[Openvas-commits] r12458 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Wed Jan 11 15:31:05 CET 2012
Author: antu123
Date: 2012-01-11 15:30:57 +0100 (Wed, 11 Jan 2012)
New Revision: 12458
Added:
trunk/openvas-plugins/scripts/secpod_ms12-001.nasl
trunk/openvas-plugins/scripts/secpod_ms12-002.nasl
trunk/openvas-plugins/scripts/secpod_ms12-003.nasl
trunk/openvas-plugins/scripts/secpod_ms12-004.nasl
trunk/openvas-plugins/scripts/secpod_ms12-005.nasl
trunk/openvas-plugins/scripts/secpod_ms12-006.nasl
trunk/openvas-plugins/scripts/secpod_ms12-007.nasl
Modified:
trunk/openvas-plugins/ChangeLog
Log:
Added new Microsoft Bulletin(January 2012) plugins
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2012-01-11 11:54:59 UTC (rev 12457)
+++ trunk/openvas-plugins/ChangeLog 2012-01-11 14:30:57 UTC (rev 12458)
@@ -1,3 +1,14 @@
+2012-01-11 Antu Sanadi <santu at secpod.com>
+
+ * scripts/secpod_ms12-001.nasl,
+ scripts/secpod_ms12-005.nasl,
+ scripts/secpod_ms12-002.nasl,
+ scripts/secpod_ms12-004.nasl,
+ scripts/secpod_ms12-007.nasl,
+ scripts/secpod_ms12-006.nasl,
+ scripts/secpod_ms12-003.nasl:
+ Added new Microsoft Bulletin(January 2012) plugins.
+
2012-01-11 Michael Meyer <michael.meyer at greenbone.net>
* scripts/gb_w_cms_51359.nasl,
Added: trunk/openvas-plugins/scripts/secpod_ms12-001.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms12-001.nasl 2012-01-11 11:54:59 UTC (rev 12457)
+++ trunk/openvas-plugins/scripts/secpod_ms12-001.nasl 2012-01-11 14:30:57 UTC (rev 12458)
@@ -0,0 +1,155 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Microsoft Windows Kernel Security Feature Bypass Vulnerability (2644615)
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(902783);
+ script_version("$Revision$");
+ script_bugtraq_id(51296);
+ script_cve_id("CVE-2012-0001");
+ script_tag(name:"cvss_base", value:"7.2");
+ script_tag(name:"risk_factor", value:"High");
+ script_tag(name:"creation_date", value:"2012-01-11 10:01:06 +0530 (Wed, 11 Jan 2012)");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_name("Microsoft Windows Kernel Security Feature Bypass Vulnerability (2644615)");
+ desc = "
+ Overview: This host has important security update missing according to
+ Microsoft Bulletin MS12-001.
+
+ Vulnerability Insight:
+ The flaw is caused due to an error in the way the kernel (ntdll.dll) loads
+ structured exception handling tables and allows bypassing the SafeSEH
+ security mechanism. This facilitates easier exploitation of other
+ vulnerabilities in affected applications to execute code.
+
+ Impact:
+ Successful exploitation could allow attackers to execute arbitrary code by
+ leveraging memory corruption vulnerabilities in Windows applications.
+
+ Impact Level: System
+
+ Affected Software/OS:
+ Micorsoft Windows 7 Service Pack 1 and prior.
+ Microsoft Windows 2003 Service Pack 2 and prior.
+ Microsoft Windows Vista Service Pack 2 and prior.
+ Microsoft Windows Server 2008 Service Pack 2 and prior.
