Author: jan
Date: 2007-11-02 14:58:06 +0100 (Fri, 02 Nov 2007)
New Revision: 508
Removed:
trunk/openvas-plugins/scripts/sasser_virus.nasl
trunk/openvas-plugins/scripts/ssh_settings.nasl
trunk/openvas-plugins/scripts/zope_multiple_flaws.nasl
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/scripts/netstat_portscan.nasl
Log:
* scripts/sasser_virus.nasl, scripts/ssh_settings.nasl,
scripts/zope_multiple_flaws.nasl: Removed.
It was identified as non-free
by the audit script.
* scripts/netstat_portscan.nasl: Replaced dependency ssh_settings.nasl
to ssh_authorization.nasl.
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2007-11-01 22:55:52 UTC (rev 507)
+++ trunk/openvas-plugins/ChangeLog 2007-11-02 13:58:06 UTC (rev 508)
@@ -1,3 +1,13 @@
+2007-11-02 Jan-Oliver Wagner <[EMAIL PROTECTED]>
+
+ * scripts/sasser_virus.nasl, scripts/ssh_settings.nasl,
+ scripts/zope_multiple_flaws.nasl: Removed.
+ It was identified as non-free
+ by the audit script.
+
+ * scripts/netstat_portscan.nasl: Replaced dependency ssh_settings.nasl
+ to ssh_authorization.nasl.
+
2007-11-01 Jan-Oliver Wagner <[EMAIL PROTECTED]>
* scripts/ssh_authorization.nasl: New. Set information for
Modified: trunk/openvas-plugins/scripts/netstat_portscan.nasl
===================================================================
--- trunk/openvas-plugins/scripts/netstat_portscan.nasl 2007-11-01 22:55:52 UTC
(rev 507)
+++ trunk/openvas-plugins/scripts/netstat_portscan.nasl 2007-11-02 13:58:06 UTC
(rev 508)
@@ -34,7 +34,7 @@
family["francais"] = "Scanners de ports";
script_family(english:family["english"], francais:family["francais"]);
- script_dependencies("ping_host.nasl", "ssh_settings.nasl");
+ script_dependencies("ping_host.nasl", "ssh_authorization.nasl");
exit(0);
}
Deleted: trunk/openvas-plugins/scripts/sasser_virus.nasl
===================================================================
--- trunk/openvas-plugins/scripts/sasser_virus.nasl 2007-11-01 22:55:52 UTC
(rev 507)
+++ trunk/openvas-plugins/scripts/sasser_virus.nasl 2007-11-02 13:58:06 UTC
(rev 508)
@@ -1,84 +0,0 @@
-#
-# Copyright (C) 2004 Tenable Network Security
-#
-
-if(description)
-{
- script_id(12219);
- script_version ("$Revision$");
- name["english"] = "Sasser Virus Detection";
-
- script_name(english:name["english"]);
-
- desc["english"] = "
-Synopsis :
-
-The remote hos is infected by a virus.
-
-Description :
-
-The Sasser worm is infecting this host. Specifically,
-a backdoored command server may be listening on port 9995 or 9996
-and an ftp server (used to load malicious code) is listening on port
-5554 or 1023. There is every indication that the host is currently
-scanning and infecting other systems.
-
-See also :
-
-http://www.lurhq.com/sasser.html
-
-Solution:
-
-- Use an Anti-Virus package to remove it.
-- See http://www.microsoft.com/technet/security/bulletin/ms04-011.asp
-
-Risk factor :
-
-Critical / CVSS Base Score : 10
-(AV:R/AC:L/Au:NR/C:C/A:C/I:C/B:N)";
-
-
- script_description(english:desc["english"]);
-
- summary["english"] = "Sasser Virus Detection";
- script_summary(english:summary["english"]);
-
- script_category(ACT_GATHER_INFO);
-
- script_copyright(
- english:"This script is Copyright (C) 2004 Tenable Network Security",
- francais:"Ce script est copyright (C) 2004 Tenable Network Security");
- family["english"] = "Backdoors";
- family["francais"] = "Backdoors";
- script_family(english:family["english"], francais:family["francais"]);
- script_require_ports(5554);
- exit(0);
-}
-
-# start script
-
-include("ftp_func.inc");
-login = "anonymous";
-pass = "bin";
-
-# there really is no telling how many Sasser variants there will be :<
-ports[0] = 5554;
-ports[1] = 1023;
-
-foreach port ( ports)
-{
- if ( get_port_state(port) )
- {
- soc = open_sock_tcp(port);
- if (soc)
- {
- if(ftp_authenticate(socket:soc, user:login, pass:pass))
security_hole(port);
- close(soc);
- }
- }
-}
-
-
-
-
-
Deleted: trunk/openvas-plugins/scripts/ssh_settings.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ssh_settings.nasl 2007-11-01 22:55:52 UTC
(rev 507)
+++ trunk/openvas-plugins/scripts/ssh_settings.nasl 2007-11-02 13:58:06 UTC
(rev 508)
@@ -1,60 +0,0 @@
-#TRUSTED
06471278d8e7915ccdb19774ab8f5c13863ecadcd78ed6df479a5b4e465499f8fe5081a40434d79edb3ff2a99c3832e0bb139f0c26b8dd56bbc13f287f2ae92a65a7ce62c669e6abb218e704d64ec10c239b780bb76c3c7bbb5d6870ec3f4b3cb0957ce909aa9c90c3963c95c807ccb8bd8dda6bbcc9dc0e9a3c7c6166b848ef9a5e32706be4309be389cd755e826b406bd960fa2494d32fd741710e048ac67469902727ffae16cec5f6fefb8f2d6bebc104fe022b560bee2e278cfc14a576e91590829332a2fb9b112a36d748e590a89bcccdea7086426badc2c39a03a2657aafd284e814f341e305c16e382c4ac782d1df13daca09685c909783bc4e01ff410c58c392a5844dad5569828c12aefa87652aa66d88c74075d0664126fd0e8cf7eb8d25da172aa191b07ab3f61eeb163b6f695804ac2ef4bbb9c1c17b9c0f2ed325d034e7409c9d2060474af9c3d510f4e89827c27989fb31b560aba88f8462244cf8d4c2a05cbca877de0e3f4a9af6aac637e59478f2b2d3ac187b5fdeb2aa24b5924b775505b41c6619d96fc4aa89cd0b72f1449a0eb906cb75244e2e2b7ad2d17e179e780095d96d34b4fb1ed4e9ba3ebfd488907ccdcc68a7e746d1b2bd7a76a6225f33f9f737558d6449062af59be5f921294ae7bf9e249a94735e803e42fde58e6fd4e17ca243fa05d4ed6e2c9f8f049171ab6dfedeb864fa937ab2ebf9
