[Openvas-commits] r12458 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Wed Jan 11 15:31:05 CET 2012


Author: antu123
Date: 2012-01-11 15:30:57 +0100 (Wed, 11 Jan 2012)
New Revision: 12458

Added:
   trunk/openvas-plugins/scripts/secpod_ms12-001.nasl
   trunk/openvas-plugins/scripts/secpod_ms12-002.nasl
   trunk/openvas-plugins/scripts/secpod_ms12-003.nasl
   trunk/openvas-plugins/scripts/secpod_ms12-004.nasl
   trunk/openvas-plugins/scripts/secpod_ms12-005.nasl
   trunk/openvas-plugins/scripts/secpod_ms12-006.nasl
   trunk/openvas-plugins/scripts/secpod_ms12-007.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
Log:
Added new Microsoft Bulletin(January 2012) plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2012-01-11 11:54:59 UTC (rev 12457)
+++ trunk/openvas-plugins/ChangeLog	2012-01-11 14:30:57 UTC (rev 12458)
@@ -1,3 +1,14 @@
+2012-01-11  Antu Sanadi <santu at secpod.com>
+
+	* scripts/secpod_ms12-001.nasl,
+	scripts/secpod_ms12-005.nasl,
+	scripts/secpod_ms12-002.nasl,
+	scripts/secpod_ms12-004.nasl,
+	scripts/secpod_ms12-007.nasl,
+	scripts/secpod_ms12-006.nasl,
+	scripts/secpod_ms12-003.nasl:
+	Added new Microsoft Bulletin(January 2012) plugins.
+
 2012-01-11  Michael Meyer <michael.meyer at greenbone.net>
 
 	* scripts/gb_w_cms_51359.nasl,

Added: trunk/openvas-plugins/scripts/secpod_ms12-001.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms12-001.nasl	2012-01-11 11:54:59 UTC (rev 12457)
+++ trunk/openvas-plugins/scripts/secpod_ms12-001.nasl	2012-01-11 14:30:57 UTC (rev 12458)
@@ -0,0 +1,155 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Microsoft Windows Kernel Security Feature Bypass Vulnerability (2644615)
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(902783);
+  script_version("$Revision$");
+  script_bugtraq_id(51296);
+  script_cve_id("CVE-2012-0001");
+  script_tag(name:"cvss_base", value:"7.2");
+  script_tag(name:"risk_factor", value:"High");
+  script_tag(name:"creation_date", value:"2012-01-11 10:01:06 +0530 (Wed, 11 Jan 2012)");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_name("Microsoft Windows Kernel Security Feature Bypass Vulnerability (2644615)");
+  desc = "
+  Overview: This host has important security update missing according to
+  Microsoft Bulletin MS12-001.
+
+  Vulnerability Insight:
+  The flaw is caused due to an error in the way the kernel (ntdll.dll) loads
+  structured exception handling tables and allows bypassing the SafeSEH
+  security mechanism. This facilitates easier exploitation of other
+  vulnerabilities in affected applications to execute code.
+
+  Impact:
+  Successful exploitation could allow attackers to execute arbitrary code by
+  leveraging memory corruption vulnerabilities in Windows applications.
+
+  Impact Level: System
+
+  Affected Software/OS:
+  Micorsoft Windows 7 Service Pack 1 and prior.
+  Microsoft Windows 2003 Service Pack 2 and prior.
+  Microsoft Windows Vista Service Pack 2 and prior.
+  Microsoft Windows Server 2008 Service Pack 2 and prior.
