[Openvas-commits] r12921 - in trunk/openvas-plugins: . scripts
scm-commit at wald.intevation.org
scm-commit at wald.intevation.org
Mon Feb 27 16:19:01 CET 2012
Author: antu123
Date: 2012-02-27 16:19:00 +0100 (Mon, 27 Feb 2012)
New Revision: 12921
Added:
trunk/openvas-plugins/scripts/gb_RHSA-2012_0125-01_glibc.nasl
trunk/openvas-plugins/scripts/gb_RHSA-2012_0126-01_glibc.nasl
trunk/openvas-plugins/scripts/gb_RHSA-2012_0127-01_mysql.nasl
trunk/openvas-plugins/scripts/gb_RHSA-2012_0136-01_libvorbis.nasl
trunk/openvas-plugins/scripts/gb_RHSA-2012_0141-01_seamonkey.nasl
trunk/openvas-plugins/scripts/gb_RHSA-2012_0142-01_firefox.nasl
trunk/openvas-plugins/scripts/gb_RHSA-2012_0143-01_xulrunner.nasl
trunk/openvas-plugins/scripts/gb_RHSA-2012_0152-03_kexec-tools.nasl
trunk/openvas-plugins/scripts/gb_RHSA-2012_0153-03_sos.nasl
trunk/openvas-plugins/scripts/gb_RHSA-2012_0301-03_ImageMagick.nasl
trunk/openvas-plugins/scripts/gb_RHSA-2012_0302-03_cups.nasl
trunk/openvas-plugins/scripts/gb_RHSA-2012_0303-03_xorg-x11-server.nasl
trunk/openvas-plugins/scripts/gb_RHSA-2012_0304-03_vixie-cron.nasl
trunk/openvas-plugins/scripts/gb_RHSA-2012_0305-03_boost.nasl
trunk/openvas-plugins/scripts/gb_RHSA-2012_0306-03_krb5.nasl
trunk/openvas-plugins/scripts/gb_RHSA-2012_0307-03_util-linux.nasl
trunk/openvas-plugins/scripts/gb_RHSA-2012_0308-03_busybox.nasl
trunk/openvas-plugins/scripts/gb_RHSA-2012_0309-03_sudo.nasl
trunk/openvas-plugins/scripts/gb_RHSA-2012_0310-03_nfs-utils.nasl
trunk/openvas-plugins/scripts/gb_RHSA-2012_0311-03_ibutils.nasl
trunk/openvas-plugins/scripts/gb_RHSA-2012_0312-03_initscripts.nasl
trunk/openvas-plugins/scripts/gb_RHSA-2012_0313-03_samba.nasl
trunk/openvas-plugins/scripts/gb_RHSA-2012_0317-01_libpng.nasl
trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_feb12_win_01.nasl
trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_feb12_win_02.nasl
trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_feb12_win_03.nasl
trunk/openvas-plugins/scripts/gb_realplayer_atrac_sample_code_exec_vuln_macosx.nasl
trunk/openvas-plugins/scripts/gb_realplayer_atrac_sample_code_exec_vuln_win.nasl
trunk/openvas-plugins/scripts/gb_realplayer_mult_vuln_win_feb12.nasl
trunk/openvas-plugins/scripts/gb_ubuntu_USN_1284_2.nasl
trunk/openvas-plugins/scripts/gb_ubuntu_USN_1358_2.nasl
trunk/openvas-plugins/scripts/gb_ubuntu_USN_1359_1.nasl
trunk/openvas-plugins/scripts/gb_ubuntu_USN_1360_1.nasl
trunk/openvas-plugins/scripts/gb_ubuntu_USN_1361_1.nasl
trunk/openvas-plugins/scripts/gb_ubuntu_USN_1362_1.nasl
trunk/openvas-plugins/scripts/gb_ubuntu_USN_1365_1.nasl
trunk/openvas-plugins/scripts/gb_ubuntu_USN_1366_1.nasl
trunk/openvas-plugins/scripts/gb_ubuntu_USN_1367_1.nasl
trunk/openvas-plugins/scripts/gb_ubuntu_USN_1367_2.nasl
trunk/openvas-plugins/scripts/gb_ubuntu_USN_1367_3.nasl
trunk/openvas-plugins/scripts/gb_ubuntu_USN_1367_4.nasl
trunk/openvas-plugins/scripts/gb_ubuntu_USN_1368_1.nasl
trunk/openvas-plugins/scripts/gb_ubuntu_USN_1370_1.nasl
trunk/openvas-plugins/scripts/secpod_adobe_flash_player_mult_vuln_lin_feb12.nasl
trunk/openvas-plugins/scripts/secpod_adobe_flash_player_mult_vuln_macosx_feb12.nasl
trunk/openvas-plugins/scripts/secpod_adobe_flash_player_mult_vuln_win_feb12.nasl
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/scripts/gb_STHS_51991.nasl
Log:
Added new plugins, Auto generated plugins and Added CVE, CVSS and base vector
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2012-02-27 14:45:20 UTC (rev 12920)
+++ trunk/openvas-plugins/ChangeLog 2012-02-27 15:19:00 UTC (rev 12921)
@@ -1,3 +1,58 @@
+2012-02-27 Antu Sanadi <santu at secpod.com>
+
+ * scripts/gb_oracle_java_se_mult_vuln_feb12_win_01.nasl,
+ scripts/gb_oracle_java_se_mult_vuln_feb12_win_02.nasl,
+ scripts/gb_oracle_java_se_mult_vuln_feb12_win_03.nasl,
+ scripts/gb_realplayer_mult_vuln_win_feb12.nasl,
+ scripts/gb_realplayer_atrac_sample_code_exec_vuln_win.nasl,
+ scripts/gb_realplayer_atrac_sample_code_exec_vuln_macosx.nasl,
+ scripts/secpod_adobe_flash_player_mult_vuln_win_feb12.nasl,
+ scripts/secpod_adobe_flash_player_mult_vuln_lin_feb12.nasl,
+ scripts/secpod_adobe_flash_player_mult_vuln_macosx_feb12.nasl:
+ Added new plugins.
+
+ * scripts/gb_STHS_51991.nasl:
+ Added CVE, CVSS and Base Vector.
+
+ * scripts/gb_RHSA-2012_0125-01_glibc.nasl,
+ scripts/gb_RHSA-2012_0143-01_xulrunner.nasl,
+ scripts/gb_RHSA-2012_0304-03_vixie-cron.nasl,
+ scripts/gb_RHSA-2012_0310-03_nfs-utils.nasl,
+ scripts/gb_RHSA-2012_0126-01_glibc.nasl,
+ scripts/gb_RHSA-2012_0152-03_kexec-tools.nasl,
+ scripts/gb_RHSA-2012_0305-03_boost.nasl,
+ scripts/gb_RHSA-2012_0311-03_ibutils.nasl,
+ scripts/gb_RHSA-2012_0127-01_mysql.nasl,
+ scripts/gb_RHSA-2012_0153-03_sos.nasl,
+ scripts/gb_RHSA-2012_0306-03_krb5.nasl,
+ scripts/gb_RHSA-2012_0312-03_initscripts.nasl,
+ scripts/gb_RHSA-2012_0136-01_libvorbis.nasl,
+ scripts/gb_RHSA-2012_0301-03_ImageMagick.nasl,
+ scripts/gb_RHSA-2012_0307-03_util-linux.nasl,
+ scripts/gb_RHSA-2012_0313-03_samba.nasl,
+ scripts/gb_RHSA-2012_0141-01_seamonkey.nasl,
+ scripts/gb_RHSA-2012_0302-03_cups.nasl,
+ scripts/gb_RHSA-2012_0308-03_busybox.nasl,
+ scripts/gb_RHSA-2012_0317-01_libpng.nasl,
+ scripts/gb_RHSA-2012_0142-01_firefox.nasl,
+ scripts/gb_RHSA-2012_0303-03_xorg-x11-server.nasl,
+ scripts/gb_RHSA-2012_0309-03_sudo.nasl,
+ scripts/gb_ubuntu_USN_1284_2.nasl,
+ scripts/gb_ubuntu_USN_1360_1.nasl,
+ scripts/gb_ubuntu_USN_1365_1.nasl,
+ scripts/gb_ubuntu_USN_1367_2.nasl,
+ scripts/gb_ubuntu_USN_1368_1.nasl,
+ scripts/gb_ubuntu_USN_1358_2.nasl,
+ scripts/gb_ubuntu_USN_1361_1.nasl,
+ scripts/gb_ubuntu_USN_1366_1.nasl,
+ scripts/gb_ubuntu_USN_1367_3.nasl,
+ scripts/gb_ubuntu_USN_1370_1.nasl,
+ scripts/gb_ubuntu_USN_1359_1.nasl,
+ scripts/gb_ubuntu_USN_1362_1.nasl,
+ scripts/gb_ubuntu_USN_1367_1.nasl,
+ scripts/gb_ubuntu_USN_1367_4.nasl:
+ Added new auto generated plugins.
+
2012-02-27 Michael Meyer <michael.meyer at greenbone.net>
* scripts/gb_cpassman_47379.nasl:
Added: trunk/openvas-plugins/scripts/gb_RHSA-2012_0125-01_glibc.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_RHSA-2012_0125-01_glibc.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_RHSA-2012_0125-01_glibc.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,190 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# RedHat Update for glibc RHSA-2012:0125-01
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ The glibc packages contain the standard C libraries used by multiple
+ programs on the system. These packages contain the standard C and the
+ standard math libraries. Without these two libraries, a Linux system cannot
+ function properly.
+
+ An integer overflow flaw, leading to a heap-based buffer overflow, was
+ found in the way the glibc library read timezone files. If a
+ carefully-crafted timezone file was loaded by an application linked against
+ glibc, it could cause the application to crash or, potentially, execute
+ arbitrary code with the privileges of the user running the application.
+ (CVE-2009-5029)
+
+ A flaw was found in the way the ldd utility identified dynamically linked
+ libraries. If an attacker could trick a user into running ldd on a
+ malicious binary, it could result in arbitrary code execution with the
+ privileges of the user running ldd. (CVE-2009-5064)
+
+ It was discovered that the glibc addmntent() function, used by various
+ mount helper utilities, did not sanitize its input properly. A local
+ attacker could possibly use this flaw to inject malformed lines into the
+ mtab (mounted file systems table) file via certain setuid mount helpers, if
+ the attacker were allowed to mount to an arbitrary directory under their
+ control. (CVE-2010-0296)
+
+ An integer overflow flaw, leading to a heap-based buffer overflow, was
+ found in the way the glibc library loaded ELF (Executable and Linking
+ Format) files. If a carefully-crafted ELF file was loaded by an
+ application linked against glibc, it could cause the application to crash
+ or, potentially, execute arbitrary code with the privileges of the user
+ running the application. (CVE-2010-0830)
+
+ It was discovered that the glibc fnmatch() function did not properly
+ restrict the use of alloca(). If the function was called on sufficiently
+ large inputs, it could cause an application using fnmatch() to crash or,
+ possibly, execute arbitrary code with the privileges of the application.
+ (CVE-2011-1071)
+
+ It was found that the glibc addmntent() function, used by various mount
+ helper utilities, did not handle certain errors correctly when updating the
+ mtab (mounted file systems table) file. If such utilities had the setuid
+ bit set, a local attacker could use this flaw to corrupt the mtab file.
+ (CVE-2011-1089)
+
+ It was discovered that the locale command did not produce properly escaped
+ output as required by the POSIX specification. If an attacker were able to
+ set the locale environment ...
+
+ Description truncated, for more information please check the Reference URL
+
+ Affected Software/OS:
+ glibc on Red Hat Enterprise Linux AS version 4,
+ Red Hat Enterprise Linux ES version 4,
+ Red Hat Enterprise Linux WS version 4
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://www.redhat.com/archives/rhsa-announce/2012-February/msg00026.html ";
+
+if(description)
+{
+ script_id(870545);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-21 18:55:19 +0530 (Tue, 21 Feb 2012)");
+ script_cve_id("CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0296", "CVE-2010-0830",
+ "CVE-2011-1071", "CVE-2011-1089", "CVE-2011-1095", "CVE-2011-1659",
+ "CVE-2011-4609");
+ script_tag(name:"cvss_base", value:"7.2");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "RHSA", value: "2012:0125-01");
+ script_name("RedHat Update for glibc RHSA-2012:0125-01");
+
+ script_description(desc);
+ script_summary("Check for the Version of glibc");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Red Hat Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:redhat:enterprise_linux", "login/SSH/success", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "RHENT_4")
+{
+
+ if ((res = isrpmvuln(pkg:"glibc", rpm:"glibc~2.3.4~2.57", rls:"RHENT_4")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"glibc-common", rpm:"glibc-common~2.3.4~2.57", rls:"RHENT_4")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"glibc-debuginfo", rpm:"glibc-debuginfo~2.3.4~2.57", rls:"RHENT_4")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"glibc-debuginfo-common", rpm:"glibc-debuginfo-common~2.3.4~2.57", rls:"RHENT_4")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"glibc-devel", rpm:"glibc-devel~2.3.4~2.57", rls:"RHENT_4")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"glibc-headers", rpm:"glibc-headers~2.3.4~2.57", rls:"RHENT_4")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"glibc-profile", rpm:"glibc-profile~2.3.4~2.57", rls:"RHENT_4")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"glibc-utils", rpm:"glibc-utils~2.3.4~2.57", rls:"RHENT_4")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"nptl-devel", rpm:"nptl-devel~2.3.4~2.57", rls:"RHENT_4")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"nscd", rpm:"nscd~2.3.4~2.57", rls:"RHENT_4")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_RHSA-2012_0125-01_glibc.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_RHSA-2012_0126-01_glibc.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_RHSA-2012_0126-01_glibc.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_RHSA-2012_0126-01_glibc.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,169 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# RedHat Update for glibc RHSA-2012:0126-01
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ The glibc packages contain the standard C libraries used by multiple
+ programs on the system. These packages contain the standard C and the
+ standard math libraries. Without these two libraries, a Linux system cannot
+ function properly.
+
+ An integer overflow flaw, leading to a heap-based buffer overflow, was
+ found in the way the glibc library read timezone files. If a
+ carefully-crafted timezone file was loaded by an application linked against
+ glibc, it could cause the application to crash or, potentially, execute
+ arbitrary code with the privileges of the user running the application.
+ (CVE-2009-5029)
+
+ A flaw was found in the way the ldd utility identified dynamically linked
+ libraries. If an attacker could trick a user into running ldd on a
+ malicious binary, it could result in arbitrary code execution with the
+ privileges of the user running ldd. (CVE-2009-5064)
+
+ An integer overflow flaw, leading to a heap-based buffer overflow, was
+ found in the way the glibc library loaded ELF (Executable and Linking
+ Format) files. If a carefully-crafted ELF file was loaded by an
+ application linked against glibc, it could cause the application to crash
+ or, potentially, execute arbitrary code with the privileges of the user
+ running the application. (CVE-2010-0830)
+
+ It was found that the glibc addmntent() function, used by various mount
+ helper utilities, did not handle certain errors correctly when updating the
+ mtab (mounted file systems table) file. If such utilities had the setuid
+ bit set, a local attacker could use this flaw to corrupt the mtab file.
+ (CVE-2011-1089)
+
+ A denial of service flaw was found in the remote procedure call (RPC)
+ implementation in glibc. A remote attacker able to open a large number of
+ connections to an RPC service that is using the RPC implementation from
+ glibc, could use this flaw to make that service use an excessive amount of
+ CPU time. (CVE-2011-4609)
+
+ Red Hat would like to thank the Ubuntu Security Team for reporting
+ CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu
+ Security Team acknowledges Dan Rosenberg as the original reporter of
+ CVE-2010-0830.
+
+ Users should upgrade to these updated packages, which resolve these issues.
+
+ Affected Software/OS:
+ glibc on Red Hat Enterprise Linux (v. 5 server)
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://www.redhat.com/archives/rhsa-announce/2012-February/msg00027.html ";
+
+if(description)
+{
+ script_id(870556);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-21 18:56:49 +0530 (Tue, 21 Feb 2012)");
+ script_cve_id("CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0830", "CVE-2011-1089",
+ "CVE-2011-4609");
+ script_tag(name:"cvss_base", value:"6.9");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "RHSA", value: "2012:0126-01");
+ script_name("RedHat Update for glibc RHSA-2012:0126-01");
+
+ script_description(desc);
+ script_summary("Check for the Version of glibc");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Red Hat Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:redhat:enterprise_linux", "login/SSH/success", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "RHENT_5")
+{
+
+ if ((res = isrpmvuln(pkg:"glibc", rpm:"glibc~2.5~65.el5_7.3", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"glibc-common", rpm:"glibc-common~2.5~65.el5_7.3", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"glibc-debuginfo", rpm:"glibc-debuginfo~2.5~65.el5_7.3", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"glibc-debuginfo-common", rpm:"glibc-debuginfo-common~2.5~65.el5_7.3", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"glibc-devel", rpm:"glibc-devel~2.5~65.el5_7.3", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"glibc-headers", rpm:"glibc-headers~2.5~65.el5_7.3", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"glibc-utils", rpm:"glibc-utils~2.5~65.el5_7.3", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"nscd", rpm:"nscd~2.5~65.el5_7.3", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_RHSA-2012_0126-01_glibc.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_RHSA-2012_0127-01_mysql.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_RHSA-2012_0127-01_mysql.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_RHSA-2012_0127-01_mysql.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,132 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# RedHat Update for mysql RHSA-2012:0127-01
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ MySQL is a multi-user, multi-threaded SQL database server. It consists of
+ the MySQL server daemon (mysqld) and many client programs and libraries.
+
+ This update fixes several vulnerabilities in the MySQL database server.