-#
-# This script was extract by Michel Arboi from
-# ssh_get_info which is (C) Tenable Network Security
-#
-
-if ( ! defined_func("bn_random") ) exit(0);
-
-if(description)
-{
- script_id(14273);
- script_version ("1.9");
- name["english"] = "SSH settings";
- desc["english"] = "
-This script just sets global variables (SSH keys, user name, passphrase)
-and does not perform any security check
-
-Risk factor: None";
- script_description(english:name["english"]);
- script_name(english:name["english"]);
- family["english"] = "Settings";
- script_family(english:family["english"]);
-
- summary["english"] = "set SSH keys & user name to perform local security
checks";
- script_summary(english:summary["english"]);
- script_copyright(english:"Copyright (C) 2004 Michel Arboi");
- script_category(ACT_INIT);
- if (defined_func("bn_random"))
- {
- script_add_preference(name:"SSH user name : ",
- type:"entry",
- value:"root");
- script_add_preference(name:"SSH password (unsafe!) : ",
- type:"password",
- value:"");
- script_add_preference(name:"SSH public key to use : ",
- type:"file",
- value:"");
- script_add_preference(name:"SSH private key to use : ",
- type:"file",
- value:"");
- script_add_preference(name:"Passphrase for SSH key : ",
- type:"password",
- value:"");
- }
-
- exit(0);
-}
-
-account = script_get_preference("SSH user name : ");
-password = script_get_preference("SSH password (unsafe!) : ");
-public_key = script_get_preference_file_content("SSH public key to use : ");
-private_key = script_get_preference_file_content("SSH private key to use : ");
-passphrase = script_get_preference("Passphrase for SSH key : ");
-
-set_kb_item(name:"Secret/SSH/login", value:account);
-if (password) set_kb_item(name:"Secret/SSH/password", value:password);
-if (public_key) set_kb_item(name:"Secret/SSH/publickey", value:public_key);
-if (private_key) set_kb_item(name:"Secret/SSH/privatekey", value:private_key);
-if (passphrase) set_kb_item(name:"Secret/SSH/passphrase", value:passphrase);
Deleted: trunk/openvas-plugins/scripts/zope_multiple_flaws.nasl
===================================================================
--- trunk/openvas-plugins/scripts/zope_multiple_flaws.nasl 2007-11-01
22:55:52 UTC (rev 507)
+++ trunk/openvas-plugins/scripts/zope_multiple_flaws.nasl 2007-11-02
13:58:06 UTC (rev 508)
@@ -1,77 +0,0 @@
-#
-# (C) Tenable Network Security
-#
-
-if(description)
-{
- script_id(11985);
- script_bugtraq_id(9400);
- script_version ("$Revision$");
-
- name["english"] = "Zope Multiple Vulnerabilities";
- script_name(english:name["english"]);
-
- desc["english"] = "
-Synopsis :
-
-The remote web server contains an application server that is prone to
-multiple vulnerabilities.
-
-Description :
-
-The remote web server is a version of Zope which is older than version
-2.6.3.
-
-There are multiple security issues in all releases prior to version
-2.6.3 or 2.7 BETA4 which can be exploited by an attacker to perform cross
-site scripting attacks, obtain information about the remote host, or
-disable this service remotely.
-
-*** OpenVAS solely relied on the version number of your server, so if
-*** the hotfix has already been applied, this might be a false positive
-
-See also :
-
-http://mail.zope.org/pipermail/zope-announce/2004-January/001325.html
-
-Solution :
-
-Upgrade to Zope 2.6.3 or later.
-
-Risk factor :
-
-Medium / CVSS Base Score : 4
-(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:C)";
-
-
- script_description(english:desc["english"]);
- summary["english"] = "Checks Zope version";
- script_summary(english:summary["english"]);
- script_category(ACT_GATHER_INFO);
-
- script_copyright(english:"This script is Copyright (C) 2001 Alert4Web.com");
- family["english"] = "Web Servers";
- script_family(english:family["english"]);
- script_dependencie("find_service.nes", "http_version.nasl");
- script_require_ports("Services/www", 80);
- script_require_keys("www/zope");
- exit(0);
-}
-
-#
-# The script code starts here
-#
-
-include("http_func.inc");
-
-
-port = get_http_port(default:80);
-
-banner = get_http_banner(port:port);
-
-if(banner)
-{
- if(egrep(pattern:"Server: .*Zope 2\.(([0-5]\..*)|(6\.[0-2][^0-9])|(7\..*BETA
*[0-3]))",
- string:banner))
- security_warning(port);
-}
_______________________________________________
Openvas-commits mailing list
[email protected]
http://lists.wald.intevation.org/mailman/listinfo/openvas-commits
