Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. devel
NASL scripts and bugtrtaq ID's
eanders at pobox
Nov 7, 2002, 12:03 PM
Post #1 of 5 (1017 views)
Permalink
Some of these NASL scripts do not have matching CVE's or CAN's. In
cases like this I would, at a minimum, like to enter a Bugtraq ID into
the scripts.

Does anyone know how to download a list of all bugtraq ID's as well as
their descriptions. I hunted around but could not find anything on
securityfocus.com

ThanX in advance

Erik
Re: NASL scripts and bugtrtaq ID's [ In reply to ]
jfernandez at germinus
Nov 8, 2002, 12:18 AM
Post #2 of 5 (1002 views)
Permalink
Erik Anderson wrote:

> Some of these NASL scripts do not have matching CVE's or CAN's. In
> cases like this I would, at a minimum, like to enter a Bugtraq ID into
> the scripts.

I agree.

>
> Does anyone know how to download a list of all bugtraq ID's as well as
> their descriptions. I hunted around but could not find anything on
> securityfocus.com

Securityfocus online provides their database under a fee. As a matter of
fact you get more than the online database. The only mean I know of is
using your web browser, or this little script I attach below (which, of
course, uses lynx to do that for you). I still have to take time to
digest bugtraq's input and turn it into a useful relational database.

>
> ThanX in advance
>
> Erik

Regards


Javi
-------------------------------- Download Securityfocus vulnerabilities
-------------------------------
!#/usr/bin/sh

SERVER="http://www.securityfocus.com"
VULNS="/cgi-bin/vulns-item.pl"

for id in $*
do
echo -n "Downloading Bugtraq ID : $id - "
for section in info discussion exploit solution credit
do
echo -n " $section "
[. ! -d $section } && mkdir $section
if [ ! -f $section/$id ] ; then
lynx -nolist -dump
$SERVER$VULNS?section=$section\&id=$id >$section/$id
fi
done
echo "...done."
done
Re: NASL scripts and bugtrtaq ID's [ In reply to ]
eanders at pobox
Nov 8, 2002, 7:14 AM
Post #3 of 5 (1008 views)
Permalink
I have found and entered about 11 scripts I found CVE/CAN/BugTraq ID's
for. I entered them into the scripts. I also entered a few URL links
into the scripts to help with the solutions on the scripts that did not
have a bugtraq ID.

gallery_injection.nasl
pop3_overflow.nasl
smb_login.nasl
dns_xfer.nasl
rpc_nfsd.nasl
pgpmail.nasl
doc_package_browseable.nasl
resin_path_disclosure.nasl
rh_inetd.nasl
rich_media_ecommerce_stores_sensitive_information_insecurely.nasl
DDI_ws_ftp-server-cpwd-bo.nasl

Should I send attach the modified scripts once a day, week, or when I am
complete with all of the changes? At this rate, 1st of December until I
am done.

Let me know.

Erik

Javier Fernández-Sanguino Peña wrote:

> Erik Anderson wrote:
>
>> Some of these NASL scripts do not have matching CVE's or CAN's. In
>> cases like this I would, at a minimum, like to enter a Bugtraq ID
>> into the scripts.
>
>
> I agree.
>
>>
>> Does anyone know how to download a list of all bugtraq ID's as well
>> as their descriptions. I hunted around but could not find anything
>> on securityfocus.com
>
>
> Securityfocus online provides their database under a fee. As a matter
> of fact you get more than the online database. The only mean I know of
> is using your web browser, or this little script I attach below
> (which, of course, uses lynx to do that for you). I still have to take
> time to digest bugtraq's input and turn it into a useful relational
> database.
>
>>
>> ThanX in advance
>>
>> Erik
>
>
> Regards
>
>
> Javi
> -------------------------------- Download Securityfocus
> vulnerabilities -------------------------------
> !#/usr/bin/sh
>
> SERVER="http://www.securityfocus.com"
> VULNS="/cgi-bin/vulns-item.pl"
>
> for id in $*
> do
> echo -n "Downloading Bugtraq ID : $id - "
> for section in info discussion exploit solution credit
> do
> echo -n " $section "
> [. ! -d $section } && mkdir $section
> if [ ! -f $section/$id ] ; then
> lynx -nolist -dump
> $SERVER$VULNS?section=$section\&id=$id >$section/$id
> fi
> done
> echo "...done."
> done
>
>
>
>
>
>
>
Re: NASL scripts and bugtrtaq ID's [ In reply to ]
eanders at pobox
Nov 8, 2002, 12:26 PM
Post #4 of 5 (1008 views)
Permalink
It appears that script
dwhttp_format_string.nasl

