[Openvas-commits] r13145 - in trunk/openvas-plugins: . scripts
scm-commit at wald.intevation.org
scm-commit at wald.intevation.org
Tue Mar 27 15:29:41 CEST 2012
Author: antu123
Date: 2012-03-27 15:29:40 +0200 (Tue, 27 Mar 2012)
New Revision: 13145
Added:
trunk/openvas-plugins/scripts/secpod_ms_windows_sp_mult_vuln.nasl
trunk/openvas-plugins/scripts/secpod_ricoh_dc_dl10_ftp_user_bof_vuln.nasl
trunk/openvas-plugins/scripts/secpod_ssl_ciphers_medium_report.nasl
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/scripts/gb_ms_fraudulent_digital_cert_spoofing_vuln.nasl
trunk/openvas-plugins/scripts/gb_ms_win_fraudulent_digital_cert_spoofing_vuln.nasl
trunk/openvas-plugins/scripts/secpod_ms11-007.nasl
trunk/openvas-plugins/scripts/secpod_ms11-032.nasl
trunk/openvas-plugins/scripts/secpod_ms_fraudulent_digital_certificates_sooping_vuln.nasl
trunk/openvas-plugins/scripts/secpod_ssl_ciphers.inc
trunk/openvas-plugins/scripts/secpod_ssl_ciphers.nasl
trunk/openvas-plugins/scripts/smb_reg_service_pack.nasl
Log:
Added new plugins, Fixed FP and Deprecated plugins
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2012-03-27 12:13:17 UTC (rev 13144)
+++ trunk/openvas-plugins/ChangeLog 2012-03-27 13:29:40 UTC (rev 13145)
@@ -1,3 +1,35 @@
+2012-03-27 Antu Sanadi <santu at secpod.com>
+
+ * scripts/secpod_ms_windows_sp_mult_vuln.nasl,
+ scripts/secpod_ricoh_dc_dl10_ftp_user_bof_vuln.nasl,
+ scripts/secpod_ssl_ciphers_medium_report.nasl:
+ Added new plugins.
+
+ * scripts/secpod_ssl_ciphers.inc:
+ Updated with cipher strength based on encryption.
+
+ * scripts/secpod_ssl_ciphers.nasl:
+ Updated to detect medium ciphers.
+
+ * scripts/secpod_ms_fraudulent_digital_certificates_sooping_vuln.nasl:
+ Deprecated,addressed in gb_ms_windows_fraudulent_digital_cert_spoofing_vuln.nasl
+
+ * scripts/gb_ms_win_fraudulent_digital_cert_spoofing_vuln.nasl:
+ Deprecated,superseded by KB2641690 which is addressed
+ in gb_ms_fraudulent_digital_cert_spoofing_vuln.nasl
+
+ * scripts/gb_ms_fraudulent_digital_cert_spoofing_vuln.nasl:
+ Updated hotfix_missing()function.
+
+ * scripts/smb_reg_service_pack.nasl:
+ Updated to set KB if service pack is not installed
+ Removed the cve and covered in secpod_ms_windows_sp_mult_vuln.nasl
+
+ * scripts/secpod_ms11-032.nasl,
+ scripts/secpod_ms11-007.nasl:
+ Fixed FP, Removed the version check for the file Fontsub.dll
+ As it was not proper for windows 7 and Used smb_get_systemroot()
+
2012-03-26 Antu Sanadi <santu at secpod.com>
* scripts/gb_ubuntu_USN_1401_2.nasl,
Modified: trunk/openvas-plugins/scripts/gb_ms_fraudulent_digital_cert_spoofing_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ms_fraudulent_digital_cert_spoofing_vuln.nasl 2012-03-27 12:13:17 UTC (rev 13144)
+++ trunk/openvas-plugins/scripts/gb_ms_fraudulent_digital_cert_spoofing_vuln.nasl 2012-03-27 13:29:40 UTC (rev 13145)
@@ -1,6 +1,6 @@
###############################################################################
# OpenVAS Vulnerability Test
-# $Id: gb_ms_fraudulent_digital_cert_spoofing_vuln.nasl 18472 2011-11-11 12:40:05Z nov $
+# $Id$
#
# MS Windows Fraudulent Digital Certificates Spoofing Vulnerability (2641690)
#
@@ -88,6 +88,6 @@
}
## Check Hotfix 2641690
-if((hotfix_missing(name:"2641690") == 1)){
+if(!(hotfix_missing(name:"2641690") == 0)){
security_warning(0);
}
Property changes on: trunk/openvas-plugins/scripts/gb_ms_fraudulent_digital_cert_spoofing_vuln.nasl
___________________________________________________________________
Modified: svn:keywords
- Revision Date
+ Revision Date Id
Modified: trunk/openvas-plugins/scripts/gb_ms_win_fraudulent_digital_cert_spoofing_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ms_win_fraudulent_digital_cert_spoofing_vuln.nasl 2012-03-27 12:13:17 UTC (rev 13144)
+++ trunk/openvas-plugins/scripts/gb_ms_win_fraudulent_digital_cert_spoofing_vuln.nasl 2012-03-27 13:29:40 UTC (rev 13145)
@@ -28,12 +28,17 @@
{
script_id(801975);
script_version("$Revision$");
+ script_tag(name:"deprecated", value:TRUE);
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-09-09 17:36:48 +0200 (Fri, 09 Sep 2011)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"risk_factor", value:"Medium");
script_name("Fraudulent Digital Certificates Spoofing Vulnerability (2607712)");
desc = "
+ This NVT has been superseded by KB2641690 Which is addressed in NVT
+ gb_ms_fraudulent_digital_cert_spoofing_vuln.nasl (OID:1.3.6.1.4.1.25623.1.0.802403).
+
+
Overview: The host is installed with Microsoft Windows operating system and
is prone to spoofing vulnerability.
@@ -73,6 +78,8 @@
exit(0);
}
+exit(66); ## This NVT is deprecated asit is superseded by KB2641690
+ ## Which is addressed in gb_ms_fraudulent_digital_cert_spoofing_vuln.nasl
include("smb_nt.inc");
include("secpod_reg.inc");
Modified: trunk/openvas-plugins/scripts/secpod_ms11-007.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms11-007.nasl 2012-03-27 12:13:17 UTC (rev 13144)
+++ trunk/openvas-plugins/scripts/secpod_ms11-007.nasl 2012-03-27 13:29:40 UTC (rev 13145)
@@ -94,94 +94,40 @@
}
## Get System32 path
-sysPath = registry_get_sz(key:"SOFTWARE\Microsoft\COM3\Setup",
- item:"Install Path");
-if(sysPath)
+sysPath = smb_get_systemroot();
+if(!sysPath ){
+ exit(0);
+}
+
+dllVer = fetch_file_version(sysPath, file_name:"system32\Atmfd.dll");
+if(!dllVer){
+ exit(0);
+}
+
+if(hotfix_check_sp(xp:4, winVista:3, win2008:3) > 0)
{
- dllVer = fetch_file_version(sysPath, file_name:"Atmfd.dll");
- if(dllVer)
+ # Grep for Atmfd.dll version < 5.1.2.231
+ if(version_is_less(version:dllVer, test_version:"5.1.2.231"))
{
- # Windows XP
- if(hotfix_check_sp(xp:4) > 0)
- {
- SP = get_kb_item("SMB/WinXP/ServicePack");
- if("Service Pack 3" >< SP)
- {
- # Grep for Atmfd.dll version < 5.1.2.231
- if(version_is_less(version:dllVer, test_version:"5.1.2.231")){
- security_hole(0);
- }
- exit(0);
- }
- security_hole(0);
- }
-
- # Windows 2003
- else if(hotfix_check_sp(win2003:3) > 0)
- {
- SP = get_kb_item("SMB/Win2003/ServicePack");
- if("Service Pack 2" >< SP)
- {
- # Grep for Atmfd.dll version < 5.2.2.231
- if(version_is_less(version:dllVer, test_version:"5.2.2.231")){
- security_hole(0);
- }
- exit(0);
- }
- security_hole(0);
- }
+ security_hole(0);
+ exit(0);
}
}
-## Get System32 path for Windows 2008 server and vista
-sysPath = registry_get_sz(key:"SOFTWARE\Microsoft\Windows NT\CurrentVersion",
- item:"PathName");
-if(sysPath)
+if(hotfix_check_sp(win7:2) > 0)
{
- dllVer = fetch_file_version(sysPath, file_name:"System32\Fontsub.dll");
- if(dllVer)
+ # Grep for Atmfd.dll version < 5.1.2.232
+ if(version_is_less(version:dllVer, test_version:"5.1.2.232"))
{
- # Windows Vista and 2008 server
- if(hotfix_check_sp(winVista:3, win2008:3) > 0)
- {
- SP = get_kb_item("SMB/WinVista/ServicePack");
+ security_hole(0);
+ exit(0);
+ }
+}
- if(!SP) {
- SP = get_kb_item("SMB/Win2008/ServicePack");
- }
-
- if("Service Pack 1" >< SP)
- {
- # Grep for Fontsub.dll version
- if(version_in_range(version:dllVer, test_version:"6.0.6001.18000", test_version2:"6.0.6001.18492")||
- version_in_range(version:dllVer, test_version:"6.0.6001.22000", test_version2:"6.0.6001.22829")){
- security_hole(0);
- }
- exit(0);
- }
-
- if("Service Pack 2" >< SP)
- {
- # Grep for Fontsub.dll version
- if(version_in_range(version:dllVer, test_version:"6.0.6002.18000", test_version2:"6.0.6002.18271")||
- version_in_range(version:dllVer, test_version:"6.0.6002.22000", test_version2:"6.0.6002.22565")){
- security_hole(0);
- }
- exit(0);
- }
- security_hole(0);
- }
-
- # Windows 7
- else if(hotfix_check_sp(win7:2) > 0)
- {
- ## Check for Fontsub.dll version
- if(version_in_range(version:dllVer, test_version:"6.1.7600.16000", test_version2:"6.1.7600.16443")||
- version_in_range(version:dllVer, test_version:"6.1.7600.20000", test_version2:"6.1.7600.20874")||
- version_in_range(version:dllVer, test_version:"6.1.7601.17000", test_version2:"6.1.7601.17104")||
- version_in_range(version:dllVer, test_version:"6.1.7601.17000", test_version2:"6.1.7601.17513")){
- security_hole(0);
- }
- }
+if(hotfix_check_sp(win2003:3) > 0)
+{
+ # Grep for Atmfd.dll version < 5.2.2.231
+ if(version_is_less(version:dllVer, test_version:"5.2.2.231")){
+ security_hole(0);
}
}
Property changes on: trunk/openvas-plugins/scripts/secpod_ms11-007.nasl
___________________________________________________________________
Modified: svn:keywords
- Author Date Id Revision
+ Revision Date Id
Modified: trunk/openvas-plugins/scripts/secpod_ms11-032.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms11-032.nasl 2012-03-27 12:13:17 UTC (rev 13144)
+++ trunk/openvas-plugins/scripts/secpod_ms11-032.nasl 2012-03-27 13:29:40 UTC (rev 13145)
@@ -48,7 +48,7 @@
Successful exploitation will allow remote attackers execute arbitrary code
via a malicious OpenType font, or by local attackers to gain elevated
privileges.
