Hi,
Attached a couple of minor CVE fixups.
Regarding unknown_services.nasl I think this needs to depend on every
script that calls register_service. Currently these are missing:
airport_plaintext_credentials.nasl
amanda_version.nasl
batalla_server_overflow.nasl
bgp_detect.nasl
bugbear_b_1080.nasl
clarkconnectd.nasl
desktop_orbiter_detect.nasl
dtspcd.nasl
filemakerpro_server.nasl
gnutella_detect.nasl
irix_copilot.nasl
mssqlserver_detect.nasl
mysql_version.nasl
napster_detect.nasl
nessus_detect.nasl
netinfo_detect.nasl
notes_detection.nasl
oracle_tnslsnr_version.nasl
pptp_detect.nasl
remote_pc_detect.nasl
sapdb_detect.nasl
socks.nasl
windows_terminal_services.nasl
Paul
--
Paul Johnston
Internet Security Specialist
Westpoint Limited
Albion Wharf, 19 Albion Street,
Manchester, M1 5LN
England
Tel: +44 (0)161 237 1028
Fax: +44 (0)161 237 1031
email: paul@private
web: www.westpoint.ltd.uk
#
# (C) Tenable Network Security
#
if(description)
{
script_id(11683);
script_cve_id("CAN-2003-0224", "CAN-2003-0225", "CAN-2003-0226");
script_bugtraq_id(7731, 7735, 7733);
script_version("$Revision: 1.3 $");
name["english"] = "Cumulative Patch for Internet Information Services (Q11114)";
script_name(english:name["english"]);
desc["english"] = "
Cumulative Patch for Microsoft IIS (Q11114)
The remote host is running a version of IIS which is vulnerable to
various flaws which may allow remote attackers to disable this
service remotely and local attackers (or remote attackers with
the ability to upload arbitrary files on this server) to
gain SYSTEM level access on this host.
Recommendation: Users using any of the affected
products should install the patch immediately.
Maximum Severity Rating: Critical
Affected Software:
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
Microsoft Internet Information Services 5.1
See
http://www.microsoft.com/technet/security/bulletin/ms03-018.asp
Supersedes
http://www.microsoft.com/technet/security/bulletin/ms02-062.asp
http://www.microsoft.com/technet/security/bulletin/ms02-028.asp
http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
Risk factor : High";
script_description(english:desc["english"]);
summary["english"] = "Determines if HF Q811114 has been installed";
script_summary(english:summary["english"]);
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2003 Tenable Network Security");
family["english"] = "Windows";
script_family(english:family["english"]);
script_dependencies("netbios_name_get.nasl",
"smb_login.nasl","smb_registry_access.nasl",
"smb_reg_service_pack.nasl",
"smb_reg_service_pack_W2K.nasl",
"smb_reg_service_pack_XP.nasl");
script_require_keys("SMB/name", "SMB/login", "SMB/password",
"SMB/registry_access","SMB/WindowsVersion");
script_require_ports(139, 445);
exit(0);
}
include("smb_nt.inc");
port = get_kb_item("SMB/transport");
if(!port)port = 139;
access = get_kb_item("SMB/registry_access");
if(!access)exit(0);
version = get_kb_item("SMB/WindowsVersion");
key = "SYSTEM\CurrentControlSet\Services\W3SVC";
item = "ImagePath";
value = registry_get_sz(key:key, item:item);
if(!value)exit(0); # No IIS installed
if("inetinfo" >!< value)exit(0); # Not IIS
key = "SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\Q811114";
item = "Comments";
if("4.0" >< version)
{
value = registry_get_sz(key:key, item:item);
if(!value){
security_hole(port);
}
else set_kb_item(name:"SMB/Hotfixes/Q811114", value:TRUE);
exit(0);
}
if("5.0" >< version)
{
# fixed in Service Pack 4
sp = get_kb_item("SMB/Win2K/ServicePack");
if(ereg(string:sp, pattern:"Service Pack [4-9]"))exit(0);
}
if("5.1" >< version)
{
# fixed in XP service Pack 2
sp = get_kb_item("SMB/XP/ServicePack");
if(ereg(string:sp, pattern:"Service Pack [2-9]"))exit(0);
}
value = registry_get_sz(key:key, item:item);
if(!value)security_hole(port);
else set_kb_item(name:"SMB/Hotfixes/Q811114", value:TRUE);