+
+ Fix:
+ Run Windows Update and update the listed hotfixes or download and
+ update mentioned hotfixes in the advisory from the below link,
+ http://technet.microsoft.com/en-us/security/bulletin/ms12-001
+
+ References:
+ http://secunia.com/advisories/47356/
+ http://support.microsoft.com/kb/2644615
+ http://www.securitytracker.com/id/1026493
+ http://technet.microsoft.com/en-us/security/bulletin/ms12-001 ";
+
+ script_description(desc);
+ script_summary("Check for the vulnerable 'Ntdll.dll' file version");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2012 SecPod");
+ script_family("Windows : Microsoft Bulletins");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_ports(139, 445);
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_reg.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+## Check for OS and Service Pack
+if(hotfix_check_sp(win2003:3, winVista:3, win2008:3, win7:2) <= 0){
+ exit(0);
+}
+
+## MS12-001 Hotfix 2644615
+if(hotfix_missing(name:"2644615") == 0){
+ exit(0);
+}
+
+## Get System Path
+sysPath = smb_get_systemroot();
+if(!sysPath){
+ exit(0);
+}
+
+## Get Version for Ntdll.dll file
+dllVer = fetch_file_version(sysPath, file_name:"system32\Ntdll.dll");
+if(!dllVer){
+ exit(0);
+}
+
+## Windows 2003
+if(hotfix_check_sp(win2003:3) > 0)
+{
+ SP = get_kb_item("SMB/Win2003/ServicePack");
+ if("Service Pack 2" >< SP)
+ {
+ ## Check for Ntdll.dll version before 5.2.3790.4937
+ if(version_is_less(version:dllVer, test_version:"5.2.3790.4937")){
+ security_hole(0);
+ }
+ exit(0);
+ }
+ security_hole(0);
+}
+
+## Windows Vista and Windows Server 2008
+else if(hotfix_check_sp(winVista:3, win2008:3) > 0)
+{
+ SP = get_kb_item("SMB/WinVista/ServicePack");
+
+ if(!SP) {
+ SP = get_kb_item("SMB/Win2008/ServicePack");
+ }
+
+ if("Service Pack 2" >< SP)
+ {
+ ## Check for Ntdll.dll version
+ if(version_in_range(version:dllVer, test_version:"6.0.6002.18000", test_version2:"6.0.6002.18540")||
+ version_in_range(version:dllVer, test_version:"6.0.6002.22000", test_version2:"6.0.6002.22741")){
+ security_hole(0);
+ }
+ exit(0);
+ }
+ security_hole(0);
+}
+
+## Windows 7
+else if(hotfix_check_sp(win7:2) > 0)
+{
+ ## Check for Ntdll.dll version
+ if(version_is_less(version:dllVer, test_version:"6.1.7600.16915") ||
+ version_in_range(version:dllVer, test_version:"6.1.7600.20000", test_version2:"6.1.7600.21091")||
+ version_in_range(version:dllVer, test_version:"6.1.7601.17000", test_version2:"6.1.7601.17724")||
+ version_in_range(version:dllVer, test_version:"6.1.7601.21000", test_version2:"6.1.7601.21860")){
+ security_hole(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_ms12-001.nasl
___________________________________________________________________
Name: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/secpod_ms12-002.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms12-002.nasl 2012-01-11 11:54:59 UTC (rev 12457)
+++ trunk/openvas-plugins/scripts/secpod_ms12-002.nasl 2012-01-11 14:30:57 UTC (rev 12458)
@@ -0,0 +1,93 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Microsoft Windows Object Packager Remote Code Execution Vulnerability (2603381)
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(902784);
+ script_version("$Revision$");
+ script_bugtraq_id(51297);
+ script_cve_id("CVE-2012-0009");
+ script_tag(name:"cvss_base", value:"7.2");
+ script_tag(name:"risk_factor", value:"High");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-01-11 10:54:36 +0530 (Wed, 11 Jan 2012)");
+ script_name("Microsoft Windows Object Packager Remote Code Execution Vulnerability (2603381)");
+ desc = "
+ Overview: This host has important security update missing according to
+ Microsoft Bulletin MS12-002.
+
+ Vulnerability Insight:
+ The flaw is caused due to the way that Windows registers and uses Windows
+ Object Packager. This can be exploited to load an executable file
+ (packager.exe) in an insecure manner by tricking a user into opening a
+ Publisher file '.pub' containing an embedded packaged object located on a
+ remote WebDAV or SMB share.
+
+ Impact:
+ Successful exploitation could allow attackers to execute arbitrary code with
+ the privileges of the user running the affected application. Failed exploit
+ attempts will result in a denial-of-service condition.
+
+ Impact Level: System
+
+ Affected Software/OS:
+ Windows Windows XP Service Pack 3 and prior.
+ Microsoft Windows 2003 Service Pack 2 and prior.