-
+
Impact Level: System/Application
Affected Software/OS:
@@ -62,7 +62,7 @@
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/Bulletin/MS11-032.mspx
-
+
References:
http://secunia.com/advisories/43836/
http://www.vupen.com/english/advisories/2011/0950
@@ -89,100 +89,46 @@
exit(0);
}
-## MS11-032 Hotfix
+## MS11-032 Hotfix
if((hotfix_missing(name:"2507618") == 0)){
exit(0);
}
## Get System32 path
-sysPath = registry_get_sz(key:"SOFTWARE\Microsoft\COM3\Setup",
- item:"Install Path");
-if(sysPath)
+sysPath = smb_get_systemroot();
+if(!sysPath ){
+ exit(0);
+}
+
+dllVer = fetch_file_version(sysPath, file_name:"system32\Atmfd.dll");
+if(!dllVer){
+ exit(0);
+}
+
+if(hotfix_check_sp(xp:4, winVista:3, win2008:3) > 0)
{
- dllVer = fetch_file_version(sysPath, file_name:"Atmfd.dll");
- if(dllVer)
+ # Grep for Atmfd.dll version < 5.1.2.232
+ if(version_is_less(version:dllVer, test_version:"5.1.2.232"))
{
- # Windows XP
- if(hotfix_check_sp(xp:4) > 0)
- {
- SP = get_kb_item("SMB/WinXP/ServicePack");
- if("Service Pack 3" >< SP)
- {
- # Grep for Atmfd.dll version < 5.1.2.232
- if(version_is_less(version:dllVer, test_version:"5.1.2.232")){
- security_hole(0);
- }
- exit(0);
- }
- security_hole(0);
- }
-
- # Windows 2003
- else if(hotfix_check_sp(win2003:3) > 0)
- {
- SP = get_kb_item("SMB/Win2003/ServicePack");
- if("Service Pack 2" >< SP)
- {
- # Grep for Atmfd.dll version < 5.2.2.232
- if(version_is_less(version:dllVer, test_version:"5.2.2.232")){
- security_hole(0);
- }
- exit(0);
- }
- security_hole(0);
- }
+ security_hole(0);
+ exit(0);
}
}
-## Get System32 path for Windows 2008 server and vista
-sysPath = registry_get_sz(key:"SOFTWARE\Microsoft\Windows NT\CurrentVersion",
- item:"PathName");
-if(sysPath)
+if(hotfix_check_sp(win7:2) > 0)
{
- dllVer = fetch_file_version(sysPath, file_name:"System32\Fontsub.dll");
- if(dllVer)
+ # Grep for Atmfd.dll version < 5.1.2.234
+ if(version_is_less(version:dllVer, test_version:"5.1.2.234"))
{
- # Windows Vista and 2008 server
- if(hotfix_check_sp(winVista:3, win2008:3) > 0)
- {
- SP = get_kb_item("SMB/WinVista/ServicePack");
+ security_hole(0);
+ exit(0);
+ }
+}
- if(!SP) {
- SP = get_kb_item("SMB/Win2008/ServicePack");
- }
-
- if("Service Pack 1" >< SP)
- {
- # Grep for Fontsub.dll version
- if(version_in_range(version:dllVer, test_version:"6.0.6001.18000", test_version2:"6.0.6001.18492")||
- version_in_range(version:dllVer, test_version:"6.0.6001.22000", test_version2:"6.0.6001.22853")){
- security_hole(0);
- }
- exit(0);
- }
-
- if("Service Pack 2" >< SP)
- {
- # Grep for Fontsub.dll version
- if(version_in_range(version:dllVer, test_version:"6.0.6002.18000", test_version2:"6.0.6002.18271")||
- version_in_range(version:dllVer, test_version:"6.0.6002.22000", test_version2:"6.0.6002.22588")){
- security_hole(0);
- }
- exit(0);
- }
- security_hole(0);
- }
-
- # Windows 7
- else if(hotfix_check_sp(win7:2) > 0)
- {
- ## Check for Fontsub.dll version 6.1.7601.17514
- if(version_is_less(version:dllVer, test_version:"6.1.7600.16444")||
- version_in_range(version:dllVer, test_version:"6.1.7600.20000", test_version2:"6.1.7600.20904")||
- version_in_range(version:dllVer, test_version:"6.1.7601.17000", test_version2:"6.1.7601.17104")||
- version_in_range(version:dllVer, test_version:"6.1.7601.17000", test_version2:"6.1.7601.17513")){
- security_hole(0);
- }
- }
+if(hotfix_check_sp(win2003:3) > 0)
+{
+ # Grep for Atmfd.dll version < 5.2.2.232
+ if(version_is_less(version:dllVer, test_version:"5.2.2.232")){
+ security_hole(0);
}
}
Property changes on: trunk/openvas-plugins/scripts/secpod_ms11-032.nasl
___________________________________________________________________
Modified: svn:keywords
- Author Date Id Revision
+ Revision Date Id
Modified: trunk/openvas-plugins/scripts/secpod_ms_fraudulent_digital_certificates_sooping_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms_fraudulent_digital_certificates_sooping_vuln.nasl 2012-03-27 12:13:17 UTC (rev 13144)
+++ trunk/openvas-plugins/scripts/secpod_ms_fraudulent_digital_certificates_sooping_vuln.nasl 2012-03-27 13:29:40 UTC (rev 13145)
@@ -28,6 +28,7 @@
{
script_id(902403);
script_version("$Revision$");
+ script_tag(name:"deprecated", value:TRUE);
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-04-01 15:39:52 +0200 (Fri, 01 Apr 2011)");
script_tag(name:"cvss_base", value:"10.0");
@@ -35,6 +36,9 @@
script_name("Microsoft Windows Fraudulent Digital Certificates Spoofing Vulnerability");
desc = "
Overview:
+ This NVT has been replaced by NVT gb_ms_windows_fraudulent_digital_cert_spoofing_vuln.nasl
+ (OID:1.3.6.1.4.1.25623.1.0.801953).
+
The host is installed with Microsoft Windows operating system and is prone to
Spoofing vulnerability.
@@ -78,6 +82,9 @@
}
+exit(66); ## This NVT is deprecated as addressed in
+ ## gb_ms_windows_fraudulent_digital_cert_spoofing_vuln.nasl.
+
include("smb_nt.inc");
include("secpod_reg.inc");
Added: trunk/openvas-plugins/scripts/secpod_ms_windows_sp_mult_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms_windows_sp_mult_vuln.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/secpod_ms_windows_sp_mult_vuln.nasl 2012-03-27 13:29:40 UTC (rev 13145)
@@ -0,0 +1,179 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Microsoft Windows Service Pack Missing Multiple Vulnerabilities
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(902909);
+ script_version("$Revision$");
+ script_cve_id("CVE-1999-0662");
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-03-27 12:06:13 +0530 (Tue, 27 Mar 2012)");
+ script_name("Microsoft Windows Service Pack Missing Multiple Vulnerabilities");
+ desc = "
+ Overview: This host is installed Microsoft Windows and is prone to multiple
+ vulnerabilities.