#
# This script was written by Renaud Deraison
#
# See the Nessus Scripts License for details
#
# MS03-030 supercedes MS02-040
#
# Note: The fix for this issue will be included in MDAC 2.5 Service Pack 5 and in MDAC 2.7 Service Pack 2.
# The script should be update when the service pack is released.
#
# MS03-030 Prerequisites:
# You must be running one of the following versions of MDAC:
# MDAC 2.5 Service Pack 2
# MDAC 2.5 Service Pack 3
# MDAC 2.6 Service Pack 2
# MDAC 2.7 RTM
# MDAC 2.7 Service Pack 1
# Other versions of MDAC are not affected by this vulnerability.
#
# MS02-040 Fixed in :
# - MDAC 2.5 SP3
# - MDAC 2.6 SP3
# - MDAC 2.7 SP1
#
if(description)
{
script_id(11301);
script_version("$Revision: 1.9 $");
script_bugtraq_id(5372);
script_cve_id("CVE-2002-0695", "CAN-2003-0353", "CVE-2002-0695", "CAN-2003-0353");
if(defined_func("script_xref"))script_xref(name:"IAVA", value:"2002-A-0010");
name["english"] = "Unchecked buffer in MDAC Function";
script_name(english:name["english"]);
desc["english"] = "
The remote Microsoft Data Access Component (MDAC) server
is vulnerable to a flaw which could allow an attacker to
execute arbitrary code on this host, provided he can
load and execute a database query on this server.
Impact of vulnerability: Elevation of Privilege
Affected Software:
MDAC version 2.5 Service Pack 2
MDAC version 2.5 Service Pack 3
MDAC version 2.6 Service Pack 2
MDAC version 2.7 RTM
MDAC version 2.7 Service Pack 1
Recommendation: Users using any of the affected
products should install the patch immediately.
Maximum Severity Rating: Moderate
See
http://www.microsoft.com/technet/security/bulletin/ms
http://www.microsoft.com/security/security_bulletins/ms03-033.asp
http://www.microsoft.com/technet/security/bulletin/ms02-040.asp
Risk factor : Serious";
script_description(english:desc["english"]);
summary["english"] = "Checks the version of MDAC";
script_summary(english:summary["english"]);
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2003 Tenable Network Security");
family["english"] = "Windows";
script_family(english:family["english"]);
script_dependencies("netbios_name_get.nasl",
"smb_login.nasl","smb_registry_full_access.nasl",
"smb_reg_service_pack_W2K.nasl");
script_require_keys("SMB/name", "SMB/login", "SMB/password",
"SMB/registry_full_access","SMB/WindowsVersion");
script_require_ports(139, 445);
exit(0);
}
include("smb_nt.inc");
port = get_kb_item("SMB/transport");
if(!port)port = 139;
access = get_kb_item("SMB/registry_full_access");
if(!access)exit(0);
version = get_kb_item("SMB/WindowsVersion");
key = "SOFTWARE\Microsoft\DataAccess";
item = "Version";
version = registry_get_sz(key:key, item:item);
if(!version)exit(0);
if(ereg(pattern:"2\.7.*", string:version))
{
#MS02-040
#if(ereg(pattern:"2\.7[1-9].*", string:version))exit(0); # SP1 applied
#key = "SOFTWARE\Microsoft\Updates\DataAccess\Q323263";
#MS03-030, NO 2.7 SP2 right now.
key = "SOFTWARE\Microsoft\Updates\DataAccess\Q823718";
item = "Description";
hf = registry_get_sz(key:key, item:item);
if(!hf)security_warning(port);
}
else if(ereg(pattern:"2\.6.*", string:version))
{
#MS02-040
#if(ereg(pattern:"2\.6[3-9].*", string:version))exit(0); # SP3 applied
#key = "SOFTWARE\Microsoft\Updates\DataAccess\Q323266";
#MS03-030, 2.6 SP3 has no problem
if(ereg(pattern:"2\.6[3-9].*", string:version))exit(0); # SP3 applied
key = "SOFTWARE\Microsoft\Updates\DataAccess\Q823718";
item = "Description";
hf = registry_get_sz(key:key, item:item);
if(!hf)security_warning(port);
}
else if(ereg(pattern:"2\.5.*", string:version))
{
#MS-2-040
#if(ereg(pattern:"2\.5[3-9].*", string:version))exit(0); # SP3 applied
#key = "SOFTWARE\Microsoft\Updates\DataAccess\Q323264";
#MS03-030, No 2.5 SP5 yet, and seems 2.5 SP4 will not include it.
key = "SOFTWARE\Microsoft\Updates\DataAccess\Q823718";
item = "Description";
hf = registry_get_sz(key:key, item:item);
if(!hf)security_warning(port);
}
_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2b30 : Tue Dec 09 2003 - 03:11:02 PST