[Plugins-writers] Nessus Script ID 22449: Contains A Bug?

• Previous message: Douglas Nordwall: "[Plugins-writers] snmp communication"
• Next in thread: Renaud Deraison: "Re: [Plugins-writers] Nessus Script ID 22449: Contains A Bug?"
• Reply: Renaud Deraison: "Re: [Plugins-writers] Nessus Script ID 22449: Contains A Bug?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello All,

 

I believe the following Nessus Script: 22449 version 1.2 contains a bug.

 

During QA testing and using display statements I noticed that the check was trying to search the following path for vgx.dll: \Program Files\Common Files\C:\Program Files\Common Files\Vgx.dll

 

To fix this I changed the following code.

 

Old Code:

 

1. dir = hotfix_get_commonfilesdir();

2. if (isnull(dir))

3.   exit (0);

4. dir += "\Microsoft Shared\VGX";

5. if ( hotfix_check_sp(xp:3, win2003:2, win2k:6) <= 0 ) exit(0);

6. if (is_accessible_share())

7. {

8. if ( hotfix_is_vulnerable (os:"5.2", sp:0, file:"Vgx.dll", version:"6.0.3790.593", path:dir) ||

9. hotfix_is_vulnerable (os:"5.2", sp:1, file:"Vgx.dll", version:"6.0.3790.2794", path:dir) ||

10. hotfix_is_vulnerable (os:"5.1", sp:1, file:"Vgx.dll", version:"6.0.2800.1580", path:dir) ||

11. hotfix_is_vulnerable (os:"5.1", sp:2, file:"Vgx.dll", version:"6.0.2900.2997",path:dir) ||

12. hotfix_is_vulnerable (os:"5.0", file:"Vgx.dll", version:"6.0.2800.1580", min_version:"6.0.0.0", path:dir)||

13. hotfix_is_vulnerable (os:"5.0", file:"Vgx.dll", version:"5.0.3845.1800", path:dir) )

14. security_hole (get_kb_item("SMB/transport"));



New Code:

1. dir = hotfix_get_commonfilesdir();

2. if (isnull(dir))

3.   exit (0);

4. if ( hotfix_check_sp(xp:3, win2003:2, win2k:6) <= 0 ) exit(0);
5. if (is_accessible_share())
6. {
7. if ( hotfix_is_vulnerable (os:"5.2", sp:0, file:"Vgx.dll", version:"6.0.3790.593", dir:"\Microsoft Shared\VGX", path:dir) || 
8. hotfix_is_vulnerable (os:"5.2", sp:1, file:"Vgx.dll", version:"6.0.3790.2794", dir:"\Microsoft Shared\VGX", path:dir) ||
9. hotfix_is_vulnerable (os:"5.1", sp:1, file:"Vgx.dll", version:"6.0.2800.1580", dir:"\Microsoft Shared\VGX", path:dir) ||

10. hotfix_is_vulnerable (os:"5.1", sp:2, file:"Vgx.dll", version:"6.0.2900.2997", dir:"\Microsoft Shared\VGX", path:dir) ||

11. hotfix_is_vulnerable (os:"5.0", file:"Vgx.dll", version:"6.0.2800.1580", min_version:"6.0.0.0", dir:"\Microsoft Shared\VGX", path:dir)||

12. hotfix_is_vulnerable (os:"5.0", file:"Vgx.dll", version:"5.0.3845.1800", dir:"\Microsoft Shared\VGX", path:dir) )

13. security_hole (get_kb_item("SMB/transport"));



Can someone review my finding?



Thanks,

Paul




_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers

• Previous message: Douglas Nordwall: "[Plugins-writers] snmp communication"
• Next in thread: Renaud Deraison: "Re: [Plugins-writers] Nessus Script ID 22449: Contains A Bug?"
• Reply: Renaud Deraison: "Re: [Plugins-writers] Nessus Script ID 22449: Contains A Bug?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Wed Sep 27 2006 - 00:59:01 PDT