+ Information about these flaws can be found on the Oracle Critical Patch
+ Update Advisory page, listed in the References section. (CVE-2012-0075,
+ CVE-2012-0087, CVE-2012-0101, CVE-2012-0102, CVE-2012-0114, CVE-2012-0484,
+ CVE-2012-0490)
+
+ These updated packages upgrade MySQL to version 5.0.95. Refer to the MySQL
+ release notes for a full list of changes:
+
+ http://dev.mysql.com/doc/refman/5.0/en/news-5-0-x.html
+
+ All MySQL users should upgrade to these updated packages, which correct
+ these issues. After installing this update, the MySQL server daemon
+ (mysqld) will be restarted automatically.
+
+ Affected Software/OS:
+ mysql on Red Hat Enterprise Linux (v. 5 server)
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://www.redhat.com/archives/rhsa-announce/2012-February/msg00028.html ";
+
+if(description)
+{
+ script_id(870547);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-21 18:55:56 +0530 (Tue, 21 Feb 2012)");
+ script_cve_id("CVE-2012-0075", "CVE-2012-0087", "CVE-2012-0101", "CVE-2012-0102",
+ "CVE-2012-0114", "CVE-2012-0484", "CVE-2012-0490");
+ script_tag(name:"cvss_base", value:"4.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:N/I:N/A:P");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_xref(name: "RHSA", value: "2012:0127-01");
+ script_name("RedHat Update for mysql RHSA-2012:0127-01");
+
+ script_description(desc);
+ script_summary("Check for the Version of mysql");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Red Hat Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:redhat:enterprise_linux", "login/SSH/success", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "RHENT_5")
+{
+
+ if ((res = isrpmvuln(pkg:"mysql", rpm:"mysql~5.0.95~1.el5_7.1", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"mysql-bench", rpm:"mysql-bench~5.0.95~1.el5_7.1", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"mysql-debuginfo", rpm:"mysql-debuginfo~5.0.95~1.el5_7.1", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"mysql-devel", rpm:"mysql-devel~5.0.95~1.el5_7.1", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"mysql-server", rpm:"mysql-server~5.0.95~1.el5_7.1", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"mysql-test", rpm:"mysql-test~5.0.95~1.el5_7.1", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_RHSA-2012_0127-01_mysql.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_RHSA-2012_0136-01_libvorbis.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_RHSA-2012_0136-01_libvorbis.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_RHSA-2012_0136-01_libvorbis.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,138 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# RedHat Update for libvorbis RHSA-2012:0136-01
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ The libvorbis packages contain runtime libraries for use in programs that
+ support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and
+ royalty-free, general-purpose compressed audio format.
+
+ A heap-based buffer overflow flaw was found in the way the libvorbis
+ library parsed Ogg Vorbis media files. If a specially-crafted Ogg Vorbis
+ media file was opened by an application using libvorbis, it could cause the
+ application to crash or, possibly, execute arbitrary code with the
+ privileges of the user running the application. (CVE-2012-0444)
+
+ Users of libvorbis should upgrade to these updated packages, which contain
+ a backported patch to correct this issue. The desktop must be restarted
+ (log out, then log back in) for this update to take effect.
+
+ Affected Software/OS:
+ libvorbis on Red Hat Enterprise Linux (v. 5 server),
+ Red Hat Enterprise Linux AS version 4,
+ Red Hat Enterprise Linux ES version 4,
+ Red Hat Enterprise Linux WS version 4
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://www.redhat.com/archives/rhsa-announce/2012-February/msg00032.html ";
+
+if(description)
+{
+ script_id(870558);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-21 18:56:58 +0530 (Tue, 21 Feb 2012)");
+ script_cve_id("CVE-2012-0444");
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_xref(name: "RHSA", value: "2012:0136-01");
+ script_name("RedHat Update for libvorbis RHSA-2012:0136-01");
+
+ script_description(desc);
+ script_summary("Check for the Version of libvorbis");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Red Hat Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:redhat:enterprise_linux", "login/SSH/success", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "RHENT_5")
+{
+
+ if ((res = isrpmvuln(pkg:"libvorbis", rpm:"libvorbis~1.1.2~3.el5_7.6", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"libvorbis-debuginfo", rpm:"libvorbis-debuginfo~1.1.2~3.el5_7.6", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"libvorbis-devel", rpm:"libvorbis-devel~1.1.2~3.el5_7.6", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+
+if(release == "RHENT_4")
+{
+
+ if ((res = isrpmvuln(pkg:"libvorbis", rpm:"libvorbis~1.1.0~4.el4.5", rls:"RHENT_4")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"libvorbis-debuginfo", rpm:"libvorbis-debuginfo~1.1.0~4.el4.5", rls:"RHENT_4")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"libvorbis-devel", rpm:"libvorbis-devel~1.1.0~4.el4.5", rls:"RHENT_4")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_RHSA-2012_0136-01_libvorbis.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_RHSA-2012_0141-01_seamonkey.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_RHSA-2012_0141-01_seamonkey.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_RHSA-2012_0141-01_seamonkey.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,131 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# RedHat Update for seamonkey RHSA-2012:0141-01
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ SeaMonkey is an open source web browser, e-mail and newsgroup client, IRC
+ chat client, and HTML editor.
+
+ A heap-based buffer overflow flaw was found in the way SeaMonkey handled
+ PNG (Portable Network Graphics) images. A web page containing a malicious
+ PNG image could cause SeaMonkey to crash or, possibly, execute arbitrary
+ code with the privileges of the user running SeaMonkey.
+
+ All SeaMonkey users should upgrade to these updated packages, which correct
+ this issue. After installing the update, SeaMonkey must be restarted for
+ the changes to take effect.
+
+ Affected Software/OS:
+ seamonkey on Red Hat Enterprise Linux AS version 4,
+ Red Hat Enterprise Linux ES version 4,
+ Red Hat Enterprise Linux WS version 4
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://www.redhat.com/archives/rhsa-announce/2012-February/msg00037.html ";
+
+if(description)
+{
+ script_id(870566);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-21 18:57:33 +0530 (Tue, 21 Feb 2012)");
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "RHSA", value: "2012:0141-01");
+ script_name("RedHat Update for seamonkey RHSA-2012:0141-01");
+
+ script_description(desc);
+ script_summary("Check for the Version of seamonkey");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Red Hat Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:redhat:enterprise_linux", "login/SSH/success", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "RHENT_4")
+{
+
+ if ((res = isrpmvuln(pkg:"seamonkey", rpm:"seamonkey~1.0.9~79.el4", rls:"RHENT_4")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"seamonkey-chat", rpm:"seamonkey-chat~1.0.9~79.el4", rls:"RHENT_4")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"seamonkey-debuginfo", rpm:"seamonkey-debuginfo~1.0.9~79.el4", rls:"RHENT_4")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"seamonkey-devel", rpm:"seamonkey-devel~1.0.9~79.el4", rls:"RHENT_4")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"seamonkey-dom-inspector", rpm:"seamonkey-dom-inspector~1.0.9~79.el4", rls:"RHENT_4")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"seamonkey-js-debugger", rpm:"seamonkey-js-debugger~1.0.9~79.el4", rls:"RHENT_4")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"seamonkey-mail", rpm:"seamonkey-mail~1.0.9~79.el4", rls:"RHENT_4")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_RHSA-2012_0141-01_seamonkey.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_RHSA-2012_0142-01_firefox.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_RHSA-2012_0142-01_firefox.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_RHSA-2012_0142-01_firefox.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,100 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# RedHat Update for firefox RHSA-2012:0142-01
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ Mozilla Firefox is an open source web browser.
+
+ A heap-based buffer overflow flaw was found in the way Firefox handled
+ PNG (Portable Network Graphics) images. A web page containing a malicious
+ PNG image could cause Firefox to crash or, possibly, execute arbitrary
+ code with the privileges of the user running Firefox. (CVE-2011-3026)
+
+ All Firefox users should upgrade to this updated package, which corrects
+ this issue. After installing the update, Firefox must be restarted for the
+ changes to take effect.
+
+ Affected Software/OS:
+ firefox on Red Hat Enterprise Linux AS version 4,
+ Red Hat Enterprise Linux ES version 4,
+ Red Hat Enterprise Linux WS version 4
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://www.redhat.com/archives/rhsa-announce/2012-February/msg00038.html ";
+
+if(description)
+{
+ script_id(870564);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-21 18:57:12 +0530 (Tue, 21 Feb 2012)");
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "RHSA", value: "2012:0142-01");
+ script_name("RedHat Update for firefox RHSA-2012:0142-01");
+
+ script_description(desc);
+ script_summary("Check for the Version of firefox");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Red Hat Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:redhat:enterprise_linux", "login/SSH/success", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "RHENT_4")
+{
+
+ if ((res = isrpmvuln(pkg:"firefox", rpm:"firefox~3.6.26~3.el4", rls:"RHENT_4")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"firefox-debuginfo", rpm:"firefox-debuginfo~3.6.26~3.el4", rls:"RHENT_4")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_RHSA-2012_0142-01_firefox.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_RHSA-2012_0143-01_xulrunner.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_RHSA-2012_0143-01_xulrunner.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_RHSA-2012_0143-01_xulrunner.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,107 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# RedHat Update for xulrunner RHSA-2012:0143-01
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ XULRunner provides the XUL Runtime environment for applications using the
+ Gecko layout engine.
+
+ A heap-based buffer overflow flaw was found in the way XULRunner handled
+ PNG (Portable Network Graphics) images. A web page containing a malicious
+ PNG image could cause an application linked against XULRunner (such as
+ Firefox) to crash or, potentially, execute arbitrary code with the
+ privileges of the user running the application. (CVE-2011-3026)
+
+ All XULRunner users should upgrade to these updated packages, which correct
+ this issue. After installing the update, applications using XULRunner must
+ be restarted for the changes to take effect.
+
+
+ Affected Software/OS:
+ xulrunner on Red Hat Enterprise Linux (v. 5 server)
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://www.redhat.com/archives/rhsa-announce/2012-February/msg00039.html ";
+
+if(description)
+{
+ script_id(870546);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-21 18:55:36 +0530 (Tue, 21 Feb 2012)");
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "RHSA", value: "2012:0143-01");
+ script_name("RedHat Update for xulrunner RHSA-2012:0143-01");
+
+ script_description(desc);
+ script_summary("Check for the Version of xulrunner");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Red Hat Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:redhat:enterprise_linux", "login/SSH/success", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "RHENT_5")
+{
+
+ if ((res = isrpmvuln(pkg:"xulrunner", rpm:"xulrunner~1.9.2.26~2.el5_7", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"xulrunner-debuginfo", rpm:"xulrunner-debuginfo~1.9.2.26~2.el5_7", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"xulrunner-devel", rpm:"xulrunner-devel~1.9.2.26~2.el5_7", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_RHSA-2012_0143-01_xulrunner.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_RHSA-2012_0152-03_kexec-tools.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_RHSA-2012_0152-03_kexec-tools.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_RHSA-2012_0152-03_kexec-tools.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,128 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# RedHat Update for kexec-tools RHSA-2012:0152-03
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ The kexec-tools package contains the /sbin/kexec binary and utilities that
+ together form the user-space component of the kernel's kexec feature. The
+ /sbin/kexec binary facilitates a new kernel to boot using the kernel's
+ kexec feature either on a normal or a panic reboot. The kexec fastboot
+ mechanism allows booting a Linux kernel from the context of an already
+ running kernel.
+
+ Kdump used the SSH (Secure Shell) "StrictHostKeyChecking=no" option when
+ dumping to SSH targets, causing the target kdump server's SSH host key not
+ to be checked. This could make it easier for a man-in-the-middle attacker
+ on the local network to impersonate the kdump SSH target server and
+ possibly gain access to sensitive information in the vmcore dumps.
+ (CVE-2011-3588)
+
+ The mkdumprd utility created initrd files with world-readable permissions.
+ A local user could possibly use this flaw to gain access to sensitive
+ information, such as the private SSH key used to authenticate to a remote
+ server when kdump was configured to dump to an SSH target. (CVE-2011-3589)
+
+ The mkdumprd utility included unneeded sensitive files (such as all files
+ from the "/root/.ssh/" directory and the host's private SSH keys) in the
+ resulting initrd. This could lead to an information leak when initrd
+ files were previously created with world-readable permissions. Note: With
+ this update, only the SSH client configuration, known hosts files, and the
+ SSH key configured via the newly introduced sshkey option in
+ "/etc/kdump.conf" are included in the initrd. The default is the key
+ generated when running the "service kdump propagate" command,
+ "/root/.ssh/kdump_id_rsa". (CVE-2011-3590)
+
+ Red Hat would like to thank Kevan Carstensen for reporting these issues.
+
+ This updated kexec-tools package also includes numerous bug fixes and
+ enhancements. Space precludes documenting all of these changes in this
+ advisory. Users are directed to the Red Hat Enterprise Linux 5.8 Technical
+ Notes, linked to in the References, for information on the most significant
+ of these changes.
+
+ All users of kexec-tools are advised to upgrade to this updated package,
+ which resolves these security issues, fixes these bugs and adds these
+ enhancements.
+
+ Affected Software/OS:
+ kexec-tools on Red Hat Enterprise Linux (v. 5 server)
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://www.redhat.com/archives/rhsa-announce/2012-February/msg00051.html ";
+
+if(description)
+{
+ script_id(870559);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-21 18:57:01 +0530 (Tue, 21 Feb 2012)");
+ script_cve_id("CVE-2011-3588", "CVE-2011-3589", "CVE-2011-3590");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "RHSA", value: "2012:0152-03");
+ script_name("RedHat Update for kexec-tools RHSA-2012:0152-03");
+
+ script_description(desc);
+ script_summary("Check for the Version of kexec-tools");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Red Hat Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:redhat:enterprise_linux", "login/SSH/success", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "RHENT_5")
+{
+
+ if ((res = isrpmvuln(pkg:"kexec-tools", rpm:"kexec-tools~1.102pre~154.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"kexec-tools-debuginfo", rpm:"kexec-tools-debuginfo~1.102pre~154.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_RHSA-2012_0152-03_kexec-tools.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_RHSA-2012_0153-03_sos.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_RHSA-2012_0153-03_sos.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_RHSA-2012_0153-03_sos.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,99 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# RedHat Update for sos RHSA-2012:0153-03
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ Sos is a set of tools that gather information about system hardware and
+ configuration.
+
+ The sosreport utility incorrectly included Certificate-based Red Hat
+ Network private entitlement keys in the resulting archive of debugging
+ information. An attacker able to access the archive could use the keys to
+ access Red Hat Network content available to the host. This issue did not
+ affect users of Red Hat Network Classic. (CVE-2011-4083)
+
+ This updated sos package also includes numerous bug fixes and enhancements.
+ Space precludes documenting all of these changes in this advisory. Users
+ are directed to the Red Hat Enterprise Linux 5.8 Technical Notes, linked
+ to in the References, for information on the most significant of these
+ changes.
+
+ All sos users are advised to upgrade to this updated package, which
+ resolves these issues and adds these enhancements.
+
+ Affected Software/OS:
+ sos on Red Hat Enterprise Linux (v. 5 server)
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://www.redhat.com/archives/rhsa-announce/2012-February/msg00044.html ";
+
+if(description)
+{
+ script_id(870560);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-21 18:57:04 +0530 (Tue, 21 Feb 2012)");
+ script_cve_id("CVE-2011-4083");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "RHSA", value: "2012:0153-03");
+ script_name("RedHat Update for sos RHSA-2012:0153-03");
+
+ script_description(desc);
+ script_summary("Check for the Version of sos");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Red Hat Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:redhat:enterprise_linux", "login/SSH/success", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "RHENT_5")
+{
+
+ if ((res = isrpmvuln(pkg:"sos", rpm:"sos~1.7~9.62.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_RHSA-2012_0153-03_sos.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_RHSA-2012_0301-03_ImageMagick.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_RHSA-2012_0301-03_ImageMagick.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_RHSA-2012_0301-03_ImageMagick.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,157 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# RedHat Update for ImageMagick RHSA-2012:0301-03
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ ImageMagick is an image display and manipulation tool for the X Window
+ System that can read and write multiple image formats.
+
+ It was found that ImageMagick utilities tried to load ImageMagick
+ configuration files from the current working directory. If a user ran an
+ ImageMagick utility in an attacker-controlled directory containing a
+ specially-crafted ImageMagick configuration file, it could cause the
+ utility to execute arbitrary code. (CVE-2010-4167)
+
+ This update also fixes the following bugs:
+
+ * Previously, the "identify -verbose" command failed with an assertion if
+ there was no image information available. An upstream patch has been
+ applied, so that GetImageOption() is now called correctly. Now, the
+ "identify -verbose" command works correctly even if no image information is
+ available. (BZ#502626)
+
+ * Previously, an incorrect use of the semaphore data type led to a
+ deadlock. As a consequence, the ImageMagick utility could become
+ unresponsive when converting JPEG files to PDF (Portable Document Format)
+ files. A patch has been applied to address the deadlock issue, and JPEG
+ files can now be properly converted to PDF files. (BZ#530592)
+
+ * Previously, running the "convert" command with the "-color" option failed
+ with a memory allocation error. The source code has been modified to fix
+ problems with memory allocation. Now, using the "convert" command with the
+ "-color" option works correctly. (BZ#616538)
+
+ * Previously, ImageMagick could become unresponsive when using the
+ "display" command on damaged GIF files. The source code has been revised to
+ prevent the issue. ImageMagick now produces an error message in the
+ described scenario. A file selector is now opened so the user can choose
+ another image to display. (BZ#693989)
+
+ * Prior to this update, the "convert" command did not handle rotated PDF
+ files correctly. As a consequence, the output was rendered as a portrait
+ with the content being cropped. With this update, the PDF render geometry
+ is modified, and the output produced by the "convert" command is properly
+ rendered as a landscape. (BZ#694922)
+
+ All users of ImageMagick are advised to upgrade to these updated packages,
+ which contain backported patches to correct these issues. All running
+ instances of ImageMagick must be restarted for this update to take effect.