Could cover
CAN-2000-0697

And Bugtraq ID's
5384
1556

Can someone please independently this at the below links.
http://online.securityfocus.com/archive/1/285689
http://online.securityfocus.com/archive/1/74382
http://online.securityfocus.com/bid/5384
http://online.securityfocus.com/bid/1556

ThanX in advance and please let me know.

Erik

Erik Anderson wrote:

> I have found and entered about 11 scripts I found CVE/CAN/BugTraq ID's
> for. I entered them into the scripts. I also entered a few URL links
> into the scripts to help with the solutions on the scripts that did
> not have a bugtraq ID.
>
> gallery_injection.nasl
> pop3_overflow.nasl
> smb_login.nasl
> dns_xfer.nasl
> rpc_nfsd.nasl
> pgpmail.nasl
> doc_package_browseable.nasl
> resin_path_disclosure.nasl
> rh_inetd.nasl
> rich_media_ecommerce_stores_sensitive_information_insecurely.nasl
> DDI_ws_ftp-server-cpwd-bo.nasl
>
> Should I send attach the modified scripts once a day, week, or when I
> am complete with all of the changes? At this rate, 1st of December
> until I am done.
>
> Let me know.
>
> Erik
>
> Javier Fernández-Sanguino Peña wrote:
>
>> Erik Anderson wrote:
>>
>>> Some of these NASL scripts do not have matching CVE's or CAN's. In
>>> cases like this I would, at a minimum, like to enter a Bugtraq ID
>>> into the scripts.
>>
>>
>>
>> I agree.
>>
>>>
>>> Does anyone know how to download a list of all bugtraq ID's as well
>>> as their descriptions. I hunted around but could not find anything
>>> on securityfocus.com
>>
>>
>>
>> Securityfocus online provides their database under a fee. As a matter
>> of fact you get more than the online database. The only mean I know
>> of is using your web browser, or this little script I attach below
>> (which, of course, uses lynx to do that for you). I still have to
>> take time to digest bugtraq's input and turn it into a useful
>> relational database.
>>
>>>
>>> ThanX in advance
>>>
>>> Erik
>>
>>
>>
>> Regards
>>
>>
>> Javi
>> -------------------------------- Download Securityfocus
>> vulnerabilities -------------------------------
>> !#/usr/bin/sh
>>
>> SERVER="http://www.securityfocus.com"
>> VULNS="/cgi-bin/vulns-item.pl"
>>
>> for id in $*
>> do
>> echo -n "Downloading Bugtraq ID : $id - "
>> for section in info discussion exploit solution credit
>> do
>> echo -n " $section "
>> [. ! -d $section } && mkdir $section
>> if [ ! -f $section/$id ] ; then
>> lynx -nolist -dump
>> $SERVER$VULNS?section=$section\&id=$id >$section/$id
>> fi
>> done
>> echo "...done."
>> done
>>
>>
>>
>>
>>
>>
>>
>
>
>
>
>
Re: NASL scripts and bugtrtaq ID's [ In reply to ]
jfernandez at germinus
Nov 12, 2002, 3:03 AM
Post #5 of 5 (1004 views)
Permalink
Erik Anderson wrote:

> I have found and entered about 11 scripts I found CVE/CAN/BugTraq ID's
> for. I entered them into the scripts. I also entered a few URL links
> into the scripts to help with the solutions on the scripts that did
> not have a bugtraq ID.
>
(...) That's great news.

>
> Should I send attach the modified scripts once a day, week, or when I
> am complete with all of the changes? At this rate, 1st of December
> until I am done.
>
You can probably send patches to Renaud whenever you feel like it (once
a week?) so he includes it in the CVS.

Regards

Javi

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal