.6-alpha-1.
+
+We recommend that you upgrade your tor packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202331-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2331-1 (tor)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"tor", ver:"0.2.1.32-1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"tor-dbg", ver:"0.2.1.32-1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"tor-geoipdb", ver:"0.2.1.32-1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"tor", ver:"0.2.2.35-1~squeeze+1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"tor-dbg", ver:"0.2.2.35-1~squeeze+1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"tor-geoipdb", ver:"0.2.2.35-1~squeeze+1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2332_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2332_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2332_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,120 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2332-1 (python-django)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70548);
+ script_tag(name:"cvss_base", value:"6.8");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:H/Au:NR/C:P/I:P/A:P");
+ script_cve_id("CVE-2011-4136", "CVE-2011-4137", "CVE-2011-4138", "CVE-2011-4139", "CVE-2011-4140");
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 02:27:22 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2332-1 (python-django)");
+
+ desc = "The remote host is missing an update to python-django
+announced via advisory DSA 2332-1.
+
+Paul McMillan, Mozilla and the Django core team discovered several
+vulnerabilities in Django, a Python web framework:
+
+CVE-2011-4136
+
+When using memory-based sessions and caching, Django sessions are
+stored directly in the root namespace of the cache. When user data is
+stored in the same cache, a remote user may take over a session.
+
+CVE-2011-4137, CVE-2011-4138
+
+Django's field type URLfield by default checks supplied URL's by
+issuing a request to it, which doesn't time out. A Denial of Service
+is possible by supplying specially prepared URL's that keep the
+connection open indefinately or fill the Django's server memory.
+
+CVE-2011-4139
+
+Django used X-Forwarded-Host headers to construct full URL's. This
+header may not contain trusted input and could be used to poison the
+cache.
+
+CVE-2011-4140
+
+The CSRF protection mechanism in Django does not properly handle
+web-server configurations supporting arbitrary HTTP Host headers,
+which allows remote attackers to trigger unauthenticated forged
+requests.
+
+For the oldstable distribution (lenny), this problem has been fixed in
+version 1.0.2-1+lenny3.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 1.2.3-3+squeeze2.
+
+For the testing (wheezy) and unstable distribution (sid), this problem
+has been fixed in version 1.3.1-1.
+
+We recommend that you upgrade your python-django packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202332-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2332-1 (python-django)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"python-django", ver:"1.0.2-1+lenny3", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"python-django", ver:"1.2.3-3+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"python-django-doc", ver:"1.2.3-3+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2333_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2333_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2333_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,110 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2333-1 (phpldapadmin)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70549);
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:NR/C:P/I:P/A:P");
+ script_cve_id("CVE-2011-4075", "CVE-2011-4074");
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 02:27:28 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2333-1 (phpldapadmin)");
+
+ desc = "The remote host is missing an update to phpldapadmin
+announced via advisory DSA 2333-1.
+
+Two vulnerabilities have been discovered in phpldapadmin, a web based
+interface for administering LDAP servers. The Common Vulnerabilities and
+Exposures project identifies the following problems:
+
+CVE-2011-4074
+
+Input appended to the URL in cmd.php (when cmd is set to _debug) is
+not properly sanitised before being returned to the user. This can be
+exploited to execute arbitrary HTML and script code in a user's browser
+session in context of an affected site.
+
+CVE-2011-4075
+
+Input passed to the orderby parameter in cmd.php (when cmd is set to
+query_engine, query is set to none, and search is set to e.g.
+1) is not properly sanitised in lib/functions.php before being used in a
+create_function() function call. This can be exploited to inject and
+execute arbitrary PHP code.
+
+
+For the oldstable distribution (lenny), these problems have been fixed in
+version 1.1.0.5-6+lenny2.
+
+For the stable distribution (squeeze), these problems have been fixed in
+version 1.2.0.5-2+squeeze1.
+
+For the testing distribution (wheezy), these problems will be fixed soon.
+
+For the unstable distribution (sid), these problems have been fixed in
+version 1.2.0.5-2.1.
+
+We recommend that you upgrade your phpldapadmin packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202333-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2333-1 (phpldapadmin)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"phpldapadmin", ver:"1.1.0.5-6+lenny2", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"phpldapadmin", ver:"1.2.0.5-2+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2334_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2334_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2334_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,120 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2334-1 (mahara)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70550);
+ script_tag(name:"cvss_base", value:"6.8");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:H/Au:NR/C:P/I:P/A:P");
+ script_cve_id("CVE-2011-2771", "CVE-2011-2772", "CVE-2011-2773");
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 02:27:34 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2334-1 (mahara)");
+
+ desc = "The remote host is missing an update to mahara
+announced via advisory DSA 2334-1.
+
+Several vulnerabilities were discovered in Mahara, an electronic
+portfolio, weblog, and resume builder:
+
+CVE-2011-2771
+
+Teemu Vesala discovered that missing input sanitising of RSS
+feeds could lead to cross-site scripting.
+
+CVE-2011-2772
+
+Richard Mansfield discovered that insufficient upload restrictions
+allowed denial of service.
+
+CVE-2011-2773
+
+Richard Mansfield that the management of institutions was prone to
+cross-site request forgery.
+
+(no CVE ID available yet)
+
+Andrew Nichols discovered a privilege escalation vulnerability
+in MNet handling.
+
+For the oldstable distribution (lenny), this problem has been fixed in
+version 1.0.4-4+lenny11.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 1.2.6-2+squeeze3.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 1.4.1-1.
+
+We recommend that you upgrade your mahara packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202334-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2334-1 (mahara)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"mahara", ver:"1.0.4-4+lenny11", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"mahara-apache2", ver:"1.0.4-4+lenny11", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"mahara", ver:"1.2.6-2+squeeze3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"mahara-apache2", ver:"1.2.6-2+squeeze3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"mahara-mediaplayer", ver:"1.2.6-2+squeeze3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2336_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2336_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2336_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,158 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2336-1 (ffmpeg)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70554);
+ script_tag(name:"cvss_base", value:"9.3");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:H/Au:NR/C:C/I:C/A:C");
+ script_cve_id("CVE-2011-3362", "CVE-2011-3973", "CVE-2011-3974", "CVE-2011-3504");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 02:28:41 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2336-1 (ffmpeg)");
+
+ desc = "The remote host is missing an update to ffmpeg
+announced via advisory DSA 2336-1.
+
+Multiple vulnerabilities were found in the ffmpeg, a multimedia player,
+server and encoder:
+
+CVE-2011-3362
+
+An integer signedness error in decode_residual_block function of
+the Chinese AVS video (CAVS) decoder in libavcodec can lead to
+denial of service (memory corruption and application crash) or
+possible code execution via a crafted CAVS file.
+
+CVE-2011-3973/CVE-2011-3974
+
+Multiple errors in the Chinese AVS video (CAVS) decoder can lead to
+denial of service (memory corruption and application crash) via an
+invalid bitstream.
+
+CVE-2011-3504
+
+A memory allocation problem in the Matroska format decoder can lead
+to code execution via a crafted file.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 4:0.5.5-1.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 4:0.7.2-1 of the libav source package.
+
+Security support for ffmpeg has been discontinued for the oldstable
+distribution (lenny) before in DSA 2306.
+The current version in oldstable is not supported by upstream anymore
+and is affected by several security issues. Backporting fixes for these
+and any future issues has become unfeasible and therefore we needed to
+drop our security support for the version in oldstable.
+
+We recommend that you upgrade your ffmpeg packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202336-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2336-1 (ffmpeg)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"ffmpeg", ver:"4:0.5.6-3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"ffmpeg-dbg", ver:"4:0.5.6-3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"ffmpeg-doc", ver:"4:0.5.6-3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libavcodec-dev", ver:"4:0.5.6-3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libavcodec52", ver:"4:0.5.6-3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libavdevice-dev", ver:"4:0.5.6-3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libavdevice52", ver:"4:0.5.6-3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libavfilter-dev", ver:"4:0.5.6-3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libavfilter0", ver:"4:0.5.6-3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libavformat-dev", ver:"4:0.5.6-3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libavformat52", ver:"4:0.5.6-3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libavutil-dev", ver:"4:0.5.6-3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libavutil49", ver:"4:0.5.6-3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libpostproc-dev", ver:"4:0.5.6-3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libpostproc51", ver:"4:0.5.6-3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libswscale-dev", ver:"4:0.5.6-3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libswscale0", ver:"4:0.5.6-3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2337_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2337_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2337_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,123 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2337-1 (xen)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70551);
+ script_tag(name:"cvss_base", value:"7.4");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:H/Au:R/C:C/I:C/A:C");
+ script_cve_id("CVE-2011-1166", "CVE-2011-1583", "CVE-2011-1898", "CVE-2011-3262");
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 02:27:52 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2337-1 (xen)");
+
+ desc = "The remote host is missing an update to xen
+announced via advisory DSA 2337-1.
+
+Several vulnerabilities were discovered in the Xen virtual machine
+hypervisor.
+
+CVE-2011-1166
+
+A 64-bit guest can get one of its vCPU'ss into non-kernel
+mode without first providing a valid non-kernel pagetable,
+thereby locking up the host system.
+
+CVE-2011-1583, CVE-2011-3262
+
+Local users can cause a denial of service and possibly execute
+arbitrary code via a crafted paravirtualised guest kernel image.
+
+CVE-2011-1898
+
+When using PCI passthrough on Intel VT-d chipsets that do not
+have interrupt remapping, guest OS can users to gain host OS
+privileges by writing to the interrupt injection registers.
+
+The oldstable distribution (lenny) contains a different version of Xen
+not affected by these problems.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 4.0.1-4.
+
+For the testing (wheezy) and unstable distribution (sid), this problem
+has been fixed in version 4.1.1-1.
+
+We recommend that you upgrade your xen packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202337-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2337-1 (xen)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"libxen-dev", ver:"4.0.1-4", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libxenstore3.0", ver:"4.0.1-4", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"xen-docs-4.0", ver:"4.0.1-4", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"xen-hypervisor-4.0-amd64", ver:"4.0.1-4", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"xen-hypervisor-4.0-i386", ver:"4.0.1-4", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"xen-utils-4.0", ver:"4.0.1-4", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"xenstore-utils", ver:"4.0.1-4", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2338_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2338_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2338_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,93 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2338-1 (moodle)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70552);
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 02:27:54 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2338-1 (moodle)");
+
+ desc = "The remote host is missing an update to moodle
+announced via advisory DSA 2338-1.
+
+Several cross-site scripting and information disclosure issues have
+been fixed in Moodle, a course management system for online learning:
+
+* MSA-11-0020 Continue links in error messages can lead offsite
+* MSA-11-0024 Recaptcha images were being authenticated from an older
+server
+* MSA-11-0025 Group names in user upload CSV not escaped
+* MSA-11-0026 Fields in user upload CSV not escaped
+* MSA-11-0031 Forms API constant issue
+* MSA-11-0032 MNET SSL validation issue
+* MSA-11-0036 Messaging refresh vulnerability
+* MSA-11-0037 Course section editing injection vulnerability
+* MSA-11-0038 Database injection protection strengthened
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 1.9.9.dfsg2-2.1+squeeze2.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 1.9.9.dfsg2-4.
+
+We recommend that you upgrade your moodle packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202338-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2338-1 (moodle)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"moodle", ver:"1.9.9.dfsg2-2.1+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2339_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2339_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2339_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,114 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2339-1 (nss)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70553);
+ script_tag(name:"cvss_base", value:"6.9");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:H/Au:NR/C:C/I:C/A:C");
+ script_cve_id("CVE-2011-3640");
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 02:28:18 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2339-1 (nss)");
+
+ desc = "The remote host is missing an update to nss
+announced via advisory DSA 2339-1.
+
+This update to the NSS cryptographic libraries revokes the trust in the
+DigiCert Sdn. Bhd certificate authority. More information can be found
+in the Mozilla Security Blog:
+http://blog.mozilla.com/security/2011/11/03/revoking-trust-in-digicert-sdn-bhd-intermediate-certificate-authority/
+
+This update also fixes an insecure load path for pkcs11.txt configuration
+file (CVE-2011-3640).
+
+For the oldstable distribution (lenny), this problem has been fixed in
+version 3.12.3.1-0lenny7.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 3.12.8-1+squeeze4.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 3.13.1.with.ckbi.1.88-1.
+
+We recommend that you upgrade your nss packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202339-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2339-1 (nss)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"libnss3-1d", ver:"3.12.3.1-0lenny7", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libnss3-1d-dbg", ver:"3.12.3.1-0lenny7", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libnss3-dev", ver:"3.12.3.1-0lenny7", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libnss3-tools", ver:"3.12.3.1-0lenny7", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libnss3-1d", ver:"3.12.8-1+squeeze4", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libnss3-1d-dbg", ver:"3.12.8-1+squeeze4", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libnss3-dev", ver:"3.12.8-1+squeeze4", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libnss3-tools", ver:"3.12.8-1+squeeze4", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2341_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2341_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2341_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,128 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2341-1 (iceweasel)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70555);
+ script_tag(name:"cvss_base", value:"9.3");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:H/Au:NR/C:C/I:C/A:C");
+ script_cve_id("CVE-2011-3647", "CVE-2011-3648", "CVE-2011-3650");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 02:28:56 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2341-1 (iceweasel)");
+
+ desc = "The remote host is missing an update to iceweasel
+announced via advisory DSA 2341-1.
+
+Several vulnerabilities have been discovered in Iceweasel, a web browser
+based on Firefox. The included XULRunner library provides rendering
+services for several other applications included in Debian.
+
+CVE-2011-3647
+
+moz_bug_r_a4 discovered a privilege escalation vulnerability in
+addon handling.
+
+CVE-2011-3648
+
+Yosuke Hasegawa discovered that incorrect handling of Shift-JIS
+encodings could lead to cross-site scripting.
+
+CVE-2011-3650
+
+Marc Schoenefeld discovered that profiling the Javascript code
+could lead to memory corruption.
+
+For the oldstable distribution (lenny), this problem has been fixed in
+version 1.9.0.19-15 of the xulrunner source package.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 3.5.16-11.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 8.0-1.
+
+We recommend that you upgrade your iceweasel packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202341-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2341-1 (iceweasel)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"iceweasel", ver:"3.5.16-12", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"iceweasel-dbg", ver:"3.5.16-12", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libmozjs-dev", ver:"1.9.1.16-12", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libmozjs2d", ver:"1.9.1.16-12", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libmozjs2d-dbg", ver:"1.9.1.16-12", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"spidermonkey-bin", ver:"1.9.1.16-12", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"xulrunner-1.9.1", ver:"1.9.1.16-12", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"xulrunner-1.9.1-dbg", ver:"1.9.1.16-12", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"xulrunner-dev", ver:"1.9.1.16-12", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2342_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2342_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2342_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,118 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2342-1 (iceape)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70557);
+ script_tag(name:"cvss_base", value:"9.3");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:H/Au:NR/C:C/I:C/A:C");
+ script_cve_id("CVE-2011-3647", "CVE-2011-3648", "CVE-2011-3650");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 02:29:15 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2342-1 (iceape)");
+
+ desc = "The remote host is missing an update to iceape
+announced via advisory DSA 2342-1.
+
+Several vulnerabilities have been found in the Iceape internet suite, an
+unbranded version of Seamonkey:
+
+CVE-2011-3647
+
+moz_bug_r_a4 discovered a privilege escalation vulnerability in
+addon handling.
+
+CVE-2011-3648
+
+Yosuke Hasegawa discovered that incorrect handling of Shift-JIS
+encodings could lead to cross-site scripting.
+
+CVE-2011-3650
+
+Marc Schoenefeld discovered that profiling the Javascript code
+could lead to memory corruption.
+
+The oldstable distribution (lenny) is not affected. The iceape package only
+provides the XPCOM code.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 2.0.11-9.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 2.0.14-9.
+
+We recommend that you upgrade your iceape packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202342-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2342-1 (iceape)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"iceape", ver:"2.0.11-10", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"iceape-browser", ver:"2.0.11-10", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"iceape-chatzilla", ver:"2.0.11-10", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"iceape-dbg", ver:"2.0.11-10", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"iceape-dev", ver:"2.0.11-10", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"iceape-mailnews", ver:"2.0.11-10", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2343_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2343_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2343_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,119 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2343-1 (openssl)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70556);
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 02:29:08 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2343-1 (openssl)");
+
+ desc = "The remote host is missing an update to openssl
+announced via advisory DSA 2343-1.
+
+Several weak certificates were issued by Malaysian intermediate CA
+Digicert Sdn. Bhd. This event, along with other issues, has lead to
+Entrust Inc. and Verizon Cybertrust to revoke the CA's cross-signed
+certificates.
+
+This update to OpenSSL, a Secure Sockets Layer toolkit, reflects this
+decision by marking Digicert Sdn. Bhd.'s certificates as revoked.
+
+For the oldstable distribution (lenny), this problem has been fixed in
+version 0.9.8g-15+lenny14.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 0.9.8o-4squeeze4.
+
+For the testing distribution (wheezy), this problem will be fixed soon.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 1.0.0e-2.1.