+
+  Fix:
+  Run Windows Update and update the listed hotfixes or download and
+  update mentioned hotfixes in the advisory from the below link,
+  http://technet.microsoft.com/en-us/security/bulletin/ms12-001
+
+  References:
+  http://secunia.com/advisories/47356/
+  http://support.microsoft.com/kb/2644615
+  http://www.securitytracker.com/id/1026493
+  http://technet.microsoft.com/en-us/security/bulletin/ms12-001 ";
+
+  script_description(desc);
+  script_summary("Check for the vulnerable 'Ntdll.dll' file version");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2012 SecPod");
+  script_family("Windows : Microsoft Bulletins");
+  script_dependencies("secpod_reg_enum.nasl");
+  script_require_ports(139, 445);
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_reg.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+## Check for OS and Service Pack
+if(hotfix_check_sp(win2003:3, winVista:3, win2008:3, win7:2) <= 0){
+  exit(0);
+}
+
+## MS12-001 Hotfix 2644615
+if(hotfix_missing(name:"2644615") == 0){
+  exit(0);
+}
+
+## Get System Path
+sysPath = smb_get_systemroot();
+if(!sysPath){
+  exit(0);
+}
+
+## Get Version for Ntdll.dll file
+dllVer = fetch_file_version(sysPath, file_name:"system32\Ntdll.dll");
+if(!dllVer){
+  exit(0);
+}
+
+## Windows 2003
+if(hotfix_check_sp(win2003:3) > 0)
+{
+  SP = get_kb_item("SMB/Win2003/ServicePack");
+  if("Service Pack 2" >< SP)
+  {
+    ## Check for Ntdll.dll version before 5.2.3790.4937
+    if(version_is_less(version:dllVer, test_version:"5.2.3790.4937")){
+      security_hole(0);
+    }
+    exit(0);
+  }
+  security_hole(0);
+}
+
+## Windows Vista and Windows Server 2008
+else if(hotfix_check_sp(winVista:3, win2008:3) > 0)
+{
+  SP = get_kb_item("SMB/WinVista/ServicePack");
+
+  if(!SP) {
+    SP = get_kb_item("SMB/Win2008/ServicePack");
+  }
+
+  if("Service Pack 2" >< SP)
+  {
+    ## Check for Ntdll.dll version
+    if(version_in_range(version:dllVer, test_version:"6.0.6002.18000", test_version2:"6.0.6002.18540")||
+       version_in_range(version:dllVer, test_version:"6.0.6002.22000", test_version2:"6.0.6002.22741")){
+      security_hole(0);
+    }
+    exit(0);
+  }
+  security_hole(0);
+}
+
+## Windows 7
+else if(hotfix_check_sp(win7:2) > 0)
+{
+  ## Check for Ntdll.dll version
+  if(version_is_less(version:dllVer, test_version:"6.1.7600.16915") ||
+     version_in_range(version:dllVer, test_version:"6.1.7600.20000", test_version2:"6.1.7600.21091")||
+     version_in_range(version:dllVer, test_version:"6.1.7601.17000", test_version2:"6.1.7601.17724")||
+     version_in_range(version:dllVer, test_version:"6.1.7601.21000", test_version2:"6.1.7601.21860")){
+    security_hole(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_ms12-001.nasl
___________________________________________________________________
Name: svn:keywords
   + Revision Date Id

Added: trunk/openvas-plugins/scripts/secpod_ms12-002.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms12-002.nasl	2012-01-11 11:54:59 UTC (rev 12457)
+++ trunk/openvas-plugins/scripts/secpod_ms12-002.nasl	2012-01-11 14:30:57 UTC (rev 12458)
@@ -0,0 +1,93 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Microsoft Windows Object Packager Remote Code Execution Vulnerability (2603381)
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(902784);
+  script_version("$Revision$");
+  script_bugtraq_id(51297);
+  script_cve_id("CVE-2012-0009");
+  script_tag(name:"cvss_base", value:"7.2");
+  script_tag(name:"risk_factor", value:"High");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_tag(name:"creation_date", value:"2012-01-11 10:54:36 +0530 (Wed, 11 Jan 2012)");
+  script_name("Microsoft Windows Object Packager Remote Code Execution Vulnerability (2603381)");
+  desc = "
+  Overview: This host has important security update missing according to
+  Microsoft Bulletin MS12-002.
+
+  Vulnerability Insight:
+  The flaw is caused due to the way that Windows registers and uses Windows
+  Object Packager. This can be exploited to load an executable file
+  (packager.exe) in an insecure manner by tricking a user into opening a
+  Publisher file '.pub' containing an embedded packaged object located on a
+  remote WebDAV or SMB share.
+
+  Impact:
+  Successful exploitation could allow attackers to execute arbitrary code with
+  the privileges of the user running the affected application. Failed exploit
+  attempts will result in a denial-of-service condition.
+
+  Impact Level: System
+
+  Affected Software/OS:
+  Windows Windows XP Service Pack 3 and prior.
+  Microsoft Windows 2003 Service Pack 2 and prior.
