Hello All,
I believe the following Nessus Script: 22449 version 1.2 contains a bug.
During QA testing and using display statements I noticed that the check was trying to search the following path for vgx.dll: \Program Files\Common Files\C:\Program Files\Common Files\Vgx.dll
To fix this I changed the following code.
Old Code:
1. dir = hotfix_get_commonfilesdir();
2. if (isnull(dir))
3. exit (0);
4. dir += "\Microsoft Shared\VGX";
5. if ( hotfix_check_sp(xp:3, win2003:2, win2k:6) <= 0 ) exit(0);
6. if (is_accessible_share())
7. {
8. if ( hotfix_is_vulnerable (os:"5.2", sp:0, file:"Vgx.dll", version:"6.0.3790.593", path:dir) ||
9. hotfix_is_vulnerable (os:"5.2", sp:1, file:"Vgx.dll", version:"6.0.3790.2794", path:dir) ||
10. hotfix_is_vulnerable (os:"5.1", sp:1, file:"Vgx.dll", version:"6.0.2800.1580", path:dir) ||
11. hotfix_is_vulnerable (os:"5.1", sp:2, file:"Vgx.dll", version:"6.0.2900.2997",path:dir) ||
12. hotfix_is_vulnerable (os:"5.0", file:"Vgx.dll", version:"6.0.2800.1580", min_version:"6.0.0.0", path:dir)||
13. hotfix_is_vulnerable (os:"5.0", file:"Vgx.dll", version:"5.0.3845.1800", path:dir) )
14. security_hole (get_kb_item("SMB/transport"));
New Code:
1. dir = hotfix_get_commonfilesdir();
2. if (isnull(dir))
3. exit (0);
4. if ( hotfix_check_sp(xp:3, win2003:2, win2k:6) <= 0 ) exit(0);
5. if (is_accessible_share())
6. {
7. if ( hotfix_is_vulnerable (os:"5.2", sp:0, file:"Vgx.dll", version:"6.0.3790.593", dir:"\Microsoft Shared\VGX", path:dir) ||
8. hotfix_is_vulnerable (os:"5.2", sp:1, file:"Vgx.dll", version:"6.0.3790.2794", dir:"\Microsoft Shared\VGX", path:dir) ||
9. hotfix_is_vulnerable (os:"5.1", sp:1, file:"Vgx.dll", version:"6.0.2800.1580", dir:"\Microsoft Shared\VGX", path:dir) ||
10. hotfix_is_vulnerable (os:"5.1", sp:2, file:"Vgx.dll", version:"6.0.2900.2997", dir:"\Microsoft Shared\VGX", path:dir) ||
11. hotfix_is_vulnerable (os:"5.0", file:"Vgx.dll", version:"6.0.2800.1580", min_version:"6.0.0.0", dir:"\Microsoft Shared\VGX", path:dir)||
12. hotfix_is_vulnerable (os:"5.0", file:"Vgx.dll", version:"5.0.3845.1800", dir:"\Microsoft Shared\VGX", path:dir) )
13. security_hole (get_kb_item("SMB/transport"));
Can someone review my finding?
Thanks,
Paul
I believe the following Nessus Script: 22449 version 1.2 contains a bug.
During QA testing and using display statements I noticed that the check was trying to search the following path for vgx.dll: \Program Files\Common Files\C:\Program Files\Common Files\Vgx.dll
To fix this I changed the following code.
Old Code:
1. dir = hotfix_get_commonfilesdir();
2. if (isnull(dir))
3. exit (0);
4. dir += "\Microsoft Shared\VGX";
5. if ( hotfix_check_sp(xp:3, win2003:2, win2k:6) <= 0 ) exit(0);
6. if (is_accessible_share())
7. {
8. if ( hotfix_is_vulnerable (os:"5.2", sp:0, file:"Vgx.dll", version:"6.0.3790.593", path:dir) ||
9. hotfix_is_vulnerable (os:"5.2", sp:1, file:"Vgx.dll", version:"6.0.3790.2794", path:dir) ||
10. hotfix_is_vulnerable (os:"5.1", sp:1, file:"Vgx.dll", version:"6.0.2800.1580", path:dir) ||
11. hotfix_is_vulnerable (os:"5.1", sp:2, file:"Vgx.dll", version:"6.0.2900.2997",path:dir) ||
12. hotfix_is_vulnerable (os:"5.0", file:"Vgx.dll", version:"6.0.2800.1580", min_version:"6.0.0.0", path:dir)||
13. hotfix_is_vulnerable (os:"5.0", file:"Vgx.dll", version:"5.0.3845.1800", path:dir) )
14. security_hole (get_kb_item("SMB/transport"));
New Code:
1. dir = hotfix_get_commonfilesdir();
2. if (isnull(dir))
3. exit (0);
4. if ( hotfix_check_sp(xp:3, win2003:2, win2k:6) <= 0 ) exit(0);
5. if (is_accessible_share())
6. {
7. if ( hotfix_is_vulnerable (os:"5.2", sp:0, file:"Vgx.dll", version:"6.0.3790.593", dir:"\Microsoft Shared\VGX", path:dir) ||
8. hotfix_is_vulnerable (os:"5.2", sp:1, file:"Vgx.dll", version:"6.0.3790.2794", dir:"\Microsoft Shared\VGX", path:dir) ||
9. hotfix_is_vulnerable (os:"5.1", sp:1, file:"Vgx.dll", version:"6.0.2800.1580", dir:"\Microsoft Shared\VGX", path:dir) ||
10. hotfix_is_vulnerable (os:"5.1", sp:2, file:"Vgx.dll", version:"6.0.2900.2997", dir:"\Microsoft Shared\VGX", path:dir) ||
11. hotfix_is_vulnerable (os:"5.0", file:"Vgx.dll", version:"6.0.2800.1580", min_version:"6.0.0.0", dir:"\Microsoft Shared\VGX", path:dir)||
12. hotfix_is_vulnerable (os:"5.0", file:"Vgx.dll", version:"5.0.3845.1800", dir:"\Microsoft Shared\VGX", path:dir) )
13. security_hole (get_kb_item("SMB/transport"));
Can someone review my finding?
Thanks,
Paul