+
+ Vulnerability Insight:
+ The flaws are caused due to a system critical service pack not installed or
+ is outdated or obsolete.
+
+ Impact:
+ Successful exploitation will let the remote attackers to compromise a
+ vulnerable system.
+
+ Impact Level: System
+
+ Affected Software/OS:
+ Microsoft Windows 7
+ Microsoft Windows 2K SP3 and prior
+ Microsoft Windows XP SP2 and prior
+ Microsoft Windows 2K3 SP1 and prior
+ Microsoft Windows Vista SP1 and prior
+ Microsoft Windows Server 2008 SP1 and prior
+
+ Fix Apply the latest Service Pack,
+ For Updated refer, http://www.microsoft.com/
+
+ References:
+ http://xforce.iss.net/xforce/xfdb/1233
+ http://www.cvedetails.com/cve/CVE-1999-0662/
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0662 ";
+
+ script_description(desc);
+ script_summary("Check for the Microsoft Windows Service Pack version");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2012 SecPod");
+ script_family("Windows");
+ script_dependencies("smb_reg_service_pack.nasl");
+ script_require_keys("SMB/WindowsVersion", "SMB/WindowsName", "SMB/Windows/ServicePack",
+ "SMB/Win2008/ServicePack", "SMB/Win7/ServicePack", "SMB/Win2K/ServicePack",
+ "SMB/WinXP/ServicePack", "SMB/Win2003/ServicePack", "SMB/WinVista/ServicePack");
+ exit(0);
+}
+
+include("version_func.inc");
+
+No_SP = "";
+winName = "";
+spVer = "" ;
+SP = "";
+ver = "";
+
+winName = get_kb_item("SMB/WindowsName");
+if(!winName){
+ exit(0);
+}
+
+## Check if service pack is installed or not
+No_SP = get_kb_item("SMB/Windows/ServicePack");
+if(No_SP == "0")
+{
+ security_hole(0);
+ exit(0);
+}
+
+## Get the service pack version
+function check_sp(SP)
+{
+ if("Service Pack" >< SP)
+ {
+ spVer = eregmatch(pattern:"Service Pack ([0-9.]+)", string:SP);
+ if(spVer[1]){
+ return spVer[1];
+ }
+ else return 0;
+ }
+}
+
+## Check service pack version for Windows XP
+SP = get_kb_item("SMB/WinXP/ServicePack");
+if(SP && (ver = check_sp(SP)))
+{
+ if(version_is_less(version:ver, test_version:"3"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
+
+## Check service pack version for Windows server 2003
+SP = get_kb_item("SMB/Win2003/ServicePack");
+if(SP && (ver = check_sp(SP)))
+{
+ if(version_is_less(version:ver, test_version:"2"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
+
+
+## Check service pack version for Windows Vista
+SP = get_kb_item("SMB/WinVista/ServicePack");
+if(SP && (ver = check_sp(SP)))
+{
+ if(version_is_less(version:ver, test_version:"2"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
+
+## Check service pack version for Windows Server 2008
+SP = get_kb_item("SMB/Win2008/ServicePack");
+if(SP && (ver = check_sp(SP)))
+{
+ if(version_is_less(version:ver, test_version:"2"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
+
+## Check service pack version for Windows 7
+SP = get_kb_item("SMB/Win7/ServicePack");
+if(SP && (ver = check_sp(SP)))
+{
+ if(version_is_less(version:ver, test_version:"1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
+
+## Check service pack version for Windows 2000
+SP = get_kb_item("SMB/Win2K/ServicePack");
+if(SP && (ver = check_sp(SP)))
+{
+ if(version_is_less(version:ver, test_version:"4"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_ms_windows_sp_mult_vuln.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/secpod_ricoh_dc_dl10_ftp_user_bof_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ricoh_dc_dl10_ftp_user_bof_vuln.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/secpod_ricoh_dc_dl10_ftp_user_bof_vuln.nasl 2012-03-27 13:29:40 UTC (rev 13145)
@@ -0,0 +1,126 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Ricoh DC Software DL-10 FTP Server 'USER' Command Buffer Overflow Vulnerability
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(902821);
+ script_bugtraq_id(52235);
+ script_version("$Revision$");
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"risk_factor", value:"High");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-03-26 14:14:14 +0530 (Mon, 26 Mar 2012)");
+ script_name("Ricoh DC Software DL-10 FTP Server 'USER' Command Buffer Overflow Vulnerability");
+ desc = "
+ Overview: This host is running Ricoh DC Software DL-10 FTP Server and is
+ prone to buffer overflow vulnerability.
+
+ Vulnerability Insight:
+ The flaw is caused by improper bounds checking by the FTP server when
+ processing malicious FTP commands. This can be exploited to cause a
+ stack-based buffer overflow via an overly long 'USER' FTP command.
+
+ Impact:
+ Successful exploitation may allow remote attackers to execute arbitrary code
+ within the context of the affected application. Failed exploit attempts will
+ result in a denial-of-service condition.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Ricoh DC Software DL-10 version 4.5.0.1
+
+ Fix: No solution/patch is available as on 26th March, 2012. Information
+ regarding this issue will updated once the solution details are available.
+ For updates refer, http://www.ricoh.com/r_dc/download/sw/win/08.html
+
+ References:
+ http://osvdb.org/79691
+ http://secunia.com/advisories/47912
+ http://security.inshell.net/advisory/5
+ http://www.securityfocus.com/bid/52235
+ http://xforce.iss.net/xforce/xfdb/73591
+ http://www.exploit-db.com/exploits/18643
+ http://www.exploit-db.com/exploits/18658 ";
+
+ script_description(desc);
+ script_summary("Determine if Ricoh DC Software DL-10 FTP Server is prone to buffer overflow");
+ script_category(ACT_DENIAL);
+ script_copyright("Copyright (C) 2012 SecPod");
+ script_family("FTP");
+ script_require_ports("Services/ftp", 21);
+ exit(0);
+}
+
+
+include("ftp_func.inc");
+
+## Variable Initialization
+soc = 0;
+soc1 = 0;
+banner = "";
+exploit = "";
+ftpPort = 0;
+
+## Get the default port of FTP
+ftpPort = get_kb_item("Services/ftp");
+if(! ftpPort){
+ ftpPort = 21;
+}
+
+## check port status
+if(! get_port_state(ftpPort)){
+ exit(0);
+}
+
+## Confirm the Application
+banner = get_ftp_banner(port:ftpPort);
+if(! banner || "DSC ftpd" >!< banner){
+ exit(0);
+}
+
+## Open FTP Socket
+soc = open_sock_tcp(ftpPort);
+if(! soc){
+ exit(0);
+}
+
+## Build Exploit
+exploit = "USER " + crap(300);
+
+## Send the Attack Request
+ftp_send_cmd(socket:soc, cmd:exploit);
+ftp_close(socket:soc);
+sleep (2);
+
+## Open the socket to confirm FTP server is alive
+soc1 = open_sock_tcp(ftpPort);
+if(! soc1)
+{
+ security_hole(ftpPort);
+ exit(0);
+}
+ftp_close(socket:soc1);
Property changes on: trunk/openvas-plugins/scripts/secpod_ricoh_dc_dl10_ftp_user_bof_vuln.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Modified: trunk/openvas-plugins/scripts/secpod_ssl_ciphers.inc
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ssl_ciphers.inc 2012-03-27 12:13:17 UTC (rev 13144)
+++ trunk/openvas-plugins/scripts/secpod_ssl_ciphers.inc 2012-03-27 13:29:40 UTC (rev 13145)
@@ -1,6 +1,6 @@
###############################################################################
# OpenVAS Vulnerability Test
-# $Id: secpod_ssl_ciphers.inc 2010-04-13 10:10:09Z apr $
+# $Id$
#
# Check SSL Weak Ciphers and Supported Ciphers
#
@@ -40,11 +40,11 @@
sslv2_ciphers_disply = make_list
(
- "SSL2_RC4_128_MD5 : SSL_NOT_EXP",
+ "SSL2_RC4_128_MD5 : SSL_NOT_EXP : High Cipher",
"SSL2_RC4_128_EXPORT40_WITH_MD5 : SSL_EXPORT : Weak Cipher",
- "SSL2_RC2_CBC_128_CBC_WITH_MD5 : SSL_NOT_EXP",
+ "SSL2_RC2_CBC_128_CBC_WITH_MD5 : SSL_NOT_EXP : High Cipher",
"SSL2_RC2_CBC_128_CBC_EXPORT40_WITH_MD5 : SSL_EXPORT : Weak Cipher",
- "SSL2_IDEA_128_CBC_WITH_MD5 : SSL_NOT_EXP",
+ "SSL2_IDEA_128_CBC_WITH_MD5 : SSL_NOT_EXP : High Cipher",
"SSL2_UNKNOWN : UNKNOWN"
);
@@ -110,77 +110,77 @@
"SSL3_RSA_NULL_MD5 : SSL_NOT_EXP : Weak Cipher",
"SSL3_RSA_NULL_SHA : SSL_NOT_EXP : Weak Cipher",
"SSL3_RSA_RC4_40_MD5 : SSL_EXPORT : Weak Cipher",
- "SSL3_RSA_RC4_128_MD5 : SSL_NOT_EXP",
- "SSL3_RSA_RC4_128_SHA : SSL_NOT_EXP",
+ "SSL3_RSA_RC4_128_MD5 : SSL_NOT_EXP : High Cipher",
+ "SSL3_RSA_RC4_128_SHA : SSL_NOT_EXP : High Cipher",
"SSL3_RSA_RC2_40_MD5 : SSL_EXPORT : Weak Cipher",
- "SSL3_RSA_IDEA_128_SHA : SSL_NOT_EXP",
+ "SSL3_RSA_IDEA_128_SHA : SSL_NOT_EXP : High Cipher",
"SSL3_RSA_DES_40_CBC_SHA : SSL_EXPORT : Weak Cipher",
- "SSL3_RSA_DES_64_CBC_SHA : SSL_NOT_EXP",
- "SSL3_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP",
+ "SSL3_RSA_DES_64_CBC_SHA : SSL_NOT_EXP : Medium Cipher",
+ "SSL3_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP : High Cipher",
"SSL3_DH_DSS_DES_40_CBC_SHA : SSL_EXPORT : Weak Cipher",
- "SSL3_DH_DSS_DES_64_CBC_SHA : SSL_NOT_EXP",
- "SSL3_DH_DSS_DES_192_CBC3_SHA : SSL_NOT_EXP",
+ "SSL3_DH_DSS_DES_64_CBC_SHA : SSL_NOT_EXP : Medium Cipher",
+ "SSL3_DH_DSS_DES_192_CBC3_SHA : SSL_NOT_EXP : High Cipher",
"SSL3_DH_RSA_DES_40_CBC_SHA : SSL_EXPORT : Weak Cipher",
- "SSL3_DH_RSA_DES_64_CBC_SHA : SSL_NOT_EXP",
- "SSL3_DH_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP",
+ "SSL3_DH_RSA_DES_64_CBC_SHA : SSL_NOT_EXP : Medium Cipher",
+ "SSL3_DH_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP : High Cipher",
"SSL3_EDH_DSS_DES_40_CBC_SHA : SSL_EXPORT : Weak Cipher",
- "SSL3_EDH_DSS_DES_64_CBC_SHA : SSL_NOT_EXP",
- "SSL3_EDH_DSS_DES_192_CBC3_SHA : SSL_NOT_EXP",
+ "SSL3_EDH_DSS_DES_64_CBC_SHA : SSL_NOT_EXP : Medium Cipher",
+ "SSL3_EDH_DSS_DES_192_CBC3_SHA : SSL_NOT_EXP : High Cipher",
"SSL3_EDH_RSA_DES_40_CBC_SHA : SSL_EXPORT : Weak Cipher",
- "SSL3_EDH_RSA_DES_64_CBC_SHA : SSL_NOT_EXP",
- "SSL3_EDH_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP",
+ "SSL3_EDH_RSA_DES_64_CBC_SHA : SSL_NOT_EXP : Medium Cipher",
+ "SSL3_EDH_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP : High Cipher",
"SSL3_ADH_RC4_40_MD5 : SSL_EXPORT : Weak Cipher",
- "SSL3_ADH_RC4_128_MD5 : SSL_NOT_EXP",
+ "SSL3_ADH_RC4_128_MD5 : SSL_NOT_EXP : High Cipher",
"SSL3_ADH_DES_40_CBC_SHA : SSL_EXPORT : Weak Cipher",
- "SSL3_ADH_DES_64_CBC_SHA : SSL_NOT_EXP",
- "SSL3_ADH_DES_192_CBC_SHA : SSL_NOT_EXP",
+ "SSL3_ADH_DES_64_CBC_SHA : SSL_NOT_EXP : Medium Cipher",
+ "SSL3_ADH_DES_192_CBC_SHA : SSL_NOT_EXP : High Cipher",
"SSL3_FZA_DMS_NULL_SHA : SSL_NOT_EXP : Weak Cipher",
"SSL3_FZA_DMS_FZA_SHA : SSL_NOT_EXP : Weak Cipher",
"SSL3_FZA_DMS_RC4_SHA : SSL_NOT_EXP : Weak Cipher",
- "SSL3_KRB5_DES_64_CBC_SHA : SSL_NOT_EXP",
- "SSL3_KRB5_DES_192_CBC3_SHA : SSL_NOT_EXP",
- "SSL3_KRB5_RC4_128_SHA : SSL_NOT_EXP",
- "SSL3_KRB5_IDEA_128_CBC_SHA : SSL_NOT_EXP",
- "SSL3_KRB5_DES_64_CBC_MD5 : SSL_NOT_EXP",
- "SSL3_KRB5_DES_192_CBC3_MD5 : SSL_NOT_EXP",
- "SSL3_KRB5_RC4_128_MD5 : SSL_NOT_EXP",
- "SSL3_KRB5_IDEA_128_CBC_MD5 : SSL_NOT_EXP",
+ "SSL3_KRB5_DES_64_CBC_SHA : SSL_NOT_EXP : Medium Cipher",
+ "SSL3_KRB5_DES_192_CBC3_SHA : SSL_NOT_EXP : High Cipher",
+ "SSL3_KRB5_RC4_128_SHA : SSL_NOT_EXP : High Cipher",
+ "SSL3_KRB5_IDEA_128_CBC_SHA : SSL_NOT_EXP : High Cipher",
+ "SSL3_KRB5_DES_64_CBC_MD5 : SSL_NOT_EXP : Medium Cipher",
+ "SSL3_KRB5_DES_192_CBC3_MD5 : SSL_NOT_EXP : High Cipher",
+ "SSL3_KRB5_RC4_128_MD5 : SSL_NOT_EXP : High Cipher",
+ "SSL3_KRB5_IDEA_128_CBC_MD5 : SSL_NOT_EXP : High Cipher",
"SSL3_KRB5_DES_40_CBC_SHA : SSL_EXPORT : Weak Cipher",
"SSL3_KRB5_RC2_40_CBC_SHA : SSL_EXPORT : Weak Cipher",
"SSL3_KRB5_RC4_40_SHA : SSL_EXPORT : Weak Cipher",
"SSL3_KRB5_DES_40_CBC_MD5 : SSL_EXPORT : Weak Cipher",
"SSL3_KRB5_RC2_40_CBC_MD5 : SSL_EXPORT : Weak Cipher",
"SSL3_KRB5_RC4_40_MD5 : SSL_EXPORT : Weak Cipher",
- "SSL3_DH_DSS_WITH_AES_128_SHA : SSL_NOT_EXP",
- "SSL3_DH_RSA_WITH_AES_128_SHA : SSL_NOT_EXP",
- "SSL3_DHE_DSS_WITH_AES_128_SHA : SSL_NOT_EXP",
- "SSL3_DHE_RSA_WITH_AES_128_SHA : SSL_NOT_EXP",
- "SSL3_ADH_WITH_AES_128_SHA : SSL_NOT_EXP",
- "SSL3_RSA_WITH_AES_256_SHA : SSL_NOT_EXP",
- "SSL3_DH_DSS_WITH_AES_256_SHA : SSL_NOT_EXP",
- "SSL3_DH_RSA_WITH_AES_256_SHA : SSL_NOT_EXP",
- "SSL3_DHE_DSS_WITH_AES_256_SHA : SSL_NOT_EXP",
- "SSL3_DHE_RSA_WITH_AES_256_SHA : SSL_NOT_EXP",
- "SSL3_ADH_WITH_AES_256_SHA : SSL_NOT_EXP",
- "SSL3_RSA_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP",
- "SSL3_DH_DSS_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP",
- "SSL3_DH_RSA_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP",
- "SSL3_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP",
- "SSL3_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP",
- "SSL3_ADH_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP",
+ "SSL3_DH_DSS_WITH_AES_128_SHA : SSL_NOT_EXP : High Cipher",
+ "SSL3_DH_RSA_WITH_AES_128_SHA : SSL_NOT_EXP : High Cipher",
+ "SSL3_DHE_DSS_WITH_AES_128_SHA : SSL_NOT_EXP : High Cipher",
+ "SSL3_DHE_RSA_WITH_AES_128_SHA : SSL_NOT_EXP : High Cipher",
+ "SSL3_ADH_WITH_AES_128_SHA : SSL_NOT_EXP : High Cipher",
+ "SSL3_RSA_WITH_AES_256_SHA : SSL_NOT_EXP : High Cipher",
+ "SSL3_DH_DSS_WITH_AES_256_SHA : SSL_NOT_EXP : High Cipher",
+ "SSL3_DH_RSA_WITH_AES_256_SHA : SSL_NOT_EXP : High Cipher",
+ "SSL3_DHE_DSS_WITH_AES_256_SHA : SSL_NOT_EXP : High Cipher",
+ "SSL3_DHE_RSA_WITH_AES_256_SHA : SSL_NOT_EXP : High Cipher",
+ "SSL3_ADH_WITH_AES_256_SHA : SSL_NOT_EXP : High Cipher",
+ "SSL3_RSA_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP : High Cipher",
+ "SSL3_DH_DSS_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP : High Cipher",
+ "SSL3_DH_RSA_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP : High Cipher",
+ "SSL3_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP : High Cipher",
+ "SSL3_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP : High Cipher",
+ "SSL3_ADH_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP : High Cipher",
"SSL3_RSA_EXPORT1024_WITH_RC4_56_MD5 : SSL_EXPORT : Weak Cipher",
"SSL3_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 : SSL_EXPORT : Weak Cipher",
"SSL3_RSA_EXPORT1024_WITH_DES_CBC_SHA : SSL_EXPORT : Weak Cipher",
"SSL3_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA : SSL_EXPORT : Weak Cipher",
- "SSL3_RSA_EXPORT1024_WITH_RC4_56_SHA : SSL_EXPORT",
+ "SSL3_RSA_EXPORT1024_WITH_RC4_56_SHA : SSL_EXPORT : Medium Cipher",
"SSL3_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA : SSL_EXPORT : Weak Cipher",
- "SSL3_DHE_DSS_WITH_RC4_128_SHA : SSL_NOT_EXP",
- "SSL3_RSA_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP",
- "SSL3_DH_DSS_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP",
- "SSL3_DH_RSA_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP",
- "SSL3_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP",
- "SSL3_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP",
- "SSL3_ADH_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP",
+ "SSL3_DHE_DSS_WITH_RC4_128_SHA : SSL_NOT_EXP : High Cipher",
+ "SSL3_RSA_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP : High Cipher",
+ "SSL3_DH_DSS_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP : High Cipher",
+ "SSL3_DH_RSA_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP : High Cipher",
+ "SSL3_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP : High Cipher",
+ "SSL3_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP : High Cipher",
+ "SSL3_ADH_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP : High Cipher",
"SSL3_RSA_WITH_SEED_SHA : SSL_NOT_EXP : Weak Cipher",
"SSL3_DH_DSS_WITH_SEED_SHA : SSL_NOT_EXP : Weak Cipher",
"SSL3_DH_RSA_WITH_SEED_SHA : SSL_NOT_EXP : Weak Cipher",
@@ -188,30 +188,30 @@
"SSL3_DHE_RSA_WITH_SEED_SHA : SSL_NOT_EXP : Weak Cipher",
"SSL3_ADH_WITH_SEED_SHA : SSL_NOT_EXP : Weak Cipher",
"SSL3_ECDH_ECDSA_WITH_NULL_SHA : SSL_NOT_EXP : Weak Cipher",
- "SSL3_ECDH_ECDSA_WITH_RC4_128_SHA : SSL_NOT_EXP",
- "SSL3_ECDH_ECDSA_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP",
- "SSL3_ECDH_ECDSA_WITH_AES_128_CBC_SHA : SSL_NOT_EXP",
- "SSL3_ECDH_ECDSA_WITH_AES_256_CBC_SHA : SSL_NOT_EXP",
+ "SSL3_ECDH_ECDSA_WITH_RC4_128_SHA : SSL_NOT_EXP : High Cipher",
+ "SSL3_ECDH_ECDSA_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP : High Cipher",
+ "SSL3_ECDH_ECDSA_WITH_AES_128_CBC_SHA : SSL_NOT_EXP : High Cipher",
+ "SSL3_ECDH_ECDSA_WITH_AES_256_CBC_SHA : SSL_NOT_EXP : High Cipher",
"SSL3_ECDHE_ECDSA_WITH_NULL_SHA : SSL_NOT_EXP : Weak Cipher",
- "SSL3_ECDHE_ECDSA_WITH_RC4_128_SHA : SSL_NOT_EXP",
- "SSL3_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP",
- "SSL3_ECDHE_ECDSA_WITH_AES_128_CBC_SHA : SSL_NOT_EXP",
- "SSL3_ECDHE_ECDSA_WITH_AES_256_CBC_SHA : SSL_NOT_EXP",
+ "SSL3_ECDHE_ECDSA_WITH_RC4_128_SHA : SSL_NOT_EXP : High Cipher",
+ "SSL3_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP : High Cipher",
+ "SSL3_ECDHE_ECDSA_WITH_AES_128_CBC_SHA : SSL_NOT_EXP : High Cipher",
+ "SSL3_ECDHE_ECDSA_WITH_AES_256_CBC_SHA : SSL_NOT_EXP : High Cipher",
"SSL3_ECDH_RSA_WITH_NULL_SHA : SSL_NOT_EXP : Weak Cipher",
- "SSL3_ECDH_RSA_WITH_RC4_128_SHA : SSL_NOT_EXP",
- "SSL3_ECDH_RSA_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP",
- "SSL3_ECDH_RSA_WITH_AES_128_CBC_SHA : SSL_NOT_EXP",
- "SSL3_ECDH_RSA_WITH_AES_256_CBC_SHA : SSL_NOT_EXP",
+ "SSL3_ECDH_RSA_WITH_RC4_128_SHA : SSL_NOT_EXP : High Cipher",
+ "SSL3_ECDH_RSA_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP : High Cipher",
+ "SSL3_ECDH_RSA_WITH_AES_128_CBC_SHA : SSL_NOT_EXP : High Cipher",
+ "SSL3_ECDH_RSA_WITH_AES_256_CBC_SHA : SSL_NOT_EXP : High Cipher",
"SSL3_ECDHE_RSA_WITH_NULL_SHA : SSL_NOT_EXP : Weak Cipher",
- "SSL3_ECDHE_RSA_WITH_RC4_128_SHA : SSL_NOT_EXP",
- "SSL3_ECDHE_RSA_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP",
- "SSL3_ECDHE_RSA_WITH_AES_128_CBC_SHA : SSL_NOT_EXP",
- "SSL3_ECDHE_RSA_WITH_AES_256_CBC_SHA : SSL_NOT_EXP",
+ "SSL3_ECDHE_RSA_WITH_RC4_128_SHA : SSL_NOT_EXP : High Cipher",
+ "SSL3_ECDHE_RSA_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP : High Cipher",
+ "SSL3_ECDHE_RSA_WITH_AES_128_CBC_SHA : SSL_NOT_EXP : High Cipher",
+ "SSL3_ECDHE_RSA_WITH_AES_256_CBC_SHA : SSL_NOT_EXP : High Cipher",
"SSL3_ECDH_anon_WITH_NULL_SHA : SSL_NOT_EXP : Weak Cipher",
- "SSL3_ECDH_anon_WITH_RC4_128_SHA : SSL_NOT_EXP",
- "SSL3_ECDH_anon_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP",
- "SSL3_ECDH_anon_WITH_AES_128_CBC_SHA : SSL_NOT_EXP",
- "SSL3_ECDH_anon_WITH_AES_256_CBC_SHA : SSL_NOT_EXP"
+ "SSL3_ECDH_anon_WITH_RC4_128_SHA : SSL_NOT_EXP : High Cipher",
+ "SSL3_ECDH_anon_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP : High Cipher",
+ "SSL3_ECDH_anon_WITH_AES_128_CBC_SHA : SSL_NOT_EXP : High Cipher",
+ "SSL3_ECDH_anon_WITH_AES_256_CBC_SHA : SSL_NOT_EXP : High Cipher"
);
@@ -222,77 +222,77 @@
"TLS1_RSA_NULL_MD5 : SSL_NOT_EXP : Weak Cipher",
"TLS1_RSA_NULL_SHA : SSL_NOT_EXP : Weak Cipher",
"TLS1_RSA_RC4_40_MD5 : SSL_EXPORT : Weak Cipher",
- "TLS1_RSA_RC4_128_MD5 : SSL_NOT_EXP",
- "TLS1_RSA_RC4_128_SHA : SSL_NOT_EXP",
+ "TLS1_RSA_RC4_128_MD5 : SSL_NOT_EXP : High Cipher",
+ "TLS1_RSA_RC4_128_SHA : SSL_NOT_EXP : High Cipher",
"TLS1_RSA_RC2_40_MD5 : SSL_EXPORT : Weak Cipher",
- "TLS1_RSA_IDEA_128_SHA : SSL_NOT_EXP",
+ "TLS1_RSA_IDEA_128_SHA : SSL_NOT_EXP : High Cipher",
"TLS1_RSA_DES_40_CBC_SHA : SSL_EXPORT : Weak Cipher",
- "TLS1_RSA_DES_64_CBC_SHA : SSL_NOT_EXP",
- "TLS1_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP",
+ "TLS1_RSA_DES_64_CBC_SHA : SSL_NOT_EXP : Medium Cipher",
+ "TLS1_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP : High Cipher",
"TLS1_DH_DSS_DES_40_CBC_SHA : SSL_EXPORT : Weak Cipher",
- "TLS1_DH_DSS_DES_64_CBC_SHA : SSL_NOT_EXP",
- "TLS1_DH_DSS_DES_192_CBC3_SHA : SSL_NOT_EXP",
+ "TLS1_DH_DSS_DES_64_CBC_SHA : SSL_NOT_EXP : Medium Cipher",
+ "TLS1_DH_DSS_DES_192_CBC3_SHA : SSL_NOT_EXP : High Cipher",
"TLS1_DH_RSA_DES_40_CBC_SHA : SSL_EXPORT : Weak Cipher",
- "TLS1_DH_RSA_DES_64_CBC_SHA : SSL_NOT_EXP",
- "TLS1_DH_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP",
+ "TLS1_DH_RSA_DES_64_CBC_SHA : SSL_NOT_EXP : Medium Cipher",
+ "TLS1_DH_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP : High Cipher",
"TLS1_EDH_DSS_DES_40_CBC_SHA : SSL_EXPORT : Weak Cipher",
- "TLS1_EDH_DSS_DES_64_CBC_SHA : SSL_NOT_EXP",
- "TLS1_EDH_DSS_DES_192_CBC3_SHA : SSL_NOT_EXP",
+ "TLS1_EDH_DSS_DES_64_CBC_SHA : SSL_NOT_EXP : Medium Cipher",
+ "TLS1_EDH_DSS_DES_192_CBC3_SHA : SSL_NOT_EXP : High Cipher",
"TLS1_EDH_RSA_DES_40_CBC_SHA : SSL_EXPORT : Weak Cipher",
- "TLS1_EDH_RSA_DES_64_CBC_SHA : SSL_NOT_EXP",
- "TLS1_EDH_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP",
+ "TLS1_EDH_RSA_DES_64_CBC_SHA : SSL_NOT_EXP : Medium Cipher",
+ "TLS1_EDH_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP : High Cipher",
"TLS1_ADH_RC4_40_MD5 : SSL_EXPORT : Weak Cipher",
- "TLS1_ADH_RC4_128_MD5 : SSL_NOT_EXP",
+ "TLS1_ADH_RC4_128_MD5 : SSL_NOT_EXP : High Cipher",
"TLS1_ADH_DES_40_CBC_SHA : SSL_EXPORT : Weak Cipher",
- "TLS1_ADH_DES_64_CBC_SHA : SSL_NOT_EXP",
- "TLS1_ADH_DES_192_CBC_SHA : SSL_NOT_EXP",
+ "TLS1_ADH_DES_64_CBC_SHA : SSL_NOT_EXP : Medium Cipher",
+ "TLS1_ADH_DES_192_CBC_SHA : SSL_NOT_EXP : High Cipher",
"TLS1_FZA_DMS_NULL_SHA : SSL_NOT_EXP : Weak Cipher",
"TLS1_FZA_DMS_FZA_SHA : SSL_NOT_EXP : Weak Cipher",
"TLS1_FZA_DMS_RC4_SHA : SSL_NOT_EXP : Weak Cipher",
- "TLS1_KRB5_DES_64_CBC_SHA : SSL_NOT_EXP",
- "TLS1_KRB5_DES_192_CBC3_SHA : SSL_NOT_EXP",
- "TLS1_KRB5_RC4_128_SHA : SSL_NOT_EXP",
- "TLS1_KRB5_IDEA_128_CBC_SHA : SSL_NOT_EXP",
- "TLS1_KRB5_DES_64_CBC_MD5 : SSL_NOT_EXP",
- "TLS1_KRB5_DES_192_CBC3_MD5 : SSL_NOT_EXP",
- "TLS1_KRB5_RC4_128_MD5 : SSL_NOT_EXP",
- "TLS1_KRB5_IDEA_128_CBC_MD5 : SSL_NOT_EXP",
+ "TLS1_KRB5_DES_64_CBC_SHA : SSL_NOT_EXP : Medium Cipher",
+ "TLS1_KRB5_DES_192_CBC3_SHA : SSL_NOT_EXP : High Cipher",
+ "TLS1_KRB5_RC4_128_SHA : SSL_NOT_EXP : High Cipher",
+ "TLS1_KRB5_IDEA_128_CBC_SHA : SSL_NOT_EXP : High Cipher",
+ "TLS1_KRB5_DES_64_CBC_MD5 : SSL_NOT_EXP : Medium Cipher",
+ "TLS1_KRB5_DES_192_CBC3_MD5 : SSL_NOT_EXP : High Cipher",
+ "TLS1_KRB5_RC4_128_MD5 : SSL_NOT_EXP : High Cipher",
+ "TLS1_KRB5_IDEA_128_CBC_MD5 : SSL_NOT_EXP : High Cipher",
"TLS1_KRB5_DES_40_CBC_SHA : SSL_EXPORT : Weak Cipher",
"TLS1_KRB5_RC2_40_CBC_SHA : SSL_EXPORT : Weak Cipher",
"TLS1_KRB5_RC4_40_SHA : SSL_EXPORT : Weak Cipher",
"TLS1_KRB5_DES_40_CBC_MD5 : SSL_EXPORT : Weak Cipher",
"TLS1_KRB5_RC2_40_CBC_MD5 : SSL_EXPORT : Weak Cipher",
"TLS1_KRB5_RC4_40_MD5 : SSL_EXPORT : Weak Cipher",
- "TLS1_DH_DSS_WITH_AES_128_SHA : SSL_NOT_EXP",
- "TLS1_DH_RSA_WITH_AES_128_SHA : SSL_NOT_EXP",
- "TLS1_DHE_DSS_WITH_AES_128_SHA : SSL_NOT_EXP",
- "TLS1_DHE_RSA_WITH_AES_128_SHA : SSL_NOT_EXP",
- "TLS1_ADH_WITH_AES_128_SHA : SSL_NOT_EXP",
- "TLS1_RSA_WITH_AES_256_SHA : SSL_NOT_EXP",
- "TLS1_DH_DSS_WITH_AES_256_SHA : SSL_NOT_EXP",
- "TLS1_DH_RSA_WITH_AES_256_SHA : SSL_NOT_EXP",
- "TLS1_DHE_DSS_WITH_AES_256_SHA : SSL_NOT_EXP",
- "TLS1_DHE_RSA_WITH_AES_256_SHA : SSL_NOT_EXP",
- "TLS1_ADH_WITH_AES_256_SHA : SSL_NOT_EXP",
- "TLS1_RSA_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP",
- "TLS1_DH_DSS_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP",
- "TLS1_DH_RSA_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP",
- "TLS1_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP",
- "TLS1_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP",
- "TLS1_ADH_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP",
+ "TLS1_DH_DSS_WITH_AES_128_SHA : SSL_NOT_EXP : High Cipher",
+ "TLS1_DH_RSA_WITH_AES_128_SHA : SSL_NOT_EXP : High Cipher",
+ "TLS1_DHE_DSS_WITH_AES_128_SHA : SSL_NOT_EXP : High Cipher",
+ "TLS1_DHE_RSA_WITH_AES_128_SHA : SSL_NOT_EXP : High Cipher",
+ "TLS1_ADH_WITH_AES_128_SHA : SSL_NOT_EXP : High Cipher",
+ "TLS1_RSA_WITH_AES_256_SHA : SSL_NOT_EXP : High Cipher",
+ "TLS1_DH_DSS_WITH_AES_256_SHA : SSL_NOT_EXP : High Cipher",
+ "TLS1_DH_RSA_WITH_AES_256_SHA : SSL_NOT_EXP : High Cipher",
+ "TLS1_DHE_DSS_WITH_AES_256_SHA : SSL_NOT_EXP : High Cipher",
+ "TLS1_DHE_RSA_WITH_AES_256_SHA : SSL_NOT_EXP : High Cipher",
+ "TLS1_ADH_WITH_AES_256_SHA : SSL_NOT_EXP : High Cipher",
+ "TLS1_RSA_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP : High Cipher",
+ "TLS1_DH_DSS_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP : High Cipher",
+ "TLS1_DH_RSA_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP : High Cipher",
+ "TLS1_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP : High Cipher",
+ "TLS1_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP : High Cipher",
+ "TLS1_ADH_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP : High Cipher",
"TLS1_RSA_EXPORT1024_WITH_RC4_56_MD5 : SSL_EXPORT : Weak Cipher",
"TLS1_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 : SSL_EXPORT : Weak Cipher",
"TLS1_RSA_EXPORT1024_WITH_DES_CBC_SHA : SSL_EXPORT : Weak Cipher",
"TLS1_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA : SSL_EXPORT : Weak Cipher",
- "TLS1_RSA_EXPORT1024_WITH_RC4_56_SHA : SSL_EXPORT",
+ "TLS1_RSA_EXPORT1024_WITH_RC4_56_SHA : SSL_EXPORT : Medium Cipher",
"TLS1_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA : SSL_EXPORT : Weak Cipher",
- "TLS1_DHE_DSS_WITH_RC4_128_SHA : SSL_NOT_EXP",
- "TLS1_RSA_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP",
- "TLS1_DH_DSS_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP",
- "TLS1_DH_RSA_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP",
- "TLS1_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP",
- "TLS1_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP",
- "TLS1_ADH_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP",