+
+  Fix:
+  Run Windows Update and update the listed hotfixes or download and
+  update mentioned hotfixes in the advisory from the below link,
+  http://technet.microsoft.com/en-us/security/bulletin/ms12-002
+
+  References:
+  http://secunia.com/advisories/45189/
+  http://www.securitytracker.com/id/1026494
+  http://technet.microsoft.com/en-us/security/bulletin/ms12-002 ";
+
+  script_description(desc);
+  script_summary("Check for the hotfix");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2012 SecPod");
+  script_family("Windows : Microsoft Bulletins");
+  script_dependencies("secpod_reg_enum.nasl");
+  script_require_ports(139, 445);
+  exit(0);
+}
+
+
+include("secpod_reg.inc");
+
+## Check for OS and Service Pack
+if(hotfix_check_sp(xp:4, win2003:3) <= 0){
+  exit(0);
+}
+
+## MS12-002 Hotfix 2603381
+## File information is not available
+## Checking for hotfix only
+if(hotfix_missing(name:"2603381") == 1){
+  security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_ms12-002.nasl
___________________________________________________________________
Name: svn:keywords
   + Revision Date Id

Added: trunk/openvas-plugins/scripts/secpod_ms12-003.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms12-003.nasl	2012-01-11 11:54:59 UTC (rev 12457)
+++ trunk/openvas-plugins/scripts/secpod_ms12-003.nasl	2012-01-11 14:30:57 UTC (rev 12458)
@@ -0,0 +1,158 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# MS Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability (2646524)
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(902499);
+  script_version("$Revision$");
+  script_cve_id("CVE-2012-0005");
+  script_bugtraq_id(51270);
+  script_tag(name:"cvss_base", value:"7.2");
+  script_tag(name:"risk_factor", value:"High");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_tag(name:"creation_date", value:"2012-01-11 08:42:52 +0530 (Wed, 11 Jan 2012)");
+  script_name("MS Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability (2646524)");
+  desc = "
+  Overview: This host has important security update missing according to
+  Microsoft Bulletin MS12-003.
+
+  Vulnerability Insight:
+  The flaw is caused due to an error in the Client/Server Run-time Subsystem
+  (CSRSS) when processing specially crafted sequences of unicode characters.
+
+  NOTE : This vulnerability can only be exploited on systems configured with
+  a Chinese, Japanese or Korean system locale.
+
+  Impact:
+  Successful exploitation could allow attacker to execute arbitrary code with
+  system-level privileges. Successfully exploiting this issue will result in
+  the complete compromise of affected computers.
+
+  Impact Level: System
+
+  Affected Software/OS:
+  Microsoft Windows XP Service Pack 3 and prior.
+  Microsoft Windows 2003 Service Pack 2 and prior.
+  Microsoft Windows Vista Service Pack 2 and prior.
+  Microsoft Windows Server 2008 Service Pack 2 and prior.
+
+  Fix:
+  Run Windows Update and update the listed hotfixes or download and
+  update mentioned hotfixes in the advisory from the below link,
+  http://technet.microsoft.com/en-us/security/bulletin/ms12-003
+
+  References:
+  http://secunia.com/advisories/47479/
+  http://support.microsoft.com/kb/2646524
+  http://technet.microsoft.com/en-us/security/bulletin/ms12-003 ";
+
+  script_description(desc);
+  script_summary("Check for the vulnerable 'winsrv.dll' file version");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2012 SecPod");
+  script_family("Windows : Microsoft Bulletins");
+  script_dependencies("secpod_reg_enum.nasl");
+  script_require_ports(139, 445);
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_reg.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+## Check for OS and Service Pack
+if(hotfix_check_sp(xp:4, win2003:3, winVista:3, win2008:3) <= 0){
+  exit(0);
+}
+
+## MS12-003 Hotfix (2646524)
+if(hotfix_missing(name:"2646524") == 0){
+  exit(0);
+}
+
+## Get System Path
+sysPath = smb_get_systemroot();
+if(!sysPath){
+  exit(0);
+}
+
+## Get Version from winsrv.dll file
+sysVer = fetch_file_version(sysPath, file_name:"system32\winsrv.dll");
+if(sysVer)
+{
+  ## Windows XP
+  if(hotfix_check_sp(xp:4) > 0)
+  {
+    SP = get_kb_item("SMB/WinXP/ServicePack");
+    if("Service Pack 3" >< SP)
+    {
+      ## Check for winsrv.dll version < 5.1.2600.6179
+      if(version_is_less(version:sysVer, test_version:"5.1.2600.6179")){
+        security_hole(0);
+      }
+      exit(0);
+    }
+    security_hole(0);
+  }
+
+  ## Windows 2003
+  else if(hotfix_check_sp(win2003:3) > 0)
+  {
+    SP = get_kb_item("SMB/Win2003/ServicePack");
+    if("Service Pack 2" >< SP)
+    {
+      ## Check for winsrv.dll version < 5.2.3790.4940
+      if(version_is_less(version:sysVer, test_version:"5.2.3790.4940")){
+        security_hole(0);
+      }
+      exit(0);
+    }
+    security_hole(0);
+  }
+
+  ## Windows Vista and Windows Server 2008
+  else if(hotfix_check_sp(winVista:3, win2008:3) > 0)
+  {
+    SP = get_kb_item("SMB/WinVista/ServicePack");
+
+    if(!SP) {
+     SP = get_kb_item("SMB/Win2008/ServicePack");
+    }
+
+    if("Service Pack 2" >< SP)
+    {
+      ## Check for winsrv.dll version
+      if(version_in_range(version:sysVer, test_version:"6.0.6002.18000", test_version2:"6.0.6002.18544")||
+         version_in_range(version:sysVer, test_version:"6.0.6002.22000", test_version2:"6.0.6002.22746")){
+        security_hole(0);
+      }
+      exit(0);
+    }
+    security_hole(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_ms12-003.nasl
___________________________________________________________________
Name: svn:keywords
   + Revision Date Id

Added: trunk/openvas-plugins/scripts/secpod_ms12-004.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms12-004.nasl	2012-01-11 11:54:59 UTC (rev 12457)
+++ trunk/openvas-plugins/scripts/secpod_ms12-004.nasl	2012-01-11 14:30:57 UTC (rev 12458)
@@ -0,0 +1,200 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Microsoft Windows Media Could Allow Remote Code Execution Vulnerabilities (2636391)
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(902807);
+  script_version("$Revision$");
+  script_bugtraq_id(51292, 51295);
+  script_cve_id("CVE-2012-0003", "CVE-2012-0004");
+  script_tag(name:"cvss_base", value:"9.3");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_tag(name:"creation_date", value:"2012-01-11 10:10:10 +0530 (Wed, 11 Jan 2012)");
+  script_name("Microsoft Windows Media Could Allow Remote Code Execution Vulnerabilities (2636391)");
+  desc = "
+  Overview: This host has critical security update missing according to
+  Microsoft Bulletin MS12-004.
+
+  Vulnerability Insight:
+  - An unspecified error in the Windows multimedia library (winmm.dll) when
+    parsing MIDI files can be exploited via a specially crafted file opened
+    in Windows Media Player.
+  - An unspecified error exists in the Line21 DirectShow filter (Quartz.dll
+    and Qdvd.dll) when parsing specially crafted media files.
+
+  Impact:
+  Successful exploitation will allow the attacker to execute arbitrary code in
+  the context of the user running the application which can compromise the
+  application and possibly the computer.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  Micorsoft Windows 7 Service Pack 1 and prior.
+  Microsoft Windows XP Service Pack 3 and prior.
+  Microsoft Windows 2003 Service Pack 2 and prior.
+  Microsoft Windows Vista Service Pack 2 and prior.
+  Microsoft Windows Server 2008 Service Pack 2 and prior.
+  Microsoft Windows Media Center TV Pack for Windows Vista.
+
+  Fix:
+  Run Windows Update and update the listed hotfixes or download and
+  update mentioned hotfixes in the advisory from the below link,
+  http://technet.microsoft.com/en-us/security/bulletin/ms12-004
+
+  References:
+  http://secunia.com/advisories/47485
+  http://securitytracker.com/id/1026492
+  http://www.securelist.com/en/advisories/47485
+  http://technet.microsoft.com/en-us/security/bulletin/ms12-004 ";
+
+  script_description(desc);
+  script_summary("Check for the vulnerable file versions");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2012 SecPod");
+  script_family("Windows : Microsoft Bulletins");
+  script_dependencies("secpod_reg_enum.nasl");
+  script_require_ports(139, 445);
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_reg.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+## Check for OS and Service Pack
+if(hotfix_check_sp(xp:4, win2003:3, winVista:3, win2008:3, win7:2) <= 0){
+  exit(0);
+}
+
+## MS12-004 Hotfix
+if(hotfix_missing(name:"2598479") == 0 && hotfix_missing(name:"2631813") == 0){
+  exit(0);
+}
+
+winName = get_kb_item("SMB/WindowsName");
+if("Windows Vista" >< winName)
+{
+  ## Confirm Windows Media Center TV Pack installed by checking version 5.1
+  ## http://msdn.microsoft.com/en-us/library/ms815274.aspx
+  mediaTVPackVer = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\Current" +
+                                       "Version\Media Center", item:"Ident");
+  if(hotfix_missing(name:"2628642") == 0){
+     exit(0);
+  }
+}
+
+## Get System Path
+sysPath = smb_get_systemroot();
+if(!sysPath){
+  exit(0);
+}
+
+## Get Version from Mciseq.dll file
+mciseqVer = fetch_file_version(sysPath, file_name:"system32\Mciseq.dll");
+quartzVer = fetch_file_version(sysPath, file_name:"system32\Quartz.dll");
+
+## Windows XP
+if(hotfix_check_sp(xp:4) > 0)
+{
+  SP = get_kb_item("SMB/WinXP/ServicePack");
+  if("Service Pack 3" >< SP)
+  {
+    ## Check for Mciseq.dll and Quartz.dll versions
+    if((mciseqVer && version_is_less(version:mciseqVer, test_version:"5.1.2600.6160"))||
+       (quartzVer && version_is_less(version:quartzVer, test_version:"6.5.2600.6169"))){
+      security_hole(0);
+    }
+    exit(0);
+  }
+  security_hole(0);
+}
+
+## Windows 2003
+else if(hotfix_check_sp(win2003:3) > 0)
+{
+  SP = get_kb_item("SMB/Win2003/ServicePack");
+  if("Service Pack 2" >< SP)
+  {
+    ## Check for Mciseq.dll and Quartz.dll versions
+    if((mciseqVer && version_is_less(version:mciseqVer, test_version:"5.2.3790.4916"))||
+       (quartzVer && version_is_less(version:quartzVer, test_version:"6.5.3790.4928"))){
+      security_hole(0);
+    }
+    exit(0);
+  }
+  security_hole(0);
+}
+
+## Windows Vista and Windows Server 2008
+else if(hotfix_check_sp(winVista:3, win2008:3) > 0)
+{
+  SP = get_kb_item("SMB/WinVista/ServicePack");
+
+  if(!SP) {
+    SP = get_kb_item("SMB/Win2008/ServicePack");
+  }
+
+  if(mediaTVPackVer && ("5.1" >< mediaTVPackVer))
+  {
+    ## Get Version from Mstvcapn.dll file
+    mstvVer = fetch_file_version(sysPath, file_name:"ehome\Mstvcapn.dll");
+    if(mstvVer && version_is_less(version:mstvVer, test_version:"6.1.1000.18311"))
+    {
+      security_hole(0);
+      exit(0);
+    }
+  }
+
+  if("Service Pack 2" >< SP)
+  {
+    ## Check for Mciseq.dll and Quartz.dll versions
+    if((mciseqVer && (version_in_range(version:mciseqVer, test_version:"6.0.6002.18000", test_version2:"6.0.6002.18527")||
+        version_in_range(version:mciseqVer, test_version:"6.0.6002.22000", test_version2:"6.0.6002.22725"))) ||
+       (quartzVer && (version_in_range(version:quartzVer, test_version:"6.0.6002.18000", test_version2:"6.6.6002.18532")||
+        version_in_range(version:quartzVer, test_version:"6.6.6002.22000", test_version2:"6.6.6002.22731")))){
+      security_hole(0);
+    }
+    exit(0);
+  }
+  security_hole(0);
+}
+
+## Windows 7
+else if(hotfix_check_sp(win7:2) > 0)
+{
+  ## Check for Quartz.dll version
+  if(quartzVer &&
+    (version_is_less(version:quartzVer, test_version:"6.6.7600.16905")||
+     version_in_range(version:quartzVer, test_version:"6.6.7600.21000", test_version2:"6.6.7600.21076")||
+     version_in_range(version:quartzVer, test_version:"6.6.7601.17000", test_version2:"6.6.7601.17712")||
+     version_in_range(version:quartzVer, test_version:"6.6.7601.21000", test_version2:"6.6.7601.21846"))){
+    security_hole(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_ms12-004.nasl
___________________________________________________________________
Name: svn:keywords
   + Revision Date Id

Added: trunk/openvas-plugins/scripts/secpod_ms12-005.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms12-005.nasl	2012-01-11 11:54:59 UTC (rev 12457)
+++ trunk/openvas-plugins/scripts/secpod_ms12-005.nasl	2012-01-11 14:30:57 UTC (rev 12458)
@@ -0,0 +1,175 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Windows ClickOnce Application Installer Remote Code Execution Vulnerability (2584146)
+#
+# Authors:
+# Rachana Shetty <srachana at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(902657);
+  script_version("$Revision$");
+  script_cve_id("CVE-2012-0013");
+  script_bugtraq_id(51284);
+  script_tag(name:"cvss_base", value:"7.5");
+  script_tag(name:"risk_factor", value:"High");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_tag(name:"creation_date", value:"2012-01-11 09:53:59 +0530 (Wed, 11 Jan 2012)");
+  script_name("Windows ClickOnce Application Installer Remote Code Execution Vulnerability (2584146)");
+  desc = "
+  Overview: This host has important security update missing according to
+  Microsoft Bulletin MS12-005.
+
+  Vulnerability Insight:
+  The flaw is caused due to an error within the Windows Packager when
+  loading ClickOnce applications embedded in Microsoft Office files.
+
+  Impact:
+  Successful exploitation could allow local attackers to run arbitrary code
+  and take complete control of an affected system. An attacker can gain
+  administrative rights.
+
+  Impact Level: System
+
+  Affected Software/OS:
+  Microsoft Windows 7 Service Pack 1 and prior.
+  Microsoft Windows XP Service Pack 3 and prior.
+  Microsoft Windows 2003 Service Pack 2 and prior.
+  Microsoft Windows Vista Service Pack 2 and prior.
+  Microsoft Windows Server 2008 Service Pack 2 and prior.
+
+  Fix:
+  Run Windows Update and update the listed hotfixes or download and
+  update mentioned hotfixes in the advisory from the below link,
+  http://technet.microsoft.com/en-us/security/bulletin/ms12-005
+
+  References:
+  http://secunia.com/advisories/47480
+  http://support.microsoft.com/kb/2584146
+  http://technet.microsoft.com/en-us/security/bulletin/ms12-005 ";
+
+  script_description(desc);
+  script_summary("Check for the vulnerable 'Packager.exe/Packager.dll' file version");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2012 SecPod");
+  script_family("Windows : Microsoft Bulletins");
+  script_dependencies("secpod_reg_enum.nasl");
+  script_require_ports(139, 445);
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_reg.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+## Check for OS and Service Pack
+if(hotfix_check_sp(xp:4, win2003:3, winVista:3, win2008:3, win7:2) <= 0){
+  exit(0);
+}
+
+## MS12-005 Hotfix (2584146)
+if(hotfix_missing(name:"2584146") == 0){
+  exit(0);
+}
+
+## Get System Path
+sysPath = smb_get_systemroot();
+if(!sysPath){
+  exit(0);
+}
+
+## Get Version from Packager.exe file
+sysVer = fetch_file_version(sysPath, file_name:"system32\Packager.exe");
+if( sysVer != NULL)
+{
+  ## Windows XP
+  if(hotfix_check_sp(xp:4) > 0)
+  {
+    SP = get_kb_item("SMB/WinXP/ServicePack");
+    if("Service Pack 3" >< SP)
+    {
+      ##File Information is not available, so taken after applying patch
+      ## Check for Packager.exe version before 5.1.2600.6176
+      if(version_is_less(version:sysVer, test_version:"5.1.2600.6176")){
+         security_hole(0);
+      }
+      exit(0);
+    }
+    security_hole(0);
+  }
+
+  ## Windows 2003
+  else if(hotfix_check_sp(win2003:3) > 0)
+  {
+    SP = get_kb_item("SMB/Win2003/ServicePack");
+    if("Service Pack 2" >< SP)
+    {
+      ## Check for Packager.exe version before 5.2.3790.4936
+      if(version_is_less(version:sysVer, test_version:"5.2.3790.4936")){
+        security_hole(0);
+      }
+      exit(0);
+    }
+    security_hole(0);
+  }
+}
+
+##Get the Packager.dll version
+dllVer = fetch_file_version(sysPath, file_name:"system32\Packager.dll");
+if(!dllVer){
+  exit(0);
+}
+
+## Windows Vista and Windows Server 2008
+if(hotfix_check_sp(winVista:3, win2008:3) > 0)
+{
+  SP = get_kb_item("SMB/WinVista/ServicePack");
+
+  if(!SP) {
+    SP = get_kb_item("SMB/Win2008/ServicePack");
+  }
+
+  if("Service Pack 2" >< SP)
+  {
+    ## Check for Packager.dll version
+    if(version_is_less(version:dllVer, test_version:"6.0.6002.18542")||
+       version_in_range(version:dllVer, test_version:"6.0.6002.22000", test_version2:"6.0.6002.22742")){
+      security_hole(0);
+    }
+    exit(0);
+  }
+  security_hole(0);
+}
+
+## Windows 7
+else if(hotfix_check_sp(win7:2) > 0)
+{
+  ## Check for Packager.dll version
+  if(version_is_less(version:dllVer, test_version:"6.1.7600.16917") ||
+     version_in_range(version:dllVer, test_version:"6.1.7600.20000", test_version2:"6.1.7600.21093")||
+     version_in_range(version:dllVer, test_version:"6.1.7601.17000", test_version2:"6.1.7601.17726")||
+     version_in_range(version:dllVer, test_version:"6.1.7601.21000", test_version2:"6.1.7601.21862")){
+    security_hole(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_ms12-005.nasl
___________________________________________________________________
Name: svn:keywords
   + Revision Date Id

Added: trunk/openvas-plugins/scripts/secpod_ms12-006.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms12-006.nasl	2012-01-11 11:54:59 UTC (rev 12457)
+++ trunk/openvas-plugins/scripts/secpod_ms12-006.nasl	2012-01-11 14:30:57 UTC (rev 12458)
@@ -0,0 +1,180 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Microsoft Windows SSL/TLS Information Disclosure Vulnerability (2643584)
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright (c) 2012 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(902900);
+  script_version("$Revision$");
+  script_cve_id("CVE-2011-3389");
+  script_bugtraq_id(49778);
+  script_tag(name:"cvss_base", value:"5.8");
+  script_tag(name:"risk_factor", value:"High");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_tag(name:"creation_date", value:"2012-01-11 09:47:46 +0530 (Wed, 11 Jan 2012)");
+  script_name("Microsoft Windows SSL/TLS Information Disclosure Vulnerability (2643584)");
+  desc = "
+  Overview: This host has Important security update missing according to
+  Microsoft Bulletin MS12-006.