+
+ Fix:
+ Run Windows Update and update the listed hotfixes or download and
+ update mentioned hotfixes in the advisory from the below link,
+ http://technet.microsoft.com/en-us/security/bulletin/ms12-002
+
+ References:
+ http://secunia.com/advisories/45189/
+ http://www.securitytracker.com/id/1026494
+ http://technet.microsoft.com/en-us/security/bulletin/ms12-002 ";
+
+ script_description(desc);
+ script_summary("Check for the hotfix");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2012 SecPod");
+ script_family("Windows : Microsoft Bulletins");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_ports(139, 445);
+ exit(0);
+}
+
+
+include("secpod_reg.inc");
+
+## Check for OS and Service Pack
+if(hotfix_check_sp(xp:4, win2003:3) <= 0){
+ exit(0);
+}
+
+## MS12-002 Hotfix 2603381
+## File information is not available
+## Checking for hotfix only
+if(hotfix_missing(name:"2603381") == 1){
+ security_hole(0);
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_ms12-002.nasl
___________________________________________________________________
Name: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/secpod_ms12-003.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms12-003.nasl 2012-01-11 11:54:59 UTC (rev 12457)
+++ trunk/openvas-plugins/scripts/secpod_ms12-003.nasl 2012-01-11 14:30:57 UTC (rev 12458)
@@ -0,0 +1,158 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# MS Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability (2646524)
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(902499);
+ script_version("$Revision$");
+ script_cve_id("CVE-2012-0005");
+ script_bugtraq_id(51270);
+ script_tag(name:"cvss_base", value:"7.2");
+ script_tag(name:"risk_factor", value:"High");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-01-11 08:42:52 +0530 (Wed, 11 Jan 2012)");
+ script_name("MS Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability (2646524)");
+ desc = "
+ Overview: This host has important security update missing according to
+ Microsoft Bulletin MS12-003.
+
+ Vulnerability Insight:
+ The flaw is caused due to an error in the Client/Server Run-time Subsystem
+ (CSRSS) when processing specially crafted sequences of unicode characters.
+
+ NOTE : This vulnerability can only be exploited on systems configured with
+ a Chinese, Japanese or Korean system locale.
+
+ Impact:
+ Successful exploitation could allow attacker to execute arbitrary code with
+ system-level privileges. Successfully exploiting this issue will result in
+ the complete compromise of affected computers.
+
+ Impact Level: System
+
+ Affected Software/OS:
+ Microsoft Windows XP Service Pack 3 and prior.
+ Microsoft Windows 2003 Service Pack 2 and prior.
+ Microsoft Windows Vista Service Pack 2 and prior.
+ Microsoft Windows Server 2008 Service Pack 2 and prior.
+
+ Fix:
+ Run Windows Update and update the listed hotfixes or download and
+ update mentioned hotfixes in the advisory from the below link,
+ http://technet.microsoft.com/en-us/security/bulletin/ms12-003
+
+ References:
+ http://secunia.com/advisories/47479/
+ http://support.microsoft.com/kb/2646524
+ http://technet.microsoft.com/en-us/security/bulletin/ms12-003 ";
+
+ script_description(desc);
+ script_summary("Check for the vulnerable 'winsrv.dll' file version");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2012 SecPod");
+ script_family("Windows : Microsoft Bulletins");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_ports(139, 445);
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_reg.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+## Check for OS and Service Pack
+if(hotfix_check_sp(xp:4, win2003:3, winVista:3, win2008:3) <= 0){
+ exit(0);
+}
+
+## MS12-003 Hotfix (2646524)
+if(hotfix_missing(name:"2646524") == 0){
+ exit(0);
+}
+
+## Get System Path
+sysPath = smb_get_systemroot();
+if(!sysPath){
+ exit(0);
+}
+
+## Get Version from winsrv.dll file
+sysVer = fetch_file_version(sysPath, file_name:"system32\winsrv.dll");
+if(sysVer)
+{
+ ## Windows XP
+ if(hotfix_check_sp(xp:4) > 0)
+ {
+ SP = get_kb_item("SMB/WinXP/ServicePack");
+ if("Service Pack 3" >< SP)
+ {
+ ## Check for winsrv.dll version < 5.1.2600.6179
+ if(version_is_less(version:sysVer, test_version:"5.1.2600.6179")){