+
+We recommend that you upgrade your openssl packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202343-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2343-1 (openssl)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"libcrypto0.9.8-udeb", ver:"0.9.8g-15+lenny13", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libssl-dev", ver:"0.9.8g-15+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libssl0.9.8", ver:"0.9.8g-15+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libssl0.9.8-dbg", ver:"0.9.8g-15+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"openssl", ver:"0.9.8g-15+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libcrypto0.9.8-udeb", ver:"0.9.8o-4squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libssl-dev", ver:"0.9.8o-4squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libssl0.9.8", ver:"0.9.8o-4squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libssl0.9.8-dbg", ver:"0.9.8o-4squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"openssl", ver:"0.9.8o-4squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2344_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2344_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2344_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,89 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2344-1 (python-django-piston)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70558);
+ script_cve_id("CVE-2011-4103");
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 02:29:22 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2344-1 (python-django-piston)");
+
+ desc = "The remote host is missing an update to python-django-piston
+announced via advisory DSA 2344-1.
+
+It was discovered that the Piston framework can deserializes untrusted
+YAML and Pickle data, leading to remote code execution. (CVE-2011-4103)
+
+The old stable distribution (lenny) does not contain a
+python-django-piston package.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 0.2.2-1+squeeze1.
+
+For the testing distribution (wheezy) and the unstable distribution
+(sid), this problem has been fixed in version 0.2.2-2.
+
+We recommend that you upgrade your python-django-piston packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202344-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2344-1 (python-django-piston)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"python-django-piston", ver:"0.2.2-1+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"python-django-piston", ver:"0.2.3-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2346_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2346_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2346_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,160 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2346-1 (proftpd-dfsg)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70559);
+ script_tag(name:"cvss_base", value:"9.0");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:R/C:C/I:C/A:C");
+ script_cve_id("CVE-2011-4130", "CVE-2011-0411");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 02:29:49 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2346-1 (proftpd-dfsg)");
+
+ desc = "The remote host is missing an update to proftpd-dfsg
+announced via advisory DSA 2346-1.
+
+Several vulnerabilities were discovered in ProFTPD, an FTP server:
+
+ProFTPD incorrectly uses data from an unencrypted input buffer
+after encryption has been enabled with STARTTLS, an issue
+similar to CVE-2011-0411.
+
+CVE-2011-4130
+ProFTPD uses a response pool after freeing it under
+exceptional conditions, possibly leading to remote code
+execution. (The version in lenny is not affected by this
+problem.)
+
+For the oldstable distribution (lenny), this problem has been fixed in
+version 1.3.1-17lenny8.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 1.3.3a-6squeeze4.
+
+For the testing distribution (wheezy) and the unstable distribution
+(sid), this problem has been fixed in version 1.3.4~rc3-2.
+
+We recommend that you upgrade your proftpd-dfsg packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202346-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2346-1 (proftpd-dfsg)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"proftpd", ver:"1.3.1-17lenny9", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"proftpd-basic", ver:"1.3.1-17lenny9", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"proftpd-doc", ver:"1.3.1-17lenny9", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"proftpd-mod-ldap", ver:"1.3.1-17lenny9", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"proftpd-mod-mysql", ver:"1.3.1-17lenny9", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"proftpd-mod-pgsql", ver:"1.3.1-17lenny9", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"proftpd-basic", ver:"1.3.3a-6squeeze4", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"proftpd-dev", ver:"1.3.3a-6squeeze4", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"proftpd-doc", ver:"1.3.3a-6squeeze4", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"proftpd-mod-ldap", ver:"1.3.3a-6squeeze4", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"proftpd-mod-mysql", ver:"1.3.3a-6squeeze4", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"proftpd-mod-odbc", ver:"1.3.3a-6squeeze4", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"proftpd-mod-pgsql", ver:"1.3.3a-6squeeze4", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"proftpd-mod-sqlite", ver:"1.3.3a-6squeeze4", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"proftpd-basic", ver:"1.3.4a-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"proftpd-dev", ver:"1.3.4a-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"proftpd-doc", ver:"1.3.4a-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"proftpd-mod-ldap", ver:"1.3.4a-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"proftpd-mod-mysql", ver:"1.3.4a-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"proftpd-mod-odbc", ver:"1.3.4a-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"proftpd-mod-pgsql", ver:"1.3.4a-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"proftpd-mod-sqlite", ver:"1.3.4a-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2346_2.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2346_2.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2346_2.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,96 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2346-2 (proftpd-dfsg)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70560);
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 02:30:05 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2346-2 (proftpd-dfsg)");
+
+ desc = "The remote host is missing an update to proftpd-dfsg
+announced via advisory DSA 2346-2.
+
+The ProFTPD security update, DSA-2346-1, introduced a regression,
+preventing successful TLS connections. This regression does not
+affected the stable distribution (squeeze), nor the testing and
+unstable distributions.
+
+For the oldstable distribution (lenny), this problem has been fixed in
+version 1.3.1-17lenny9.
+
+We recommend that you upgrade your proftpd-dfsg packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202346-2
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2346-2 (proftpd-dfsg)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"proftpd", ver:"1.3.1-17lenny9", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"proftpd-basic", ver:"1.3.1-17lenny9", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"proftpd-doc", ver:"1.3.1-17lenny9", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"proftpd-mod-ldap", ver:"1.3.1-17lenny9", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"proftpd-mod-mysql", ver:"1.3.1-17lenny9", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"proftpd-mod-pgsql", ver:"1.3.1-17lenny9", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2347_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2347_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2347_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,165 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2347-1 (bind9)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70561);
+ script_tag(name:"cvss_base", value:"5.0");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:NR/C:N/I:N/A:P");
+ script_cve_id("CVE-2011-4313");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 02:30:55 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2347-1 (bind9)");
+
+ desc = "The remote host is missing an update to bind9
+announced via advisory DSA 2347-1.
+
+It was discovered that BIND, a DNS server, crashes while processing
+certain sequences of recursive DNS queries, leading to a denial of
+service. Authoritative-only server configurations are not affected by
+this issue.
+
+For the oldstable distribution (lenny), this problem has been fixed in
+version 1:9.6.ESV.R4+dfsg-0+lenny4.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 1:9.7.3.dfsg-1~squeeze4.
+
+We recommend that you upgrade your bind9 packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202347-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2347-1 (bind9)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"bind9", ver:"1:9.6.ESV.R4+dfsg-0+lenny4", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"bind9-doc", ver:"1:9.6.ESV.R4+dfsg-0+lenny4", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"bind9-host", ver:"1:9.6.ESV.R4+dfsg-0+lenny4", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"bind9utils", ver:"1:9.6.ESV.R4+dfsg-0+lenny4", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"dnsutils", ver:"1:9.6.ESV.R4+dfsg-0+lenny4", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libbind-dev", ver:"1:9.6.ESV.R4+dfsg-0+lenny4", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libbind9-50", ver:"1:9.6.ESV.R4+dfsg-0+lenny4", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libdns58", ver:"1:9.6.ESV.R4+dfsg-0+lenny4", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libisc50", ver:"1:9.6.ESV.R4+dfsg-0+lenny4", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libisccc50", ver:"1:9.6.ESV.R4+dfsg-0+lenny4", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libisccfg50", ver:"1:9.6.ESV.R4+dfsg-0+lenny4", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"liblwres50", ver:"1:9.6.ESV.R4+dfsg-0+lenny4", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"lwresd", ver:"1:9.6.ESV.R4+dfsg-0+lenny4", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"bind9", ver:"1:9.7.3.dfsg-1~squeeze4", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"bind9-doc", ver:"1:9.7.3.dfsg-1~squeeze4", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"bind9-host", ver:"1:9.7.3.dfsg-1~squeeze4", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"bind9utils", ver:"1:9.7.3.dfsg-1~squeeze4", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"dnsutils", ver:"1:9.7.3.dfsg-1~squeeze4", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"host", ver:"1:9.7.3.dfsg-1~squeeze4", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libbind-dev", ver:"1:9.7.3.dfsg-1~squeeze4", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libbind9-60", ver:"1:9.7.3.dfsg-1~squeeze4", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libdns69", ver:"1:9.7.3.dfsg-1~squeeze4", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libisc62", ver:"1:9.7.3.dfsg-1~squeeze4", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libisccc60", ver:"1:9.7.3.dfsg-1~squeeze4", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libisccfg62", ver:"1:9.7.3.dfsg-1~squeeze4", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"liblwres60", ver:"1:9.7.3.dfsg-1~squeeze4", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"lwresd", ver:"1:9.7.3.dfsg-1~squeeze4", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2348_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2348_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2348_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,121 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2348-1 (systemtap)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70564);
+ script_tag(name:"cvss_base", value:"7.2");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:NR/C:C/I:C/A:C");
+ script_cve_id("CVE-2010-4170", "CVE-2010-4171", "CVE-2011-2503");
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 02:31:24 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2348-1 (systemtap)");
+
+ desc = "The remote host is missing an update to systemtap
+announced via advisory DSA 2348-1.
+
+Several vulnerabilities were discovered in SystemTap, an instrumentation
+system for Linux:
+
+CVE-2011-2503
+
+It was discovered that a race condition in staprun could lead to
+privilege escalation.
+
+CVE-2010-4170
+
+It was discovered that insufficient validation of environment
+variables in staprun could lead to privilege escalation.
+
+CVE-2010-4171
+
+It was discovered that insufficient validation of module unloading
+could lead to denial of service.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 1.2-5+squeeze1.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 1.6-1.
+
+We recommend that you upgrade your systemtap packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202348-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2348-1 (systemtap)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"systemtap", ver:"1.2-5+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"systemtap-client", ver:"1.2-5+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"systemtap-common", ver:"1.2-5+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"systemtap-doc", ver:"1.2-5+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"systemtap-grapher", ver:"1.2-5+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"systemtap-runtime", ver:"1.2-5+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"systemtap-sdt-dev", ver:"1.2-5+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"systemtap-server", ver:"1.2-5+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2349_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2349_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2349_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,85 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2349-1 (spip)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70562);
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 02:30:57 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2349-1 (spip)");
+
+ desc = "The remote host is missing an update to spip
+announced via advisory DSA 2349-1.
+
+Two vulnerabilities have been found in SPIP, a website engine for
+publishing, which allow privilege escalation to site administrator
+privileges and cross-site scripting.
+
+The oldstable distribution (lenny) doesn't include spip.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 2.1.1-3squeeze2.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 2.1.12-1.
+
+We recommend that you upgrade your spip packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202349-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2349-1 (spip)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"spip", ver:"2.1.1-3squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2350_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2350_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2350_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,109 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2350-1 (freetype)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70563);
+ script_tag(name:"cvss_base", value:"9.3");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:H/Au:NR/C:C/I:C/A:C");
+ script_cve_id("CVE-2011-3439");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 02:31:09 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2350-1 (freetype)");
+
+ desc = "The remote host is missing an update to freetype
+announced via advisory DSA 2350-1.
+
+It was discovered that missing input sanitising in Freetype's processing
+of CID-keyed fonts could lead to the execution of arbitrary code.
+
+For the oldstable distribution (lenny), this problem has been fixed in
+version 2.3.7-2+lenny8.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 2.4.2-2.1+squeeze3.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 2.4.8-1.
+
+We recommend that you upgrade your freetype packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202350-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2350-1 (freetype)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"freetype2-demos", ver:"2.3.7-2+lenny8", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libfreetype6", ver:"2.3.7-2+lenny8", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libfreetype6-dev", ver:"2.3.7-2+lenny8", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libfreetype6-udeb", ver:"2.3.7-2+lenny6", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"freetype2-demos", ver:"2.4.2-2.1+squeeze3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libfreetype6", ver:"2.4.2-2.1+squeeze3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libfreetype6-dev", ver:"2.4.2-2.1+squeeze3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libfreetype6-udeb", ver:"2.4.2-2.1+squeeze3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2351_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2351_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2351_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,100 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2351-1 (wireshark)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70565);
+ script_tag(name:"cvss_base", value:"4.3");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:H/Au:NR/C:N/I:N/A:P");
+ script_cve_id("CVE-2011-4102");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 02:31:33 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2351-1 (wireshark)");
+
+ desc = "The remote host is missing an update to wireshark
+announced via advisory DSA 2351-1.
+
+Huzaifa Sidhpurwala discovered a buffer overflow in Wireshark's ERF
+dissector, which could lead to the execution of arbitrary code.
+
+For the oldstable distribution (lenny), this problem has been fixed in
+version wireshark 1.0.2-3+lenny16.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 1.2.11-6+squeeze5.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 1.6.3-1.
+
+We recommend that you upgrade your wireshark packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202351-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2351-1 (wireshark)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"tshark", ver:"1.2.11-6+squeeze6", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"wireshark", ver:"1.2.11-6+squeeze6", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"wireshark-common", ver:"1.2.11-6+squeeze6", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"wireshark-dbg", ver:"1.2.11-6+squeeze6", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"wireshark-dev", ver:"1.2.11-6+squeeze6", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2352_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2352_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2352_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,111 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2352-1 (puppet)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70566);
+ script_tag(name:"cvss_base", value:"2.6");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:H/Au:NR/C:N/I:P/A:N");
+ script_cve_id("CVE-2011-3872");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 02:31:41 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2352-1 (puppet)");
+
+ desc = "The remote host is missing an update to puppet
+announced via advisory DSA 2352-1.
+
+It was discovered that Puppet, a centralized configuration management
+solution, misgenerated certificates if the certdnsnames option was
+used. This could lead to man in the middle attacks. More details are
+available at http://puppetlabs.com/security/cve/cve-2011-3872/
+
+For the oldstable distribution (lenny), this problem has been fixed in
+version 0.24.5-3+lenny2.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 2.6.2-5+squeeze3.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 2.7.6-1.
+
+We recommend that you upgrade your puppet packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202352-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2352-1 (puppet)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"puppet", ver:"0.24.5-3+lenny2", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"puppetmaster", ver:"0.24.5-3+lenny2", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"puppet", ver:"2.6.2-5+squeeze3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"puppet-common", ver:"2.6.2-5+squeeze3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"puppet-el", ver:"2.6.2-5+squeeze3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"puppet-testsuite", ver:"2.6.2-5+squeeze3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"puppetmaster", ver:"2.6.2-5+squeeze3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"vim-puppet", ver:"2.6.2-5+squeeze3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2353_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2353_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2353_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,106 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2353-1 (ldns)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70567);
+ script_tag(name:"cvss_base", value:"6.8");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:H/Au:NR/C:P/I:P/A:P");
+ script_cve_id("CVE-2011-3581");
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 02:31:49 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2353-1 (ldns)");
+
+ desc = "The remote host is missing an update to ldns
+announced via advisory DSA 2353-1.
+
+David Wheeler discovered a buffer overflow in ldns's code to parse
+RR records, which could lead to the execution of arbitrary code.
+
+For the oldstable distribution (lenny), this problem has been fixed in
+version 1.4.0-1+lenny2.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 1.6.6-2+squeeze1.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 1.6.11-1.
+
+We recommend that you upgrade your ldns packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202353-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2353-1 (ldns)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"ldnsutils", ver:"1.4.0-1+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libldns-dev", ver:"1.4.0-1+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libldns1", ver:"1.4.0-1+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"ldnsutils", ver:"1.6.6-2+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libldns-dev", ver:"1.6.6-2+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libldns1", ver:"1.6.6-2+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"python-ldns", ver:"1.6.6-2+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2354_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2354_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2354_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,192 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2354-1 (cups)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70568);
+ script_tag(name:"cvss_base", value:"5.1");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:H/Au:NR/C:P/I:P/A:P");
+ script_cve_id("CVE-2011-2896", "CVE-2011-3170");
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 02:32:46 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2354-1 (cups)");
+
+ desc = "The remote host is missing an update to cups
+announced via advisory DSA 2354-1.
+
+Petr Sklenar and Tomas Hoger discovered that missing input sanitising in
+the GIF decoder inside the Cups printing system could lead to denial
+of service or potentially arbitrary code execution through crafted GIF
+files.
+
+For the oldstable distribution (lenny), this problem has been fixed in
+version 1.3.8-1+lenny10.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 1.4.4-7+squeeze1.
+
+For the testing and unstable distribution (sid), this problem has been
+fixed in version 1.5.0-8.
+
+We recommend that you upgrade your cups packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202354-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2354-1 (cups)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"cups", ver:"1.3.8-1+lenny10", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"cups-bsd", ver:"1.3.8-1+lenny10", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"cups-client", ver:"1.3.8-1+lenny10", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"cups-common", ver:"1.3.8-1+lenny10", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"cups-dbg", ver:"1.3.8-1+lenny10", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"cupsys", ver:"1.3.8-1+lenny10", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"cupsys-bsd", ver:"1.3.8-1+lenny10", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"cupsys-client", ver:"1.3.8-1+lenny10", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"cupsys-common", ver:"1.3.8-1+lenny10", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"cupsys-dbg", ver:"1.3.8-1+lenny10", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libcups2", ver:"1.3.8-1+lenny10", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libcups2-dev", ver:"1.3.8-1+lenny10", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libcupsimage2", ver:"1.3.8-1+lenny10", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libcupsimage2-dev", ver:"1.3.8-1+lenny10", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libcupsys2", ver:"1.3.8-1+lenny10", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libcupsys2-dev", ver:"1.3.8-1+lenny10", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"cups", ver:"1.4.4-7+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"cups-bsd", ver:"1.4.4-7+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"cups-client", ver:"1.4.4-7+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"cups-common", ver:"1.4.4-7+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"cups-dbg", ver:"1.4.4-7+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"cups-ppdc", ver:"1.4.4-7+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"cupsddk", ver:"1.4.4-7+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libcups2", ver:"1.4.4-7+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libcups2-dev", ver:"1.4.4-7+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libcupscgi1", ver:"1.4.4-7+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libcupscgi1-dev", ver:"1.4.4-7+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libcupsdriver1", ver:"1.4.4-7+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libcupsdriver1-dev", ver:"1.4.4-7+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libcupsimage2", ver:"1.4.4-7+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libcupsimage2-dev", ver:"1.4.4-7+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libcupsmime1", ver:"1.4.4-7+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libcupsmime1-dev", ver:"1.4.4-7+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libcupsppdc1", ver:"1.4.4-7+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libcupsppdc1-dev", ver:"1.4.4-7+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2355_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2355_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2355_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,103 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2355-1 (clearsilver)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70569);
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:NR/C:P/I:P/A:P");
+ script_cve_id("CVE-2011-4357");
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 02:33:05 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2355-1 (clearsilver)");
+
+ desc = "The remote host is missing an update to clearsilver
+announced via advisory DSA 2355-1.
+
+Leo Iannacone and Colin Watson discovered a format string vulnerability
+in the Python bindings for the Clearsilver HTML template system, which
+may lead to denial of service or the execution of arbitrary code.
+
+For the oldstable distribution (lenny), this problem has been fixed in
+version 0.10.4-1.3+lenny1.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 0.10.5-1+squeeze1.
+
+For the unstable distribution (sid), this problem will be fixed soon.
+
+We recommend that you upgrade your clearsilver packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202355-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2355-1 (clearsilver)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"clearsilver-dev", ver:"0.10.4-1.3+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libclearsilver-perl", ver:"0.10.4-1.3+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"python-clearsilver", ver:"0.10.4-1.3+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"clearsilver-dev", ver:"0.10.5-1+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libclearsilver-perl", ver:"0.10.5-1+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"python-clearsilver", ver:"0.10.5-1+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2356_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2356_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2356_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,207 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2356-1 (openjdk-6)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70570);
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:NR/C:C/I:C/A:C");
+ script_cve_id("CVE-2011-3389", "CVE-2011-3521", "CVE-2011-3544", "CVE-2011-3547", "CVE-2011-3548", "CVE-2011-3551", "CVE-2011-3552", "CVE-2011-3553", "CVE-2011-3554", "CVE-2011-3556", "CVE-2011-3557", "CVE-2011-3560");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 02:33:35 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2356-1 (openjdk-6)");
+
+ desc = "The remote host is missing an update to openjdk-6
+announced via advisory DSA 2356-1.
+
+Several vulnerabilities have been discovered in OpenJDK, an
+implementation of the Java platform:
+
+CVE-2011-3389
+The TLS implementation does not guard properly against certain
+chosen-plaintext attacks when block ciphers are used in CBC
+mode.
+
+CVE-2011-3521
+The CORBA implementation contains a deserialization
+vulnerability in the IIOP implementation, allowing untrusted
+Java code (such as applets) to elevate its privileges.
+
+CVE-2011-3544
+The Java scripting engine lacks necessary security manager
+checks, allowing untrusted Java code (such as applets) to
+elevate its privileges.
+
+CVE-2011-3547
+The skip() method in java.io.InputStream uses a shared buffer,
+allowing untrusted Java code (such as applets) to access data
+that is skipped by other code.
+
+CVE-2011-3548
+The java.awt.AWTKeyStroke class contains a flaw which allows
+untrusted Java code (such as applets) to elevate its
+privileges.
+
+CVE-2011-3551
+The Java2D C code contains an integer overflow which results
+in a heap-based buffer overflow, potentially allowing
+untrusted Java code (such as applets) to elevate its
+privileges.
+
+CVE-2011-3552
+Malicous Java code can use up an excessive amount of UDP
+ports, leading to a denial of service.
+
+CVE-2011-3553
+JAX-WS enables stack traces for certain server responses by
+default, potentially leaking sensitive information.
+
+CVE-2011-3554
+JAR files in pack200 format are not properly checked for
+errors, potentially leading to arbitrary code execution when
+unpacking crafted pack200 files.
+
+CVE-2011-3556
+The RMI Registry server lacks access restrictions on certain
+methods, allowing a remote client to execute arbitary code.
+
+CVE-2011-3557
+The RMI Registry server fails to properly restrict privileges
+of untrusted Java code, allowing RMI clients to elevate their
+privileges on the RMI Registry server.
+
+CVE-2011-3560
+The com.sun.net.ssl.HttpsURLConnection class does not perform
+proper security manager checks in the setSSLSocketFactory()
+method, allowing untrusted Java code to bypass security policy
+restrictions.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 6b18-1.8.10-0+squeeze1.
+
+For the testing distribution (wheezy) and the unstable distribution
+(sid), this problem has been fixed in version 6b23~pre11-1.
+
+We recommend that you upgrade your openjdk-6 packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202356-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2356-1 (openjdk-6)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"icedtea-6-jre-cacao", ver:"6b18-1.8.10-0+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"icedtea6-plugin", ver:"6b18-1.8.10-0+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"openjdk-6-dbg", ver:"6b18-1.8.10-0+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"openjdk-6-demo", ver:"6b18-1.8.10-0+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"openjdk-6-doc", ver:"6b18-1.8.10-0+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"openjdk-6-jdk", ver:"6b18-1.8.10-0+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"openjdk-6-jre", ver:"6b18-1.8.10-0+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"openjdk-6-jre-headless", ver:"6b18-1.8.10-0+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"openjdk-6-jre-lib", ver:"6b18-1.8.10-0+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"openjdk-6-jre-zero", ver:"6b18-1.8.10-0+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"openjdk-6-source", ver:"6b18-1.8.10-0+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"icedtea-6-jre-cacao", ver:"6b24~pre2-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"icedtea-6-jre-jamvm", ver:"6b24~pre2-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"openjdk-6-dbg", ver:"6b24~pre2-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"openjdk-6-demo", ver:"6b24~pre2-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"openjdk-6-doc", ver:"6b24~pre2-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"openjdk-6-jdk", ver:"6b24~pre2-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"openjdk-6-jre", ver:"6b24~pre2-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"openjdk-6-jre-headless", ver:"6b24~pre2-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"openjdk-6-jre-lib", ver:"6b24~pre2-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"openjdk-6-jre-zero", ver:"6b24~pre2-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"openjdk-6-source", ver:"6b24~pre2-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2358_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2358_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2358_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,197 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2358-1 (openjdk-6)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70571);
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:NR/C:C/I:C/A:C");
+ script_cve_id("CVE-2011-0862", "CVE-2011-0864", "CVE-2011-0865", "CVE-2011-0867", "CVE-2011-0868", "CVE-2011-0869", "CVE-2011-0871", "CVE-2011-3389", "CVE-2011-3521", "CVE-2011-3544", "CVE-2011-3547", "CVE-2011-3548", "CVE-2011-3551", "CVE-2011-3552", "CVE-2011-3553", "CVE-2011-3554", "CVE-2011-3556", "CVE-2011-3557", "CVE-2011-3560");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 02:33:46 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2358-1 (openjdk-6)");
+
+ desc = "The remote host is missing an update to openjdk-6
+announced via advisory DSA 2358-1.
+
+Several vulnerabilities have been discovered in OpenJDK, an
+implementation of the Java platform. This combines the two previous
+openjdk-6 advisories, DSA-2311-1 and DSA-2356-1.
+
+CVE-2011-0862
+Integer overflow errors in the JPEG and font parser allow
+untrusted code (including applets) to elevate its privileges.
+
+CVE-2011-0864
+Hotspot, the just-in-time compiler in OpenJDK, mishandled
+certain byte code instructions, allowing untrusted code
+(including applets) to crash the virtual machine.
+
+CVE-2011-0865
+A race condition in signed object deserialization could
+allow untrusted code to modify signed content, apparently
+leaving its signature intact.
+
+CVE-2011-0867
+Untrusted code (including applets) could access information
+about network interfaces which was not intended to be public.
+(Note that the interface MAC address is still available to
+untrusted code.)
+
+CVE-2011-0868
+A float-to-long conversion could overflow, , allowing
+untrusted code (including applets) to crash the virtual
+machine.
+
+CVE-2011-0869
+Untrusted code (including applets) could intercept HTTP
+requests by reconfiguring proxy settings through a SOAP
+connection.
+
+CVE-2011-0871
+Untrusted code (including applets) could elevate its
+privileges through the Swing MediaTracker code.
+
+CVE-2011-3389
+The TLS implementation does not guard properly against certain
+chosen-plaintext attacks when block ciphers are used in CBC
+mode.
+
+CVE-2011-3521
+The CORBA implementation contains a deserialization
+vulnerability in the IIOP implementation, allowing untrusted
+Java code (such as applets) to elevate its privileges.
+
+CVE-2011-3544
+The Java scripting engine lacks necessary security manager
+checks, allowing untrusted Java code (such as applets) to
+elevate its privileges.
+
+CVE-2011-3547
+The skip() method in java.io.InputStream uses a shared buffer,
+allowing untrusted Java code (such as applets) to access data
+that is skipped by other code.
+
+CVE-2011-3548
+The java.awt.AWTKeyStroke class contains a flaw which allows
+untrusted Java code (such as applets) to elevate its
+privileges.
+
+CVE-2011-3551
+The Java2D C code contains an integer overflow which results
+in a heap-based buffer overflow, potentially allowing
+untrusted Java code (such as applets) to elevate its
+privileges.
+
+CVE-2011-3552
+Malicous Java code can use up an excessive amount of UDP
+ports, leading to a denial of service.
+
+CVE-2011-3553
+JAX-WS enables stack traces for certain server responses by
+default, potentially leaking sensitive information.
+
+CVE-2011-3554
+JAR files in pack200 format are not properly checked for
+errors, potentially leading to arbitrary code execution when
+unpacking crafted pack200 files.
+
+CVE-2011-3556
+The RMI Registry server lacks access restrictions on certain
+methods, allowing a remote client to execute arbitary code.
+
+CVE-2011-3557
+The RMI Registry server fails to properly restrict privileges
+of untrusted Java code, allowing RMI clients to elevate their
+privileges on the RMI Registry server.
+
+CVE-2011-3560
+The com.sun.net.ssl.HttpsURLConnection class does not perform
+proper security manager checks in the setSSLSocketFactory()
+method, allowing untrusted Java code to bypass security policy
+restrictions.
+
+For the oldstable distribution (lenny), these problems have been fixed
+in version 6b18-1.8.10-0~lenny1.
+
+We recommend that you upgrade your openjdk-6 packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202358-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2358-1 (openjdk-6)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"openjdk-6-dbg", ver:"6b18-1.8.10-0~lenny2", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"openjdk-6-demo", ver:"6b18-1.8.10-0~lenny2", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"openjdk-6-doc", ver:"6b18-1.8.10-0~lenny2", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"openjdk-6-jdk", ver:"6b18-1.8.10-0~lenny2", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"openjdk-6-jre", ver:"6b18-1.8.10-0~lenny2", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"openjdk-6-jre-headless", ver:"6b18-1.8.10-0~lenny2", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"openjdk-6-jre-lib", ver:"6b18-1.8.10-0~lenny2", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"openjdk-6-source", ver:"6b18-1.8.10-0~lenny2", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2359_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2359_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2359_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,99 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2359-1 (mojarra)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70572);
+ script_cve_id("CVE-2011-4358");
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 02:33:52 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2359-1 (mojarra)");
+
+ desc = "The remote host is missing an update to mojarra
+announced via advisory DSA 2359-1.
+
+It was discovered that Mojarra, an implementation of JavaServer Faces,
+evaluates untrusted values as EL expressions if includeViewParameters
+is set to true.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 2.0.3-1+squeeze1.
+
+For the testing distribution (wheezy) and the unstable distribution
+(sid), this problem has been fixed in version 2.0.3-2.
+
+We recommend that you upgrade your mojarra packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202359-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2359-1 (mojarra)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"libjsf-api-java", ver:"2.0.3-1+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libjsf-impl-java", ver:"2.0.3-1+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libjsf-java-doc", ver:"2.0.3-1+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libjsf-api-java", ver:"2.0.3-2", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libjsf-impl-java", ver:"2.0.3-2", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libjsf-java-doc", ver:"2.0.3-2", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2361_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2361_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2361_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,107 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2361-1 (chasen)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70573);
+ script_tag(name:"cvss_base", value:"9.3");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:H/Au:NR/C:C/I:C/A:C");
+ script_cve_id("CVE-2011-4000");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 02:34:05 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2361-1 (chasen)");
+
+ desc = "The remote host is missing an update to chasen
+announced via advisory DSA 2361-1.
+
+It was discovered that ChaSen, a Japanese morphological analysis
+system, contains a buffer overflow, potentially leading to arbitrary
+code execution in programs using the library.
+
+For the oldstable distribution (lenny), this problem has been fixed in
+version 2.4.4-2+lenny2.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 2.4.4-11+squeeze2.
+
+We recommend that you upgrade your chasen packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202361-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2361-1 (chasen)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"chasen", ver:"2.4.4-2+lenny2", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"chasen-dictutils", ver:"2.4.4-2+lenny2", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libchasen-dev", ver:"2.4.4-2+lenny2", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libchasen2", ver:"2.4.4-2+lenny2", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"chasen", ver:"2.4.4-11+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"chasen-dictutils", ver:"2.4.4-11+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libchasen-dev", ver:"2.4.4-11+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libchasen2", ver:"2.4.4-11+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2362_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2362_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2362_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,112 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2362-1 (acpid)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70574);
+ script_tag(name:"cvss_base", value:"2.1");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:NR/C:N/I:N/A:P");
+ script_cve_id("CVE-2011-1159", "CVE-2011-2777", "CVE-2011-4578");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 02:34:11 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2362-1 (acpid)");
+
+ desc = "The remote host is missing an update to acpid
+announced via advisory DSA 2362-1.
+
+Multiple vulnerabilities were found in the acpid, the Advanced
+Configuration and Power Interface event daemon:
+
+CVE-2011-1159
+
+Vasiliy Kulikov of OpenWall discovered that the socket handling
+is vulnerable to denial of service.
+
+CVE-2011-2777
+
+Oliver-Tobias Ripka discovered that incorrect process handling in
+the Debian-specific powerbtn.sh script could lead to local
+privilege escalation. This issue doesn't affect oldstable. The
+script is only shipped as an example in /usr/share/doc/acpid/examples.
+See /usr/share/doc/acpid/README.Debian for details.
+
+CVE-2011-4578
+
+Helmut Grohne and Michael Biebl discovered that acpid sets a umask
+of 0 when executing scripts, which could result in local privilege
+escalation.
+
+For the oldstable distribution (lenny), this problem has been fixed in
+version 1.0.8-1lenny4.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 1:2.0.7-1squeeze3.
+
+For the unstable distribution (sid), this problem will be fixed soon.
+
+We recommend that you upgrade your acpid packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202362-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2362-1 (acpid)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"acpid", ver:"1.0.8-1lenny4", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"acpid", ver:"1:2.0.7-1squeeze3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"kacpimon", ver:"1:2.0.7-1squeeze3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2363_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2363_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2363_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,117 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2363-1 (tor)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70575);
+ script_tag(name:"cvss_base", value:"7.6");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:H/Au:NR/C:C/I:C/A:C");
+ script_cve_id("CVE-2011-2778");
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 02:34:19 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2363-1 (tor)");
+
+ desc = "The remote host is missing an update to tor
+announced via advisory DSA 2363-1.
+
+It was discovered that Tor, an online privacy tool, incorrectly computes
+buffer sizes in certain cases involving SOCKS connections. Malicious
+parties could use this to cause a heap-based buffer overflow, potentially
+allowing execution of arbitrary code.
+
+In Tor's default configuration this issue can only be triggered by
+clients that can connect to Tor's socks port, which listens only on
+localhost by default.
+
+In non-default configurations where Tor's SocksPort listens not only on
+localhost or where Tor was configured to use another socks server for all of
+its outgoing connections, Tor is vulnerable to a larger set of malicious
+parties.
+
+For the oldstable distribution (lenny), this problem has been fixed in
+version 0.2.1.32-1.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 0.2.2.35-1~squeeze+1.
+
+For the unstable and testing distributions, this problem has been fixed in
+version 0.2.2.35-1.
+
+For the experimental distribution, this problem has has fixed in
+version 0.2.3.10-alpha-1.
+
+We recommend that you upgrade your tor packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202363-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2363-1 (tor)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"tor", ver:"0.2.1.32-1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"tor-dbg", ver:"0.2.1.32-1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"tor-geoipdb", ver:"0.2.1.32-1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"tor", ver:"0.2.2.35-1~squeeze+1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"tor-dbg", ver:"0.2.2.35-1~squeeze+1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"tor-geoipdb", ver:"0.2.2.35-1~squeeze+1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2364_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2364_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2364_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,121 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2364-1 (xorg)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70576);
+ script_cve_id("CVE-2011-4613");
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 02:34:39 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2364-1 (xorg)");
+
+ desc = "The remote host is missing an update to xorg
+announced via advisory DSA 2364-1.
+
+The Debian X wrapper enforces that the X server can only be started from
+a console. vladz discovered that this wrapper could be bypassed.
+
+The oldstable distribution (lenny) is not affected.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 7.5+8+squeeze1.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 1:7.6+10.
+
+We recommend that you upgrade your xorg packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202364-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2364-1 (xorg)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"libglu1-xorg", ver:"1:7.5+8+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libglu1-xorg-dev", ver:"1:7.5+8+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"x11-common", ver:"1:7.5+8+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"xbase-clients", ver:"1:7.5+8+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"xlibmesa-gl", ver:"1:7.5+8+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"xlibmesa-gl-dev", ver:"1:7.5+8+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"xlibmesa-glu", ver:"1:7.5+8+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"xorg", ver:"1:7.5+8+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"xorg-dev", ver:"1:7.5+8+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"xserver-xorg", ver:"1:7.5+8+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"xserver-xorg-input-all", ver:"1:7.5+8+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"xserver-xorg-video-all", ver:"1:7.5+8+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"xutils", ver:"1:7.5+8+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2365_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2365_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2365_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,143 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2365-1 (dtc)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70577);
+ script_cve_id("CVE-2011-3195", "CVE-2011-3196", "CVE-2011-3197", "CVE-2011-3198", "CVE-2011-3199");
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 02:34:48 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2365-1 (dtc)");
+
+ desc = "The remote host is missing an update to dtc
+announced via advisory DSA 2365-1.
+
+Ansgar Burchardt, Mike O'Connor and Philipp Kern discovered multiple
+vulnerabilities in DTC, a web control panel for admin and accounting
+hosting services:
+
+CVE-2011-3195
+
+A possible shell insertion has been found in the mailing list
+handling.
+
+CVE-2011-3196
+
+Unix rights for the apache2.conf were set incorrectly (world
+readable).
+
+CVE-2011-3197
+
+Incorrect input sanitising for the $_SERVER[addrlink] parameter
+could lead to SQL insertion.
+
+CVE-2011-3198
+
+DTC was using the -b option of htpasswd, possibly revealing
+password in clear text using ps or reading /proc.
+
+CVE-2011-3199
+
+A possible HTML/javascript insertion vulnerability has been found
+in the DNS & MX section of the user panel.
+
+This update also fixes several vulnerabilities, for which no CVE ID
+has been assigned:
+
+It has been discovered that DTC performs insufficient input sanitising
+in the package installer, leading to possible unwanted destination
+directory for installed packages if some DTC application packages
+are installed (note that these aren't available in Debian main).
+
+DTC was setting-up /etc/sudoers with permissive sudo rights to
+chrootuid.
+
+Incorrect input sanitizing in the package installer could lead to
+SQL insertion.
+
+A malicious user could enter a specially crafted support ticket
+subject leading to an SQL injection in the draw_user_admin.php.
+
+For the oldstable distribution (lenny), this problem has been fixed in
+version 0.29.18-1+lenny2
+
+The stable distribution (squeeze) doesn't include dtc.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 0.34.1-1.
+
+We recommend that you upgrade your dtc packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202365-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2365-1 (dtc)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"dtc-common", ver:"0.29.18-1+lenny2", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"dtc-core", ver:"0.29.18-1+lenny2", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"dtc-cyrus", ver:"0.29.18-1+lenny2", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"dtc-postfix-courier", ver:"0.29.18-1+lenny2", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"dtc-stats-daemon", ver:"0.29.18-1+lenny2", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"dtc-toaster", ver:"0.29.18-1+lenny2", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2366_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2366_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2366_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,139 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2366-1 (mediawiki)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70578);
+ script_tag(name:"cvss_base", value:"5.8");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:H/Au:NR/C:P/I:P/A:N");
+ script_cve_id("CVE-2011-1578", "CVE-2011-1579", "CVE-2011-1580", "CVE-2011-1587", "CVE-2011-4360", "CVE-2011-4361");
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 02:34:53 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2366-1 (mediawiki)");
+
+ desc = "The remote host is missing an update to mediawiki
+announced via advisory DSA 2366-1.
+
+Several problems have been discovered in mediawiki, a website engine for
+collaborative work.
+
+CVE-2011-1578 CVE-2011-1587
+
+Masato Kinugawa discovered a cross-site scripting (XSS) issue, which
+affects Internet Explorer clients only, and only version 6 and
+earlier. Web server configuration changes are required to fix this
+issue. Upgrading MediaWiki will only be sufficient for people who use
+Apache with AllowOverride enabled.
+
+For details of the required configuration changes, see the upstream
+announcements:
+http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html
+http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000097.html
+
+CVE-2011-1579
+
+Wikipedia user Suffusion of Yellow discovered a CSS validation error
+in the wikitext parser. This is an XSS issue for Internet Explorer
+clients, and a privacy loss issue for other clients since it allows
+the embedding of arbitrary remote images.
+
+CVE-2011-1580
+
+MediaWiki developer Happy-Melon discovered that the transwiki import
+feature neglected to perform access control checks on form submission.
+The transwiki import feature is disabled by default. If it is enabled,
+it allows wiki pages to be copied from a remote wiki listed in
+$wgImportSources. The issue means that any user can trigger such an
+import to occur.
+
+CVE-2011-4360
+
+Alexandre Emsenhuber discovered an issue where page titles on private
+wikis could be exposed bypassing different page ids to index.php. In the
+case of the user not having correct permissions, they will now be redirected
+to Special:BadTitle.
+
+CVE-2011-4361
+
+Tim Starling discovered that action=ajax requests were dispatched to the
+relevant function without any read permission checks being done. This could
+have led to data leakage on private wikis.
+
+For the oldstable distribution (lenny), these problems have been fixed in
+version 1:1.12.0-2lenny9.
+
+For the stable distribution (squeeze), these problems have been fixed in
+version 1:1.15.5-2squeeze2.
+
+For the unstable distribution (sid), these problems have been fixed in
+version 1:1.15.5-5.
+
+We recommend that you upgrade your mediawiki packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202366-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2366-1 (mediawiki)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"mediawiki", ver:"1:1.12.0-2lenny9", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"mediawiki-math", ver:"1:1.12.0-2lenny9", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"mediawiki", ver:"1:1.15.5-2squeeze4", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"mediawiki-math", ver:"1:1.15.5-2squeeze4", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2367_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2367_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2367_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,143 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2367-1 (asterisk)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70579);
+ script_tag(name:"cvss_base", value:"5.0");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:NR/C:P/I:N/A:N");
+ script_cve_id("CVE-2011-4597", "CVE-2011-4598");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 02:35:09 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2367-1 (asterisk)");
+
+ desc = "The remote host is missing an update to asterisk
+announced via advisory DSA 2367-1.
+
+Several vulnerabilities have been discovered in Asterisk, an Open
+Source PBX and telephony toolkit:
+
+CVE-2011-4597
+
+Ben Williams discovered that it was possible to enumerate SIP
+user names in some configurations. Please see the upstream
+advisory for details:
+http://downloads.asterisk.org/pub/security/AST-2011-013.html
+
+This update only modifies the sample sip.conf configuration
+file. Please see README.Debian for more information on how
+to update your installation.
+
+CVE-2011-4598
+
+Kristijan Vrban discovered that Asterisk can be crashed with
+malformed SIP packets if the automon feature is enabled.
+
+For the oldstable distribution (lenny), this problem has been fixed in
+version 1:1.4.21.2~dfsg-3+lenny6.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 1:1.6.2.9-2+squeeze4.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 1:1.8.8.0~dfsg-1.
+
+We recommend that you upgrade your asterisk packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202367-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2367-1 (asterisk)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"asterisk", ver:"1:1.4.21.2~dfsg-3+lenny6", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"asterisk-config", ver:"1:1.4.21.2~dfsg-3+lenny6", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"asterisk-dbg", ver:"1:1.4.21.2~dfsg-3+lenny6", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"asterisk-dev", ver:"1:1.4.21.2~dfsg-3+lenny6", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"asterisk-doc", ver:"1:1.4.21.2~dfsg-3+lenny6", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"asterisk-h323", ver:"1:1.4.21.2~dfsg-3+lenny6", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"asterisk-sounds-main", ver:"1:1.4.21.2~dfsg-3+lenny6", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"asterisk", ver:"1:1.6.2.9-2+squeeze4", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"asterisk-config", ver:"1:1.6.2.9-2+squeeze4", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"asterisk-dbg", ver:"1:1.6.2.9-2+squeeze4", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"asterisk-dev", ver:"1:1.6.2.9-2+squeeze4", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"asterisk-doc", ver:"1:1.6.2.9-2+squeeze4", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"asterisk-h323", ver:"1:1.6.2.9-2+squeeze4", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"asterisk-sounds-main", ver:"1:1.6.2.9-2+squeeze4", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2368_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2368_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2368_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,152 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2368-1 (lighttpd)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70687);
+ script_tag(name:"cvss_base", value:"5.0");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:NR/C:N/I:N/A:P");
+ script_cve_id("CVE-2011-4362", "CVE-2011-3389");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 03:14:22 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2368-1 (lighttpd)");
+
+ desc = "The remote host is missing an update to lighttpd
+announced via advisory DSA 2368-1.
+
+Several vulnerabilities have been discovered in lighttpd, a small and fast
+webserver with minimal memory footprint.
+
+CVE-2011-4362
+
+Xi Wang discovered that the base64 decoding routine which is used to
+decode user input during an HTTP authentication, suffers of a signedness
+issue when processing user input. As a result it is possible to force
+lighttpd to perform an out-of-bounds read which results in Denial of
+Service conditions.
+
+CVE-2011-3389
+
+When using CBC ciphers on an SSL enabled virtual host to communicate with
+certain client, a so called BEAST attack allows man-in-the-middle
+attackers to obtain plaintext HTTP traffic via a blockwise
+chosen-boundary attack (BCBA) on an HTTPS session. Technically this is
+no lighttpd vulnerability. However, lighttpd offers a workaround to
+mitigate this problem by providing a possibility to disable CBC ciphers.
+
+This updates includes this option by default. System administrators
+are advised to read the NEWS file of this update (as this may break older
+clients).
+
+
+For the oldstable distribution (lenny), this problem has been fixed in
+version 1.4.19+lenny3.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 1.4.28-2+squeeze1.
+
+For the testing distribution (squeeze), this problem will be fixed soon.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 1.4.30-1.
+
+
+We recommend that you upgrade your lighttpd packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202368-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2368-1 (lighttpd)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"lighttpd", ver:"1.4.19-5+lenny3", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"lighttpd-doc", ver:"1.4.19-5+lenny3", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"lighttpd-mod-cml", ver:"1.4.19-5+lenny3", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"lighttpd-mod-magnet", ver:"1.4.19-5+lenny3", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"lighttpd-mod-mysql-vhost", ver:"1.4.19-5+lenny3", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"lighttpd-mod-trigger-b4-dl", ver:"1.4.19-5+lenny3", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"lighttpd-mod-webdav", ver:"1.4.19-5+lenny3", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"lighttpd", ver:"1.4.28-2+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"lighttpd-doc", ver:"1.4.28-2+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"lighttpd-mod-cml", ver:"1.4.28-2+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"lighttpd-mod-magnet", ver:"1.4.28-2+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"lighttpd-mod-mysql-vhost", ver:"1.4.28-2+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"lighttpd-mod-trigger-b4-dl", ver:"1.4.28-2+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"lighttpd-mod-webdav", ver:"1.4.28-2+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2369_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2369_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2369_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,118 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2369-1 (libsoup2.4)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70688);
+ script_tag(name:"cvss_base", value:"5.0");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:NR/C:P/I:N/A:N");
+ script_cve_id("CVE-2011-2524");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 03:14:57 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2369-1 (libsoup2.4)");
+
+ desc = "The remote host is missing an update to libsoup2.4
+announced via advisory DSA 2369-1.
+
+It was discovered that libsoup2.4, a HTTP library implementation in C, is
+not properly validating input when processing requests made to SoupServer.
+A remote attacker can exploit this flaw to access system files via a
+directory traversal attack.
+
+For the oldstable distribution (lenny), this problem has been fixed in
+version 2.4.1-2+lenny1.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 2.30.2-1+squeeze1.
+
+For the testing distribution (squeeze), this problem has been fixed in
+version 2.34.3-1.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 2.34.3-1.
+
+
+We recommend that you upgrade your libsoup2.4 packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202369-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2369-1 (libsoup2.4)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"libsoup2.4-1", ver:"2.4.1-2+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libsoup2.4-dev", ver:"2.4.1-2+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libsoup2.4-doc", ver:"2.4.1-2+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libsoup-gnome2.4-1", ver:"2.30.2-1+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libsoup-gnome2.4-dev", ver:"2.30.2-1+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libsoup2.4-1", ver:"2.30.2-1+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libsoup2.4-dbg", ver:"2.30.2-1+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libsoup2.4-dev", ver:"2.30.2-1+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libsoup2.4-doc", ver:"2.30.2-1+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2370_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2370_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2370_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,136 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2370-1 (unbound)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70689);
+ script_tag(name:"cvss_base", value:"7.8");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:NR/C:N/I:N/A:C");
+ script_cve_id("CVE-2011-4528", "CVE-2011-4869");
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 03:15:52 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2370-1 (unbound)");
+
+ desc = "The remote host is missing an update to unbound
+announced via advisory DSA 2370-1.
+
+It was discovered that Unbound, a recursive DNS resolver, would crash
+when processing certain malformed DNS responses from authoritative DNS
+servers, leading to denial of service.
+
+CVE-2011-4528
+Unbound attempts to free unallocated memory during processing
+of duplicate CNAME records in a signed zone.
+
+CVE-2011-4869
+Unbound does not properly process malformed responses which
+lack expected NSEC3 records.
+
+For the oldstable distribution (lenny), these problems have been fixed in
+version 1.4.6-1~lenny2.
+
+For the stable distribution (squeeze), these problems have been fixed in
+version 1.4.6-1+squeeze2.
+
+For the testing distribution (wheezy) and the unstable distribution
+(sid), these problems have been fixed in version 1.4.14-1.
+
+We recommend that you upgrade your unbound packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202370-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2370-1 (unbound)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"libunbound-dev", ver:"1.4.6-1~lenny2", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libunbound2", ver:"1.4.6-1~lenny2", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"unbound", ver:"1.4.6-1~lenny2", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"unbound-host", ver:"1.4.6-1~lenny2", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libunbound-dev", ver:"1.4.6-1+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libunbound2", ver:"1.4.6-1+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"unbound", ver:"1.4.6-1+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"unbound-host", ver:"1.4.6-1+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libunbound-dev", ver:"1.4.14-2", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libunbound2", ver:"1.4.14-2", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"python-unbound", ver:"1.4.14-2", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"unbound", ver:"1.4.14-2", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"unbound-anchor", ver:"1.4.14-2", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"unbound-host", ver:"1.4.14-2", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2372_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2372_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2372_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,225 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2372-1 (heimdal)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70690);
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:NR/C:C/I:C/A:C");
+ script_cve_id("CVE-2011-4862");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 03:19:22 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2372-1 (heimdal)");
+
+ desc = "The remote host is missing an update to heimdal
+announced via advisory DSA 2372-1.
+
+It was discovered that the Kerberos support for telnetd contains a
+pre-authentication buffer overflow, which may enable remote attackers
+who can connect to the Telnet to execute arbitrary code with root
+privileges.
+
+For the oldstable distribution (lenny), this problem has been fixed in
+version 1.2.dfsg.1-2.1+lenny1.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 1.4.0~git20100726.dfsg.1-2+squeeze1.
+
+For the testing distribution (wheezy) and the unstable distribution
+(sid), this problem will be fixed soon.
+
+We recommend that you upgrade your heimdal packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202372-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2372-1 (heimdal)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"heimdal-clients", ver:"1.2.dfsg.1-2.1+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"heimdal-clients-x", ver:"1.2.dfsg.1-2.1+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"heimdal-dev", ver:"1.2.dfsg.1-2.1+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"heimdal-docs", ver:"1.2.dfsg.1-2.1+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"heimdal-kcm", ver:"1.2.dfsg.1-2.1+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"heimdal-kdc", ver:"1.2.dfsg.1-2.1+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"heimdal-servers", ver:"1.2.dfsg.1-2.1+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"heimdal-servers-x", ver:"1.2.dfsg.1-2.1+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libasn1-8-heimdal", ver:"1.2.dfsg.1-2.1+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libgssapi2-heimdal", ver:"1.2.dfsg.1-2.1+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libhdb9-heimdal", ver:"1.2.dfsg.1-2.1+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libheimntlm0-heimdal", ver:"1.2.dfsg.1-2.1+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libhx509-3-heimdal", ver:"1.2.dfsg.1-2.1+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libkadm5clnt7-heimdal", ver:"1.2.dfsg.1-2.1+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libkadm5srv8-heimdal", ver:"1.2.dfsg.1-2.1+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libkafs0-heimdal", ver:"1.2.dfsg.1-2.1+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libkdc2-heimdal", ver:"1.2.dfsg.1-2.1+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libkrb5-25-heimdal", ver:"1.2.dfsg.1-2.1+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libotp0-heimdal", ver:"1.2.dfsg.1-2.1+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libroken18-heimdal", ver:"1.2.dfsg.1-2.1+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libsl0-heimdal", ver:"1.2.dfsg.1-2.1+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libwind0-heimdal", ver:"1.2.dfsg.1-2.1+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"heimdal-clients", ver:"1.4.0~git20100726.dfsg.1-2+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"heimdal-clients-x", ver:"1.4.0~git20100726.dfsg.1-2+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"heimdal-dbg", ver:"1.4.0~git20100726.dfsg.1-2+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"heimdal-dev", ver:"1.4.0~git20100726.dfsg.1-2+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"heimdal-docs", ver:"1.4.0~git20100726.dfsg.1-2+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"heimdal-kcm", ver:"1.4.0~git20100726.dfsg.1-2+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"heimdal-kdc", ver:"1.4.0~git20100726.dfsg.1-2+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"heimdal-multidev", ver:"1.4.0~git20100726.dfsg.1-2+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"heimdal-servers", ver:"1.4.0~git20100726.dfsg.1-2+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"heimdal-servers-x", ver:"1.4.0~git20100726.dfsg.1-2+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libasn1-8-heimdal", ver:"1.4.0~git20100726.dfsg.1-2+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libgssapi2-heimdal", ver:"1.4.0~git20100726.dfsg.1-2+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libhdb9-heimdal", ver:"1.4.0~git20100726.dfsg.1-2+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libheimntlm0-heimdal", ver:"1.4.0~git20100726.dfsg.1-2+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libhx509-5-heimdal", ver:"1.4.0~git20100726.dfsg.1-2+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libkadm5clnt7-heimdal", ver:"1.4.0~git20100726.dfsg.1-2+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libkadm5srv8-heimdal", ver:"1.4.0~git20100726.dfsg.1-2+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libkafs0-heimdal", ver:"1.4.0~git20100726.dfsg.1-2+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libkdc2-heimdal", ver:"1.4.0~git20100726.dfsg.1-2+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libkrb5-26-heimdal", ver:"1.4.0~git20100726.dfsg.1-2+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libotp0-heimdal", ver:"1.4.0~git20100726.dfsg.1-2+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libroken18-heimdal", ver:"1.4.0~git20100726.dfsg.1-2+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libsl0-heimdal", ver:"1.4.0~git20100726.dfsg.1-2+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libwind0-heimdal", ver:"1.4.0~git20100726.dfsg.1-2+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2373_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2373_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2373_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,147 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2373-1 (inetutils)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70691);
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:NR/C:C/I:C/A:C");
+ script_cve_id("CVE-2011-4862");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 03:21:01 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2373-1 (inetutils)");
+
+ desc = "The remote host is missing an update to inetutils
+announced via advisory DSA 2373-1.
+
+It was discovered that the Kerberos support for telnetd contains a
+pre-authentication buffer overflow, which may enable remote attackers
+who can connect to the Telnet to execute arbitrary code with root
+privileges.
+
+For the oldstable distribution (lenny), this problem has been fixed in
+version 2:1.5.dfsg.1-9+lenny1.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 2:1.6-3.1+squeeze1.
+
+For the testing distribution (wheezy) and the unstable distribution
+(sid), this problem will be fixed soon.
+
+We recommend that you upgrade your inetutils packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202373-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2373-1 (inetutils)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"inetutils-ftp", ver:"2:1.5.dfsg.1-9+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"inetutils-ftpd", ver:"2:1.5.dfsg.1-9+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"inetutils-inetd", ver:"2:1.5.dfsg.1-9+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"inetutils-ping", ver:"2:1.5.dfsg.1-9+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"inetutils-syslogd", ver:"2:1.5.dfsg.1-9+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"inetutils-talk", ver:"2:1.5.dfsg.1-9+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"inetutils-talkd", ver:"2:1.5.dfsg.1-9+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"inetutils-telnet", ver:"2:1.5.dfsg.1-9+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"inetutils-telnetd", ver:"2:1.5.dfsg.1-9+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"inetutils-tools", ver:"2:1.5.dfsg.1-9+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"inetutils-ftp", ver:"2:1.6-3.1+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"inetutils-ftpd", ver:"2:1.6-3.1+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"inetutils-inetd", ver:"2:1.6-3.1+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"inetutils-ping", ver:"2:1.6-3.1+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"inetutils-syslogd", ver:"2:1.6-3.1+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"inetutils-talk", ver:"2:1.6-3.1+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"inetutils-talkd", ver:"2:1.6-3.1+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"inetutils-telnet", ver:"2:1.6-3.1+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"inetutils-telnetd", ver:"2:1.6-3.1+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"inetutils-tools", ver:"2:1.6-3.1+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2374_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2374_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2374_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,111 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2374-1 (openswan)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70692);
+ script_tag(name:"cvss_base", value:"4.0");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:R/C:N/I:N/A:P");
+ script_cve_id("CVE-2011-4073");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 03:21:50 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2374-1 (openswan)");
+
+ desc = "The remote host is missing an update to openswan
+announced via advisory DSA 2374-1.
+
+The information security group at ETH Zurich discovered a denial of
+service vulnerability in the crypto helper handler of the IKE daemon
+pluto. More information can be found in the upstream advisory at
+http://openswan.org/download/CVE-2011-4073/CVE-2011-4073.txt
+
+For the oldstable distribution (lenny), this problem has been fixed in
+version 1:2.4.12+dfsg-1.3+lenny4.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 1:2.6.28+dfsg-5+squeeze1.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 1:2.6.37-1.
+
+We recommend that you upgrade your openswan packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202374-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2374-1 (openswan)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"linux-patch-openswan", ver:"1:2.4.12+dfsg-1.3+lenny4", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"openswan", ver:"1:2.4.12+dfsg-1.3+lenny4", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"openswan-modules-source", ver:"1:2.4.12+dfsg-1.3+lenny4", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"openswan", ver:"1:2.6.28+dfsg-5+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"openswan-dbg", ver:"1:2.6.28+dfsg-5+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"openswan-doc", ver:"1:2.6.28+dfsg-5+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"openswan-modules-dkms", ver:"1:2.6.28+dfsg-5+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"openswan-modules-source", ver:"1:2.6.28+dfsg-5+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2376_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2376_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2376_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,87 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2376-1 (ipmitool)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70693);
+ script_tag(name:"cvss_base", value:"3.6");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:NR/C:N/I:P/A:P");
+ script_cve_id("CVE-2011-4339");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 03:21:56 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2376-1 (ipmitool)");
+
+ desc = "The remote host is missing an update to ipmitool
+announced via advisory DSA 2376-1.
+
+It was discovered that OpenIPMI, the Intelligent Platform Management
+Interface library and tools, used too wide permissions PID file,
+which allows local users to kill arbitrary processes by writing to
+this file.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 1.8.11-2+squeeze2.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 1.8.11-5.
+
+We recommend that you upgrade your ipmitool packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202376-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2376-1 (ipmitool)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"ipmitool", ver:"1.8.11-2+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2376_2.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2376_2.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2376_2.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,97 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2376-2 (ipmitool)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70695);
+ script_tag(name:"cvss_base", value:"3.6");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:NR/C:N/I:P/A:P");
+ script_cve_id("CVE-2011-4339");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 03:22:50 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2376-2 (ipmitool)");
+
+ desc = "The remote host is missing an update to ipmitool
+announced via advisory DSA 2376-2.
+
+It was discovered that OpenIPMI, the Intelligent Platform Management
+Interface library and tools, used too wide permissions PID file,
+which allows local users to kill arbitrary processes by writing to
+this file.
+
+The original announcement didn't contain corrections for the Debian
+5.0 lenny distribution. This update adds packages for lenny.
+
+For the oldstable distribution (lenny), this problem has been fixed in
+version 1.8.9-2+squeeze1. (Although the version number contains the
+string squeeze, this is in fact an update for lenny.)
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 1.8.11-2+squeeze2.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 1.8.11-5.
+
+We recommend that you upgrade your ipmitool packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202376-2
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2376-2 (ipmitool)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"ipmitool", ver:"1.8.9-2+squeeze1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"ipmitool", ver:"1.8.11-2+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2377_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2377_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2377_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,151 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2377-1 (cyrus-imapd-2.2)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70696);
+ script_tag(name:"cvss_base", value:"4.3");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:H/Au:NR/C:N/I:N/A:P");
+ script_cve_id("CVE-2011-3481");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 03:25:02 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2377-1 (cyrus-imapd-2.2)");
+
+ desc = "The remote host is missing an update to cyrus-imapd-2.2
+announced via advisory DSA 2377-1.
+
+It was discovered that cyrus-imapd, a highly scalable mail system designed
+for use in enterprise environments, is not properly parsing mail headers
+when a client makes use of the IMAP threading feature. As a result, a NULL
+pointer is dereferenced which crashes the daemon. An attacker can trigger
+this by sending a mail containing crafted reference headers and access the
+mail with a client that uses the server threading feature of IMAP.
+
+
+For the oldstable distribution (lenny), this problem has been fixed in
+version 2.2.13-14+lenny6.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 2.2.13-19+squeeze3.
+
+For the testing (wheezy) and unstable (sid) distributions, this problem has been
+fixed in cyrus-imapd-2.4 version 2.4.11-1.
+
+
+We recommend that you upgrade your cyrus-imapd-2.2 packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202377-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2377-1 (cyrus-imapd-2.2)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"cyrus-admin-2.2", ver:"2.2.13-14+lenny6", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"cyrus-clients-2.2", ver:"2.2.13-14+lenny6", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"cyrus-common-2.2", ver:"2.2.13-14+lenny6", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"cyrus-dev-2.2", ver:"2.2.13-14+lenny6", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"cyrus-doc-2.2", ver:"2.2.13-14+lenny6", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"cyrus-imapd-2.2", ver:"2.2.13-14+lenny6", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"cyrus-murder-2.2", ver:"2.2.13-14+lenny6", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"cyrus-nntpd-2.2", ver:"2.2.13-14+lenny6", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"cyrus-pop3d-2.2", ver:"2.2.13-14+lenny6", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libcyrus-imap-perl22", ver:"2.2.13-14+lenny6", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"cyrus-admin-2.2", ver:"2.2.13-19+squeeze3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"cyrus-clients-2.2", ver:"2.2.13-19+squeeze3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"cyrus-common-2.2", ver:"2.2.13-19+squeeze3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"cyrus-dev-2.2", ver:"2.2.13-19+squeeze3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"cyrus-doc-2.2", ver:"2.2.13-19+squeeze3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"cyrus-imapd-2.2", ver:"2.2.13-19+squeeze3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"cyrus-murder-2.2", ver:"2.2.13-19+squeeze3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"cyrus-nntpd-2.2", ver:"2.2.13-19+squeeze3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"cyrus-pop3d-2.2", ver:"2.2.13-19+squeeze3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libcyrus-imap-perl22", ver:"2.2.13-19+squeeze3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2378_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2378_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2378_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,133 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2378-1 (ffmpeg)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70697);
+ script_cve_id("CVE-2011-4351", "CVE-2011-4353", "CVE-2011-4364", "CVE-2011-4579");
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 03:25:25 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2378-1 (ffmpeg)");
+
+ desc = "The remote host is missing an update to ffmpeg
+announced via advisory DSA 2378-1.
+
+Several vulnerabilities have been discovered in ffmpeg, a multimedia
+player, server and encoder. Multiple input validations in the decoders
+for QDM2, VP5, VP6, VMD and SVQ1 files could lead to the execution of
+arbitrary code.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 4:0.5.6-3.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 4:0.7.3-1 of the libav source package.
+
+We recommend that you upgrade your ffmpeg packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202378-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2378-1 (ffmpeg)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"ffmpeg", ver:"4:0.5.6-3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"ffmpeg-dbg", ver:"4:0.5.6-3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"ffmpeg-doc", ver:"4:0.5.6-3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libavcodec-dev", ver:"4:0.5.6-3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libavcodec52", ver:"4:0.5.6-3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libavdevice-dev", ver:"4:0.5.6-3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libavdevice52", ver:"4:0.5.6-3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libavfilter-dev", ver:"4:0.5.6-3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libavfilter0", ver:"4:0.5.6-3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libavformat-dev", ver:"4:0.5.6-3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libavformat52", ver:"4:0.5.6-3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libavutil-dev", ver:"4:0.5.6-3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libavutil49", ver:"4:0.5.6-3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libpostproc-dev", ver:"4:0.5.6-3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libpostproc51", ver:"4:0.5.6-3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libswscale-dev", ver:"4:0.5.6-3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libswscale0", ver:"4:0.5.6-3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2379_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2379_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2379_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,204 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2379-1 (krb5)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70698);
+ script_tag(name:"cvss_base", value:"7.8");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:NR/C:N/I:N/A:C");
+ script_cve_id("CVE-2011-1528", "CVE-2011-1529");
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 03:26:12 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2379-1 (krb5)");
+
+ desc = "The remote host is missing an update to krb5
+announced via advisory DSA 2379-1.
+
+It was discovered that the Key Distribution Center (KDC) in Kerberos 5
+crashes when processing certain crafted requests:
+
+CVE-2011-1528
+When the LDAP backend is used, remote users can trigger
+a KDC daemon crash and denial of service.
+
+CVE-2011-1529
+When the LDAP or Berkeley DB backend is used, remote users
+can trigger a NULL pointer dereference in the KDC daemon
+and a denial of service.
+
+The oldstable distribution (lenny) is not affected by these problems.
+
+For the stable distribution (squeeze), these problems have been fixed
+in version 1.8.3+dfsg-4squeeze5.
+
+For the testing distribution (wheezy) and the unstable distribution
+(sid), these problems have been fixed in version 1.10+dfsg~alpha1-1.
+
+We recommend that you upgrade your krb5 packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202379-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2379-1 (krb5)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"krb5-admin-server", ver:"1.8.3+dfsg-4squeeze5", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"krb5-doc", ver:"1.8.3+dfsg-4squeeze5", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"krb5-kdc", ver:"1.8.3+dfsg-4squeeze5", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"krb5-kdc-ldap", ver:"1.8.3+dfsg-4squeeze5", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"krb5-multidev", ver:"1.8.3+dfsg-4squeeze5", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"krb5-pkinit", ver:"1.8.3+dfsg-4squeeze5", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"krb5-user", ver:"1.8.3+dfsg-4squeeze5", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libgssapi-krb5-2", ver:"1.8.3+dfsg-4squeeze5", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libgssrpc4", ver:"1.8.3+dfsg-4squeeze5", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libk5crypto3", ver:"1.8.3+dfsg-4squeeze5", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libkadm5clnt-mit7", ver:"1.8.3+dfsg-4squeeze5", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libkadm5srv-mit7", ver:"1.8.3+dfsg-4squeeze5", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libkdb5-4", ver:"1.8.3+dfsg-4squeeze5", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libkrb5-3", ver:"1.8.3+dfsg-4squeeze5", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libkrb5-dbg", ver:"1.8.3+dfsg-4squeeze5", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libkrb5-dev", ver:"1.8.3+dfsg-4squeeze5", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libkrb53", ver:"1.8.3+dfsg-4squeeze5", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libkrb5support0", ver:"1.8.3+dfsg-4squeeze5", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"krb5-admin-server", ver:"1.10+dfsg~beta1-2", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"krb5-doc", ver:"1.10+dfsg~beta1-2", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"krb5-gss-samples", ver:"1.10+dfsg~beta1-2", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"krb5-kdc", ver:"1.10+dfsg~beta1-2", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"krb5-kdc-ldap", ver:"1.10+dfsg~beta1-2", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"krb5-locales", ver:"1.10+dfsg~beta1-2", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"krb5-multidev", ver:"1.10+dfsg~beta1-2", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"krb5-pkinit", ver:"1.10+dfsg~beta1-2", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"krb5-user", ver:"1.10+dfsg~beta1-2", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libgssapi-krb5-2", ver:"1.10+dfsg~beta1-2", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libgssrpc4", ver:"1.10+dfsg~beta1-2", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libk5crypto3", ver:"1.10+dfsg~beta1-2", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libkadm5clnt-mit8", ver:"1.10+dfsg~beta1-2", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libkadm5srv-mit8", ver:"1.10+dfsg~beta1-2", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libkdb5-6", ver:"1.10+dfsg~beta1-2", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libkrb5-3", ver:"1.10+dfsg~beta1-2", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libkrb5-dbg", ver:"1.10+dfsg~beta1-2", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libkrb5-dev", ver:"1.10+dfsg~beta1-2", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libkrb5support0", ver:"1.10+dfsg~beta1-2", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2380_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2380_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2380_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,99 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2380-1 (foomatic-filters)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70699);
+ script_tag(name:"cvss_base", value:"6.8");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:H/Au:NR/C:P/I:P/A:P");
+ script_cve_id("CVE-2011-2697", "CVE-2011-2964");
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 03:26:17 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2380-1 (foomatic-filters)");
+
+ desc = "The remote host is missing an update to foomatic-filters
+announced via advisory DSA 2380-1.
+
+It was discovered that the foomatic-filters, a support package for
+setting up printers, allowed authenticated users to submit crafted
+print jobs which would execute shell commands on the print servers.
+
+CVE-2011-2697 was assigned to the vulnerability in the Perl
+implementation included in lenny, and CVE-2011-2964 to the
+vulnerability affecting the C reimplementation part of squeeze.
+
+For the oldstable distribution (lenny), this problem has been fixed in
+version 3.0.2-20080211-3.2+lenny1.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 4.0.5-6+squeeze1.
+
+For the testing distribution (wheezy) and the unstable distribution
+(sid), this problem has been fixed in version 4.0.9-1.
+
+We recommend that you upgrade your foomatic-filters packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202380-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2380-1 (foomatic-filters)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"foomatic-filters", ver:"3.0.2-20080211-3.2+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"foomatic-filters", ver:"4.0.5-6+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"foomatic-filters", ver:"4.0.9-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2381_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2381_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2381_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,116 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2381-1 (squid3)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70700);
+ script_tag(name:"cvss_base", value:"5.0");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:NR/C:N/I:N/A:P");
+ script_cve_id("CVE-2011-4096");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 03:26:32 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2381-1 (squid3)");
+
+ desc = "The remote host is missing an update to squid3
+announced via advisory DSA 2381-1.
+
+It was discovered that the IPv6 support code in Squid does not
+properly handle certain DNS responses, resulting in deallocation of an
+invalid pointer and a daemon crash.
+
+The squid package and the version of squid3 shipped in lenny lack IPv6
+support and are not affected by this issue.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 3.1.6-1.2+squeeze2.
+
+For the testing distribution (wheezy) and the unstable distribution
+(sid), this problem has been fixed in version 3.1.18-1.
+
+We recommend that you upgrade your squid3 packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202381-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2381-1 (squid3)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"squid-cgi", ver:"3.1.6-1.2+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"squid3", ver:"3.1.6-1.2+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"squid3-common", ver:"3.1.6-1.2+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"squid3-dbg", ver:"3.1.6-1.2+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"squidclient", ver:"3.1.6-1.2+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"squid-cgi", ver:"3.1.18-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"squid3", ver:"3.1.18-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"squid3-common", ver:"3.1.18-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"squid3-dbg", ver:"3.1.18-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"squidclient", ver:"3.1.18-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2382_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2382_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2382_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,155 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2382-1 (ecryptfs-utils)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70701);
+ script_cve_id("CVE-2011-1831", "CVE-2011-1832", "CVE-2011-1834", "CVE-2011-1835", "CVE-2011-1837", "CVE-2011-3145");
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 03:26:49 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2382-1 (ecryptfs-utils)");
+
+ desc = "The remote host is missing an update to ecryptfs-utils
+announced via advisory DSA 2382-1.
+
+Several problems have been discovered in ecryptfs-utils, a cryptographic
+filesystem for Linux.
+
+CVE-2011-1831
+
+Vasiliy Kulikov of Openwall and Dan Rosenberg discovered that eCryptfs
+incorrectly validated permissions on the requested mountpoint. A local
+attacker could use this flaw to mount to arbitrary locations, leading
+to privilege escalation.
+
+CVE-2011-1832
+
+Vasiliy Kulikov of Openwall and Dan Rosenberg discovered that eCryptfs
+incorrectly validated permissions on the requested mountpoint. A local
+attacker could use this flaw to unmount to arbitrary locations, leading
+to a denial of service.
+
+CVE-2011-1834
+
+Dan Rosenberg and Marc Deslauriers discovered that eCryptfs incorrectly
+handled modifications to the mtab file when an error occurs. A local
+attacker could use this flaw to corrupt the mtab file, and possibly
+unmount arbitrary locations, leading to a denial of service.
+
+CVE-2011-1835
+
+Marc Deslauriers discovered that eCryptfs incorrectly handled keys when
+setting up an encrypted private directory. A local attacker could use
+this flaw to manipulate keys during creation of a new user.
+
+CVE-2011-1837
+
+Vasiliy Kulikov of Openwall discovered that eCryptfs incorrectly handled
+lock counters. A local attacker could use this flaw to possibly overwrite
+arbitrary files.
+
+We acknowledge the work of the Ubuntu distribution in preparing patches
+suitable for near-direct inclusion in the Debian package.
+
+For the oldstable distribution (lenny), these problems have been fixed in
+version 68-1+lenny1.
+
+For the stable distribution (squeeze), these problems have been fixed in
+version 83-4+squeeze1.
+
+For the testing distribution (wheezy) and the unstable distribution (sid),
+these problems have been fixed in version 95-1.
+
+We recommend that you upgrade your ecryptfs-utils packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202382-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2382-1 (ecryptfs-utils)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"ecryptfs-utils", ver:"68-1+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libecryptfs-dev", ver:"68-1+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libecryptfs0", ver:"68-1+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"ecryptfs-utils", ver:"83-4+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"ecryptfs-utils-dbg", ver:"83-4+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libecryptfs-dev", ver:"83-4+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libecryptfs0", ver:"83-4+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"ecryptfs-utils", ver:"95-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"ecryptfs-utils-dbg", ver:"95-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libecryptfs-dev", ver:"95-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libecryptfs0", ver:"95-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"python-ecryptfs", ver:"95-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2383_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2383_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2383_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,93 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2383-1 (super)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70702);
+ script_tag(name:"cvss_base", value:"4.4");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:H/Au:NR/C:P/I:P/A:P");
+ script_cve_id("CVE-2011-2776");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 03:26:53 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2383-1 (super)");
+
+ desc = "The remote host is missing an update to super
+announced via advisory DSA 2383-1.
+
+Robert Luberda discovered a buffer overflow in the syslog logging code of
+Super, a tool to execute scripts (or other commands) as if they were root.
+The default Debian configuration is not affected.
+
+For the oldstable distribution (lenny), this problem has been fixed in
+version 3.30.0-2+lenny1. Due to a technical limitation in the Debian
+archive scripts this update cannot be released synchronously with the
+stable update. It will be available shortly.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 3.30.0-3+squeeze1.
+
+For the unstable distribution (sid), this problem will be fixed soon.
+
+We recommend that you upgrade your super packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202383-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2383-1 (super)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"super", ver:"3.30.0-2+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"super", ver:"3.30.0-3+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2384_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2384_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2384_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,93 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2384-1 (cacti)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70703);
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:NR/C:P/I:P/A:P");
+ script_cve_id("CVE-2010-1644", "CVE-2010-1645", "CVE-2010-2543", "CVE-2010-2545", "CVE-2011-4824");
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 03:26:57 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2384-1 (cacti)");
+
+ desc = "The remote host is missing an update to cacti
+announced via advisory DSA 2384-1.
+
+Several vulnerabilities have been discovered in cacti, a graphing tool
+for monitoring data. Multiple cross site scripting issues allow remote
+attackers to inject arbitrary web script or HTML. An SQL injection
+vulnerability allows remote attackers to execute arbitrary SQL commands.
+
+For the oldstable distribution (lenny), this problem has been fixed in
+version 0.8.7b-2.1+lenny4.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 0.8.7g-1+squeeze1.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 0.8.7i-2.
+
+We recommend that you upgrade your cacti packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202384-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2384-1 (cacti)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"cacti", ver:"0.8.7b-2.1+lenny5", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"cacti", ver:"0.8.7g-1+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2384_2.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2384_2.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2384_2.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,84 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2384-2 (cacti)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70723);
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:NR/C:P/I:P/A:P");
+ script_cve_id("CVE-2010-1644", "CVE-2010-1645", "CVE-2010-2543", "CVE-2010-2545", "CVE-2011-4824");
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 03:35:49 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2384-2 (cacti)");
+
+ desc = "The remote host is missing an update to cacti
+announced via advisory DSA 2384-2.
+
+It was discovered that the last security update for cacti, DSA-2384-1,
+introduced a regression in lenny.
+
+For the oldstable distribution (lenny), this problem has been fixed in
+version 0.8.7b-2.1+lenny5.
+
+The stable distribution (squeeze) is not affected by this regression.
+
+We recommend that you upgrade your cacti packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202384-2
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2384-2 (cacti)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"cacti", ver:"0.8.7b-2.1+lenny5", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2385_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2385_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2385_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,140 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2385-1 (pdns)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70704);
+ script_cve_id("CVE-2012-0206");
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 03:27:26 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2385-1 (pdns)");
+
+ desc = "The remote host is missing an update to pdns
+announced via advisory DSA 2385-1.
+
+Ray Morris discovered that the PowerDNS authoritative sever responds
+to response packets. An attacker who can spoof the source address of
+IP packets can cause an endless packet loop between a PowerDNS
+authoritative server and another DNS server, leading to a denial of
+service.
+
+For the oldstable distribution (lenny), this problem has been fixed in
+version 2.9.21.2-1+lenny1.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 2.9.22-8+squeeze1.
+
+For the testing distribution (wheezy) and the unstable distribution
+(sid), this problem will be fixed soon.
+
+We recommend that you upgrade your pdns packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202385-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2385-1 (pdns)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"pdns-backend-geo", ver:"2.9.21.2-1+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"pdns-backend-ldap", ver:"2.9.21.2-1+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"pdns-backend-mysql", ver:"2.9.21.2-1+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"pdns-backend-pgsql", ver:"2.9.21.2-1+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"pdns-backend-pipe", ver:"2.9.21.2-1+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"pdns-backend-sqlite", ver:"2.9.21.2-1+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"pdns-backend-sqlite3", ver:"2.9.21.2-1+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"pdns-doc", ver:"2.9.21.2-1+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"pdns-server", ver:"2.9.21.2-1+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"pdns-backend-geo", ver:"2.9.22-8+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"pdns-backend-ldap", ver:"2.9.22-8+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"pdns-backend-mysql", ver:"2.9.22-8+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"pdns-backend-pgsql", ver:"2.9.22-8+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"pdns-backend-pipe", ver:"2.9.22-8+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"pdns-backend-sqlite", ver:"2.9.22-8+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"pdns-backend-sqlite3", ver:"2.9.22-8+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"pdns-doc", ver:"2.9.22-8+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"pdns-server", ver:"2.9.22-8+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2386_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2386_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2386_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,95 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2386-1 (openttd)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70706);
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:NR/C:P/I:P/A:P");
+ script_cve_id("CVE-2011-3341", "CVE-2011-3342", "CVE-2011-3343");
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 03:27:32 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2386-1 (openttd)");
+
+ desc = "The remote host is missing an update to openttd
+announced via advisory DSA 2386-1.
+
+Several vulnerabilities have been discovered in openttd, a transport
+business simulation game. Multiple buffer overflows and off-by-one
+errors allow remote attackers to cause denial of service.
+
+For the oldstable distribution (lenny), this problem has been fixed in
+version 0.6.2-1+lenny4.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 1.0.4-4.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 1.1.4-1.
+
+We recommend that you upgrade your openttd packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202386-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2386-1 (openttd)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"openttd", ver:"0.6.2-1+lenny4", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"openttd", ver:"1.0.4-4", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"openttd-data", ver:"1.0.4-4", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2387_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2387_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2387_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,86 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2387-1 (simplesamlphp)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70705);
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 03:27:28 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2387-1 (simplesamlphp)");
+
+ desc = "The remote host is missing an update to simplesamlphp
+announced via advisory DSA 2387-1.
+
+timtai1 discovered that simpleSAMLphp, an authentication and federation
+platform, is vulnerable to a cross site scripting attack, allowing a
+remote attacker to access sensitive client data.
+
+The oldstable distribution (lenny) does not contain a simplesamlphp
+package.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 1.6.3-3.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 1.8.2-1.
+
+We recommend that you upgrade your simplesamlphp packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202387-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2387-1 (simplesamlphp)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"simplesamlphp", ver:"1.6.3-3", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2388_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2388_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2388_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,158 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2388-1 (t1lib)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70707);
+ script_tag(name:"cvss_base", value:"7.6");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:H/Au:NR/C:C/I:C/A:C");
+ script_cve_id("CVE-2010-2642", "CVE-2011-0433", "CVE-2011-0764", "CVE-2011-1552", "CVE-2011-1553", "CVE-2011-1554");
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 03:27:53 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2388-1 (t1lib)");
+
+ desc = "The remote host is missing an update to t1lib
+announced via advisory DSA 2388-1.
+
+Several vulnerabilities were discovered in t1lib, a Postscript Type 1
+font rasterizer library, some of which might lead to code execution
+through the opening of files embedding bad fonts.
+
+CVE-2010-2642
+A heap-based buffer overflow in the AFM font metrics parser
+potentially leads to the execution of arbitrary code.
+
+CVE-2011-0433
+Another heap-based buffer overflow in the AFM font metrics
+parser potentially leads to the execution of arbitrary code.
+
+CVE-2011-0764
+An invalid pointer dereference allows execution of arbitrary
+code using crafted Type 1 fonts.
+
+CVE-2011-1552
+Another invalid pointer dereference results in an application
+crash, triggered by crafted Type 1 fonts.
+
+CVE-2011-1553
+A use-after-free vulnerability results in an application
+crash, triggered by crafted Type 1 fonts.
+
+CVE-2011-1554
+An off-by-one error results in an invalid memory read and
+application crash, triggered by crafted Type 1 fonts.
+
+For the oldstable distribution (lenny), this problem has been fixed in
+version 5.1.2-3+lenny1.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 5.1.2-3+squeeze1.
+
+For the testing distribution (wheezy), this problem has been fixed in
+version 5.1.2-3.3.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 5.1.2-3.3.
+
+We recommend that you upgrade your t1lib packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202388-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2388-1 (t1lib)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"libt1-5", ver:"5.1.2-3+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libt1-5-dbg", ver:"5.1.2-3+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libt1-dev", ver:"5.1.2-3+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libt1-doc", ver:"5.1.2-3+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"t1lib-bin", ver:"5.1.2-3+lenny1", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libt1-5", ver:"5.1.2-3+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libt1-5-dbg", ver:"5.1.2-3+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libt1-dev", ver:"5.1.2-3+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libt1-doc", ver:"5.1.2-3+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"t1lib-bin", ver:"5.1.2-3+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libt1-5", ver:"5.1.2-3.5", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libt1-5-dbg", ver:"5.1.2-3.5", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libt1-dev", ver:"5.1.2-3.5", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libt1-doc", ver:"5.1.2-3.5", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"t1lib-bin", ver:"5.1.2-3.5", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2390_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2390_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2390_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,162 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2390-1 (openssl)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70708);
+ script_tag(name:"cvss_base", value:"9.3");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:H/Au:NR/C:C/I:C/A:C");
+ script_cve_id("CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4354", "CVE-2011-4576", "CVE-2011-4619");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 03:28:14 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2390-1 (openssl)");
+
+ desc = "The remote host is missing an update to openssl
+announced via advisory DSA 2390-1.
+
+Several vulnerabilities were discovered in OpenSSL, an implementation
+of TLS and related protocols. The Common Vulnerabilities and
+Exposures project identifies the following vulnerabilities:
+
+CVE-2011-4108
+The DTLS implementation performs a MAC check only if certain
+padding is valid, which makes it easier for remote attackers
+to recover plaintext via a padding oracle attack.
+
+CVE-2011-4109
+A double free vulnerability when X509_V_FLAG_POLICY_CHECK is
+enabled, allows remote attackers to cause applications crashes
+and potentially allow execution of arbitrary code by
+triggering failure of a policy check.
+
+CVE-2011-4354
+On 32-bit systems, the operations on NIST elliptic curves
+P-256 and P-384 are not correctly implemented, potentially
+leaking the private ECC key of a TLS server. (Regular
+RSA-based keys are not affected by this vulnerability.)
+
+CVE-2011-4576
+The SSL 3.0 implementation does not properly initialize data
+structures for block cipher padding, which might allow remote
+attackers to obtain sensitive information by decrypting the
+padding data sent by an SSL peer.
+
+CVE-2011-4619
+The Server Gated Cryptography (SGC) implementation in OpenSSL
+does not properly handle handshake restarts, unnecessarily
+simplifying CPU exhaustion attacks.
+
+For the oldstable distribution (lenny), these problems have been fixed
+in version 0.9.8g-15+lenny15.
+
+For the stable distribution (squeeze), these problems have been fixed
+in version 0.9.8o-4squeeze5.
+
+For the testing distribution (wheezy) and the unstable distribution
+(sid), these problems have been fixed in version 1.0.0f-1.
+
+We recommend that you upgrade your openssl packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202390-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2390-1 (openssl)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"libcrypto0.9.8-udeb", ver:"0.9.8g-15+lenny13", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libssl-dev", ver:"0.9.8g-15+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libssl0.9.8", ver:"0.9.8g-15+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libssl0.9.8-dbg", ver:"0.9.8g-15+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"openssl", ver:"0.9.8g-15+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libcrypto0.9.8-udeb", ver:"0.9.8o-4squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libssl-dev", ver:"0.9.8o-4squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libssl0.9.8", ver:"0.9.8o-4squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libssl0.9.8-dbg", ver:"0.9.8o-4squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"openssl", ver:"0.9.8o-4squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libcrypto1.0.0-udeb", ver:"1.0.0g-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libssl-dev", ver:"1.0.0g-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libssl-doc", ver:"1.0.0g-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libssl1.0.0", ver:"1.0.0g-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libssl1.0.0-dbg", ver:"1.0.0g-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"openssl", ver:"1.0.0g-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2391_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2391_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2391_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,102 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2391-1 (phpmyadmin)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70709);
+ script_tag(name:"cvss_base", value:"4.3");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:H/Au:NR/C:N/I:P/A:N");
+ script_cve_id("CVE-2011-1940", "CVE-2011-3181", "CVE-2011-4107");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 03:28:19 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2391-1 (phpmyadmin)");
+
+ desc = "The remote host is missing an update to phpmyadmin
+announced via advisory DSA 2391-1.
+
+Several vulnerabilities have been discovered in phpMyAdmin, a tool
+to administer MySQL over the web. The Common Vulnerabilities and
+Exposures project identifies the following problems:
+
+CVE-2011-4107
+
+The XML import plugin allowed a remote attacker to read arbitrary
+files via XML data containing external entity references.
+
+CVE-2011-1940, CVE-2011-3181
+
+Cross site scripting was possible in the table tracking feature,
+allowing a remote attacker to inject arbitrary web script or HTML.
+
+
+The oldstable distribution (lenny) is not affected by these problems.
+
+For the stable distribution (squeeze), these problems have been fixed
+in version 4:3.3.7-7.
+
+For the testing distribution (wheezy) and unstable distribution (sid),
+these problems have been fixed in version 4:3.4.7.1-1.
+
+We recommend that you upgrade your phpmyadmin packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202391-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2391-1 (phpmyadmin)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"phpmyadmin", ver:"4:3.3.7-7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"phpmyadmin", ver:"4:3.4.9-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2392_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2392_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2392_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,135 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2392-1 (openssl)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70711);
+ script_tag(name:"cvss_base", value:"5.0");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:NR/C:N/I:N/A:P");
+ script_cve_id("CVE-2012-0050");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 03:29:01 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2392-1 (openssl)");
+
+ desc = "The remote host is missing an update to openssl
+announced via advisory DSA 2392-1.
+
+Antonio Martin discovered a denial-of-service vulnerability in
+OpenSSL, an implementation of TLS and related protocols. A malicious
+client can cause the DTLS server implementation to crash. Regular,
+TCP-based TLS is not affected by this issue.
+
+For the oldstable distribution (lenny), this problem has been fixed in
+version 0.9.8g-15+lenny16.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 0.9.8o-4squeeze7.
+
+For the testing distribution (wheezy) and the unstable distribution
+(sid), this problem has been fixed in version 1.0.0g-1.
+
+We recommend that you upgrade your openssl packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202392-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2392-1 (openssl)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"libcrypto0.9.8-udeb", ver:"0.9.8g-15+lenny13", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libssl-dev", ver:"0.9.8g-15+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libssl0.9.8", ver:"0.9.8g-15+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libssl0.9.8-dbg", ver:"0.9.8g-15+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"openssl", ver:"0.9.8g-15+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libcrypto0.9.8-udeb", ver:"0.9.8o-4squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libssl-dev", ver:"0.9.8o-4squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libssl0.9.8", ver:"0.9.8o-4squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libssl0.9.8-dbg", ver:"0.9.8o-4squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"openssl", ver:"0.9.8o-4squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libcrypto1.0.0-udeb", ver:"1.0.0g-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libssl-dev", ver:"1.0.0g-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libssl-doc", ver:"1.0.0g-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libssl1.0.0", ver:"1.0.0g-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libssl1.0.0-dbg", ver:"1.0.0g-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"openssl", ver:"1.0.0g-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2394_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2394_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2394_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,170 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2394-1 (libxml2)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70712);
+ script_tag(name:"cvss_base", value:"9.3");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:H/Au:NR/C:C/I:C/A:C");
+ script_cve_id("CVE-2011-0216", "CVE-2011-2821", "CVE-2011-2834", "CVE-2011-3905", "CVE-2011-3919");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 03:29:27 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2394-1 (libxml2)");
+
+ desc = "The remote host is missing an update to libxml2
+announced via advisory DSA 2394-1.
+
+Many security problems had been fixed in libxml2, a popular library to handle
+XML data files.
+
+CVE-2011-3919:
+Jüri Aedla discovered a heap-based buffer overflow that allows remote attackers
+to cause a denial of service or possibly have unspecified other impact via
+unknown vectors.
+
+CVE-2011-0216:
+An Off-by-one error have been discoveried that allows remote attackers to
+execute arbitrary code or cause a denial of service.
+
+CVE-2011-2821:
+A memory corruption (double free) bug has been identified in libxml2's XPath
+engine. Through it, it is possible to an attacker allows cause a denial of
+service or possibly have unspecified other impact. This vulnerability does not
+affect the oldstable distribution (lenny).
+
+CVE-2011-2834:
+Yang Dingning discovered a double free vulnerability related to XPath handling.
+
+CVE-2011-3905:
+An out-of-bounds read vulnerability had been discovered, which allows remote
+attackers to cause a denial of service.
+
+For the oldstable distribution (lenny), this problem has been fixed in
+version 2.6.32.dfsg-5+lenny5.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 2.7.8.dfsg-2+squeeze2.
+
+For the testing distribution (wheezy), this problem has been fixed in
+version 2.7.8.dfsg-7.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 2.7.8.dfsg-7.
+
+We recommend that you upgrade your libxml2 packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202394-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2394-1 (libxml2)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"libxml2", ver:"2.6.32.dfsg-5+lenny5", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libxml2-dbg", ver:"2.6.32.dfsg-5+lenny5", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libxml2-dev", ver:"2.6.32.dfsg-5+lenny5", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libxml2-doc", ver:"2.6.32.dfsg-5+lenny5", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libxml2-utils", ver:"2.6.32.dfsg-5+lenny5", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"python-libxml2", ver:"2.6.32.dfsg-5+lenny5", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libxml2", ver:"2.7.8.dfsg-2+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libxml2-dbg", ver:"2.7.8.dfsg-2+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libxml2-dev", ver:"2.7.8.dfsg-2+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libxml2-doc", ver:"2.7.8.dfsg-2+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libxml2-utils", ver:"2.7.8.dfsg-2+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"python-libxml2", ver:"2.7.8.dfsg-2+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"python-libxml2-dbg", ver:"2.7.8.dfsg-2+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libxml2", ver:"2.7.8.dfsg-7", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libxml2-dbg", ver:"2.7.8.dfsg-7", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libxml2-dev", ver:"2.7.8.dfsg-7", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libxml2-doc", ver:"2.7.8.dfsg-7", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libxml2-utils", ver:"2.7.8.dfsg-7", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"python-libxml2", ver:"2.7.8.dfsg-7", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"python-libxml2-dbg", ver:"2.7.8.dfsg-7", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2395_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2395_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2395_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,103 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2395-1 (wireshark)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70713);
+ script_tag(name:"cvss_base", value:"4.3");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:H/Au:NR/C:N/I:N/A:P");
+ script_cve_id("CVE-2011-3483", "CVE-2012-0041", "CVE-2012-0042", "CVE-2012-0066", "CVE-2012-0067", "CVE-2012-0068");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 03:29:37 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2395-1 (wireshark)");
+
+ desc = "The remote host is missing an update to wireshark
+announced via advisory DSA 2395-1.
+
+Laurent Butti discovered a buffer underflow in the LANalyzer dissector
+of the Wireshark network traffic analyzer, which could lead to the
+execution of arbitrary code (CVE-2012-0068)
+
+This update also addresses several bugs, which can lead to crashes of
+Wireshark. These are not treated as security issues, but are fixed
+nonetheless if security updates are scheduled: CVE-2011-3483,
+CVE-2012-0041, CVE-2012-0042, CVE-2012-0066 and CVE-2012-0067.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 1.2.11-6+squeeze6.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 1.6.5-1.
+
+We recommend that you upgrade your wireshark packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202395-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2395-1 (wireshark)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"tshark", ver:"1.2.11-6+squeeze6", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"wireshark", ver:"1.2.11-6+squeeze6", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"wireshark-common", ver:"1.2.11-6+squeeze6", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"wireshark-dbg", ver:"1.2.11-6+squeeze6", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"wireshark-dev", ver:"1.2.11-6+squeeze6", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2396_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2396_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2396_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,96 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2396-1 (qemu-kvm)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70714);
+ script_tag(name:"cvss_base", value:"7.4");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:H/Au:R/C:C/I:C/A:C");
+ script_cve_id("CVE-2012-0029");
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 03:29:41 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2396-1 (qemu-kvm)");
+
+ desc = "The remote host is missing an update to qemu-kvm
+announced via advisory DSA 2396-1.
+
+Nicolae Mogoraenu discovered a heap overflow in the emulated e1000e
+network interface card of KVM, a solution for full virtualization on
+x86 hardware, which could result in denial of service or privilege
+escalation.
+
+This update also fixes a guest-triggerable memory corruption in
+VNC handling.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 0.12.5+dfsg-5+squeeze8.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 1.0+dfsg-5.
+
+We recommend that you upgrade your qemu-kvm packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202396-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2396-1 (qemu-kvm)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"kvm", ver:"1:0.12.5+dfsg-5+squeeze8", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"qemu-kvm", ver:"0.12.5+dfsg-5+squeeze8", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"qemu-kvm-dbg", ver:"0.12.5+dfsg-5+squeeze8", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2397_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2397_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2397_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,119 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2397-1 (icu)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70715);
+ script_cve_id("CVE-2011-4599");
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 03:29:56 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2397-1 (icu)");
+
+ desc = "The remote host is missing an update to icu
+announced via advisory DSA 2397-1.
+
+It was discovered that a buffer overflow in the Unicode libraray ICU
+could lead to the execution of arbitrary code.
+
+For the oldstable distribution (lenny), this problem has been fixed in
+version 3.8.1-3+lenny3.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 4.4.1-8.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 4.8.1.1-3.
+
+We recommend that you upgrade your icu packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202397-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2397-1 (icu)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"icu-doc", ver:"3.8.1-3+lenny3", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"lib32icu-dev", ver:"3.8.1-3+lenny3", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"lib32icu38", ver:"3.8.1-3+lenny3", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libicu-dev", ver:"3.8.1-3+lenny3", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libicu38", ver:"3.8.1-3+lenny3", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libicu38-dbg", ver:"3.8.1-3+lenny3", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"icu-doc", ver:"4.4.1-8", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"lib32icu-dev", ver:"4.4.1-8", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"lib32icu44", ver:"4.4.1-8", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libicu-dev", ver:"4.4.1-8", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libicu44", ver:"4.4.1-8", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libicu44-dbg", ver:"4.4.1-8", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2398_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2398_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2398_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,133 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2398-1 (curl)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70716);
+ script_tag(name:"cvss_base", value:"4.3");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:H/Au:NR/C:P/I:N/A:N");
+ script_cve_id("CVE-2011-3389", "CVE-2012-0036");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 03:30:14 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2398-1 (curl)");
+
+ desc = "The remote host is missing an update to curl
+announced via advisory DSA 2398-1.
+
+Several vulnerabilities have been discovered in Curl, an URL transfer
+library. The Common Vulnerabilities and Exposures project identifies the
+following problems:
+
+CVE-2011-3389
+
+This update enables OpenSSL workarounds against the BEAST attack.
+Additional information can be found in the Curl advisory:
+http://curl.haxx.se/docs/adv_20120124B.html
+
+CVE-2012-0036
+
+Dan Fandrich discovered that Curl performs insufficient sanitising
+when extracting the file path part of an URL.
+
+For the oldstable distribution (lenny), this problem has been fixed in
+version 7.18.2-8lenny6.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 7.21.0-2.1+squeeze1.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 7.24.0-1.
+
+We recommend that you upgrade your curl packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202398-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2398-1 (curl)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"curl", ver:"7.18.2-8lenny6", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libcurl3", ver:"7.18.2-8lenny6", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libcurl3-dbg", ver:"7.18.2-8lenny6", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libcurl3-gnutls", ver:"7.18.2-8lenny6", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libcurl4-gnutls-dev", ver:"7.18.2-8lenny6", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libcurl4-openssl-dev", ver:"7.18.2-8lenny6", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"curl", ver:"7.21.0-2.1+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libcurl3", ver:"7.21.0-2.1+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libcurl3-dbg", ver:"7.21.0-2.1+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libcurl3-gnutls", ver:"7.21.0-2.1+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libcurl4-gnutls-dev", ver:"7.21.0-2.1+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libcurl4-openssl-dev", ver:"7.21.0-2.1+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2399_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2399_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2399_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,384 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2399-1 (php5)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70717);
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:NR/C:P/I:P/A:P");
+ script_cve_id("CVE-2011-1938", "CVE-2011-2483", "CVE-2011-4566", "CVE-2011-4885", "CVE-2012-0057");
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 03:32:01 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2399-1 (php5)");
+
+ desc = "The remote host is missing an update to php5
+announced via advisory DSA 2399-1.
+
+Several vulnerabilities have been discovered in PHP, the web scripting
+language. The Common Vulnerabilities and Exposures project identifies
+the following issues:
+
+CVE-2011-1938
+
+The UNIX socket handling allowed attackers to trigger a buffer overflow
+via a long path name.
+
+CVE-2011-2483
+
+The crypt_blowfish function did not properly handle 8-bit characters,
+which made it easier for attackers to determine a cleartext password
+by using knowledge of a password hash.
+
+CVE-2011-4566
+
+When used on 32 bit platforms, the exif extension could be used to
+trigger an integer overflow in the exif_process_IFD_TAG function
+when processing a JPEG file.
+
+CVE-2011-4885
+
+It was possible to trigger hash collisions predictably when parsing
+form parameters, which allows remote attackers to cause a denial of
+service by sending many crafted parameters.
+
+CVE-2012-0057
+
+When applying a crafted XSLT transform, an attacker could write files
+to arbitrary places in the filesystem.
+
+NOTE: the fix for CVE-2011-2483 required changing the behaviour of this
+function: it is now incompatible with some old (wrongly) generated hashes
+for passwords containing 8-bit characters. See the package NEWS entry
+for details. This change has not been applied to the Lenny version of PHP.
+
+
+For the oldstable distribution (lenny), these problems have been fixed
+in version 5.2.6.dfsg.1-1+lenny14.
+
+For the stable distribution (squeeze), these problems have been fixed
+in version 5.3.3-7+squeeze5.
+
+For the testing distribution (wheezy) and unstable distribution (sid),
+these problems have been fixed in version 5.3.9-1.
+
+We recommend that you upgrade your php5 packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202399-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2399-1 (php5)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"libapache2-mod-php5", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libapache2-mod-php5filter", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php-pear", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-cgi", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-cli", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-common", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-curl", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-dbg", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-dev", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-gd", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-gmp", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-imap", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-interbase", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-ldap", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-mcrypt", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-mhash", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-mysql", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-odbc", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-pgsql", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-pspell", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-recode", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-snmp", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-sqlite", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-sybase", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-tidy", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-xmlrpc", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-xsl", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libapache2-mod-php5", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libapache2-mod-php5filter", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php-pear", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-cgi", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-cli", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-common", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-curl", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-dbg", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-dev", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-enchant", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-gd", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-gmp", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-imap", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-interbase", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-intl", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-ldap", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-mcrypt", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-mysql", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-odbc", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-pgsql", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-pspell", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-recode", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-snmp", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-sqlite", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-sybase", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-tidy", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-xmlrpc", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-xsl", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libapache2-mod-php5", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libapache2-mod-php5filter", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php-pear", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-cgi", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-cli", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-common", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-curl", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-dbg", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-dev", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-enchant", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-fpm", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-gd", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-gmp", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-imap", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-interbase", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-intl", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-ldap", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-mcrypt", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-mysql", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-mysqlnd", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-odbc", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-pgsql", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-pspell", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-recode", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-snmp", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-sqlite", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-sybase", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-tidy", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-xmlrpc", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-xsl", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2399_2.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2399_2.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2399_2.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,391 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2399-2 (php5)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70718);
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:NR/C:P/I:P/A:P");
+ script_cve_id("CVE-2011-1938", "CVE-2011-2483", "CVE-2011-4566", "CVE-2011-4885", "CVE-2012-0057");
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 03:34:21 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2399-2 (php5)");
+
+ desc = "The remote host is missing an update to php5
+announced via advisory DSA 2399-2.
+
+A regression was found in the fix for PHP's XSLT transformations
+(CVE-2012-0057). Updated packages are now available to address this
+regression. For reference, the original advisory text follows.
+
+Several vulnerabilities have been discovered in PHP, the web scripting
+language. The Common Vulnerabilities and Exposures project identifies
+the following issues:
+
+CVE-2011-1938
+
+The UNIX socket handling allowed attackers to trigger a buffer overflow
+via a long path name.
+
+CVE-2011-2483
+
+The crypt_blowfish function did not properly handle 8-bit characters,
+which made it easier for attackers to determine a cleartext password
+by using knowledge of a password hash.
+
+CVE-2011-4566
+
+When used on 32 bit platforms, the exif extension could be used to
+trigger an integer overflow in the exif_process_IFD_TAG function
+when processing a JPEG file.
+
+CVE-2011-4885
+
+It was possible to trigger hash collisions predictably when parsing
+form parameters, which allows remote attackers to cause a denial of
+service by sending many crafted parameters.
+
+CVE-2012-0057
+
+When applying a crafted XSLT transform, an attacker could write files
+to arbitrary places in the filesystem.
+
+NOTE: the fix for CVE-2011-2483 required changing the behaviour of this
+function: it is now incompatible with some old (wrongly) generated hashes
+for passwords containing 8-bit characters. See the package NEWS entry
+for details. This change has not been applied to the Lenny version of PHP.