+
+  Vulnerability Insight:
+  A flaw exists is due to an error in Microsoft Windows SChannel (Secure Channel),
+  when modifying the way that the Windows Secure Channel (SChannel) component
+  sends and receives encrypted network packets.
+
+  Impact:
+  Successful exploitation of this issue may allow attackers to perform limited
+  man-in-the-middle attacks to inject data into the beginning of the
+  application protocol stream to execute HTTP transactions, bypass
+  authentication.
+
+  Impact Level: Windows
+
+  Affected Software/OS:
+  Microsoft Windows 7 Service Pack 1 and prior.
+  Microsoft Windows XP Service Pack 3 and prior.
+  Microsoft Windows 2K3 Service Pack 2 and prior.
+  Microsoft Windows Vista Service Pack 1/2 and prior.
+  Microsoft Windows Server 2008 Service Pack 1/2 and prior.
+
+  Fix:
+  Run Windows Update and update the listed hotfixes or download and
+  update mentioned hotfixes in the advisory from the below link,
+  http://technet.microsoft.com/en-us/security/bulletin/ms12-006
+
+  References:
+  http://support.microsoft.com/kb/2585542
+  http://technet.microsoft.com/en-us/security/bulletin/ms12-006 ";
+
+  script_description(desc);
+  script_summary("Check for the vulnerable file version");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2012 SecPod");
+  script_family("Windows : Microsoft Bulletins");
+  script_dependencies("secpod_reg_enum.nasl");
+  script_require_ports(139, 445);
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_reg.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+
+if(hotfix_check_sp(xp:4, win2003:3, winVista:3, win7:2, win2008:3) <= 0){
+  exit(0);
+}
+
+sysPath = smb_get_systemroot();
+if(!sysPath){
+  exit(0);
+}
+
+## Windows 2003
+if(hotfix_check_sp(win2003:3) > 0)
+{
+  ## Check for Hotfix 2638806 (MS12-006)
+  if(hotfix_missing(name:"2585542") == 1)
+  {
+    sysVer = fetch_file_version(sysPath, file_name:"system32\Schannel.dll");
+    if(sysVer)
+    {
+      SP = get_kb_item("SMB/Win2003/ServicePack");
+      if("Service Pack 2" >< SP)
+      {
+        ## Check for Schannel.dll version < 5.2.3790.4935
+        if(version_is_less(version:sysVer, test_version:"5.2.3790.4935")){
+          security_hole(0);
+        }
+        exit(0);
+      }
+      security_hole(0);
+    }
+  }
+  else if(hotfix_missing(name:"2638806") == 1)
+  {
+    security_hole(0);
+  }
+  exit(0);
+}
+
+## Check for Hotfix 2585542 (MS12-006)
+if(hotfix_missing(name:"2585542") == 0){
+  exit(0);
+}
+
+## Get Version from  file Schannel.dll
+sysVer = fetch_file_version(sysPath, file_name:"system32\Schannel.dll");
+if(!sysVer){
+  exit(0);
+}
+
+## Windows XP
+if(hotfix_check_sp(xp:4) > 0)
+{
+  SP = get_kb_item("SMB/WinXP/ServicePack");
+  if("Service Pack 3" >< SP)
+  {
+    ## Check for Schannel.dll version < 5.1.2600.6175
+    if(version_is_less(version:sysVer, test_version:"5.1.2600.6175")){
+      security_hole(0);
+    }
+    exit(0);
+  }
+  security_hole(0);
+}
+
+## Windows Vista and Windows Server 2008
+else if(hotfix_check_sp(winVista:3, win2008:3) > 0)
+{
+  SP = get_kb_item("SMB/WinVista/ServicePack");
+  if(!SP){
+    SP = get_kb_item("SMB/Win2008/ServicePack");
+  }
+
+  if("Service Pack 2" >< SP)
+  {
+    ## Check for Schannel.dll version
+    if(version_in_range(version:sysVer, test_version:"6.0.6002.18000", test_version2:"6.0.6002.18540")||
+       version_in_range(version:sysVer, test_version:"6.0.6002.22000", test_version2:"6.0.6002.22741")){
+      security_hole(0);
+    }
+    exit(0);
+  }
+  security_hole(0);
+}
+
+## Windows 7
+else if(hotfix_check_sp(win7:2) > 0)
+{
+  ## Grep for Schannel.dll version
+  if(version_is_less(version:sysVer, test_version:"6.1.7600.16915") ||
+     version_in_range(version:sysVer, test_version:"6.1.7600.21000", tes_version2:"6.1.7600.21091") ||