+ security_hole(0);
+ }
+ exit(0);
+ }
+ security_hole(0);
+ }
+
+ ## Windows 2003
+ else if(hotfix_check_sp(win2003:3) > 0)
+ {
+ SP = get_kb_item("SMB/Win2003/ServicePack");
+ if("Service Pack 2" >< SP)
+ {
+ ## Check for winsrv.dll version < 5.2.3790.4940
+ if(version_is_less(version:sysVer, test_version:"5.2.3790.4940")){
+ security_hole(0);
+ }
+ exit(0);
+ }
+ security_hole(0);
+ }
+
+ ## Windows Vista and Windows Server 2008
+ else if(hotfix_check_sp(winVista:3, win2008:3) > 0)
+ {
+ SP = get_kb_item("SMB/WinVista/ServicePack");
+
+ if(!SP) {
+ SP = get_kb_item("SMB/Win2008/ServicePack");
+ }
+
+ if("Service Pack 2" >< SP)
+ {
+ ## Check for winsrv.dll version
+ if(version_in_range(version:sysVer, test_version:"6.0.6002.18000", test_version2:"6.0.6002.18544")||
+ version_in_range(version:sysVer, test_version:"6.0.6002.22000", test_version2:"6.0.6002.22746")){
+ security_hole(0);
+ }
+ exit(0);
+ }
+ security_hole(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_ms12-003.nasl
___________________________________________________________________
Name: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/secpod_ms12-004.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms12-004.nasl 2012-01-11 11:54:59 UTC (rev 12457)
+++ trunk/openvas-plugins/scripts/secpod_ms12-004.nasl 2012-01-11 14:30:57 UTC (rev 12458)
@@ -0,0 +1,200 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Microsoft Windows Media Could Allow Remote Code Execution Vulnerabilities (2636391)
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(902807);
+ script_version("$Revision$");
+ script_bugtraq_id(51292, 51295);
+ script_cve_id("CVE-2012-0003", "CVE-2012-0004");
+ script_tag(name:"cvss_base", value:"9.3");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-01-11 10:10:10 +0530 (Wed, 11 Jan 2012)");
+ script_name("Microsoft Windows Media Could Allow Remote Code Execution Vulnerabilities (2636391)");
+ desc = "
+ Overview: This host has critical security update missing according to
+ Microsoft Bulletin MS12-004.
+
+ Vulnerability Insight:
+ - An unspecified error in the Windows multimedia library (winmm.dll) when
+ parsing MIDI files can be exploited via a specially crafted file opened
+ in Windows Media Player.
+ - An unspecified error exists in the Line21 DirectShow filter (Quartz.dll
+ and Qdvd.dll) when parsing specially crafted media files.
+
+ Impact:
+ Successful exploitation will allow the attacker to execute arbitrary code in
+ the context of the user running the application which can compromise the
+ application and possibly the computer.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Micorsoft Windows 7 Service Pack 1 and prior.
+ Microsoft Windows XP Service Pack 3 and prior.
+ Microsoft Windows 2003 Service Pack 2 and prior.
+ Microsoft Windows Vista Service Pack 2 and prior.
+ Microsoft Windows Server 2008 Service Pack 2 and prior.
+ Microsoft Windows Media Center TV Pack for Windows Vista.
+
+ Fix:
+ Run Windows Update and update the listed hotfixes or download and
+ update mentioned hotfixes in the advisory from the below link,
+ http://technet.microsoft.com/en-us/security/bulletin/ms12-004
+
+ References:
+ http://secunia.com/advisories/47485
+ http://securitytracker.com/id/1026492
+ http://www.securelist.com/en/advisories/47485
+ http://technet.microsoft.com/en-us/security/bulletin/ms12-004 ";
+
+ script_description(desc);
+ script_summary("Check for the vulnerable file versions");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2012 SecPod");
+ script_family("Windows : Microsoft Bulletins");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_ports(139, 445);
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_reg.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+## Check for OS and Service Pack
+if(hotfix_check_sp(xp:4, win2003:3, winVista:3, win2008:3, win7:2) <= 0){
+ exit(0);
+}
+
+## MS12-004 Hotfix
+if(hotfix_missing(name:"2598479") == 0 && hotfix_missing(name:"2631813") == 0){
+ exit(0);
+}
+
+winName = get_kb_item("SMB/WindowsName");
+if("Windows Vista" >< winName)
+{
+ ## Confirm Windows Media Center TV Pack installed by checking version 5.1
+ ## http://msdn.microsoft.com/en-us/library/ms815274.aspx
+ mediaTVPackVer = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\Current" +
+ "Version\Media Center", item:"Ident");
+ if(hotfix_missing(name:"2628642") == 0){
+ exit(0);
+ }
+}
+
+## Get System Path
+sysPath = smb_get_systemroot();
+if(!sysPath){
+ exit(0);
+}
+
+## Get Version from Mciseq.dll file
+mciseqVer = fetch_file_version(sysPath, file_name:"system32\Mciseq.dll");
+quartzVer = fetch_file_version(sysPath, file_name:"system32\Quartz.dll");
+
+## Windows XP
+if(hotfix_check_sp(xp:4) > 0)
+{
+ SP = get_kb_item("SMB/WinXP/ServicePack");
+ if("Service Pack 3" >< SP)
+ {
+ ## Check for Mciseq.dll and Quartz.dll versions
+ if((mciseqVer && version_is_less(version:mciseqVer, test_version:"5.1.2600.6160"))||
+ (quartzVer && version_is_less(version:quartzVer, test_version:"6.5.2600.6169"))){
+ security_hole(0);
+ }
+ exit(0);
+ }
+ security_hole(0);
+}
+
+## Windows 2003
+else if(hotfix_check_sp(win2003:3) > 0)
+{
+ SP = get_kb_item("SMB/Win2003/ServicePack");
+ if("Service Pack 2" >< SP)
+ {
+ ## Check for Mciseq.dll and Quartz.dll versions
+ if((mciseqVer && version_is_less(version:mciseqVer, test_version:"5.2.3790.4916"))||
+ (quartzVer && version_is_less(version:quartzVer, test_version:"6.5.3790.4928"))){
+ security_hole(0);
+ }
+ exit(0);
+ }
+ security_hole(0);
+}
+
+## Windows Vista and Windows Server 2008
+else if(hotfix_check_sp(winVista:3, win2008:3) > 0)
+{
+ SP = get_kb_item("SMB/WinVista/ServicePack");
+
+ if(!SP) {
+ SP = get_kb_item("SMB/Win2008/ServicePack");
+ }
+
+ if(mediaTVPackVer && ("5.1" >< mediaTVPackVer))
+ {
+ ## Get Version from Mstvcapn.dll file
+ mstvVer = fetch_file_version(sysPath, file_name:"ehome\Mstvcapn.dll");
+ if(mstvVer && version_is_less(version:mstvVer, test_version:"6.1.1000.18311"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+ }
+
+ if("Service Pack 2" >< SP)
+ {
+ ## Check for Mciseq.dll and Quartz.dll versions
+ if((mciseqVer && (version_in_range(version:mciseqVer, test_version:"6.0.6002.18000", test_version2:"6.0.6002.18527")||
+ version_in_range(version:mciseqVer, test_version:"6.0.6002.22000", test_version2:"6.0.6002.22725"))) ||
+ (quartzVer && (version_in_range(version:quartzVer, test_version:"6.0.6002.18000", test_version2:"6.6.6002.18532")||
+ version_in_range(version:quartzVer, test_version:"6.6.6002.22000", test_version2:"6.6.6002.22731")))){
+ security_hole(0);
+ }
+ exit(0);
+ }
+ security_hole(0);
+}
+
+## Windows 7
+else if(hotfix_check_sp(win7:2) > 0)
+{
+ ## Check for Quartz.dll version
+ if(quartzVer &&
+ (version_is_less(version:quartzVer, test_version:"6.6.7600.16905")||
+ version_in_range(version:quartzVer, test_version:"6.6.7600.21000", test_version2:"6.6.7600.21076")||
+ version_in_range(version:quartzVer, test_version:"6.6.7601.17000", test_version2:"6.6.7601.17712")||
+ version_in_range(version:quartzVer, test_version:"6.6.7601.21000", test_version2:"6.6.7601.21846"))){
+ security_hole(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_ms12-004.nasl
___________________________________________________________________
Name: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/secpod_ms12-005.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms12-005.nasl 2012-01-11 11:54:59 UTC (rev 12457)
+++ trunk/openvas-plugins/scripts/secpod_ms12-005.nasl 2012-01-11 14:30:57 UTC (rev 12458)
@@ -0,0 +1,175 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Windows ClickOnce Application Installer Remote Code Execution Vulnerability (2584146)
+#
+# Authors:
+# Rachana Shetty <srachana at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(902657);
+ script_version("$Revision$");
+ script_cve_id("CVE-2012-0013");
+ script_bugtraq_id(51284);
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"risk_factor", value:"High");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-01-11 09:53:59 +0530 (Wed, 11 Jan 2012)");
+ script_name("Windows ClickOnce Application Installer Remote Code Execution Vulnerability (2584146)");
+ desc = "
+ Overview: This host has important security update missing according to
+ Microsoft Bulletin MS12-005.
+
+ Vulnerability Insight:
+ The flaw is caused due to an error within the Windows Packager when
+ loading ClickOnce applications embedded in Microsoft Office files.