+
+ Affected Software/OS:
+ ImageMagick on Red Hat Enterprise Linux (v. 5 server)
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://www.redhat.com/archives/rhsa-announce/2012-February/msg00059.html ";
+
+if(description)
+{
+ script_id(870567);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-21 18:58:04 +0530 (Tue, 21 Feb 2012)");
+ script_cve_id("CVE-2010-4167");
+ script_tag(name:"cvss_base", value:"6.9");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "RHSA", value: "2012:0301-03");
+ script_name("RedHat Update for ImageMagick RHSA-2012:0301-03");
+
+ script_description(desc);
+ script_summary("Check for the Version of ImageMagick");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Red Hat Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:redhat:enterprise_linux", "login/SSH/success", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "RHENT_5")
+{
+
+ if ((res = isrpmvuln(pkg:"ImageMagick", rpm:"ImageMagick~6.2.8.0~12.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"ImageMagick-c++", rpm:"ImageMagick-c++~6.2.8.0~12.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"ImageMagick-c++-devel", rpm:"ImageMagick-c++-devel~6.2.8.0~12.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"ImageMagick-debuginfo", rpm:"ImageMagick-debuginfo~6.2.8.0~12.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"ImageMagick-devel", rpm:"ImageMagick-devel~6.2.8.0~12.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"ImageMagick-perl", rpm:"ImageMagick-perl~6.2.8.0~12.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_RHSA-2012_0301-03_ImageMagick.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_RHSA-2012_0302-03_cups.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_RHSA-2012_0302-03_cups.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_RHSA-2012_0302-03_cups.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,149 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# RedHat Update for cups RHSA-2012:0302-03
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ The Common UNIX Printing System (CUPS) provides a portable printing layer
+ for Linux, UNIX, and similar operating systems.
+
+ A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW)
+ decompression algorithm implementation used by the CUPS GIF image format
+ reader. An attacker could create a malicious GIF image file that, when
+ printed, could possibly cause CUPS to crash or, potentially, execute
+ arbitrary code with the privileges of the "lp" user. (CVE-2011-2896)
+
+ This update also fixes the following bugs:
+
+ * Prior to this update, the "Show Completed Jobs," "Show All Jobs," and
+ "Show Active Jobs" buttons returned results globally across all printers
+ and not the results for the specified printer. With this update, jobs from
+ only the selected printer are shown. (BZ#625900)
+
+ * Prior to this update, the code of the serial backend contained a wrong
+ condition. As a consequence, print jobs on the raw print queue could not be
+ canceled. This update modifies the condition in the serial backend code.
+ Now, the user can cancel these print jobs. (BZ#625955)
+
+ * Prior to this update, the textonly filter did not work if used as a pipe,
+ for example when the command line did not specify the filename and the
+ number of copies was always 1. This update modifies the condition in the
+ textonly filter. Now, the data are sent to the printer regardless of the
+ number of copies specified. (BZ#660518)
+
+ * Prior to this update, the file descriptor count increased until it ran
+ out of resources when the cups daemon was running with enabled
+ Security-Enhanced Linux (SELinux) features. With this update, all resources
+ are allocated only once. (BZ#668009)
+
+ * Prior to this update, CUPS incorrectly handled the en_US.ASCII value for
+ the LANG environment variable. As a consequence, the lpadmin, lpstat, and
+ lpinfo binaries failed to write to standard output if using LANG with the
+ value. This update fixes the handling of the en_US.ASCII value and the
+ binaries now write to standard output properly. (BZ#759081)
+
+ All users of cups are advised to upgrade to these updated packages, which
+ contain backported patches to resolve these issues. After installing this
+ update, the cupsd daemon will be restarted automatically.
+
+ Affected Software/OS:
+ cups on Red Hat Enterprise Linux (v. 5 server)
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://www.redhat.com/archives/rhsa-announce/2012-February/msg00058.html ";
+
+if(description)
+{
+ script_id(870561);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-21 18:57:05 +0530 (Tue, 21 Feb 2012)");
+ script_cve_id("CVE-2011-2896");
+ script_tag(name:"cvss_base", value:"5.1");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:H/Au:N/C:P/I:P/A:P");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "RHSA", value: "2012:0302-03");
+ script_name("RedHat Update for cups RHSA-2012:0302-03");
+
+ script_description(desc);
+ script_summary("Check for the Version of cups");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Red Hat Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:redhat:enterprise_linux", "login/SSH/success", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "RHENT_5")
+{
+
+ if ((res = isrpmvuln(pkg:"cups", rpm:"cups~1.3.7~30.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"cups-debuginfo", rpm:"cups-debuginfo~1.3.7~30.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"cups-devel", rpm:"cups-devel~1.3.7~30.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"cups-libs", rpm:"cups-libs~1.3.7~30.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"cups-lpd", rpm:"cups-lpd~1.3.7~30.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_RHSA-2012_0302-03_cups.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_RHSA-2012_0303-03_xorg-x11-server.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_RHSA-2012_0303-03_xorg-x11-server.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_RHSA-2012_0303-03_xorg-x11-server.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,176 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# RedHat Update for xorg-x11-server RHSA-2012:0303-03
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ X.Org is an open source implementation of the X Window System. It provides
+ the basic low-level functionality that full-fledged graphical user
+ interfaces are designed upon.
+
+ A flaw was found in the way the X.Org server handled lock files. A local
+ user with access to the system console could use this flaw to determine the
+ existence of a file in a directory not accessible to the user, via a
+ symbolic link attack. (CVE-2011-4028)
+
+ Red Hat would like to thank the researcher with the nickname vladz for
+ reporting this issue.
+
+ This update also fixes the following bugs:
+
+ * In rare cases, if the front and back buffer of the miDbePositionWindow()
+ function were not both allocated in video memory, or were both allocated in
+ system memory, the X Window System sometimes terminated unexpectedly. A
+ patch has been provided to address this issue and X no longer crashes in
+ the described scenario. (BZ#596899)
+
+ * Previously, when the miSetShape() function called the miRegionDestroy()
+ function with a NULL region, X terminated unexpectedly if the backing store
+ was enabled. Now, X no longer crashes in the described scenario.
+ (BZ#676270)
+
+ * On certain workstations running in 32-bit mode, the X11 mouse cursor
+ occasionally became stuck near the left edge of the X11 screen. A patch has
+ been provided to address this issue and the mouse cursor no longer becomes
+ stuck in the described scenario. (BZ#529717)
+
+ * On certain workstations with a dual-head graphics adapter using the r500
+ driver in Zaphod mode, the mouse pointer was confined to one monitor screen
+ and could not move to the other screen. A patch has been provided to
+ address this issue and the mouse cursor works properly across both screens.
+ (BZ#559964)
+
+ * Due to a double free operation, Xvfb (X virtual framebuffer) terminated
+ unexpectedly with a segmentation fault randomly when the last client
+ disconnected, that is when the server reset. This bug has been fixed in the
+ miDCCloseScreen() function and Xvfb no longer crashes. (BZ#674741)
+
+ * Starting the Xephyr server on an AMD64 or Intel 64 architecture with an
+ integrated graphics adapter caused the server to terminate unexpectedly.
+ This bug has been fixed in the code and Xephyr no longer crashes in the
+ described scenario. (BZ#454409)
+
+ * Previously, when a client made a request bigger than 1/4th of the limit
+ advertised in the BigRequestsEnable reply, the X server closed the
+ connection unexpectedly. With this update, the maxBigRequestSize variable
+ has been added to the code to check the size ...
+
+ Description truncated, for more information please check the Reference URL
+
+ Affected Software/OS:
+ xorg-x11-server on Red Hat Enterprise Linux (v. 5 server)
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://www.redhat.com/archives/rhsa-announce/2012-February/msg00057.html ";
+
+if(description)
+{
+ script_id(870548);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-21 18:56:14 +0530 (Tue, 21 Feb 2012)");
+ script_cve_id("CVE-2011-4028");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "RHSA", value: "2012:0303-03");
+ script_name("RedHat Update for xorg-x11-server RHSA-2012:0303-03");
+
+ script_description(desc);
+ script_summary("Check for the Version of xorg-x11-server");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Red Hat Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:redhat:enterprise_linux", "login/SSH/success", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "RHENT_5")
+{
+
+ if ((res = isrpmvuln(pkg:"xorg-x11-server-Xdmx", rpm:"xorg-x11-server-Xdmx~1.1.1~48.90.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"xorg-x11-server-Xephyr", rpm:"xorg-x11-server-Xephyr~1.1.1~48.90.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"xorg-x11-server-Xnest", rpm:"xorg-x11-server-Xnest~1.1.1~48.90.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"xorg-x11-server-Xorg", rpm:"xorg-x11-server-Xorg~1.1.1~48.90.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"xorg-x11-server-Xvfb", rpm:"xorg-x11-server-Xvfb~1.1.1~48.90.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"xorg-x11-server-Xvnc-source", rpm:"xorg-x11-server-Xvnc-source~1.1.1~48.90.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"xorg-x11-server-debuginfo", rpm:"xorg-x11-server-debuginfo~1.1.1~48.90.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"xorg-x11-server-sdk", rpm:"xorg-x11-server-sdk~1.1.1~48.90.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_RHSA-2012_0303-03_xorg-x11-server.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_RHSA-2012_0304-03_vixie-cron.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_RHSA-2012_0304-03_vixie-cron.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_RHSA-2012_0304-03_vixie-cron.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,138 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# RedHat Update for vixie-cron RHSA-2012:0304-03
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ The vixie-cron package contains the Vixie version of cron. Cron is a
+ standard UNIX daemon that runs specified programs at scheduled times. The
+ vixie-cron package adds improved security and more powerful configuration
+ options to the standard version of cron.
+
+ A race condition was found in the way the crontab program performed file
+ time stamp updates on a temporary file created when editing a user crontab
+ file. A local attacker could use this flaw to change the modification time
+ of arbitrary system files via a symbolic link attack. (CVE-2010-0424)
+
+ Red Hat would like to thank Dan Rosenberg for reporting this issue.
+
+ This update also fixes the following bugs:
+
+ * Cron jobs of users with home directories mounted on a Lightweight
+ Directory Access Protocol (LDAP) server or Network File System (NFS) were
+ often refused because jobs were marked as orphaned (typically due to a
+ temporary NSS lookup failure, when NIS and LDAP servers were unreachable).
+ With this update, a database of orphans is created, and cron jobs are
+ performed as expected. (BZ#455664)
+
+ * Previously, cron did not log any errors if a cron job file located in the
+ /etc/cron.d/ directory contained invalid entries. An upstream patch has
+ been applied to address this problem and invalid entries in the cron job
+ files now produce warning messages. (BZ#460070)
+
+ * Previously, the "@reboot" crontab macro incorrectly ran jobs when the
+ crond daemon was restarted. If the user used the macro on multiple
+ machines, all entries with the "@reboot" option were executed every time
+ the crond daemon was restarted. With this update, jobs are executed only
+ when the machine is rebooted. (BZ#476972)
+
+ * The crontab utility is now compiled as a position-independent executable
+ (PIE), which enhances the security of the system. (BZ#480930)
+
+ * When the parent crond daemon was stopped, but a child crond daemon was
+ running (executing a program), the "service crond status" command
+ incorrectly reported that crond was running. The source code has been
+ modified, and the "service crond status" command now correctly reports that
+ crond is stopped. (BZ#529632)
+
+ * According to the pam(8) manual page, the cron daemon, crond, supports
+ access control with PAM (Pluggable Authentication Module). However, the PAM
+ configuration file for crond did not export environment variables correctly
+ and, consequently, setting PAM variables via cron did not work. This update
+ includes a corrected /etc/pam.d/crond file that exports environmen ...
+
+ Description truncated, for more information please check the Reference URL
+
+ Affected Software/OS:
+ vixie-cron on Red Hat Enterprise Linux (v. 5 server)
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://www.redhat.com/archives/rhsa-announce/2012-February/msg00056.html ";
+
+if(description)
+{
+ script_id(870550);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-21 18:56:37 +0530 (Tue, 21 Feb 2012)");
+ script_cve_id("CVE-2010-0424");
+ script_tag(name:"cvss_base", value:"3.3");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:N/C:N/I:P/A:P");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_xref(name: "RHSA", value: "2012:0304-03");
+ script_name("RedHat Update for vixie-cron RHSA-2012:0304-03");
+
+ script_description(desc);
+ script_summary("Check for the Version of vixie-cron");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Red Hat Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:redhat:enterprise_linux", "login/SSH/success", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "RHENT_5")
+{
+
+ if ((res = isrpmvuln(pkg:"vixie-cron", rpm:"vixie-cron~4.1~81.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"vixie-cron-debuginfo", rpm:"vixie-cron-debuginfo~4.1~81.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_RHSA-2012_0304-03_vixie-cron.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_RHSA-2012_0305-03_boost.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_RHSA-2012_0305-03_boost.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_RHSA-2012_0305-03_boost.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,135 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# RedHat Update for boost RHSA-2012:0305-03
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ The boost packages provide free, peer-reviewed, portable C++ source
+ libraries with emphasis on libraries which work well with the C++ Standard
+ Library.
+
+ Invalid pointer dereference flaws were found in the way the Boost regular
+ expression library processed certain, invalid expressions. An attacker able
+ to make an application using the Boost library process a specially-crafted
+ regular expression could cause that application to crash or, potentially,
+ execute arbitrary code with the privileges of the user running the
+ application. (CVE-2008-0171)
+
+ NULL pointer dereference flaws were found in the way the Boost regular
+ expression library processed certain, invalid expressions. An attacker able
+ to make an application using the Boost library process a specially-crafted
+ regular expression could cause that application to crash. (CVE-2008-0172)
+
+ Red Hat would like to thank Will Drewry for reporting these issues.
+
+ This update also fixes the following bugs:
+
+ * Prior to this update, the construction of a regular expression object
+ could fail when several regular expression objects were created
+ simultaneously, such as in a multi-threaded program. With this update, the
+ object variables have been moved from the shared memory to the stack. Now,
+ the constructing function is thread safe. (BZ#472384)
+
+ * Prior to this update, header files in several Boost libraries contained
+ preprocessor directives that the GNU Compiler Collection (GCC) 4.4 could
+ not handle. This update instead uses equivalent constructs that are
+ standard C. (BZ#567722)
+
+ All users of boost are advised to upgrade to these updated packages, which
+ fix these issues.
+
+ Affected Software/OS:
+ boost on Red Hat Enterprise Linux (v. 5 server)
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://www.redhat.com/archives/rhsa-announce/2012-February/msg00054.html ";
+
+if(description)
+{
+ script_id(870563);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-21 18:57:09 +0530 (Tue, 21 Feb 2012)");
+ script_cve_id("CVE-2008-0171", "CVE-2008-0172");
+ script_tag(name:"cvss_base", value:"5.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_xref(name: "RHSA", value: "2012:0305-03");
+ script_name("RedHat Update for boost RHSA-2012:0305-03");
+
+ script_description(desc);
+ script_summary("Check for the Version of boost");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Red Hat Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:redhat:enterprise_linux", "login/SSH/success", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "RHENT_5")
+{
+
+ if ((res = isrpmvuln(pkg:"boost", rpm:"boost~1.33.1~15.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"boost-debuginfo", rpm:"boost-debuginfo~1.33.1~15.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"boost-devel", rpm:"boost-devel~1.33.1~15.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"boost-doc", rpm:"boost-doc~1.33.1~15.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_RHSA-2012_0305-03_boost.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_RHSA-2012_0306-03_krb5.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_RHSA-2012_0306-03_krb5.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_RHSA-2012_0306-03_krb5.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,163 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# RedHat Update for krb5 RHSA-2012:0306-03
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ Kerberos is a network authentication system which allows clients and
+ servers to authenticate to each other using symmetric encryption and a
+ trusted third-party, the Key Distribution Center (KDC).
+
+ It was found that ftpd, a Kerberos-aware FTP server, did not properly drop
+ privileges. On Red Hat Enterprise Linux 5, the ftpd daemon did not check
+ for the potential failure of the effective group ID change system call. If
+ the group ID change failed, a remote FTP user could use this flaw to gain
+ unauthorized read or write access to files that are owned by the root
+ group. (CVE-2011-1526)
+
+ Red Hat would like to thank the MIT Kerberos project for reporting this
+ issue. Upstream acknowledges Tim Zingelman as the original reporter.
+
+ This update also fixes the following bugs:
+
+ * Due to a mistake in the Kerberos libraries, a client could fail to
+ contact a Key Distribution Center (KDC) or terminate unexpectedly if the
+ client had already more than 1024 file descriptors in use. This update
+ backports modifications to the Kerberos libraries and the libraries use
+ the poll() function instead of the select() function, as poll() does not
+ have this limitation. (BZ#701444)
+
+ * The KDC failed to release memory when processing a TGS (ticket-granting
+ server) request from a client if the client request included an
+ authenticator with a subkey. As a result, the KDC consumed an excessive
+ amount of memory. With this update, the code releasing the memory has been
+ added and the problem no longer occurs. (BZ#708516)
+
+ * Under certain circumstances, if services requiring Kerberos
+ authentication sent two authentication requests to the authenticating
+ server, the second authentication request was flagged as a replay attack.
+ As a result, the second authentication attempt was denied. This update
+ applies an upstream patch that fixes this bug. (BZ#713500)
+
+ * Previously, if Kerberos credentials had expired, the klist command could
+ terminate unexpectedly with a segmentation fault when invoked with the -s
+ option. This happened when klist encountered and failed to process an entry
+ with no realm name while scanning the credential cache. With this update,
+ the underlying code has been modified and the command handles such entries
+ correctly. (BZ#729067)
+
+ * Due to a regression, multi-line FTP macros terminated prematurely with a
+ segmentation fault. This occurred because the previously-added patch failed
+ to properly support multi-line macros. This update restores the support for
+ multi-line macros and the problem no longer occurs. (BZ#735363, BZ#736132)
+
+ All users of krb5 are advised to upgrade to these updated packages, which
+ resolve these issues.
+
+ Affected Software/OS:
+ krb5 on Red Hat Enterprise Linux (v. 5 server)
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://www.redhat.com/archives/rhsa-announce/2012-February/msg00050.html ";
+
+if(description)
+{
+ script_id(870562);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-21 18:57:08 +0530 (Tue, 21 Feb 2012)");
+ script_cve_id("CVE-2011-1526");
+ script_tag(name:"cvss_base", value:"6.5");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:P/I:P/A:P");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "RHSA", value: "2012:0306-03");
+ script_name("RedHat Update for krb5 RHSA-2012:0306-03");
+
+ script_description(desc);
+ script_summary("Check for the Version of krb5");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Red Hat Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:redhat:enterprise_linux", "login/SSH/success", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "RHENT_5")
+{
+
+ if ((res = isrpmvuln(pkg:"krb5-debuginfo", rpm:"krb5-debuginfo~1.6.1~70.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"krb5-devel", rpm:"krb5-devel~1.6.1~70.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"krb5-libs", rpm:"krb5-libs~1.6.1~70.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"krb5-server", rpm:"krb5-server~1.6.1~70.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"krb5-server-ldap", rpm:"krb5-server-ldap~1.6.1~70.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"krb5-workstation", rpm:"krb5-workstation~1.6.1~70.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_RHSA-2012_0306-03_krb5.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_RHSA-2012_0307-03_util-linux.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_RHSA-2012_0307-03_util-linux.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_RHSA-2012_0307-03_util-linux.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,144 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# RedHat Update for util-linux RHSA-2012:0307-03
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ The util-linux package contains a large variety of low-level system
+ utilities that are necessary for a Linux system to function. Among others,
+ util-linux contains the fdisk configuration tool and the login program.
+
+ Multiple flaws were found in the way the mount and umount commands
+ performed mtab (mounted file systems table) file updates. A local,
+ unprivileged user allowed to mount or unmount file systems could use these
+ flaws to corrupt the mtab file and create a stale lock file, preventing
+ other users from mounting and unmounting file systems. (CVE-2011-1675,
+ CVE-2011-1677)
+
+ This update also fixes the following bugs:
+
+ * When the user logged into a telnet server, the login utility did not
+ update the utmp database properly if the utility was executed from the
+ telnetd daemon. This was due to telnetd not creating an appropriate entry
+ in a utmp file before executing login. With this update, correct entries
+ are created and the database is updated properly. (BZ#646300)
+
+ * Various options were not described on the blockdev(8) manual page. With
+ this update, the blockdev(8) manual page includes all the relevant options.
+ (BZ#650937)
+
+ * Prior to this update, the build process of the util-linux package failed
+ in the po directory with the following error message: "@MKINSTALLDIRS@:
+ No such file or directory". An upstream patch has been applied to address
+ this issue, and the util-linux package now builds successfully. (BZ#677452)
+
+ * Previously, the ipcs(1) and ipcrm(1) manual pages mentioned an invalid
+ option, "-b". With this update, only valid options are listed on those
+ manual pages. (BZ#678407)
+
+ * Previously, the mount(8) manual page contained incomplete information
+ about the ext4 and XFS file systems. With this update, the mount(8) manual
+ page contains the missing information. (BZ#699639)
+
+ In addition, this update adds the following enhancements:
+
+ * Previously, if DOS mode was enabled on a device, the fdisk utility could
+ report error messages similar to the following:
+
+ Partition 1 has different physical/logical beginnings (non-Linux?):
+ phys=(0, 1, 1) logical=(0, 2, 7)
+
+ This update enables users to switch off DOS compatible mode (by specifying
+ the "-c" option), and such error messages are no longer displayed.
+ (BZ#678430)
+
+ * This update adds the "fsfreeze" command which halts access to a file
+ system on a disk. (BZ#726572)
+
+ All users of util-linux are advised to upgrade to this updated package,
+ which contains backported patches to correct these issues and add these
+ enhancements.
+
+ Affected Software/OS:
+ util-linux on Red Hat Enterprise Linux (v. 5 server)
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://www.redhat.com/archives/rhsa-announce/2012-February/msg00049.html ";
+
+if(description)
+{
+ script_id(870552);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-21 18:56:41 +0530 (Tue, 21 Feb 2012)");
+ script_cve_id("CVE-2011-1675", "CVE-2011-1677");
+ script_tag(name:"cvss_base", value:"4.6");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:P/I:P/A:P");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_xref(name: "RHSA", value: "2012:0307-03");
+ script_name("RedHat Update for util-linux RHSA-2012:0307-03");
+
+ script_description(desc);
+ script_summary("Check for the Version of util-linux");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Red Hat Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:redhat:enterprise_linux", "login/SSH/success", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "RHENT_5")
+{
+
+ if ((res = isrpmvuln(pkg:"util-linux", rpm:"util-linux~2.13~0.59.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"util-linux-debuginfo", rpm:"util-linux-debuginfo~2.13~0.59.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_RHSA-2012_0307-03_util-linux.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_RHSA-2012_0308-03_busybox.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_RHSA-2012_0308-03_busybox.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_RHSA-2012_0308-03_busybox.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,127 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# RedHat Update for busybox RHSA-2012:0308-03
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ BusyBox provides a single binary that includes versions of a large number
+ of system commands, including a shell. This can be very useful for
+ recovering from certain types of system failures, particularly those
+ involving broken shared libraries.
+
+ A buffer underflow flaw was found in the way the uncompress utility of
+ BusyBox expanded certain archive files compressed using Lempel-Ziv
+ compression. If a user were tricked into expanding a specially-crafted
+ archive file with uncompress, it could cause BusyBox to crash or,
+ potentially, execute arbitrary code with the privileges of the user running
+ BusyBox. (CVE-2006-1168)
+
+ The BusyBox DHCP client, udhcpc, did not sufficiently sanitize certain
+ options provided in DHCP server replies, such as the client hostname. A
+ malicious DHCP server could send such an option with a specially-crafted
+ value to a DHCP client. If this option's value was saved on the client
+ system, and then later insecurely evaluated by a process that assumes the
+ option is trusted, it could lead to arbitrary code execution with the
+ privileges of that process. Note: udhcpc is not used on Red Hat Enterprise
+ Linux by default, and no DHCP client script is provided with the busybox
+ packages. (CVE-2011-2716)
+
+ This update also fixes the following bugs:
+
+ * Prior to this update, the cp command wrongly returned the exit code 0 to
+ indicate success if a device ran out of space while attempting to copy
+ files of more than 4 gigabytes. This update modifies BusyBox, so that in
+ such situations, the exit code 1 is returned. Now, the cp command shows
+ correctly whether a process failed. (BZ#689659)
+
+ * Prior to this update, the findfs command failed to check all existing
+ block devices on a system with thousands of block device nodes in "/dev/".
+ This update modifies BusyBox so that findfs checks all block devices even
+ in this case. (BZ#756723)
+
+ All users of busybox are advised to upgrade to these updated packages,
+ which correct these issues.
+
+ Affected Software/OS:
+ busybox on Red Hat Enterprise Linux (v. 5 server)
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://www.redhat.com/archives/rhsa-announce/2012-February/msg00048.html ";
+
+if(description)
+{
+ script_id(870557);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-21 18:56:56 +0530 (Tue, 21 Feb 2012)");
+ script_cve_id("CVE-2006-1168", "CVE-2011-2716");
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "RHSA", value: "2012:0308-03");
+ script_name("RedHat Update for busybox RHSA-2012:0308-03");
+
+ script_description(desc);
+ script_summary("Check for the Version of busybox");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Red Hat Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:redhat:enterprise_linux", "login/SSH/success", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "RHENT_5")
+{
+
+ if ((res = isrpmvuln(pkg:"busybox", rpm:"busybox~1.2.0~13.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"busybox-anaconda", rpm:"busybox-anaconda~1.2.0~13.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_RHSA-2012_0308-03_busybox.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_RHSA-2012_0309-03_sudo.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_RHSA-2012_0309-03_sudo.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_RHSA-2012_0309-03_sudo.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,140 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# RedHat Update for sudo RHSA-2012:0309-03
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ The sudo (superuser do) utility allows system administrators to give
+ certain users the ability to run commands as root.
+
+ A flaw was found in the sudo password checking logic. In configurations
+ where the sudoers settings allowed a user to run a command using sudo
+ with only the group ID changed, sudo failed to prompt for the user's
+ password before running the specified command with the elevated group
+ privileges. (CVE-2011-0010)
+
+ In addition, this update fixes the following bugs:
+
+ * A NULL pointer dereference bug caused the sudo utility to terminate
+ unexpectedly with a segmentation fault. This happened if the utility was
+ run with the -g option and configured not to demand the password from the
+ user who ran the sudo utility. With this update, the code has been modified
+ and the problem no longer occurs. (BZ#673072)
+
+ * The sudo utility failed to load sudoers from an LDAP (Lightweight
+ Directory Access Protocol) server after the sudo tool was upgraded. This
+ happened because the upgraded nsswitch.conf file did not contain the
+ instruction to search for sudoers on the LDAP server. This update adds the
+ lost instruction to /etc/nsswitch.conf and the system searches for sources
+ of sudoers on the local file system and then on LDAP, if applicable.
+ (BZ#617061)
+
+ * The sudo tool interpreted a Runas alias specifying a group incorrectly as
+ a user alias and the alias seemed to be ignored. With this update, the code
+ for interpreting such aliases has been modified and the Runas group aliases
+ are honored as expected. (BZ#627543)
+
+ * Prior to this update, sudo did not parse comment characters (#) in the
+ ldap.conf file correctly and could fail to work. With this update, parsing
+ of the LDAP configuration file has been modified and the comment characters
+ are parsed correctly. (BZ#750318)
+
+ * The sudo utility formats its output to fit the width of the terminal
+ window. However, this behavior is undesirable if the output is redirected
+ through a pipeline. With this update, the output formatting is not applied
+ in the scenario described. (BZ#697111)
+
+ * Previously, the sudo utility performed Security-Enhanced Linux (SELinux)
+ related initialization after switching to an unprivileged user. This
+ prevented the correct setup of the SELinux environment before executing the
+ specified command and could potentially cause an access denial. The bug has
+ been fixed by backporting the SELinux related code and the execution model
+ from a newer version of sudo. (BZ#477185)
+
+ * On execv(3) function failure, the sudo tool executed a ...
+
+ Description truncated, for more information please check the Reference URL
+
+ Affected Software/OS:
+ sudo on Red Hat Enterprise Linux (v. 5 server)
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://www.redhat.com/archives/rhsa-announce/2012-February/msg00047.html ";
+
+if(description)
+{
+ script_id(870553);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-21 18:56:44 +0530 (Tue, 21 Feb 2012)");
+ script_cve_id("CVE-2011-0010");
+ script_tag(name:"cvss_base", value:"4.4");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:N/C:P/I:P/A:P");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_xref(name: "RHSA", value: "2012:0309-03");
+ script_name("RedHat Update for sudo RHSA-2012:0309-03");
+
+ script_description(desc);
+ script_summary("Check for the Version of sudo");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Red Hat Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:redhat:enterprise_linux", "login/SSH/success", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "RHENT_5")
+{
+
+ if ((res = isrpmvuln(pkg:"sudo", rpm:"sudo~1.7.2p1~13.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"sudo-debuginfo", rpm:"sudo-debuginfo~1.7.2p1~13.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_RHSA-2012_0309-03_sudo.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_RHSA-2012_0310-03_nfs-utils.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_RHSA-2012_0310-03_nfs-utils.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_RHSA-2012_0310-03_nfs-utils.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,140 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# RedHat Update for nfs-utils RHSA-2012:0310-03
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ The nfs-utils package provides a daemon for the kernel Network File System
+ (NFS) server, and related tools such as the mount.nfs, umount.nfs, and
+ showmount programs.
+
+ It was found that the mount.nfs tool did not handle certain errors
+ correctly when updating the mtab (mounted file systems table) file. A
+ local attacker could use this flaw to corrupt the mtab file.
+ (CVE-2011-1749)
+
+ This update also fixes the following bugs:
+
+ * The nfs service failed to start if the NFSv1, NFSv2, and NFSv4 support
+ was disabled (the MOUNTD_NFS_V1="no", MOUNTD_NFS_V2="no" MOUNTD_NFS_V3="no"
+ lines in /etc/sysconfig/nfs were uncommented) because the mountd daemon
+ failed to handle the settings correctly. With this update, the underlying
+ code has been modified and the nfs service starts successfully in the
+ described scenario. (BZ#529588)
+
+ * When a user's Kerberos ticket expired, the "sh rpc.gssd" messages flooded
+ the /var/log/messages file. With this update, the excessive logging has
+ been suppressed. (BZ#593097)
+
+ * The crash simulation (SM_SIMU_CRASH) of the rpc.statd service had a
+ vulnerability that could be detected by ISS (Internet Security Scanner). As
+ a result, the rpc.statd service terminated unexpectedly with the following
+ error after an ISS scan:
+
+ rpc.statd[xxxx]: recv_rply: can't decode RPC message!
+ rpc.statd[xxxx]: *** SIMULATING CRASH! ***
+ rpc.statd[xxxx]: unable to register (statd, 1, udp).
+
+ However, the rpc.statd service ignored SM_SIMU_CRASH. This update removes
+ the simulation crash support from the service and the problem no longer
+ occurs. (BZ#600497)
+
+ * The nfs-utils init scripts returned incorrect status codes in the
+ following cases: if the rpcgssd and rpcsvcgssd daemon were not configured,
+ were provided an unknown argument, their function call failed, if a program
+ was no longer running and a /var/lock/subsys/$SERVICE file existed, if
+ starting a service under an unprivileged user, if a program was no longer
+ running and its pid file still existed in the /var/run/ directory. With
+ this update, the correct codes are returned in these scenarios. (BZ#710020)
+
+ * The "nfsstat -m" command did not display NFSv4 mounts. With this update,
+ the underlying code has been modified and the command returns the list of
+ all mounts, including any NFSv4 mounts, as expected. (BZ#712438)
+
+ * Previously, the nfs manual pages described the fsc mount option; however,
+ this option is not supported. This update removes the option description
+ from the ma ...
+
+ Description truncated, for more information please check the Reference URL
+
+ Affected Software/OS:
+ nfs-utils on Red Hat Enterprise Linux (v. 5 server)
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://www.redhat.com/archives/rhsa-announce/2012-February/msg00046.html ";
+
+if(description)
+{
+ script_id(870554);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-21 18:56:46 +0530 (Tue, 21 Feb 2012)");
+ script_cve_id("CVE-2011-1749");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "RHSA", value: "2012:0310-03");
+ script_name("RedHat Update for nfs-utils RHSA-2012:0310-03");
+
+ script_description(desc);
+ script_summary("Check for the Version of nfs-utils");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Red Hat Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:redhat:enterprise_linux", "login/SSH/success", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "RHENT_5")
+{
+
+ if ((res = isrpmvuln(pkg:"nfs-utils", rpm:"nfs-utils~1.0.9~60.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"nfs-utils-debuginfo", rpm:"nfs-utils-debuginfo~1.0.9~60.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_RHSA-2012_0310-03_nfs-utils.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_RHSA-2012_0311-03_ibutils.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_RHSA-2012_0311-03_ibutils.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_RHSA-2012_0311-03_ibutils.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,117 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# RedHat Update for ibutils RHSA-2012:0311-03
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ The ibutils packages provide InfiniBand network and path diagnostics.
+
+ It was found that the ibmssh executable had an insecure relative RPATH
+ (runtime library search path) set in the ELF (Executable and Linking
+ Format) header. A local user able to convince another user to run ibmssh in
+ an attacker-controlled directory could run arbitrary code with the
+ privileges of the victim. (CVE-2008-3277)
+
+ This update also fixes the following bug:
+
+ * Under certain circumstances, the "ibdiagnet -r" command could suffer from
+ memory corruption and terminate with a "double free or corruption" message
+ and a backtrace. With this update, the correct memory management function
+ is used to prevent the corruption. (BZ#711779)
+
+ All users of ibutils are advised to upgrade to these updated packages,
+ which contain backported patches to correct these issues.
+
+ Affected Software/OS:
+ ibutils on Red Hat Enterprise Linux (v. 5 server)
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://www.redhat.com/archives/rhsa-announce/2012-February/msg00045.html ";
+
+if(description)
+{
+ script_id(870565);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-21 18:57:32 +0530 (Tue, 21 Feb 2012)");
+ script_cve_id("CVE-2008-3277");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "RHSA", value: "2012:0311-03");
+ script_name("RedHat Update for ibutils RHSA-2012:0311-03");
+
+ script_description(desc);
+ script_summary("Check for the Version of ibutils");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Red Hat Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:redhat:enterprise_linux", "login/SSH/success", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "RHENT_5")
+{
+
+ if ((res = isrpmvuln(pkg:"ibutils", rpm:"ibutils~1.2~11.2.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"ibutils-debuginfo", rpm:"ibutils-debuginfo~1.2~11.2.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"ibutils-devel", rpm:"ibutils-devel~1.2~11.2.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"ibutils-libs", rpm:"ibutils-libs~1.2~11.2.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_RHSA-2012_0311-03_ibutils.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_RHSA-2012_0312-03_initscripts.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_RHSA-2012_0312-03_initscripts.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_RHSA-2012_0312-03_initscripts.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,129 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# RedHat Update for initscripts RHSA-2012:0312-03
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ The initscripts package contains system scripts to boot your system, change
+ runlevels, activate and deactivate most network interfaces, and shut the
+ system down cleanly.
+
+ With the default IPsec (Internet Protocol Security) ifup script
+ configuration, the racoon IKE key management daemon used aggressive IKE
+ mode instead of main IKE mode. This resulted in the preshared key (PSK)
+ hash being sent unencrypted, which could make it easier for an attacker
+ able to sniff network traffic to obtain the plain text PSK from a
+ transmitted hash. (CVE-2008-1198)
+
+ Red Hat would like to thank Aleksander Adamowski for reporting this issue.
+
+ This update also fixes the following bugs:
+
+ * Prior to this update, the DHCPv6 client was not terminated when the
+ network service was stopped. This update modifies the source so that the
+ client is now terminated when stopping the network service. (BZ#568896)
+
+ * Prior to this update, on some systems the rm command failed and reported
+ the error message "rm: cannot remove directory `/var/run/dovecot/login/':
+ Is a directory" during system boot. This update modifies the source so that
+ this error message no longer appears. (BZ#679998)
+
+ * Prior to this update, the netconsole script could not discover and
+ resolve the MAC address of the router specified in the
+ /etc/sysconfig/netconsole file. This update modifies the netconsole script
+ so that the script no longer fails when the arping tool returns the MAC
+ address of the router more than once. (BZ#744734)
+
+ * Prior to this update, the arp_ip_target was, due to a logic error, not
+ correctly removed via sysfs. As a consequence, the error "ifdown-eth: line
+ 64: echo: write error: Invalid argument" was reported when attempting to
+ shut down a bonding device. This update modifies the script so that the
+ error no longer appears and arp_ip_target is now correctly removed.
+ (BZ#745681)
+
+ All users of initscripts are advised to upgrade to this updated package,
+ which fixes these issues.
+
+ Affected Software/OS:
+ initscripts on Red Hat Enterprise Linux (v. 5 server)
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://www.redhat.com/archives/rhsa-announce/2012-February/msg00043.html ";
+
+if(description)
+{
+ script_id(870555);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-21 18:56:47 +0530 (Tue, 21 Feb 2012)");
+ script_cve_id("CVE-2008-1198");
+ script_tag(name:"cvss_base", value:"7.1");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:N/A:N");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "RHSA", value: "2012:0312-03");
+ script_name("RedHat Update for initscripts RHSA-2012:0312-03");
+
+ script_description(desc);
+ script_summary("Check for the Version of initscripts");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Red Hat Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:redhat:enterprise_linux", "login/SSH/success", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "RHENT_5")
+{
+
+ if ((res = isrpmvuln(pkg:"initscripts", rpm:"initscripts~8.45.42~1.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"initscripts-debuginfo", rpm:"initscripts-debuginfo~8.45.42~1.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_RHSA-2012_0312-03_initscripts.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_RHSA-2012_0313-03_samba.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_RHSA-2012_0313-03_samba.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_RHSA-2012_0313-03_samba.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,158 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# RedHat Update for samba RHSA-2012:0313-03
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ Samba is an open-source implementation of the Server Message Block (SMB) or
+ Common Internet File System (CIFS) protocol, which allows PC-compatible
+ machines to share files, printers, and other information.
+
+ The default Samba server configuration enabled both the "wide links" and
+ "unix extensions" options, allowing Samba clients with write access to a
+ share to create symbolic links that point to any location on the file
+ system. Clients connecting with CIFS UNIX extensions disabled could have
+ such links resolved on the server, allowing them to access and possibly
+ overwrite files outside of the share. With this update, "wide links" is
+ set to "no" by default. In addition, the update ensures "wide links" is
+ disabled for shares that have "unix extensions" enabled. (CVE-2010-0926)
+
+ Warning: This update may cause files and directories that are only linked
+ to Samba shares using symbolic links to become inaccessible to Samba
+ clients. In deployments where support for CIFS UNIX extensions is not
+ needed (such as when files are exported to Microsoft Windows clients),
+ administrators may prefer to set the "unix extensions" option to "no" to
+ allow the use of symbolic links to access files out of the shared
+ directories. All existing symbolic links in a share should be reviewed
+ before re-enabling "wide links".
+
+ These updated samba packages also fix the following bug:
+
+ * The smbclient tool sometimes failed to return the proper exit status
+ code. Consequently, using smbclient in a script caused some scripts to
+ fail. With this update, an upstream patch has been applied and smbclient
+ now returns the correct exit status. (BZ#768908)
+
+ In addition, these updated samba packages provide the following
+ enhancement:
+
+ * With this update, support for Windows Server 2008 R2 domains has been
+ added. (BZ#736124)
+
+ Users are advised to upgrade to these updated samba packages, which correct
+ these issues and add this enhancement. After installing this update, the
+ smb service will be restarted automatically.
+
+ Affected Software/OS:
+ samba on Red Hat Enterprise Linux (v. 5 server)
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://www.redhat.com/archives/rhsa-announce/2012-February/msg00042.html ";
+
+if(description)
+{
+ script_id(870551);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-21 18:56:40 +0530 (Tue, 21 Feb 2012)");
+ script_cve_id("CVE-2010-0926");
+ script_tag(name:"cvss_base", value:"3.5");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:S/C:P/I:N/A:N");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_xref(name: "RHSA", value: "2012:0313-03");
+ script_name("RedHat Update for samba RHSA-2012:0313-03");
+
+ script_description(desc);
+ script_summary("Check for the Version of samba");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Red Hat Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:redhat:enterprise_linux", "login/SSH/success", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "RHENT_5")
+{
+
+ if ((res = isrpmvuln(pkg:"libsmbclient", rpm:"libsmbclient~3.0.33~3.37.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"libsmbclient-devel", rpm:"libsmbclient-devel~3.0.33~3.37.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"samba", rpm:"samba~3.0.33~3.37.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"samba-client", rpm:"samba-client~3.0.33~3.37.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"samba-common", rpm:"samba-common~3.0.33~3.37.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"samba-debuginfo", rpm:"samba-debuginfo~3.0.33~3.37.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"samba-swat", rpm:"samba-swat~3.0.33~3.37.el5", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_RHSA-2012_0313-03_samba.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_RHSA-2012_0317-01_libpng.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_RHSA-2012_0317-01_libpng.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_RHSA-2012_0317-01_libpng.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,155 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# RedHat Update for libpng RHSA-2012:0317-01
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ The libpng packages contain a library of functions for creating and
+ manipulating PNG (Portable Network Graphics) image format files.
+
+ A heap-based buffer overflow flaw was found in libpng. An attacker could
+ create a specially-crafted PNG image that, when opened, could cause an
+ application using libpng to crash or, possibly, execute arbitrary code with
+ the privileges of the user running the application. (CVE-2011-3026)
+
+ Users of libpng and libpng10 should upgrade to these updated packages,
+ which contain a backported patch to correct this issue. All running
+ applications using libpng or libpng10 must be restarted for the update to
+ take effect.
+
+ Affected Software/OS:
+ libpng on Red Hat Enterprise Linux (v. 5 server),
+ Red Hat Enterprise Linux AS version 4,
+ Red Hat Enterprise Linux ES version 4,
+ Red Hat Enterprise Linux WS version 4
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://www.redhat.com/archives/rhsa-announce/2012-February/msg00041.html ";
+
+if(description)
+{
+ script_id(870549);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-21 18:56:15 +0530 (Tue, 21 Feb 2012)");
+ script_cve_id("CVE-2011-3026");
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "RHSA", value: "2012:0317-01");
+ script_name("RedHat Update for libpng RHSA-2012:0317-01");
+
+ script_description(desc);
+ script_summary("Check for the Version of libpng");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Red Hat Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:redhat:enterprise_linux", "login/SSH/success", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "RHENT_5")
+{
+
+ if ((res = isrpmvuln(pkg:"libpng", rpm:"libpng~1.2.10~15.el5_7", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"libpng-debuginfo", rpm:"libpng-debuginfo~1.2.10~15.el5_7", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"libpng-devel", rpm:"libpng-devel~1.2.10~15.el5_7", rls:"RHENT_5")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+
+if(release == "RHENT_4")
+{
+
+ if ((res = isrpmvuln(pkg:"libpng", rpm:"libpng~1.2.7~9.el4", rls:"RHENT_4")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"libpng-debuginfo", rpm:"libpng-debuginfo~1.2.7~9.el4", rls:"RHENT_4")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"libpng-devel", rpm:"libpng-devel~1.2.7~9.el4", rls:"RHENT_4")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"libpng10", rpm:"libpng10~1.0.16~10.el4", rls:"RHENT_4")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"libpng10-debuginfo", rpm:"libpng10-debuginfo~1.0.16~10.el4", rls:"RHENT_4")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"libpng10-devel", rpm:"libpng10-devel~1.0.16~10.el4", rls:"RHENT_4")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_RHSA-2012_0317-01_libpng.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Modified: trunk/openvas-plugins/scripts/gb_STHS_51991.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_STHS_51991.nasl 2012-02-27 14:45:20 UTC (rev 12920)
+++ trunk/openvas-plugins/scripts/gb_STHS_51991.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -29,6 +29,7 @@
{
script_id(103421);
script_bugtraq_id(51991);
+ script_cve_id("CVE-2012-1217");
script_version ("$Revision$");
script_name("STHS v2 Web Portal 'team' parameter Multiple SQL Injection Vulnerabilities");
@@ -47,9 +48,12 @@
References:
http://www.securityfocus.com/bid/51991
+http://xforce.iss.net/xforce/xfdb/73154
http://www.simhl.net/
http://0nto.wordpress.com/2012/02/13/sths-v2-web-portal-2-2-sql-injection-vulnerabilty/";
+ script_tag(name:"cvss_base", value:"4.3");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_tag(name:"risk_factor", value:"Medium");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2012-02-15 11:22:27 +0100 (Wed, 15 Feb 2012)");
Property changes on: trunk/openvas-plugins/scripts/gb_STHS_51991.nasl
___________________________________________________________________
Modified: svn:keywords
- Id Revision Date
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_feb12_win_01.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_feb12_win_01.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_feb12_win_01.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,124 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Oracle Java SE Multiple Vulnerabilities - February 2012 (Windows - 01)
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802610);
+ script_version("$Revision$");
+ script_cve_id("CVE-2011-3563", "CVE-2012-0499", "CVE-2012-0502",
+ "CVE-2012-0503", "CVE-2012-0505", "CVE-2012-0506");
+ script_bugtraq_id(52011, 52012, 52014, 52016, 52017, 52018);
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-21 16:16:16 +0530 (Tue, 21 Feb 2012)");
+ script_name("Oracle Java SE Multiple Vulnerabilities - February 2012 (Windows - 01)");
+ desc = "
+ Overview: This host is installed with Oracle Java SE and is prone to multiple
+ vulnerabilities.
+
+ Vulnerability Insight:
+ Multiple flaws are caused due to unspecified errors in the following
+ components:
+ - 2D
+ - AWT
+ - Sound
+ - I18n
+ - CORBA
+ - Serialization
+
+ Impact:
+ Successful exploitation allows remote attackers to affect confidentiality,
+ integrity, and availability via unknown vectors.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33
+ and earlier, and 1.4.2_35 and earlier
+
+ Fix: Upgrade to Oracle Java SE versions 7 Update 3, 6 Update 31, 5.0 Update
+ 34, 1.4.2_36 or later. For updates refer,
+ http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html
+
+ References:
+ http://secunia.com/advisories/48009
+ http://www.pre-cert.de/advisories/PRE-SA-2012-01.txt
+ http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html
+ http://www.oracle.com/technetwork/java/javase/documentation/overview-142120.html
+ http://www.oracle.com/technetwork/java/javase/documentation/overview-137139.html ";
+
+ script_description(desc);
+ script_summary("Check for the version of Sun Java SE JRE/JDK");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("This script is Copyright (C) 2012 Greenbone Networks GmbH");
+ script_family("General");
+ script_dependencies("gb_java_prdts_detect_win.nasl");
+ script_require_keys("Sun/Java/JRE/Win/Ver", "Sun/Java/JDK/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+## Variable Initialization
+jreVer = NULL;
+jdkVer = NULL;
+
+## Get JRE Version from KB
+jreVer = get_kb_item("Sun/Java/JRE/Win/Ver");
+if(jreVer)
+{
+ jreVer = ereg_replace(pattern:"_|-", string:jreVer, replace: ".");
+
+ ## Check for Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier,
+ ## 5.0 Update 33 and earlier, and 1.4.2_35 and earlier
+ if(version_is_less_equal(version:jreVer, test_version:"1.4.2.35") ||
+ version_in_range(version:jreVer, test_version:"1.7", test_version2:"1.7.0.2")||
+ version_in_range(version:jreVer, test_version:"1.6", test_version2:"1.6.0.30")||
+ version_in_range(version:jreVer, test_version:"1.5", test_version2:"1.5.0.33"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
+
+## Get JDK Version from KB
+jdkVer = get_kb_item("Sun/Java/JDK/Win/Ver");
+if(jdkVer)
+{
+ jdkVer = ereg_replace(pattern:"_|-", string:jdkVer, replace: ".");
+
+ ## Check for Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier,
+ ## 5.0 Update 33 and earlier, and 1.4.2_35 and earlier
+ if(version_is_less_equal(version:jdkVer, test_version:"1.4.2.35") ||
+ version_in_range(version:jdkVer, test_version:"1.7", test_version2:"1.7.0.2")||
+ version_in_range(version:jdkVer, test_version:"1.6", test_version2:"1.6.0.30")||
+ version_in_range(version:jdkVer, test_version:"1.5", test_version2:"1.5.0.33")){
+ security_hole(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_feb12_win_01.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_feb12_win_02.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_feb12_win_02.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_feb12_win_02.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,111 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Oracle Java SE Multiple Vulnerabilities - February 2012 (Windows - 02)
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802611);
+ script_version("$Revision$");
+ script_cve_id("CVE-2012-0497", "CVE-2012-0500", "CVE-2012-0504");
+ script_bugtraq_id(52009, 52015, 52020);
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-21 17:17:17 +0530 (Tue, 21 Feb 2012)");
+ script_name("Oracle Java SE Multiple Vulnerabilities - February 2012 (Windows - 02)");
+ desc = "
+ Overview: This host is installed with Oracle Java SE and is prone to multiple
+ vulnerabilities.
+
+ Vulnerability Insight:
+ Multiple flaws are caused due to unspecified errors in the following
+ components:
+ - 2D
+ - Install
+ - Deployment
+
+ Impact:
+ Successful exploitation allows remote attackers to affect confidentiality,
+ integrity, and availability via unknown vectors.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier
+
+ Fix: Upgrade to Oracle Java SE versions 7 Update 3, 6 Update 31 or later.
+ For updates refer,
+ http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html
+
+ References:
+ http://secunia.com/advisories/48009
+ http://www.pre-cert.de/advisories/PRE-SA-2012-01.txt
+ http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html ";
+
+ script_description(desc);
+ script_summary("Check for the version of Sun Java SE JRE/JDK");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("This script is Copyright (C) 2012 Greenbone Networks GmbH");
+ script_family("General");
+ script_dependencies("gb_java_prdts_detect_win.nasl");
+ script_require_keys("Sun/Java/JRE/Win/Ver", "Sun/Java/JDK/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+## Variable Initialization
+jreVer = NULL;
+jdkVer = NULL;
+
+## Get JRE Version from KB
+jreVer = get_kb_item("Sun/Java/JRE/Win/Ver");
+if(jreVer)
+{
+ jreVer = ereg_replace(pattern:"_|-", string:jreVer, replace: ".");
+
+ ## Check for Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier
+ if(version_in_range(version:jreVer, test_version:"1.7", test_version2:"1.7.0.2")||
+ version_in_range(version:jreVer, test_version:"1.6", test_version2:"1.6.0.30"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
+
+## Get JDK Version from KB
+jdkVer = get_kb_item("Sun/Java/JDK/Win/Ver");
+if(jdkVer)
+{
+ jdkVer = ereg_replace(pattern:"_|-", string:jdkVer, replace: ".");
+
+ ## Check for Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier,
+ if(version_in_range(version:jdkVer, test_version:"1.7", test_version2:"1.7.0.2")||
+ version_in_range(version:jdkVer, test_version:"1.6", test_version2:"1.6.0.30")){
+ security_hole(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_feb12_win_02.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_feb12_win_03.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_feb12_win_03.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_feb12_win_03.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,118 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Oracle Java SE Multiple Vulnerabilities - February 2012 (Windows - 03)
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802612);
+ script_version("$Revision$");
+ script_cve_id("CVE-2012-0498", "CVE-2012-0501");
+ script_bugtraq_id(52013, 52019);
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-21 17:17:17 +0530 (Tue, 21 Feb 2012)");
+ script_name("Oracle Java SE Multiple Vulnerabilities - February 2012 (Windows - 03)");
+ desc = "
+ Overview: This host is installed with Oracle Java SE and is prone to multiple
+ vulnerabilities.
+
+ Vulnerability Insight:
+ Multiple flaws are caused due to unspecified errors in the following
+ components:
+ - 2D
+ - Java Runtime Environment
+
+ Impact:
+ Successful exploitation allows remote attackers to affect confidentiality,
+ integrity, and availability via unknown vectors.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier,
+ and 5.0 Update 33 and earlier
+
+ Fix: Upgrade to Oracle Java SE versions 7 Update 3, 6 Update 31, 5.0 Update
+ 34 or later. For updates refer,
+ http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html
+
+ References:
+ http://secunia.com/advisories/48009
+ http://www.pre-cert.de/advisories/PRE-SA-2012-01.txt
+ http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html
+ http://www.oracle.com/technetwork/java/javase/documentation/overview-142120.html
+ http://www.oracle.com/technetwork/java/javase/documentation/overview-137139.html
+ http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=970";
+
+ script_description(desc);
+ script_summary("Check for the version of Sun Java SE JRE/JDK");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("This script is Copyright (C) 2012 Greenbone Networks GmbH");
+ script_family("General");
+ script_dependencies("gb_java_prdts_detect_win.nasl");
+ script_require_keys("Sun/Java/JRE/Win/Ver", "Sun/Java/JDK/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+## Variable Initialization
+jreVer = NULL;
+jdkVer = NULL;
+
+## Get JRE Version from KB
+jreVer = get_kb_item("Sun/Java/JRE/Win/Ver");
+if(jreVer)
+{
+ jreVer = ereg_replace(pattern:"_|-", string:jreVer, replace: ".");
+
+ ## Check for Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier,
+ ## 5.0 Update 33 and earlier
+ if(version_in_range(version:jreVer, test_version:"1.7", test_version2:"1.7.0.2")||
+ version_in_range(version:jreVer, test_version:"1.6", test_version2:"1.6.0.30")||
+ version_in_range(version:jreVer, test_version:"1.5", test_version2:"1.5.0.33"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
+
+## Get JDK Version from KB
+jdkVer = get_kb_item("Sun/Java/JDK/Win/Ver");
+if(jdkVer)
+{
+ jdkVer = ereg_replace(pattern:"_|-", string:jdkVer, replace: ".");
+
+ ## Check for Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier,
+ ## 5.0 Update 33 and earlier
+ if(version_in_range(version:jdkVer, test_version:"1.7", test_version2:"1.7.0.2")||
+ version_in_range(version:jdkVer, test_version:"1.6", test_version2:"1.6.0.30")||
+ version_in_range(version:jdkVer, test_version:"1.5", test_version2:"1.5.0.33")){
+ security_hole(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_oracle_java_se_mult_vuln_feb12_win_03.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_realplayer_atrac_sample_code_exec_vuln_macosx.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_realplayer_atrac_sample_code_exec_vuln_macosx.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_realplayer_atrac_sample_code_exec_vuln_macosx.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,89 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# RealNetworks RealPlayer Atrac Sample Decoding Remote Code Execution Vulnerability (Mac OS X)
+#
+# Authors:
+# Rachana Shetty <srachana at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802802);
+ script_version("$Revision$");
+ script_cve_id("CVE-2012-0928");
+ script_bugtraq_id(51890);
+ script_tag(name:"cvss_base", value:"9.3");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-21 15:31:43 +0530 (Tue, 21 Feb 2012)");
+ script_name(" RealNetworks RealPlayer Atrac Sample Decoding Remote Code Execution Vulnerability (Mac OS X)");
+ desc = "
+ Overview: This host is installed with RealPlayer which is prone to remote
+ code execution vulnerability.
+
+ Vulnerability Insight:
+ The flaw is caused due to an improper decoding of samples by ATRAC codec,
+ which allows remote attackers to execute arbitrary code via a crafted ATRAC
+ audio file.
+
+ Impact: Successful exploitation allows remote attackers to execute arbitrary
+ code.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ RealPlayer versions 12.X through 12.0.0.1701 on Mac OS X
+
+ Fix: Upgrade to RealPlayer version 12.0.0.1703 or later,
+ For Updates Refer, http://www.real.com/player
+
+ References:
+ http://securitytracker.com/id/1026643
+ http://www.securityfocus.com/bid/51890
+ http://service.real.com/realplayer/security/02062012_player/en/ ";
+
+ script_description(desc);
+ script_summary("Check for the version of RealPlayer");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("General");
+ script_dependencies("secpod_realplayer_detect_macosx.nasl");
+ script_require_keys("RealPlayer/MacOSX/Version", "ssh/login/uname");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+# Variable Initialization
+rpVer = NULL;
+
+#Get Version
+rpVer = get_kb_item("RealPlayer/MacOSX/Version");
+if(isnull(rpVer)){
+ exit(0);
+}
+
+## Check for Realplayer version
+if(version_in_range(version:rpVer, test_version:"12.0", test_version2:"12.0.0.1701")){
+ security_hole(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_realplayer_atrac_sample_code_exec_vuln_macosx.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_realplayer_atrac_sample_code_exec_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_realplayer_atrac_sample_code_exec_vuln_win.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_realplayer_atrac_sample_code_exec_vuln_win.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,92 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# RealNetworks RealPlayer Atrac Sample Decoding Remote Code Execution Vulnerability (Win)
+#
+# Authors:
+# Rachana Shetty <srachana at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802801);
+ script_version("$Revision$");
+ script_cve_id("CVE-2012-0928");
+ script_bugtraq_id(51890);
+ script_tag(name:"cvss_base", value:"9.3");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-21 15:19:43 +0530 (Tue, 21 Feb 2012)");
+ script_name(" RealNetworks RealPlayer Atrac Sample Decoding Remote Code Execution Vulnerability (Win)");
+ desc = "
+ Overview: This host is installed with RealPlayer which is prone to remote
+ code execution vulnerability.
+
+ Vulnerability Insight:
+ The flaw is caused due to an improper decoding of samples by ATRAC codec,
+ which allows remote attackers to execute arbitrary code via a crafted ATRAC
+ audio file.
+
+ Impact: Successful exploitation allows remote attackers to execute arbitrary
+ code.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ RealPlayer versions 11.x and 14.x
+ RealPlayer SP versions 1.0 through 1.1.5 (12.0.0.879) on Windows
+
+ Fix: Upgrade to RealPlayer version 15.2.71 or later,
+ For Updates Refer, http://www.real.com/player
+
+ References:
+ http://securitytracker.com/id/1026643
+ http://www.securityfocus.com/bid/51890
+ http://service.real.com/realplayer/security/02062012_player/en/ ";
+
+ script_description(desc);
+ script_summary("Check for the version of RealPlayer");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("General");
+ script_dependencies("gb_realplayer_detect_win.nasl");
+ script_require_keys("RealPlayer/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+# Variable Initialization
+rpVer = NULL;
+
+#Get Version
+rpVer = get_kb_item("RealPlayer/Win/Ver");
+if(isnull(rpVer)){
+ exit(0);
+}
+
+## Check for Realplayer version
+# versions 14 comes has 12.0.1
+if((rpVer =~ "^11\.*") || (rpVer =~ "^12\.0\.1\.*") ||
+ version_in_range(version:rpVer, test_version:"12.0.0", test_version2:"12.0.0.879")){
+ security_hole(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_realplayer_atrac_sample_code_exec_vuln_win.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_realplayer_mult_vuln_win_feb12.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_realplayer_mult_vuln_win_feb12.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_realplayer_mult_vuln_win_feb12.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,101 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# RealNetworks RealPlayer Multiple Vulnerabilities (Win) - Feb12
+#
+# Authors:
+# Rachana Shetty <srachana at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802800);
+ script_version("$Revision$");
+ script_cve_id("CVE-2012-0922", "CVE-2012-0923", "CVE-2012-0924", "CVE-2012-0925",
+ "CVE-2012-0926", "CVE-2012-0927");
+ script_bugtraq_id(51883, 51884, 51885, 51887, 51888, 51889);
+ script_tag(name:"cvss_base", value:"9.3");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-21 13:01:53 +0530 (Tue, 21 Feb 2012)");
+ script_name("RealNetworks RealPlayer Multiple Vulnerabilities (Win) - Feb12");
+ desc = "
+ Overview: This host is installed with RealPlayer which is prone to multiple
+ vulnerabilities
+
+ Vulnerability Insight:
+ The flaws are caused due to,
+ - An unspecified error in rvrender.dll, which allows to execute arbitrary
+ code via a crafted flags in an RMFF file.
+ - Improper handling of the frame size array by the RV20 codec, which allows
+ to execute arbitrary code via a crafted RV20 RealVideo video stream.
+ - Unspecified errors when processing VIDOBJ_START_CODE segments and
+ coded_frame_size value in RealAudio audio stream.
+ - An unspecified error in the RV40 and RV10 codec, which allows to execute
+ arbitrary code via a crafted RV40 or RV10 RealVideo video stream.
+
+ Impact: Successful exploitation allows remote attackers to execute arbitrary
+ code.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ RealPlayer versions 11.x and 14.x
+ RealPlayer versions 15.x before 15.02.71
+ RealPlayer SP versions 1.0 through 1.1.5 (12.0.0.879)
+
+ Fix: Upgrade to RealPlayer version 15.02.71 or later,
+ For Updates Refer, http://www.real.com/player
+
+ References:
+ http://secunia.com/advisories/47896/
+ http://securitytracker.com/id/1026643
+ http://service.real.com/realplayer/security/02062012_player/en/ ";
+
+ script_description(desc);
+ script_summary("Check for the version of RealPlayer");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("General");
+ script_dependencies("gb_realplayer_detect_win.nasl");
+ script_require_keys("RealPlayer/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+# Variable Initialization
+rpVer = NULL;
+
+#Get Version
+rpVer = get_kb_item("RealPlayer/Win/Ver");
+if(isnull(rpVer)){
+ exit(0);
+}
+
+## Check for Realplayer version
+# versions 14 comes has 12.0.1
+if((rpVer =~ "^11\.*") || (rpVer =~ "^12\.0\.1\.*") ||
+ version_in_range(version:rpVer, test_version:"12.0.0", test_version2:"12.0.0.879") ||
+ version_in_range(version:rpVer, test_version:"15.0.0", test_version2:"15.0.1.13")){
+ security_hole(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_realplayer_mult_vuln_win_feb12.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_ubuntu_USN_1284_2.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ubuntu_USN_1284_2.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_ubuntu_USN_1284_2.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,148 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Ubuntu Update for update-manager USN-1284-2
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+
+ USN-1284-1 fixed vulnerabilities in Update Manager. One of the fixes
+ introduced a regression for Kubuntu users attempting to upgrade to a newer
+ Ubuntu release. This update fixes the problem.
+
+ We apologize for the inconvenience.
+
+ Original advisory details:
+
+ David Black discovered that Update Manager incorrectly extracted the
+ downloaded upgrade tarball before verifying its GPG signature. If a remote
+ attacker were able to perform a man-in-the-middle attack, this flaw could
+ potentially be used to replace arbitrary files. (CVE-2011-3152)
+
+ David Black discovered that Update Manager created a temporary directory
+ in an insecure fashion. A local attacker could possibly use this flaw to
+ read the XAUTHORITY file of the user performing the upgrade.
+ (CVE-2011-3154)
+
+ This update also adds a hotfix to Update Notifier to handle cases where the
+ upgrade is being performed from CD media.
+
+ Affected Software/OS:
+ update-manager on Ubuntu 11.04 ,
+ Ubuntu 10.10 ,
+ Ubuntu 10.04 LTS ,
+ Ubuntu 8.04 LTS
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://lists.ubuntu.com/archives/ubuntu-security-announce/2012-February/001592.html ";
+
+if(description)
+{
+ script_id(840901);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-21 19:00:18 +0530 (Tue, 21 Feb 2012)");
+ script_cve_id("CVE-2011-3152", "CVE-2011-3154");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "USN", value: "1284-2");
+ script_name("Ubuntu Update for update-manager USN-1284-2");
+
+ script_description(desc);
+ script_summary("Check for the Version of update-manager");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Ubuntu Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("login/SSH/success", "HostDetails/OS/cpe:/o:canonical:ubuntu_linux", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-deb.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "UBUNTU10.10")
+{
+
+ if ((res = isdpkgvuln(pkg:"update-manager-core", ver:"0.142.23.2", rls:"UBUNTU10.10")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+
+if(release == "UBUNTU10.04 LTS")
+{
+
+ if ((res = isdpkgvuln(pkg:"update-manager-core", ver:"0.134.11.2", rls:"UBUNTU10.04 LTS")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+
+if(release == "UBUNTU11.04")
+{
+
+ if ((res = isdpkgvuln(pkg:"update-manager-core", ver:"0.150.5.2", rls:"UBUNTU11.04")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+
+if(release == "UBUNTU8.04 LTS")
+{
+
+ if ((res = isdpkgvuln(pkg:"update-manager-core", ver:"0.87.33", rls:"UBUNTU8.04 LTS")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_ubuntu_USN_1284_2.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_ubuntu_USN_1358_2.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ubuntu_USN_1358_2.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_ubuntu_USN_1358_2.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,253 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Ubuntu Update for php5 USN-1358-2
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+
+ USN 1358-1 fixed multiple vulnerabilities in PHP. The fix for
+ CVE-2012-0831 introduced a regression where the state of the
+ magic_quotes_gpc setting was not correctly reflected when calling
+ the ini_get() function.
+
+ We apologize for the inconvenience.
+
+ Original advisory details:
+
+ It was discovered that PHP computed hash values for form parameters
+ without restricting the ability to trigger hash collisions predictably.
+ This could allow a remote attacker to cause a denial of service by
+ sending many crafted parameters. (CVE-2011-4885)
+
+ ATTENTION: this update changes previous PHP behavior by
+ limiting the number of external input variables to 1000.
+ This may be increased by adding a "max_input_vars"
+ directive to the php.ini configuration file. See
+ http://www.php.net/manual/en/info.configuration.php#ini.max-input-vars
+ for more information.
+
+ Stefan Esser discovered that the fix to address the predictable hash
+ collision issue, CVE-2011-4885, did not properly handle the situation
+ where the limit was reached. This could allow a remote attacker to
+ cause a denial of service or execute arbitrary code via a request
+ containing a large number of variables. (CVE-2012-0830)
+
+ It was discovered that PHP did not always check the return value of
+ the zend_strndup function. This could allow a remote attacker to
+ cause a denial of service. (CVE-2011-4153)
+
+ It was discovered that PHP did not properly enforce libxslt security
+ settings. This could allow a remote attacker to create arbitrary
+ files via a crafted XSLT stylesheet that uses the libxslt output
+ extension. (CVE-2012-0057)
+
+ It was discovered that PHP did not properly enforce that PDORow
+ objects could not be serialized and not be saved in a session. A
+ remote attacker could use this to cause a denial of service via an
+ application crash. (CVE-2012-0788)
+
+ It was discovered that PHP allowed the magic_quotes_gpc setting to
+ be disabled remotely. This could allow a remote attacker to bypass
+ restrictions that could prevent an SQL injection. (CVE-2012-0831)
+
+ USN 1126-1 addressed an issue where the /etc/cron.d/php5 cron job
+ for PHP allowed local users to delete arbitrary files via a symlink
+ attack on a directory under /var/lib/php5/. Emese Revfy discovered
+ that the fix had not been applied to PHP for Ubuntu 10.04 LTS. This
+ update corrects the issue. We apologize for the error. (CVE-2011-0441)
+
+ Affected Software/OS:
+ php5 on Ubuntu 11.04 ,
+ Ubuntu 10.10 ,
+ Ubuntu 10.04 LTS ,
+ Ubuntu 8.04 LTS
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://lists.ubuntu.com/archives/ubuntu-security-announce/2012-February/001585.html ";
+
+if(description)
+{
+ script_id(840895);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-21 18:59:05 +0530 (Tue, 21 Feb 2012)");
+ script_cve_id("CVE-2012-0831", "CVE-2011-4885", "CVE-2012-0830", "CVE-2011-4153",
+ "CVE-2012-0057", "CVE-2012-0788", "CVE-2011-0441");
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "USN", value: "1358-2");
+ script_name("Ubuntu Update for php5 USN-1358-2");
+
+ script_description(desc);
+ script_summary("Check for the Version of php5");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Ubuntu Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("login/SSH/success", "HostDetails/OS/cpe:/o:canonical:ubuntu_linux", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-deb.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "UBUNTU10.10")
+{
+
+ if ((res = isdpkgvuln(pkg:"libapache2-mod-php5", ver:"5.3.3-1ubuntu9.10", rls:"UBUNTU10.10")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"php5", ver:"5.3.3-1ubuntu9.10", rls:"UBUNTU10.10")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"php5-cgi", ver:"5.3.3-1ubuntu9.10", rls:"UBUNTU10.10")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"php5-cli", ver:"5.3.3-1ubuntu9.10", rls:"UBUNTU10.10")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+
+if(release == "UBUNTU10.04 LTS")
+{
+
+ if ((res = isdpkgvuln(pkg:"libapache2-mod-php5", ver:"5.3.2-1ubuntu4.14", rls:"UBUNTU10.04 LTS")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"php5", ver:"5.3.2-1ubuntu4.14", rls:"UBUNTU10.04 LTS")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"php5-cgi", ver:"5.3.2-1ubuntu4.14", rls:"UBUNTU10.04 LTS")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"php5-cli", ver:"5.3.2-1ubuntu4.14", rls:"UBUNTU10.04 LTS")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+
+if(release == "UBUNTU11.04")
+{
+
+ if ((res = isdpkgvuln(pkg:"libapache2-mod-php5", ver:"5.3.5-1ubuntu7.7", rls:"UBUNTU11.04")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"php5", ver:"5.3.5-1ubuntu7.7", rls:"UBUNTU11.04")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"php5-cgi", ver:"5.3.5-1ubuntu7.7", rls:"UBUNTU11.04")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"php5-cli", ver:"5.3.5-1ubuntu7.7", rls:"UBUNTU11.04")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+
+if(release == "UBUNTU8.04 LTS")
+{
+
+ if ((res = isdpkgvuln(pkg:"libapache2-mod-php5", ver:"5.2.4-2ubuntu5.23", rls:"UBUNTU8.04 LTS")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"php5", ver:"5.2.4-2ubuntu5.23", rls:"UBUNTU8.04 LTS")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"php5-cgi", ver:"5.2.4-2ubuntu5.23", rls:"UBUNTU8.04 LTS")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"php5-cli", ver:"5.2.4-2ubuntu5.23", rls:"UBUNTU8.04 LTS")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_ubuntu_USN_1358_2.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_ubuntu_USN_1359_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ubuntu_USN_1359_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_ubuntu_USN_1359_1.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,128 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Ubuntu Update for tomcat6 USN-1359-1
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+
+ It was discovered that Tomcat incorrectly performed certain caching and
+ recycling operations. A remote attacker could use this flaw to obtain read
+ access to IP address and HTTP header information in certain cases. This
+ issue only applied to Ubuntu 11.10. (CVE-2011-3375)
+
+ It was discovered that Tomcat computed hash values for form parameters
+ without restricting the ability to trigger hash collisions predictably.
+ A remote attacker could cause a denial of service by sending many crafted
+ parameters. (CVE-2011-4858)
+
+ It was discovered that Tomcat incorrectly handled parameters. A remote
+ attacker could cause a denial of service by sending requests with a large
+ number of parameters and values. (CVE-2012-0022)
+
+ Affected Software/OS:
+ tomcat6 on Ubuntu 11.04 ,
+ Ubuntu 10.10 ,
+ Ubuntu 10.04 LTS
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://lists.ubuntu.com/archives/ubuntu-security-announce/2012-February/001583.html ";
+
+if(description)
+{
+ script_id(840899);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-21 19:00:02 +0530 (Tue, 21 Feb 2012)");
+ script_cve_id("CVE-2011-3375", "CVE-2011-4858", "CVE-2012-0022");
+ script_tag(name:"cvss_base", value:"5.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_xref(name: "USN", value: "1359-1");
+ script_name("Ubuntu Update for tomcat6 USN-1359-1");
+
+ script_description(desc);
+ script_summary("Check for the Version of tomcat6");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Ubuntu Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("login/SSH/success", "HostDetails/OS/cpe:/o:canonical:ubuntu_linux", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-deb.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "UBUNTU10.10")
+{
+
+ if ((res = isdpkgvuln(pkg:"libtomcat6-java", ver:"6.0.28-2ubuntu1.6", rls:"UBUNTU10.10")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+
+if(release == "UBUNTU10.04 LTS")
+{
+
+ if ((res = isdpkgvuln(pkg:"libtomcat6-java", ver:"6.0.24-2ubuntu1.10", rls:"UBUNTU10.04 LTS")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+
+if(release == "UBUNTU11.04")
+{
+
+ if ((res = isdpkgvuln(pkg:"libtomcat6-java", ver:"6.0.28-10ubuntu2.3", rls:"UBUNTU11.04")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_ubuntu_USN_1359_1.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_ubuntu_USN_1360_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ubuntu_USN_1360_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_ubuntu_USN_1360_1.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,119 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Ubuntu Update for firefox USN-1360-1
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+
+ Andrew McCreight and Olli Pettay discovered a use-after-free vulnerability
+ in the XBL bindings. An attacker could exploit this to cause a denial of
+ service via application crash, or potentially execute code with the
+ privileges of the user invoking Firefox. (CVE-2012-0452)
+
+ Affected Software/OS:
+ firefox on Ubuntu 11.04 ,
+ Ubuntu 10.10 ,
+ Ubuntu 10.04 LTS
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://lists.ubuntu.com/archives/ubuntu-security-announce/2012-February/001584.html ";
+
+if(description)
+{
+ script_id(840903);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-21 19:00:39 +0530 (Tue, 21 Feb 2012)");
+ script_cve_id("CVE-2012-0452");
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "USN", value: "1360-1");
+ script_name("Ubuntu Update for firefox USN-1360-1");
+
+ script_description(desc);
+ script_summary("Check for the Version of firefox");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Ubuntu Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("login/SSH/success", "HostDetails/OS/cpe:/o:canonical:ubuntu_linux", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-deb.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "UBUNTU10.10")
+{
+
+ if ((res = isdpkgvuln(pkg:"firefox", ver:"10.0.1+build1-0ubuntu0.10.10.1", rls:"UBUNTU10.10")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+
+if(release == "UBUNTU10.04 LTS")
+{
+
+ if ((res = isdpkgvuln(pkg:"firefox", ver:"10.0.1+build1-0ubuntu0.10.04.1", rls:"UBUNTU10.04 LTS")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+
+if(release == "UBUNTU11.04")
+{
+
+ if ((res = isdpkgvuln(pkg:"firefox", ver:"10.0.1+build1-0ubuntu0.11.04.1", rls:"UBUNTU11.04")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_ubuntu_USN_1360_1.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_ubuntu_USN_1361_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ubuntu_USN_1361_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_ubuntu_USN_1361_1.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,148 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Ubuntu Update for linux USN-1361-1
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+
+ Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user
+ who can mount a FUSE file system could cause a denial of service.
+ (CVE-2011-3353)
+
+ A flaw was found in KVM's Programmable Interval Timer (PIT). When a virtual
+ interrupt control is not available a local user could use this to cause a
+ denial of service by starting a timer. (CVE-2011-4622)
+
+ A flaw was discovered in the XFS filesystem. If a local user mounts a
+ specially crafted XFS image it could potential execute arbitrary code on
+ the system. (CVE-2012-0038)
+
+ Chen Haogang discovered an integer overflow that could result in memory
+ corruption. A local unprivileged user could use this to crash the system.
+ (CVE-2012-0044)
+
+ Affected Software/OS:
+ linux on Ubuntu 10.10
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://lists.ubuntu.com/archives/ubuntu-security-announce/2012-February/001586.html ";
+
+if(description)
+{
+ script_id(840904);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-21 19:00:40 +0530 (Tue, 21 Feb 2012)");
+ script_cve_id("CVE-2011-3353", "CVE-2011-4622", "CVE-2012-0038", "CVE-2012-0044");
+ script_tag(name:"cvss_base", value:"4.9");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:N/I:N/A:C");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_xref(name: "USN", value: "1361-1");
+ script_name("Ubuntu Update for linux USN-1361-1");
+
+ script_description(desc);
+ script_summary("Check for the Version of linux");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Ubuntu Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("login/SSH/success", "HostDetails/OS/cpe:/o:canonical:ubuntu_linux", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-deb.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "UBUNTU10.10")
+{
+
+ if ((res = isdpkgvuln(pkg:"linux-image-2.6.35-32-generic", ver:"2.6.35-32.65", rls:"UBUNTU10.10")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-2.6.35-32-generic-pae", ver:"2.6.35-32.65", rls:"UBUNTU10.10")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-2.6.35-32-omap", ver:"2.6.35-32.65", rls:"UBUNTU10.10")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-2.6.35-32-powerpc", ver:"2.6.35-32.65", rls:"UBUNTU10.10")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-2.6.35-32-powerpc-smp", ver:"2.6.35-32.65", rls:"UBUNTU10.10")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-2.6.35-32-powerpc64-smp", ver:"2.6.35-32.65", rls:"UBUNTU10.10")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-2.6.35-32-server", ver:"2.6.35-32.65", rls:"UBUNTU10.10")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-2.6.35-32-versatile", ver:"2.6.35-32.65", rls:"UBUNTU10.10")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-2.6.35-32-virtual", ver:"2.6.35-32.65", rls:"UBUNTU10.10")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_ubuntu_USN_1361_1.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_ubuntu_USN_1362_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ubuntu_USN_1362_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_ubuntu_USN_1362_1.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,148 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Ubuntu Update for linux USN-1362-1
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+
+ Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user
+ who can mount a FUSE file system could cause a denial of service.
+ (CVE-2011-3353)
+
+ A flaw was found in KVM's Programmable Interval Timer (PIT). When a virtual
+ interrupt control is not available a local user could use this to cause a
+ denial of service by starting a timer. (CVE-2011-4622)
+
+ A flaw was discovered in the XFS filesystem. If a local user mounts a
+ specially crafted XFS image it could potential execute arbitrary code on
+ the system. (CVE-2012-0038)
+
+ Chen Haogang discovered an integer overflow that could result in memory
+ corruption. A local unprivileged user could use this to crash the system.
+ (CVE-2012-0044)
+
+ Affected Software/OS:
+ linux on Ubuntu 11.04
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://lists.ubuntu.com/archives/ubuntu-security-announce/2012-February/001587.html ";
+
+if(description)
+{
+ script_id(840893);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-21 18:58:55 +0530 (Tue, 21 Feb 2012)");
+ script_cve_id("CVE-2011-3353", "CVE-2011-4622", "CVE-2012-0038", "CVE-2012-0044");
+ script_tag(name:"cvss_base", value:"4.9");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:N/I:N/A:C");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_xref(name: "USN", value: "1362-1");
+ script_name("Ubuntu Update for linux USN-1362-1");
+
+ script_description(desc);
+ script_summary("Check for the Version of linux");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Ubuntu Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("login/SSH/success", "HostDetails/OS/cpe:/o:canonical:ubuntu_linux", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-deb.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "UBUNTU11.04")
+{
+
+ if ((res = isdpkgvuln(pkg:"linux-image-2.6.38-13-generic", ver:"2.6.38-13.55", rls:"UBUNTU11.04")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-2.6.38-13-generic-pae", ver:"2.6.38-13.55", rls:"UBUNTU11.04")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-2.6.38-13-omap", ver:"2.6.38-13.55", rls:"UBUNTU11.04")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-2.6.38-13-powerpc", ver:"2.6.38-13.55", rls:"UBUNTU11.04")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-2.6.38-13-powerpc-smp", ver:"2.6.38-13.55", rls:"UBUNTU11.04")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-2.6.38-13-powerpc64-smp", ver:"2.6.38-13.55", rls:"UBUNTU11.04")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-2.6.38-13-server", ver:"2.6.38-13.55", rls:"UBUNTU11.04")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-2.6.38-13-versatile", ver:"2.6.38-13.55", rls:"UBUNTU11.04")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-2.6.38-13-virtual", ver:"2.6.38-13.55", rls:"UBUNTU11.04")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_ubuntu_USN_1362_1.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_ubuntu_USN_1365_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ubuntu_USN_1365_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_ubuntu_USN_1365_1.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,101 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Ubuntu Update for puppet USN-1365-1
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+
+ It was discovered that Puppet would allow remote ralsh under certain
+ circumstances. An attacker on an authenticated puppet node could exploit
+ this to view or manipulate resources on other Puppet nodes.
+
+ Affected Software/OS:
+ puppet on Ubuntu 11.04 ,
+ Ubuntu 10.10
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://lists.ubuntu.com/archives/ubuntu-security-announce/2012-February/001590.html ";
+
+if(description)
+{
+ script_id(840898);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-21 19:00:01 +0530 (Tue, 21 Feb 2012)");
+ script_cve_id("CVE-2011-0528");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "USN", value: "1365-1");
+ script_name("Ubuntu Update for puppet USN-1365-1");
+
+ script_description(desc);
+ script_summary("Check for the Version of puppet");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Ubuntu Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("login/SSH/success", "HostDetails/OS/cpe:/o:canonical:ubuntu_linux", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-deb.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "UBUNTU10.10")
+{
+
+ if ((res = isdpkgvuln(pkg:"puppet-common", ver:"2.6.1-0ubuntu2.5", rls:"UBUNTU10.10")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+
+if(release == "UBUNTU11.04")
+{
+
+ if ((res = isdpkgvuln(pkg:"puppet-common", ver:"2.6.4-2ubuntu2.7", rls:"UBUNTU11.04")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_ubuntu_USN_1365_1.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_ubuntu_USN_1366_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ubuntu_USN_1366_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_ubuntu_USN_1366_1.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,143 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Ubuntu Update for devscripts USN-1366-1
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+
+ Paul Wise discovered that debdiff did not properly sanitize its input when
+ processing .dsc and .changes files. If debdiff processed a crafted file, an
+ attacker could execute arbitrary code with the privileges of the user invoking
+ the program. (CVE-2012-0210)
+
+ Raphael Geissert discovered that debdiff did not properly sanitize its input
+ when processing source packages. If debdiff processed an original source
+ tarball, with crafted filenames in the top-level directory, an attacker could
+ execute arbitrary code with the privileges of the user invoking the program.
+ (CVE-2012-0211)
+
+ Raphael Geissert discovered that debdiff did not properly sanitize its input
+ when processing filename parameters. If debdiff processed a crafted filename
+ parameter, an attacker could execute arbitrary code with the privileges of the
+ user invoking the program. (CVE-2012-0212)
+
+ Affected Software/OS:
+ devscripts on Ubuntu 11.04 ,
+ Ubuntu 10.10 ,
+ Ubuntu 10.04 LTS ,
+ Ubuntu 8.04 LTS
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://lists.ubuntu.com/archives/ubuntu-security-announce/2012-February/001591.html ";
+
+if(description)
+{
+ script_id(840905);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-21 19:00:44 +0530 (Tue, 21 Feb 2012)");
+ script_cve_id("CVE-2012-0210", "CVE-2012-0211", "CVE-2012-0212");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "USN", value: "1366-1");
+ script_name("Ubuntu Update for devscripts USN-1366-1");
+
+ script_description(desc);
+ script_summary("Check for the Version of devscripts");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Ubuntu Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("login/SSH/success", "HostDetails/OS/cpe:/o:canonical:ubuntu_linux", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-deb.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "UBUNTU10.10")
+{
+
+ if ((res = isdpkgvuln(pkg:"devscripts", ver:"2.10.67ubuntu1.1", rls:"UBUNTU10.10")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+
+if(release == "UBUNTU10.04 LTS")
+{
+
+ if ((res = isdpkgvuln(pkg:"devscripts", ver:"2.10.61ubuntu5.1", rls:"UBUNTU10.04 LTS")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+
+if(release == "UBUNTU11.04")
+{
+
+ if ((res = isdpkgvuln(pkg:"devscripts", ver:"2.10.69ubuntu2.1", rls:"UBUNTU11.04")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+
+if(release == "UBUNTU8.04 LTS")
+{
+
+ if ((res = isdpkgvuln(pkg:"devscripts", ver:"2.10.11ubuntu5.8.04.5", rls:"UBUNTU8.04 LTS")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_ubuntu_USN_1366_1.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_ubuntu_USN_1367_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ubuntu_USN_1367_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_ubuntu_USN_1367_1.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,140 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Ubuntu Update for libpng USN-1367-1
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+
+ It was discovered that libpng did not properly verify the embedded profile
+ length of iCCP chunks. An attacker could exploit this to cause a denial of
+ service via application crash. This issue only affected Ubuntu 8.04 LTS.
+ (CVE-2009-5063)
+
+ Jueri Aedla discovered that libpng did not properly verify the size used
+ when allocating memory during chunk decompression. If a user or automated
+ system using libpng were tricked into opening a specially crafted image,
+ an attacker could exploit this to cause a denial of service or execute
+ code with the privileges of the user invoking the program. (CVE-2011-3026)
+
+ Affected Software/OS:
+ libpng on Ubuntu 11.04 ,
+ Ubuntu 10.10 ,
+ Ubuntu 10.04 LTS ,
+ Ubuntu 8.04 LTS
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://lists.ubuntu.com/archives/ubuntu-security-announce/2012-February/001594.html ";
+
+if(description)
+{
+ script_id(840897);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-21 18:59:42 +0530 (Tue, 21 Feb 2012)");
+ script_cve_id("CVE-2009-5063", "CVE-2011-3026");
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "USN", value: "1367-1");
+ script_name("Ubuntu Update for libpng USN-1367-1");
+
+ script_description(desc);
+ script_summary("Check for the Version of libpng");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Ubuntu Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("login/SSH/success", "HostDetails/OS/cpe:/o:canonical:ubuntu_linux", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-deb.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "UBUNTU10.10")
+{
+
+ if ((res = isdpkgvuln(pkg:"libpng12-0", ver:"1.2.44-1ubuntu0.2", rls:"UBUNTU10.10")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+
+if(release == "UBUNTU10.04 LTS")
+{
+
+ if ((res = isdpkgvuln(pkg:"libpng12-0", ver:"1.2.42-1ubuntu2.3", rls:"UBUNTU10.04 LTS")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+
+if(release == "UBUNTU11.04")
+{
+
+ if ((res = isdpkgvuln(pkg:"libpng12-0", ver:"1.2.44-1ubuntu3.2", rls:"UBUNTU11.04")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+
+if(release == "UBUNTU8.04 LTS")
+{
+
+ if ((res = isdpkgvuln(pkg:"libpng12-0", ver:"1.2.15~beta5-3ubuntu0.5", rls:"UBUNTU8.04 LTS")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_ubuntu_USN_1367_1.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_ubuntu_USN_1367_2.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ubuntu_USN_1367_2.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_ubuntu_USN_1367_2.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,125 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Ubuntu Update for firefox USN-1367-2
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+
+ USN-1367-1 fixed vulnerabilities in libpng. This provides the corresponding
+ update for Firefox.
+
+ Original advisory details:
+
+ Jueri Aedla discovered that libpng did not properly verify the size used
+ when allocating memory during chunk decompression. If a user or automated
+ system using libpng were tricked into opening a specially crafted image,
+ an attacker could exploit this to cause a denial of service or execute
+ code with the privileges of the user invoking the program. (CVE-2011-3026)
+
+ Affected Software/OS:
+ firefox on Ubuntu 11.04 ,
+ Ubuntu 10.10 ,
+ Ubuntu 10.04 LTS
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://lists.ubuntu.com/archives/ubuntu-security-announce/2012-February/001596.html ";
+
+if(description)
+{
+ script_id(840902);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-21 19:00:20 +0530 (Tue, 21 Feb 2012)");
+ script_cve_id("CVE-2011-3026");
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "USN", value: "1367-2");
+ script_name("Ubuntu Update for firefox USN-1367-2");
+
+ script_description(desc);
+ script_summary("Check for the Version of firefox");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Ubuntu Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("login/SSH/success", "HostDetails/OS/cpe:/o:canonical:ubuntu_linux", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-deb.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "UBUNTU10.10")
+{
+
+ if ((res = isdpkgvuln(pkg:"firefox", ver:"10.0.2+build1-0ubuntu0.10.10.1", rls:"UBUNTU10.10")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+
+if(release == "UBUNTU10.04 LTS")
+{
+
+ if ((res = isdpkgvuln(pkg:"firefox", ver:"10.0.2+build1-0ubuntu0.10.04.1", rls:"UBUNTU10.04 LTS")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+
+if(release == "UBUNTU11.04")
+{
+
+ if ((res = isdpkgvuln(pkg:"firefox", ver:"10.0.2+build1-0ubuntu0.11.04.1", rls:"UBUNTU11.04")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_ubuntu_USN_1367_2.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_ubuntu_USN_1367_3.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ubuntu_USN_1367_3.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_ubuntu_USN_1367_3.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,125 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Ubuntu Update for thunderbird USN-1367-3
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+
+ USN-1367-1 fixed vulnerabilities in libpng. This provides the corresponding
+ update for Thunderbird.