+     version_in_range(version:sysVer, test_version:"6.1.7601.17000", tes_version2:"6.1.7601.17724") ||
+     version_in_range(version:sysVer, test_version:"6.1.7601.21000", tes_version2:"6.1.7601.21860")){
+    security_hole(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_ms12-006.nasl
___________________________________________________________________
Name: svn:keywords
   + Revision Date Id

Added: trunk/openvas-plugins/scripts/secpod_ms12-007.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms12-007.nasl	2012-01-11 11:54:59 UTC (rev 12457)
+++ trunk/openvas-plugins/scripts/secpod_ms12-007.nasl	2012-01-11 14:30:57 UTC (rev 12458)
@@ -0,0 +1,113 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Microsoft AntiXSS Library Information Disclosure Vulnerability (2607664)
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(902785);
+  script_version("$Revision$");
+  script_cve_id("CVE-2012-0007");
+  script_bugtraq_id(51291);
+  script_tag(name:"cvss_base", value:"7.5");
+  script_tag(name:"risk_factor", value:"High");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_tag(name:"creation_date", value:"2012-01-11 13:30:24 +0530 (Wed, 11 Jan 2012)");
+  script_name("Microsoft AntiXSS Library Information Disclosure Vulnerability (2607664)");
+  desc = "
+  Overview: This host has important security update missing according to
+  Microsoft Bulletin MS12-007.
+
+  Vulnerability Insight:
+  The flaw is caused due to error in library which fails to properly filter
+  HTML code from user-supplied input. A remote user may be able to exploit a
+  target application that uses the library to cause arbitrary scripting code to
+  be executed by the target user's browser.
+
+  Impact:
+  Successful exploitation could allow attackers to bypass the filter and
+  conduct cross-site scripting attacks. Successful exploits may allow attackers
+  to execute arbitrary script code and steal cookie-based authentication
+  credentials.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Microsoft Anti-Cross Site Scripting Library version 3.x
+  Microsoft Anti-Cross Site Scripting Library version 4.0
+
+  Fix: Upgrade to Microsoft Anti-Cross Site Scripting Library version 4.2
+  For the updates refer, http://technet.microsoft.com/en-us/security/bulletin/ms12-007
+
+  References:
+  http://secunia.com/advisories/47516/
+  http://securitytracker.com/id/1026499
+  http://technet.microsoft.com/en-us/security/bulletin/ms12-007 ";
+
+  script_description(desc);
+  script_summary("Check for the version of Microsoft AntiXSS Library");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2012 SecPod");
+  script_family("Windows : Microsoft Bulletins");
+  script_dependencies("secpod_reg_enum.nasl");
+  script_require_keys("SMB/WindowsVersion");
+  script_require_ports(139, 445);
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+  exit(0);
+}
+
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
+if(!registry_key_exists(key:key)){
+  exit(0);
+}
+
+## Check for the Microsoft AntiXSS
+foreach item (registry_enum_keys(key:key))
+{
+  xssName = registry_get_sz(key:key + item, item:"DisplayName");
+  if("Microsoft AntiXSS" >< xssName ||
+     "Microsoft Anti-Cross Site Scripting Library" >< xssName)
+  {
+    ## Get the version for Microsoft AntiXSS
+    xssVer = registry_get_sz(key:key + item, item:"DisplayVersion");
+    if(xssVer)
+    {
+      ## Check for vulnerable versions of Microsoft AntiXSS
+      if(xssVer =~ "^3\.*" ||
+         version_in_range(version:xssVer, test_version:"4.0", test_version2:"4.1.0"))
+      {
+        security_hole(0);
+        exit(0);
+      }
+    }
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_ms12-007.nasl
___________________________________________________________________
Name: svn:keywords
   + Revision Date Id



More information about the Openvas-commits mailing list