+
+ Impact:
+ Successful exploitation could allow local attackers to run arbitrary code
+ and take complete control of an affected system. An attacker can gain
+ administrative rights.
+
+ Impact Level: System
+
+ Affected Software/OS:
+ Microsoft Windows 7 Service Pack 1 and prior.
+ Microsoft Windows XP Service Pack 3 and prior.
+ Microsoft Windows 2003 Service Pack 2 and prior.
+ Microsoft Windows Vista Service Pack 2 and prior.
+ Microsoft Windows Server 2008 Service Pack 2 and prior.
+
+ Fix:
+ Run Windows Update and update the listed hotfixes or download and
+ update mentioned hotfixes in the advisory from the below link,
+ http://technet.microsoft.com/en-us/security/bulletin/ms12-005
+
+ References:
+ http://secunia.com/advisories/47480
+ http://support.microsoft.com/kb/2584146
+ http://technet.microsoft.com/en-us/security/bulletin/ms12-005 ";
+
+ script_description(desc);
+ script_summary("Check for the vulnerable 'Packager.exe/Packager.dll' file version");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2012 SecPod");
+ script_family("Windows : Microsoft Bulletins");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_ports(139, 445);
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_reg.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+## Check for OS and Service Pack
+if(hotfix_check_sp(xp:4, win2003:3, winVista:3, win2008:3, win7:2) <= 0){
+ exit(0);
+}
+
+## MS12-005 Hotfix (2584146)
+if(hotfix_missing(name:"2584146") == 0){
+ exit(0);
+}
+
+## Get System Path
+sysPath = smb_get_systemroot();
+if(!sysPath){
+ exit(0);
+}
+
+## Get Version from Packager.exe file
+sysVer = fetch_file_version(sysPath, file_name:"system32\Packager.exe");
+if( sysVer != NULL)
+{
+ ## Windows XP
+ if(hotfix_check_sp(xp:4) > 0)
+ {
+ SP = get_kb_item("SMB/WinXP/ServicePack");
+ if("Service Pack 3" >< SP)
+ {
+ ##File Information is not available, so taken after applying patch
+ ## Check for Packager.exe version before 5.1.2600.6176
+ if(version_is_less(version:sysVer, test_version:"5.1.2600.6176")){
+ security_hole(0);
+ }
+ exit(0);
+ }
+ security_hole(0);
+ }
+
+ ## Windows 2003
+ else if(hotfix_check_sp(win2003:3) > 0)
+ {
+ SP = get_kb_item("SMB/Win2003/ServicePack");
+ if("Service Pack 2" >< SP)
+ {
+ ## Check for Packager.exe version before 5.2.3790.4936
+ if(version_is_less(version:sysVer, test_version:"5.2.3790.4936")){
+ security_hole(0);
+ }
+ exit(0);
+ }
+ security_hole(0);
+ }
+}
+
+##Get the Packager.dll version
+dllVer = fetch_file_version(sysPath, file_name:"system32\Packager.dll");
+if(!dllVer){
+ exit(0);
+}
+
+## Windows Vista and Windows Server 2008
+if(hotfix_check_sp(winVista:3, win2008:3) > 0)
+{
+ SP = get_kb_item("SMB/WinVista/ServicePack");
+
+ if(!SP) {
+ SP = get_kb_item("SMB/Win2008/ServicePack");
+ }
+
+ if("Service Pack 2" >< SP)
+ {
+ ## Check for Packager.dll version
+ if(version_is_less(version:dllVer, test_version:"6.0.6002.18542")||
+ version_in_range(version:dllVer, test_version:"6.0.6002.22000", test_version2:"6.0.6002.22742")){
+ security_hole(0);
+ }
+ exit(0);
+ }
+ security_hole(0);
+}
+
+## Windows 7
+else if(hotfix_check_sp(win7:2) > 0)
+{
+ ## Check for Packager.dll version
+ if(version_is_less(version:dllVer, test_version:"6.1.7600.16917") ||
+ version_in_range(version:dllVer, test_version:"6.1.7600.20000", test_version2:"6.1.7600.21093")||
+ version_in_range(version:dllVer, test_version:"6.1.7601.17000", test_version2:"6.1.7601.17726")||
+ version_in_range(version:dllVer, test_version:"6.1.7601.21000", test_version2:"6.1.7601.21862")){
+ security_hole(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_ms12-005.nasl
___________________________________________________________________
Name: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/secpod_ms12-006.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms12-006.nasl 2012-01-11 11:54:59 UTC (rev 12457)
+++ trunk/openvas-plugins/scripts/secpod_ms12-006.nasl 2012-01-11 14:30:57 UTC (rev 12458)
@@ -0,0 +1,180 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Microsoft Windows SSL/TLS Information Disclosure Vulnerability (2643584)
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright (c) 2012 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(902900);
+ script_version("$Revision$");
+ script_cve_id("CVE-2011-3389");
+ script_bugtraq_id(49778);
+ script_tag(name:"cvss_base", value:"5.8");
+ script_tag(name:"risk_factor", value:"High");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-01-11 09:47:46 +0530 (Wed, 11 Jan 2012)");
+ script_name("Microsoft Windows SSL/TLS Information Disclosure Vulnerability (2643584)");
+ desc = "
+ Overview: This host has Important security update missing according to
+ Microsoft Bulletin MS12-006.
+
+ Vulnerability Insight:
+ A flaw exists is due to an error in Microsoft Windows SChannel (Secure Channel),
+ when modifying the way that the Windows Secure Channel (SChannel) component
+ sends and receives encrypted network packets.
+
+ Impact:
+ Successful exploitation of this issue may allow attackers to perform limited
+ man-in-the-middle attacks to inject data into the beginning of the
+ application protocol stream to execute HTTP transactions, bypass
+ authentication.
+
+ Impact Level: Windows
+
+ Affected Software/OS:
+ Microsoft Windows 7 Service Pack 1 and prior.
+ Microsoft Windows XP Service Pack 3 and prior.
+ Microsoft Windows 2K3 Service Pack 2 and prior.
+ Microsoft Windows Vista Service Pack 1/2 and prior.
+ Microsoft Windows Server 2008 Service Pack 1/2 and prior.
+
+ Fix:
+ Run Windows Update and update the listed hotfixes or download and
+ update mentioned hotfixes in the advisory from the below link,
+ http://technet.microsoft.com/en-us/security/bulletin/ms12-006
+
+ References:
+ http://support.microsoft.com/kb/2585542
+ http://technet.microsoft.com/en-us/security/bulletin/ms12-006 ";
+
+ script_description(desc);
+ script_summary("Check for the vulnerable file version");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2012 SecPod");
+ script_family("Windows : Microsoft Bulletins");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_ports(139, 445);
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_reg.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+
+if(hotfix_check_sp(xp:4, win2003:3, winVista:3, win7:2, win2008:3) <= 0){
+ exit(0);
+}
+
+sysPath = smb_get_systemroot();
+if(!sysPath){
+ exit(0);
+}
+
+## Windows 2003
+if(hotfix_check_sp(win2003:3) > 0)
+{
+ ## Check for Hotfix 2638806 (MS12-006)
+ if(hotfix_missing(name:"2585542") == 1)
+ {
+ sysVer = fetch_file_version(sysPath, file_name:"system32\Schannel.dll");
+ if(sysVer)
+ {
+ SP = get_kb_item("SMB/Win2003/ServicePack");
+ if("Service Pack 2" >< SP)
+ {
+ ## Check for Schannel.dll version < 5.2.3790.4935
+ if(version_is_less(version:sysVer, test_version:"5.2.3790.4935")){
+ security_hole(0);
+ }
+ exit(0);
+ }
+ security_hole(0);
+ }
+ }
+ else if(hotfix_missing(name:"2638806") == 1)
+ {
+ security_hole(0);
+ }
+ exit(0);
+}
+
+## Check for Hotfix 2585542 (MS12-006)
+if(hotfix_missing(name:"2585542") == 0){
+ exit(0);
+}
+
+## Get Version from file Schannel.dll
+sysVer = fetch_file_version(sysPath, file_name:"system32\Schannel.dll");
+if(!sysVer){
+ exit(0);
+}
+
+## Windows XP
+if(hotfix_check_sp(xp:4) > 0)
+{
+ SP = get_kb_item("SMB/WinXP/ServicePack");
+ if("Service Pack 3" >< SP)
+ {
+ ## Check for Schannel.dll version < 5.1.2600.6175
+ if(version_is_less(version:sysVer, test_version:"5.1.2600.6175")){
+ security_hole(0);
+ }
+ exit(0);
+ }
+ security_hole(0);
+}
+
+## Windows Vista and Windows Server 2008
+else if(hotfix_check_sp(winVista:3, win2008:3) > 0)
+{
+ SP = get_kb_item("SMB/WinVista/ServicePack");
+ if(!SP){
+ SP = get_kb_item("SMB/Win2008/ServicePack");
+ }
+
+ if("Service Pack 2" >< SP)
+ {
+ ## Check for Schannel.dll version
+ if(version_in_range(version:sysVer, test_version:"6.0.6002.18000", test_version2:"6.0.6002.18540")||
+ version_in_range(version:sysVer, test_version:"6.0.6002.22000", test_version2:"6.0.6002.22741")){
+ security_hole(0);
+ }
+ exit(0);
+ }
+ security_hole(0);
+}
+
+## Windows 7
+else if(hotfix_check_sp(win7:2) > 0)
+{
+ ## Grep for Schannel.dll version
+ if(version_is_less(version:sysVer, test_version:"6.1.7600.16915") ||
+ version_in_range(version:sysVer, test_version:"6.1.7600.21000", tes_version2:"6.1.7600.21091") ||