+ "TLS1_DHE_DSS_WITH_RC4_128_SHA : SSL_NOT_EXP : : High Cipher",
+ "TLS1_RSA_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP : High Cipher",
+ "TLS1_DH_DSS_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP : High Cipher",
+ "TLS1_DH_RSA_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP : High Cipher",
+ "TLS1_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP : High Cipher",
+ "TLS1_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP : High Cipher",
+ "TLS1_ADH_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP : High Cipher",
"TLS1_RSA_WITH_SEED_SHA : SSL_NOT_EXP : Weak Cipher",
"TLS1_DH_DSS_WITH_SEED_SHA : SSL_NOT_EXP : Weak Cipher",
"TLS1_DH_RSA_WITH_SEED_SHA : SSL_NOT_EXP : Weak Cipher",
@@ -300,30 +300,30 @@
"TLS1_DHE_RSA_WITH_SEED_SHA : SSL_NOT_EXP : Weak Cipher",
"TLS1_ADH_WITH_SEED_SHA : SSL_NOT_EXP : Weak Cipher",
"TLS1_ECDH_ECDSA_WITH_NULL_SHA : SSL_NOT_EXP : Weak Cipher",
- "TLS1_ECDH_ECDSA_WITH_RC4_128_SHA : SSL_NOT_EXP",
- "TLS1_ECDH_ECDSA_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP",
- "TLS1_ECDH_ECDSA_WITH_AES_128_CBC_SHA : SSL_NOT_EXP",
- "TLS1_ECDH_ECDSA_WITH_AES_256_CBC_SHA : SSL_NOT_EXP",
+ "TLS1_ECDH_ECDSA_WITH_RC4_128_SHA : SSL_NOT_EXP : High Cipher",
+ "TLS1_ECDH_ECDSA_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP : High Cipher",
+ "TLS1_ECDH_ECDSA_WITH_AES_128_CBC_SHA : SSL_NOT_EXP : High Cipher",
+ "TLS1_ECDH_ECDSA_WITH_AES_256_CBC_SHA : SSL_NOT_EXP : High Cipher",
"TLS1_ECDHE_ECDSA_WITH_NULL_SHA : SSL_NOT_EXP : Weak Cipher",
- "TLS1_ECDHE_ECDSA_WITH_RC4_128_SHA : SSL_NOT_EXP",
- "TLS1_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP",
- "TLS1_ECDHE_ECDSA_WITH_AES_128_CBC_SHA : SSL_NOT_EXP",
- "TLS1_ECDHE_ECDSA_WITH_AES_256_CBC_SHA : SSL_NOT_EXP",
+ "TLS1_ECDHE_ECDSA_WITH_RC4_128_SHA : SSL_NOT_EXP : High Cipher",
+ "TLS1_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP : High Cipher",
+ "TLS1_ECDHE_ECDSA_WITH_AES_128_CBC_SHA : SSL_NOT_EXP : High Cipher",
+ "TLS1_ECDHE_ECDSA_WITH_AES_256_CBC_SHA : SSL_NOT_EXP : High Cipher",
"TLS1_ECDH_RSA_WITH_NULL_SHA : SSL_NOT_EXP : Weak Cipher",
- "TLS1_ECDH_RSA_WITH_RC4_128_SHA : SSL_NOT_EXP",
- "TLS1_ECDH_RSA_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP",
- "TLS1_ECDH_RSA_WITH_AES_128_CBC_SHA : SSL_NOT_EXP",
- "TLS1_ECDH_RSA_WITH_AES_256_CBC_SHA : SSL_NOT_EXP",
+ "TLS1_ECDH_RSA_WITH_RC4_128_SHA : SSL_NOT_EXP : High Cipher",
+ "TLS1_ECDH_RSA_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP : High Cipher",
+ "TLS1_ECDH_RSA_WITH_AES_128_CBC_SHA : SSL_NOT_EXP : High Cipher",
+ "TLS1_ECDH_RSA_WITH_AES_256_CBC_SHA : SSL_NOT_EXP : High Cipher",
"TLS1_ECDHE_RSA_WITH_NULL_SHA : SSL_NOT_EXP : Weak Cipher",
- "TLS1_ECDHE_RSA_WITH_RC4_128_SHA : SSL_NOT_EXP",
- "TLS1_ECDHE_RSA_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP",
- "TLS1_ECDHE_RSA_WITH_AES_128_CBC_SHA : SSL_NOT_EXP",
- "TLS1_ECDHE_RSA_WITH_AES_256_CBC_SHA : SSL_NOT_EXP",
+ "TLS1_ECDHE_RSA_WITH_RC4_128_SHA : SSL_NOT_EXP : High Cipher",
+ "TLS1_ECDHE_RSA_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP : High Cipher",
+ "TLS1_ECDHE_RSA_WITH_AES_128_CBC_SHA : SSL_NOT_EXP : High Cipher",
+ "TLS1_ECDHE_RSA_WITH_AES_256_CBC_SHA : SSL_NOT_EXP : High Cipher",
"TLS1_ECDH_anon_WITH_NULL_SHA : SSL_NOT_EXP : Weak Cipher",
- "TLS1_ECDH_anon_WITH_RC4_128_SHA : SSL_NOT_EXP",
- "TLS1_ECDH_anon_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP",
- "TLS1_ECDH_anon_WITH_AES_128_CBC_SHA : SSL_NOT_EXP",
- "TLS1_ECDH_anon_WITH_AES_256_CBC_SHA : SSL_NOT_EXP"
+ "TLS1_ECDH_anon_WITH_RC4_128_SHA : SSL_NOT_EXP : High Cipher",
+ "TLS1_ECDH_anon_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP : High Cipher",
+ "TLS1_ECDH_anon_WITH_AES_128_CBC_SHA : SSL_NOT_EXP : High Cipher",
+ "TLS1_ECDH_anon_WITH_AES_256_CBC_SHA : SSL_NOT_EXP : High Cipher"
);
@@ -431,7 +431,7 @@
## This function check for certain bytes in the server_hello and
-## confirms server reponded with proper server hello with
+## confirms server responded with proper server hello with
## proper cipher spec
function check_sslv2_cipher_spec_supported(server_hello)
@@ -457,7 +457,7 @@
## This function check for certain bytes in the server_hello and
-## confirms server reponded with proper server hello with
+## confirms server responded with proper server hello with
## proper cipher spec
function check_sslv3_cipher_spec_supported(server_hello)
@@ -493,7 +493,7 @@
}
## This function check for certain bytes in the server_hello and
-## confirms server reponded with proper server hello with
+## confirms server responded with proper server hello with
## proper cipher spec
function check_tlsv1_cipher_spec_supported(server_hello)
Property changes on: trunk/openvas-plugins/scripts/secpod_ssl_ciphers.inc
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Modified: trunk/openvas-plugins/scripts/secpod_ssl_ciphers.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ssl_ciphers.nasl 2012-03-27 12:13:17 UTC (rev 13144)
+++ trunk/openvas-plugins/scripts/secpod_ssl_ciphers.nasl 2012-03-27 13:29:40 UTC (rev 13145)
@@ -74,6 +74,7 @@
complete_note = "";
supported_ciphers = "";
weak_ciphers = "";
+ medium_ciphers = "";
if(sslPort)
{
@@ -116,7 +117,8 @@
## Continue if it's not a weak cipher and
## check_sup_ciphers is FALSE
- if(!(check_sup_ciphers || "Weak Cipher" >< CIPHER_NAME)){
+ if(!(check_sup_ciphers || "Weak Cipher" >< CIPHER_NAME ||
+ "Medium Cipher" >< CIPHER_NAME)){
continue;
}
@@ -139,12 +141,18 @@
## SSLv2 Cipher spec supported?
if(check_sslv2_cipher_spec_supported(server_hello:res))
{
- supported_ciphers += '\n ' + CIPHER_NAME - " : Weak Cipher";
+ supported_ciphers += '\n ' + ereg_replace(pattern:": (High|Medium|Weak) Cipher",
+ replace:"", string:CIPHER_NAME);
## Check for weak cipher
if("Weak Cipher" >< CIPHER_NAME){
weak_ciphers += '\n ' + CIPHER_NAME - " : Weak Cipher";
}
+
+ ## Check for Medium ciphers
+ if("Medium Cipher" >< CIPHER_NAME){
+ medium_ciphers += '\n ' + CIPHER_NAME - " : Medium Cipher";
+ }
}
}
@@ -170,7 +178,8 @@
## Continue if it's not a weak cipher and
## check_sup_ciphers is FALSE
- if(!(check_sup_ciphers || "Weak Cipher" >< CIPHER_NAME)){
+ if(!(check_sup_ciphers || "Weak Cipher" >< CIPHER_NAME ||
+ "Medium Cipher" >< CIPHER_NAME)){
continue;