+
+ Original advisory details:
+
+ Jueri Aedla discovered that libpng did not properly verify the size used
+ when allocating memory during chunk decompression. If a user or automated
+ system using libpng were tricked into opening a specially crafted image,
+ an attacker could exploit this to cause a denial of service or execute
+ code with the privileges of the user invoking the program. (CVE-2011-3026)
+
+ Affected Software/OS:
+ thunderbird on Ubuntu 11.04 ,
+ Ubuntu 10.10 ,
+ Ubuntu 10.04 LTS
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://lists.ubuntu.com/archives/ubuntu-security-announce/2012-February/001595.html ";
+
+if(description)
+{
+ script_id(840896);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-21 18:59:17 +0530 (Tue, 21 Feb 2012)");
+ script_cve_id("CVE-2011-3026");
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "USN", value: "1367-3");
+ script_name("Ubuntu Update for thunderbird USN-1367-3");
+
+ script_description(desc);
+ script_summary("Check for the Version of thunderbird");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Ubuntu Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("login/SSH/success", "HostDetails/OS/cpe:/o:canonical:ubuntu_linux", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-deb.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "UBUNTU10.10")
+{
+
+ if ((res = isdpkgvuln(pkg:"thunderbird", ver:"3.1.19+build1+nobinonly-0ubuntu0.10.10.1", rls:"UBUNTU10.10")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+
+if(release == "UBUNTU10.04 LTS")
+{
+
+ if ((res = isdpkgvuln(pkg:"thunderbird", ver:"3.1.19+build1+nobinonly-0ubuntu0.10.04.1", rls:"UBUNTU10.04 LTS")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+
+if(release == "UBUNTU11.04")
+{
+
+ if ((res = isdpkgvuln(pkg:"thunderbird", ver:"3.1.19+build1+nobinonly-0ubuntu0.11.04.1", rls:"UBUNTU11.04")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_ubuntu_USN_1367_3.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_ubuntu_USN_1367_4.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ubuntu_USN_1367_4.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_ubuntu_USN_1367_4.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,110 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Ubuntu Update for xulrunner-1.9.2 USN-1367-4
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+
+ USN-1367-1 fixed vulnerabilities in libpng. This provides the corresponding
+ update for Xulrunner.
+
+ Original advisory details:
+
+ Jueri Aedla discovered that libpng did not properly verify the size used
+ when allocating memory during chunk decompression. If a user or automated
+ system using libpng were tricked into opening a specially crafted image,
+ an attacker could exploit this to cause a denial of service or execute
+ code with the privileges of the user invoking the program. (CVE-2011-3026)
+
+ Affected Software/OS:
+ xulrunner-1.9.2 on Ubuntu 10.10 ,
+ Ubuntu 10.04 LTS
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://lists.ubuntu.com/archives/ubuntu-security-announce/2012-February/001598.html ";
+
+if(description)
+{
+ script_id(840892);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-21 18:58:34 +0530 (Tue, 21 Feb 2012)");
+ script_cve_id("CVE-2011-3026");
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "USN", value: "1367-4");
+ script_name("Ubuntu Update for xulrunner-1.9.2 USN-1367-4");
+
+ script_description(desc);
+ script_summary("Check for the Version of xulrunner-1.9.2");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Ubuntu Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("login/SSH/success", "HostDetails/OS/cpe:/o:canonical:ubuntu_linux", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-deb.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "UBUNTU10.04 LTS")
+{
+
+ if ((res = isdpkgvuln(pkg:"xulrunner-1.9.2", ver:"1.9.2.27+build1+nobinonly-0ubuntu0.10.04.1", rls:"UBUNTU10.04 LTS")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+
+if(release == "UBUNTU10.10")
+{
+
+ if ((res = isdpkgvuln(pkg:"xulrunner-1.9.2", ver:"1.9.2.27+build1+nobinonly-0ubuntu0.10.10.1", rls:"UBUNTU10.10")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_ubuntu_USN_1367_4.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_ubuntu_USN_1368_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ubuntu_USN_1368_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_ubuntu_USN_1368_1.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,155 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Ubuntu Update for apache2 USN-1368-1
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+
+ It was discovered that the Apache HTTP Server incorrectly handled the
+ SetEnvIf .htaccess file directive. An attacker having write access to a
+ .htaccess file may exploit this to possibly execute arbitrary code.
+ (CVE-2011-3607)
+
+ Prutha Parikh discovered that the mod_proxy module did not properly
+ interact with the RewriteRule and ProxyPassMatch pattern matches in the
+ configuration of a reverse proxy. This could allow remote attackers to
+ contact internal webservers behind the proxy that were not intended for
+ external exposure. (CVE-2011-4317)
+
+ Rainer Canavan discovered that the mod_log_config module incorrectly
+ handled a certain format string when used with a threaded MPM. A remote
+ attacker could exploit this to cause a denial of service via a specially-
+ crafted cookie. This issue only affected Ubuntu 11.04 and 11.10.
+ (CVE-2012-0021)
+
+ It was discovered that the Apache HTTP Server incorrectly handled certain
+ type fields within a scoreboard shared memory segment. A local attacker
+ could exploit this to to cause a denial of service. (CVE-2012-0031)
+
+ Norman Hippert discovered that the Apache HTTP Server incorrecly handled
+ header information when returning a Bad Request (400) error page. A remote
+ attacker could exploit this to obtain the values of certain HTTPOnly
+ cookies. (CVE-2012-0053)
+
+ Affected Software/OS:
+ apache2 on Ubuntu 11.04 ,
+ Ubuntu 10.10 ,
+ Ubuntu 10.04 LTS ,
+ Ubuntu 8.04 LTS
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://lists.ubuntu.com/archives/ubuntu-security-announce/2012-February/001593.html ";
+
+if(description)
+{
+ script_id(840900);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-21 19:00:08 +0530 (Tue, 21 Feb 2012)");
+ script_cve_id("CVE-2011-3607", "CVE-2011-4317", "CVE-2012-0021", "CVE-2012-0031", "CVE-2012-0053");
+ script_tag(name:"cvss_base", value:"4.6");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:P/I:P/A:P");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_xref(name: "USN", value: "1368-1");
+ script_name("Ubuntu Update for apache2 USN-1368-1");
+
+ script_description(desc);
+ script_summary("Check for the Version of apache2");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Ubuntu Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("login/SSH/success", "HostDetails/OS/cpe:/o:canonical:ubuntu_linux", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-deb.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "UBUNTU10.10")
+{
+
+ if ((res = isdpkgvuln(pkg:"apache2.2-common", ver:"2.2.16-1ubuntu3.5", rls:"UBUNTU10.10")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+
+if(release == "UBUNTU10.04 LTS")
+{
+
+ if ((res = isdpkgvuln(pkg:"apache2.2-common", ver:"2.2.14-5ubuntu8.8", rls:"UBUNTU10.04 LTS")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+
+if(release == "UBUNTU11.04")
+{
+
+ if ((res = isdpkgvuln(pkg:"apache2.2-common", ver:"2.2.17-1ubuntu1.5", rls:"UBUNTU11.04")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+
+if(release == "UBUNTU8.04 LTS")
+{
+
+ if ((res = isdpkgvuln(pkg:"apache2.2-common", ver:"2.2.8-1ubuntu0.23", rls:"UBUNTU8.04 LTS")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_ubuntu_USN_1368_1.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_ubuntu_USN_1370_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ubuntu_USN_1370_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_ubuntu_USN_1370_1.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,119 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Ubuntu Update for libvorbis USN-1370-1
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+
+ It was discovered that libvorbis did not correctly handle certain malformed
+ ogg files. If a user were tricked into opening a specially crafted ogg file
+ with an application that uses libvorbis, an attacker could cause a denial
+ of service or possibly execute arbitrary code with the user's privileges.
+
+ Affected Software/OS:
+ libvorbis on Ubuntu 11.04 ,
+ Ubuntu 10.10 ,
+ Ubuntu 10.04 LTS
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://lists.ubuntu.com/archives/ubuntu-security-announce/2012-February/001599.html ";
+
+if(description)
+{
+ script_id(840894);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-21 18:58:59 +0530 (Tue, 21 Feb 2012)");
+ script_cve_id("CVE-2012-0444");
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_xref(name: "USN", value: "1370-1");
+ script_name("Ubuntu Update for libvorbis USN-1370-1");
+
+ script_description(desc);
+ script_summary("Check for the Version of libvorbis");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Ubuntu Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("login/SSH/success", "HostDetails/OS/cpe:/o:canonical:ubuntu_linux", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-deb.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "UBUNTU10.10")
+{
+
+ if ((res = isdpkgvuln(pkg:"libvorbis0a", ver:"1.3.1-1ubuntu0.1", rls:"UBUNTU10.10")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+
+if(release == "UBUNTU10.04 LTS")
+{
+
+ if ((res = isdpkgvuln(pkg:"libvorbis0a", ver:"1.2.3-3ubuntu1.1", rls:"UBUNTU10.04 LTS")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+
+if(release == "UBUNTU11.04")
+{
+
+ if ((res = isdpkgvuln(pkg:"libvorbis0a", ver:"1.3.2-1ubuntu1.1", rls:"UBUNTU11.04")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
\ No newline at end of file
Property changes on: trunk/openvas-plugins/scripts/gb_ubuntu_USN_1370_1.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/secpod_adobe_flash_player_mult_vuln_lin_feb12.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_adobe_flash_player_mult_vuln_lin_feb12.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/secpod_adobe_flash_player_mult_vuln_lin_feb12.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,103 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Adobe Flash Player Multiple Vulnerabilities (Linux) - Feb12
+#
+# Authors:
+# Rachana Shetty <srachana at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802804);
+ script_version("$Revision$");
+ script_cve_id("CVE-2012-0752", "CVE-2012-0753", "CVE-2012-0754", "CVE-2012-0757",
+ "CVE-2012-0756", "CVE-2012-0767");
+ script_bugtraq_id(52032, 52033, 52034, 51999, 52036, 52040);
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-22 14:34:05 +0530 (Wed, 22 Feb 2012)");
+ script_name("Adobe Flash Player Multiple Vulnerabilities (Linux) - Feb12");
+ desc = "
+ Overview: This host is installed with Adobe Flash Player and is prone to
+ multiple vulnerabilities.
+
+ Vulnerability Insight:
+ The flaws are due to,
+ - A memory corruption error in ActiveX control
+ - A type confusion memory corruption error
+ - An unspecified error related to MP4 parsing
+ - Many unspecified erros which allows to bypass certain security
+ restrictions
+ - Improper validation of user supplied input which allows
+ attackers to execute arbitrary HTML and script code in a user's browser
+ session
+
+ Impact:
+ Successful exploitation will allow remote attackes to execute arbitrary
+ code in the context of the affected application or cause a denial of
+ service condition.
+
+ Impact Level: Application.
+
+ Affected Software/OS:
+ Adobe Flash Player version before 10.3.183.15
+ Adobe Flash Player version 11.x through 11.1.102.55 on Linux
+
+ Fix: Upgrade to Adobe Flash Player version 10.3.183.15 or 11.1.102.62 or later,
+ For Updates Refer, http://www.adobe.com/downloads/
+
+ References:
+ http://secunia.com/advisories/48033
+ http://securitytracker.com/id/1026694
+ http://www.securelist.com/en/advisories/48033
+ http://www.adobe.com/support/security/bulletins/apsb12-03.html ";
+
+ script_description(desc);
+ script_summary("Check for the version of Adobe Flash Player");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2012 SecPod");
+ script_family("General");
+ script_dependencies("gb_adobe_flash_player_detect_lin.nasl");
+ script_require_keys("AdobeFlashPlayer/Linux/Ver", "ssh/login/uname");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+# Variable Initialization
+flashVer = NULL;
+
+#Get Adobe Flash Player Version
+flashVer = get_kb_item("AdobeFlashPlayer/Linux/Ver");
+if(isnull(flashVer)){
+ exit(0);
+}
+
+flashVer = ereg_replace(pattern:",", string:flashVer, replace: ".");
+
+## Check for Adobe Flash Player versions 11.1.102.55 and prior
+if(version_is_less(version:flashVer, test_version:"10.3.183.15")||
+ version_in_range(version:flashVer, test_version:"11.0", test_version2:"11.1.102.55")){
+ security_hole(0);
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_adobe_flash_player_mult_vuln_lin_feb12.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/secpod_adobe_flash_player_mult_vuln_macosx_feb12.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_adobe_flash_player_mult_vuln_macosx_feb12.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/secpod_adobe_flash_player_mult_vuln_macosx_feb12.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,101 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Adobe Flash Player Multiple Vulnerabilities (Mac OS X) - Feb12
+#
+# Authors:
+# Rachana Shetty <srachana at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802805);
+ script_version("$Revision$");
+ script_cve_id("CVE-2012-0752", "CVE-2012-0753", "CVE-2012-0754", "CVE-2012-0757",
+ "CVE-2012-0756", "CVE-2012-0767");
+ script_bugtraq_id(52032, 52033, 52034, 51999, 52036, 52040);
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-22 14:54:18 +0530 (Wed, 22 Feb 2012)");
+ script_name("Adobe Flash Player Multiple Vulnerabilities (Mac OS X) - Feb12");
+ desc = "
+ Overview: This host is installed with Adobe Flash Player and is prone to
+ multiple vulnerabilities.
+
+ Vulnerability Insight:
+ The flaws are due to,
+ - A memory corruption error in ActiveX control
+ - A type confusion memory corruption error
+ - An unspecified error related to MP4 parsing
+ - Many unspecified erros which allows to bypass certain security
+ restrictions
+ - Improper validation of user supplied input which allows
+ attackers to execute arbitrary HTML and script code in a user's browser
+ session
+
+ Impact:
+ Successful exploitation will allow remote attackes to execute arbitrary
+ code in the context of the affected application or cause a denial of
+ service condition.
+
+ Impact Level: Application.
+
+ Affected Software/OS:
+ Adobe Flash Player version before 10.3.183.15
+ Adobe Flash Player version 11.x through 11.1.102.55 on Mac OS X
+
+ Fix: Upgrade to Adobe Flash Player version 10.3.183.15 or 11.1.102.62 or later,
+ For Updates Refer, http://www.adobe.com/downloads/
+
+ References:
+ http://secunia.com/advisories/48033
+ http://securitytracker.com/id/1026694
+ http://www.securelist.com/en/advisories/48033
+ http://www.adobe.com/support/security/bulletins/apsb12-03.html ";
+
+ script_description(desc);
+ script_summary("Check for the version of Adobe Flash Player");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2012 SecPod");
+ script_family("General");
+ script_dependencies("secpod_adobe_prdts_detect_macosx.nasl");
+ script_require_keys("Adobe/Flash/Player/MacOSX/Version", "ssh/login/uname");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+# Variable Initialization
+flashVer = NULL;
+
+#Get Adobe Flash Player Version
+flashVer = get_kb_item("Adobe/Flash/Player/MacOSX/Version");
+if(isnull(flashVer)){
+ exit(0);
+}
+
+## Check for Adobe Flash Player versions 11.1.102.55 and prior
+if(version_is_less(version:flashVer, test_version:"10.3.183.15")||
+ version_in_range(version:flashVer, test_version:"11.0", test_version2:"11.1.102.55")){
+ security_hole(0);
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_adobe_flash_player_mult_vuln_macosx_feb12.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/secpod_adobe_flash_player_mult_vuln_win_feb12.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_adobe_flash_player_mult_vuln_win_feb12.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/secpod_adobe_flash_player_mult_vuln_win_feb12.nasl 2012-02-27 15:19:00 UTC (rev 12921)
@@ -0,0 +1,99 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Adobe Flash Player Multiple Vulnerabilities (Windows) - Feb12
+#
+# Authors:
+# Rachana Shetty <srachana at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802803);
+ script_version("$Revision$");
+ script_cve_id("CVE-2012-0751", "CVE-2012-0752", "CVE-2012-0753", "CVE-2012-0754",
+ "CVE-2012-0757", "CVE-2012-0756", "CVE-2012-0767");
+ script_bugtraq_id(52037, 52032, 52033, 52034, 51999, 52036, 52040);
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-22 11:17:41 +0530 (Wed, 22 Feb 2012)");
+ script_name("Adobe Flash Player Multiple Vulnerabilities (Windows) - Feb12");
+ desc = "
+ Overview: This host is installed with Adobe Flash Player and is prone to
+ multiple vulnerabilities.
+
+ Vulnerability Insight:
+ Flaws are caused due to,
+ - A memory corruption error in ActiveX control.
+ - A type confusion memory corruption error.
+ - An unspecified error related to MP4 parsing.
+ - Many unspecified erros which allows to bypass certain security
+ restrictions.
+ - Improper validation of user supplied input which allows attackers
+ to execute arbitrary HTML and script code in a user's browser session
+
+ Impact:
+ Successful exploitation will allow remote attackes to execute arbitrary
+ code in the context of the affected application or cause a denial of
+ service condition.
+
+ Impact Level: Application.
+
+ Affected Software/OS:
+ Adobe Flash Player version before 10.3.183.15
+ Adobe Flash Player version 11.x through 11.1.102.55 and prior on Windows
+
+ Fix: Upgrade to Adobe Flash Player version 11.1.102.62 or later,
+ For Updates Refer, http://www.adobe.com/downloads/
+
+ References:
+ http://secunia.com/advisories/48033
+ http://securitytracker.com/id/1026694
+ http://www.securelist.com/en/advisories/48033
+ http://www.adobe.com/support/security/bulletins/apsb12-03.html ";
+
+ script_description(desc);
+ script_summary("Check for the version of Adobe Flash Player");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2012 SecPod");
+ script_family("General");
+ script_dependencies("gb_adobe_flash_player_detect_win.nasl");
+ script_require_keys("AdobeFlashPlayer/Win/Ver");
+ exit(0);
+}
+
+include("version_func.inc");
+
+# Variable Initialization
+flashVer = NULL;
+
+#Get Adobe Flash Player Version
+flashVer = get_kb_item("AdobeFlashPlayer/Win/Ver");
+if(isnull(flashVer)){
+ exit(0);
+}
+
+## Check for Adobe Flash Player versions 11.1.102.55 and prior
+if(version_is_less(version:flashVer, test_version:"10.3.183.15")||
+ version_in_range(version:flashVer, test_version:"11.0", test_version2:"11.1.102.55")){
+ security_hole(0);
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_adobe_flash_player_mult_vuln_win_feb12.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
More information about the Openvas-commits
mailing list