+
+NOTE: at the time of release packages for some architectures are still
+being built. They will be installed into the archive as soon as they
+arrive.
+
+For the oldstable distribution (lenny), these problems have been fixed
+in version 5.2.6.dfsg.1-1+lenny15.
+
+For the stable distribution (squeeze), these problems have been fixed
+in version 5.3.3-7+squeeze6.
+
+For the testing distribution (wheezy) and unstable distribution (sid),
+these problems have been fixed in version 5.3.9-1.
+
+We recommend that you upgrade your php5 packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202399-2
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2399-2 (php5)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"libapache2-mod-php5", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libapache2-mod-php5filter", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php-pear", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-cgi", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-cli", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-common", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-curl", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-dbg", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-dev", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-gd", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-gmp", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-imap", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-interbase", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-ldap", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-mcrypt", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-mhash", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-mysql", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-odbc", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-pgsql", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-pspell", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-recode", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-snmp", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-sqlite", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-sybase", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-tidy", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-xmlrpc", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-xsl", ver:"5.2.6.dfsg.1-1+lenny16", rls:"DEB5.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libapache2-mod-php5", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libapache2-mod-php5filter", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php-pear", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-cgi", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-cli", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-common", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-curl", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-dbg", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-dev", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-enchant", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-gd", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-gmp", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-imap", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-interbase", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-intl", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-ldap", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-mcrypt", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-mysql", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-odbc", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-pgsql", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-pspell", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-recode", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-snmp", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-sqlite", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-sybase", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-tidy", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-xmlrpc", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-xsl", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libapache2-mod-php5", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libapache2-mod-php5filter", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php-pear", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-cgi", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-cli", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-common", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-curl", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-dbg", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-dev", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-enchant", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-fpm", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-gd", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-gmp", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-imap", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-interbase", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-intl", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-ldap", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-mcrypt", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-mysql", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-mysqlnd", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-odbc", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-pgsql", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-pspell", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-recode", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-snmp", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-sqlite", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-sybase", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-tidy", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-xmlrpc", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-xsl", ver:"5.3.10-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2400_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2400_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2400_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,134 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2400-1 (iceweasel)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70720);
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:NR/C:C/I:C/A:C");
+ script_cve_id("CVE-2011-3670", "CVE-2012-0442", "CVE-2012-0444", "CVE-2012-0449");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 03:35:07 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2400-1 (iceweasel)");
+
+ desc = "The remote host is missing an update to iceweasel
+announced via advisory DSA 2400-1.
+
+Several vulnerabilities have been discovered in Iceweasel, a web browser
+based on Firefox. The included XULRunner library provides rendering
+services for several other applications included in Debian.
+
+CVE-2011-3670
+
+Gregory Fleischer discovered that IPv6 URLs were incorrectly parsed,
+resulting in potential information disclosure.
+
+CVE-2012-0442
+
+Jesse Ruderman and Bob Clary discovered memory corruption bugs, which
+may lead to the execution of arbitrary code.
+
+CVE-2012-0444
+
+regenrecht discovered that missing input sanisiting in the Ogg Vorbis
+parser may lead to the execution of arbitrary code.
+
+CVE-2012-0449
+
+Nicolas Gregoire and Aki Helin discovered that missing input
+sanisiting in XSLT processing may lead to the execution of arbitrary
+code.
+
+For the oldstable distribution (lenny), this problem has been fixed in
+version 1.9.0.19-13 of the xulrunner source package.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 3.5.16-12.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 10.0-1.
+
+We recommend that you upgrade your iceweasel packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202400-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2400-1 (iceweasel)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"iceweasel", ver:"3.5.16-12", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"iceweasel-dbg", ver:"3.5.16-12", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libmozjs-dev", ver:"1.9.1.16-12", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libmozjs2d", ver:"1.9.1.16-12", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libmozjs2d-dbg", ver:"1.9.1.16-12", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"spidermonkey-bin", ver:"1.9.1.16-12", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"xulrunner-1.9.1", ver:"1.9.1.16-12", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"xulrunner-1.9.1-dbg", ver:"1.9.1.16-12", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"xulrunner-dev", ver:"1.9.1.16-12", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2401_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2401_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2401_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,141 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2401-1 (tomcat6)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70719);
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:NR/C:P/I:P/A:P");
+ script_cve_id("CVE-2011-1184", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-3190", "CVE-2011-3375", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022");
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 03:34:54 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2401-1 (tomcat6)");
+
+ desc = "The remote host is missing an update to tomcat6
+announced via advisory DSA 2401-1.
+
+Several vulnerabilities have been found in Tomcat, a servlet and JSP
+engine:
+
+CVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064
+
+The HTTP Digest Access Authentication implementation performed
+insufficient countermeasures against replay attacks.
+
+CVE-2011-2204
+
+In rare setups passwords were written into a logfile.
+
+CVE-2011-2526
+
+Missing input sanisiting in the HTTP APR or HTTP NIO connectors
+could lead to denial of service.
+
+CVE-2011-3190
+
+AJP requests could be spoofed in some setups.
+
+CVE-2011-3375
+
+Incorrect request caching could lead to information disclosure.
+
+CVE-2011-4858 CVE-2012-0022
+
+This update adds countermeasures against a collision denial of
+service vulnerability in the Java hashtable implementation and
+addresses denial of service potentials when processing large
+amounts of requests.
+
+Additional information can be
+found at http://tomcat.apache.org/security-6.html
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 6.0.35-1+squeeze2.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 6.0.35-1.
+
+We recommend that you upgrade your tomcat6 packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202401-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2401-1 (tomcat6)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"libservlet2.5-java", ver:"6.0.35-1+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libservlet2.5-java-doc", ver:"6.0.35-1+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libtomcat6-java", ver:"6.0.35-1+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"tomcat6", ver:"6.0.35-1+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"tomcat6-admin", ver:"6.0.35-1+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"tomcat6-common", ver:"6.0.35-1+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"tomcat6-docs", ver:"6.0.35-1+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"tomcat6-examples", ver:"6.0.35-1+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"tomcat6-user", ver:"6.0.35-1+squeeze2", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2402_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2402_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2402_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,121 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2402-1 (iceape)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70721);
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:NR/C:C/I:C/A:C");
+ script_cve_id("CVE-2011-3670", "CVE-2012-0442", "CVE-2012-0444", "CVE-2012-0449");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 03:35:16 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2402-1 (iceape)");
+
+ desc = "The remote host is missing an update to iceape
+announced via advisory DSA 2402-1.
+
+Several vulnerabilities have been found in the Iceape internet suite, an
+unbranded version of Seamonkey:
+
+CVE-2011-3670
+
+Gregory Fleischer discovered that IPv6 URLs were incorrectly parsed,
+resulting in potential information disclosure.
+
+CVE-2012-0442
+
+Jesse Ruderman and Bob Clary discovered memory corruption bugs, which
+may lead to the execution of arbitrary code.
+
+CVE-2012-0444
+
+regenrecht discovered that missing input sanisiting in the Ogg Vorbis
+parser may lead to the execution of arbitrary code.
+
+CVE-2012-0449
+
+Nicolas Gregoire and Aki Helin discovered that missing input
+sanisiting in XSLT processing may lead to the execution of arbitrary
+code.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 2.0.11-10.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 2.0.14-10.
+
+We recommend that you upgrade your iceape packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202402-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2402-1 (iceape)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"iceape", ver:"2.0.11-10", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"iceape-browser", ver:"2.0.11-10", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"iceape-chatzilla", ver:"2.0.11-10", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"iceape-dbg", ver:"2.0.11-10", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"iceape-dev", ver:"2.0.11-10", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"iceape-mailnews", ver:"2.0.11-10", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2403_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2403_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2403_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,173 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2403-1 (php5)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70722);
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:NR/C:P/I:P/A:P");
+ script_cve_id("CVE-2012-0830");
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 03:35:47 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2403-1 (php5)");
+
+ desc = "The remote host is missing an update to php5
+announced via advisory DSA 2403-1.
+
+Stefan Esser discovered that the implementation of the max_input_vars
+configuration variable in a recent PHP security update was flawed such
+that it allows remote attackers to crash PHP or potentially execute
+code.
+
+For the oldstable distribution (lenny), no fix is available at this time.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 5.3.3-7+squeeze7.
+
+The testing distribution (wheezy) and unstable distribution (sid)
+will be fixed soon.
+
+We recommend that you upgrade your php5 packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202403-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2403-1 (php5)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"libapache2-mod-php5", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libapache2-mod-php5filter", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php-pear", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-cgi", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-cli", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-common", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-curl", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-dbg", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-dev", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-enchant", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-gd", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-gmp", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-imap", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-interbase", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-intl", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-ldap", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-mcrypt", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-mysql", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-odbc", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-pgsql", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-pspell", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-recode", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-snmp", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-sqlite", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-sybase", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-tidy", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-xmlrpc", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-xsl", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2403_2.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2403_2.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2403_2.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,176 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2403-2 (php5)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70726);
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:NR/C:P/I:P/A:P");
+ script_cve_id("CVE-2012-0830");
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 03:36:54 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2403-2 (php5)");
+
+ desc = "The remote host is missing an update to php5
+announced via advisory DSA 2403-2.
+
+Stefan Esser discovered that the implementation of the max_input_vars
+configuration variable in a recent PHP security update was flawed such
+that it allows remote attackers to crash PHP or potentially execute
+code.
+
+This update adds packages for the oldstable distribution, which were
+missing from the original advisory. The problem has been fixed in
+version 5.2.6.dfsg.1-1+lenny16, installed into the security archive
+on 3 Feb 2012.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 5.3.3-7+squeeze7.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 5.3.10-1.
+
+We recommend that you upgrade your php5 packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202403-2
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2403-2 (php5)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"libapache2-mod-php5", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"libapache2-mod-php5filter", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php-pear", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-cgi", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-cli", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-common", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-curl", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-dbg", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-dev", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-enchant", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-gd", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-gmp", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-imap", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-interbase", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-intl", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-ldap", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-mcrypt", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-mysql", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-odbc", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-pgsql", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-pspell", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-recode", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-snmp", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-sqlite", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-sybase", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-tidy", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-xmlrpc", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"php5-xsl", ver:"5.3.3-7+squeeze7", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2404_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2404_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2404_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,105 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2404-1 (xen-qemu-dm-4.0)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70724);
+ script_tag(name:"cvss_base", value:"7.4");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:H/Au:R/C:C/I:C/A:C");
+ script_cve_id("CVE-2012-0029");
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 03:35:53 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2404-1 (xen-qemu-dm-4.0)");
+
+ desc = "The remote host is missing an update to xen-qemu-dm-4.0
+announced via advisory DSA 2404-1.
+
+Nicolae Mogoraenu discovered a heap overflow in the emulated e1000e
+network interface card of QEMU, which is used in the xen-qemu-dm-4.0
+packages. This vulnerability might enable to malicious guest systems
+to crash the host system or escalate their privileges.
+
+The old stable distribution (lenny) does not contain the
+xen-qemu-dm-4.0 package.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 4.0.1-2+squeeze1.
+
+The testing distribution (wheezy) and the unstable distribution (sid)
+will be fixed soon.
+
+Further information about Debian Security Advisories, how to apply
+these updates to your system and frequently asked questions can be
+found at: http://www.debian.org/security/
+
+Mailing list: debian-security-announce at lists.debian.org
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (GNU/Linux)
+
+iQEcBAEBAgAGBQJPLnzXAAoJEL97/wQC1SS+AroH/RktLoquNfqGZDXA8APP3TJG
+EhKsSPz4WH2ddt3uEWuEFacHjTqZ54QaXpgth4osr684yXd3K1L2bMtJKGDQ1GT0
+xtsAJqNCYSfootqPeMOxCHX4/dS28dsDxRBR3cTV4L8Kk2VAosrDmvbMRN2nu2IH
+/Y5qYpXlV9DKlQuBu5FIpQIaR1/liOvRq3tmcnpqZEU5yJ90AIqCeesU1v/aGFLv
+bmFI9d8rVI6TxC3jEBKnV9+z/CroxPIIsUUUNnLRUa63TSPIWT0FyEaDhdnyGAd4
+7Q+/lhUSLyNai4h2E0LrWCOwf05g4AuQ1Z27YgNTdNqcei2hhaTpI97885HtLPk=
+=VKgf
+-----END PGP SIGNATURE-----
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202404-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2404-1 (xen-qemu-dm-4.0)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"xen-qemu-dm-4.0", ver:"4.0.1-2+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2405_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2405_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2405_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,175 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2405-1 (apache2)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70725);
+ script_tag(name:"cvss_base", value:"5.0");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:NR/C:P/I:N/A:N");
+ script_cve_id("CVE-2011-3607", "CVE-2011-3368", "CVE-2011-3639", "CVE-2011-4317", "CVE-2012-0031", "CVE-2012-0053");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 03:36:14 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2405-1 (apache2)");
+
+ desc = "The remote host is missing an update to apache2
+announced via advisory DSA 2405-1.
+
+Several vulnerabilities have been found in the Apache HTTPD Server:
+
+CVE-2011-3607:
+
+An integer overflow in ap_pregsub() could allow local attackers to
+execute arbitrary code at elevated privileges via crafted .htaccess
+files.
+
+CVE-2011-3368 CVE-2011-3639 CVE-2011-4317:
+
+The Apache HTTP Server did not properly validate the request URI for
+proxied requests. In certain reverse proxy configurations using the
+ProxyPassMatch directive or using the RewriteRule directive with the
+[P] flag, a remote attacker could make the proxy connect to an
+arbitrary server. The could allow the attacker to access internal
+servers that are not otherwise accessible from the outside.
+
+The three CVE ids denote slightly different variants of the same
+issue.
+
+Note that, even with this issue fixed, it is the responsibility of
+the administrator to ensure that the regular expression replacement
+pattern for the target URI does not allow a client to append arbitrary
+strings to the host or port parts of the target URI. For example, the
+configuration
+
+ProxyPassMatch ^/mail(.*) http://internal-host$1
+
+is still insecure and should be replaced by one of the following
+configurations:
+
+ProxyPassMatch ^/mail(/.*) http://internal-host$1
+ProxyPassMatch ^/mail/(.*) http://internal-host/$1
+
+CVE-2012-0031:
+
+An apache2 child process could cause the parent process to crash
+during shutdown. This is a violation of the privilege separation
+between the apache2 processes and could potentially be used to worsen
+the impact of other vulnerabilities.
+
+CVE-2012-0053:
+
+The response message for error code 400 (bad request) could be used to
+expose httpOnly cookies. This could allow a remote attacker using
+cross site scripting to steal authentication cookies.
+
+
+For the oldstable distribution (lenny), these problems have been fixed in
+version apache2 2.2.9-10+lenny12.
+
+For the stable distribution (squeeze), these problems have been fixed in
+version apache2 2.2.16-6+squeeze6
+
+For the testing distribution (wheezy), these problems will be fixed in
+version 2.2.22-1.
+
+For the unstable distribution (sid), these problems have been fixed in
+version 2.2.22-1.
+
+We recommend that you upgrade your apache2 packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202405-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2405-1 (apache2)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"apache2", ver:"2.2.22-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"apache2-dbg", ver:"2.2.22-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"apache2-doc", ver:"2.2.22-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"apache2-mpm-event", ver:"2.2.22-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"apache2-mpm-itk", ver:"2.2.22-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"apache2-mpm-prefork", ver:"2.2.22-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"apache2-mpm-worker", ver:"2.2.22-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"apache2-prefork-dev", ver:"2.2.22-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"apache2-suexec", ver:"2.2.22-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"apache2-suexec-custom", ver:"2.2.22-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"apache2-threaded-dev", ver:"2.2.22-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"apache2-utils", ver:"2.2.22-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"apache2.2-bin", ver:"2.2.22-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+if((res = isdpkgvuln(pkg:"apache2.2-common", ver:"2.2.22-1", rls:"DEB7.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
Added: trunk/openvas-plugins/scripts/deb_2407_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_2407_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/deb_2407_1.nasl 2012-02-12 04:35:40 UTC (rev 12711)
@@ -0,0 +1,84 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 2407-1 (cvs)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(70727);
+ script_cve_id("CVE-2012-0804");
+ script_tag(name:"risk_factor", value:"High");
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-11 03:36:56 -0500 (Sat, 11 Feb 2012)");
+ script_name("Debian Security Advisory DSA 2407-1 (cvs)");
+
+ desc = "The remote host is missing an update to cvs
+announced via advisory DSA 2407-1.
+
+It was discovered that a malicious CVS server could cause a heap
+overflow in the CVS client, potentially allowing the server to execute
+arbitrary code on the client.
+
+For the stable distribution (squeeze), this problem has been fixed in
+version 1:1.12.13-12+squeeze1.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 2:1.12.13+real-7.
+
+We recommend that you upgrade your cvs packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202407-1
+";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 2407-1 (cvs)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+res = "";
+report = "";
+if((res = isdpkgvuln(pkg:"cvs", ver:"1:1.12.13-12+squeeze1", rls:"DEB6.0")) != NULL) {
+ report += res;
+}
+
+if(report != "") {
+ security_hole(data:report + '\n' + desc);
+}
More information about the Openvas-commits
mailing list