+ version_in_range(version:sysVer, test_version:"6.1.7601.17000", tes_version2:"6.1.7601.17724") ||
+ version_in_range(version:sysVer, test_version:"6.1.7601.21000", tes_version2:"6.1.7601.21860")){
+ security_hole(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_ms12-006.nasl
___________________________________________________________________
Name: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/secpod_ms12-007.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms12-007.nasl 2012-01-11 11:54:59 UTC (rev 12457)
+++ trunk/openvas-plugins/scripts/secpod_ms12-007.nasl 2012-01-11 14:30:57 UTC (rev 12458)
@@ -0,0 +1,113 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Microsoft AntiXSS Library Information Disclosure Vulnerability (2607664)
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(902785);
+ script_version("$Revision$");
+ script_cve_id("CVE-2012-0007");
+ script_bugtraq_id(51291);
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"risk_factor", value:"High");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-01-11 13:30:24 +0530 (Wed, 11 Jan 2012)");
+ script_name("Microsoft AntiXSS Library Information Disclosure Vulnerability (2607664)");
+ desc = "
+ Overview: This host has important security update missing according to
+ Microsoft Bulletin MS12-007.
+
+ Vulnerability Insight:
+ The flaw is caused due to error in library which fails to properly filter
+ HTML code from user-supplied input. A remote user may be able to exploit a
+ target application that uses the library to cause arbitrary scripting code to
+ be executed by the target user's browser.
+
+ Impact:
+ Successful exploitation could allow attackers to bypass the filter and
+ conduct cross-site scripting attacks. Successful exploits may allow attackers
+ to execute arbitrary script code and steal cookie-based authentication
+ credentials.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Microsoft Anti-Cross Site Scripting Library version 3.x
+ Microsoft Anti-Cross Site Scripting Library version 4.0
+
+ Fix: Upgrade to Microsoft Anti-Cross Site Scripting Library version 4.2
+ For the updates refer, http://technet.microsoft.com/en-us/security/bulletin/ms12-007
+
+ References:
+ http://secunia.com/advisories/47516/
+ http://securitytracker.com/id/1026499
+ http://technet.microsoft.com/en-us/security/bulletin/ms12-007 ";
+
+ script_description(desc);
+ script_summary("Check for the version of Microsoft AntiXSS Library");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2012 SecPod");
+ script_family("Windows : Microsoft Bulletins");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_keys("SMB/WindowsVersion");
+ script_require_ports(139, 445);
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+ exit(0);
+}
+
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
+if(!registry_key_exists(key:key)){
+ exit(0);
+}
+
+## Check for the Microsoft AntiXSS
+foreach item (registry_enum_keys(key:key))
+{
+ xssName = registry_get_sz(key:key + item, item:"DisplayName");
+ if("Microsoft AntiXSS" >< xssName ||
+ "Microsoft Anti-Cross Site Scripting Library" >< xssName)
+ {
+ ## Get the version for Microsoft AntiXSS
+ xssVer = registry_get_sz(key:key + item, item:"DisplayVersion");
+ if(xssVer)
+ {
+ ## Check for vulnerable versions of Microsoft AntiXSS
+ if(xssVer =~ "^3\.*" ||
+ version_in_range(version:xssVer, test_version:"4.0", test_version2:"4.1.0"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+ }
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_ms12-007.nasl
___________________________________________________________________
Name: svn:keywords
+ Revision Date Id
More information about the Openvas-commits
mailing list