}
@@ -193,12 +202,18 @@
## Cipher spec supported?
if(check_sslv3_cipher_spec_supported(server_hello:res))
{
- supported_ciphers += '\n ' + CIPHER_NAME - " : Weak Cipher";
+ supported_ciphers += '\n ' + ereg_replace(pattern:" : (High|Medium|Weak) Cipher",
+ replace:"", string:CIPHER_NAME);
## Check for weak cipher
if("Weak Cipher" >< CIPHER_NAME){
weak_ciphers += '\n ' + CIPHER_NAME - " : Weak Cipher";
}
+
+ ## Check for Medium ciphers
+ if("Medium Cipher" >< CIPHER_NAME){
+ medium_ciphers += '\n ' + CIPHER_NAME - " : Medium Cipher";
+ }
}
}
@@ -224,7 +239,8 @@
## Continue if it's not a weak cipher and
## check_sup_ciphers is FALSE
- if(!(check_sup_ciphers || "Weak Cipher" >< CIPHER_NAME)){
+ if(!(check_sup_ciphers || "Weak Cipher" >< CIPHER_NAME ||
+ "Medium Cipher" >< CIPHER_NAME)){
continue;
}
@@ -247,13 +263,19 @@
## Cipher spec supported?
if(check_tlsv1_cipher_spec_supported(server_hello:res))
{
- supported_ciphers += '\n ' + CIPHER_NAME - " : Weak Cipher";
+ supported_ciphers += '\n ' + ereg_replace(pattern:": (High|Medium|Weak) Cipher",
+ replace:"", string:CIPHER_NAME);
tlsv1_sup = TRUE;
## Check for weak cipher
if("Weak Cipher" >< CIPHER_NAME){
weak_ciphers += '\n ' + CIPHER_NAME - " : Weak Cipher";
}
+
+ ## Check for Medium ciphers
+ if("Medium Cipher" >< CIPHER_NAME){
+ medium_ciphers += '\n ' + CIPHER_NAME - " : Medium Cipher";
+ }
}
}
## Report Server Supports TLSv1 or not
@@ -264,12 +286,20 @@
}
- ## Final Reporting Section for Weak Ciphers and
+ ## Final Reporting Section for Medium Ciphers, Weak Ciphers and
## Supported Ciphers
if(check_sup_ciphers){
complete_note += '\n\nServer supported ciphers are ' + supported_ciphers;
}
+ if(medium_ciphers){
+ set_kb_item(name:"secpod_ssl_ciphers/medium", value:TRUE);
+ set_kb_item(name:string("secpod_ssl_ciphers/",sslPort,"/medium"), value:TRUE);
+ medium_ciphers = complete_note + '\n\nMedium Ciphers ' + medium_ciphers;
+ set_kb_item(name:string("secpod_ssl_ciphers/",sslPort,"/medium_ciphers"),
+ value:medium_ciphers);
+ }
+
if(weak_ciphers){
set_kb_item(name:"secpod_ssl_ciphers/weak", value:TRUE);
set_kb_item(name:string("secpod_ssl_ciphers/",sslPort,"/weak"), value:TRUE);
@@ -280,5 +310,4 @@
## Store Final report in KB
set_kb_item(name:string("secpod_ssl_ciphers/",sslPort,"/report"), value:complete_note);
-
}
Added: trunk/openvas-plugins/scripts/secpod_ssl_ciphers_medium_report.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ssl_ciphers_medium_report.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/secpod_ssl_ciphers_medium_report.nasl 2012-03-27 13:29:40 UTC (rev 13145)
@@ -0,0 +1,64 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Check for SSL Medium Ciphers
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(902816);
+ script_version("$Revision$");
+ script_tag(name:"cvss_base", value:"0.0");
+ script_tag(name:"risk_factor", value:"None");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-03-07 14:14:14 +0530 (Wed, 07 Mar 2012)");
+ script_name("Check for SSL Medium Ciphers");
+ desc = "Overview:
+ This Plugin reports about SSL Medium Ciphers.";
+
+ script_description(desc);
+ script_summary("Checks for the presence of SSL Medium Ciphers");
+ script_category(ACT_GATHER_INFO);
+ script_family("General");
+ script_copyright("Copyright (C) 2012 SecPod");
+ script_dependencies("secpod_ssl_ciphers.nasl");
+ script_require_keys("secpod_ssl_ciphers/medium");
+ exit(0);
+}
+
+
+port = 0;
+report = "";
+
+## Get all tcp ports
+port = get_kb_item("TCP/PORTS");
+if(! port){
+ exit(0);
+}
+
+## Get the Medium Ciphers
+report = get_kb_item(string("secpod_ssl_ciphers/",port,"/medium_ciphers"));
+if(report) {
+ log_message(port:port, data:report);
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_ssl_ciphers_medium_report.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Modified: trunk/openvas-plugins/scripts/smb_reg_service_pack.nasl
===================================================================
--- trunk/openvas-plugins/scripts/smb_reg_service_pack.nasl 2012-03-27 12:13:17 UTC (rev 13144)
+++ trunk/openvas-plugins/scripts/smb_reg_service_pack.nasl 2012-03-27 13:29:40 UTC (rev 13145)
@@ -1,3 +1,4 @@
+###############################################################################
# OpenVAS Vulnerability Test
# $Id$
# Description: SMB Registry : Windows Service Pack version
@@ -15,6 +16,8 @@
# - Enhanced the code to support Windows Vista Service packs.
# - Enhaned the code to support Windows 7 service packs.
# - Enhaned the code to support Windows server 2008.
+# - Updated to set the KB value to 0 if service pack is not
+# installed and updated according to CR57. on 2012-03-27
#
# Copyright:
# Copyright (C) 2000 Renaud Deraison
@@ -31,28 +34,30 @@
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
+###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.10401";
+SCRIPT_DESC = "Check for Service Pack on the remote host";
+
if(description)
{
script_id(10401);
script_version("$Revision$");
+ script_tag(name:"cvss_base", value:"0.0");
+ script_tag(name:"risk_factor", value:"None");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2008-08-27 12:14:14 +0200 (Wed, 27 Aug 2008)");
- script_tag(name:"cvss_base", value:"10.0");
- script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
- script_cve_id("CVE-1999-0662");
- script_copyright("This script is Copyright (C) 2000 Renaud Deraison");
- script_tag(name:"risk_factor", value:"Critical");
+ script_name("SMB Registry : Windows Service Pack version");
+ script_description("Detection of installed Windows Service Pack version.
+
+The script logs in via SMB, and reads the registry key to retrieve
+Windows Service Pack Version and sets KnowledgeBase.");
+
+ script_description(desc);
script_category(ACT_GATHER_INFO);
script_family("Windows");
- script_name("SMB Registry : Windows Service Pack version");
script_summary("Check for Service Pack on the remote host");
- desc = "
- This script reads the registry key to retrieve Windows Service Pack
- Version and sets KnowledgeBase. ";
-
- script_description(desc);
+ script_copyright("This script is Copyright (C) 2000 Renaud Deraison");
script_dependencies("smb_registry_access.nasl");
script_require_keys("SMB/registry_access");
script_require_ports(139, 445);
@@ -64,10 +69,12 @@
include("host_details.inc");
include("cpe.inc");
-SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.10401";
-SCRIPT_DESC = "Check for Service Pack on the remote host";
+access = "";
+winVal = "";
+winName = "";
+csdVer = 0;
+SP = "";
-
access = get_kb_item("SMB/registry_access");
if(!access){
exit(0);
@@ -92,7 +99,7 @@
item:"CSDVersion");
if(isnull(csdVer)){
- csdVer = 0;
+ csdVer = "NO_Service_Pack";
}
function register_win_version() {
@@ -118,7 +125,7 @@
register_host_detail(name:"OS", value:cpe, nvt:SCRIPT_OID, desc:SCRIPT_DESC);
}
-if(csdVer)
+if(csdVer && "NO_Service_Pack" >!< csdVer)
{
set_kb_item(name:"SMB/CSDVersion", value:csdVer);
csdVer = eregmatch(pattern:"Service Pack [0-9]+", string:csdVer);
@@ -169,15 +176,18 @@
}
}
-if(!isnull(winVal) && !isnull(csdVer))
+if(!isnull(winVal) && !isnull(csdVer) && "NO_Service_Pack" >!< csdVer)
{
- report = string("The ", winName, " ", winVal, " is installed with ",
+ report = string("The ", winName, " ", winVal, " is installed with ",
csdVer, "\n");
log_message(data:report, port:port);
}
-else if(!isnull(winVal) && isnull(csdVer))
+
+else if(!isnull(winVal) && !isnull(csdVer) && "NO_Service_Pack" >< csdVer)
{
- report = string("The ", winName, " ", winVal, " is installed with ",
- csdVer, "\n");
- security_hole(data:report, port:port);
+ SP = "0";
+ set_kb_item(name:"SMB/Windows/ServicePack", value:SP);
+ report = string("The ", winName, " ", winVal, " is installed with Service Pack ",
+ SP, "\n");
+ log_message(data:report, port:port);
}
More information about the Openvas-commits
mailing list