Hello, below is the code that i' think would verify the version of dreamweaver installed on a remote host. Would someone point out any mistakes or areas that I an improve on. Hopefully I didn't muck it up to bad
desc = "
Synopsis :
Dreamweaver 8.0 – CVE 2006-2042 - CVSS Severity: 7.0 (High)
The version of Dreamweaver on the remote Windows host is out of date, and can generate code that introduces multiple SQL
vulnerabilities on the web server on which Dreamweaver gerated code is executed.
issues.
Description :
Versions of Dreamweaver prior to 8.0.2 is capable of generating code that introduces multiple SQL
Injection vulnerabilities on the web server on which the Dreamweaver generated code is executed. The
threat is exploitable externally/internally to USDA. NIST rates the severity of this vulnerability as a high.
The vulnerability is remotely exploitable and does not require authentication to exploit.
Impact Type: Provides unauthorized access, Allows partial confidentiality, integrity, and availability
violation and allows disruption of service.
See also :
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2042
http://www.adobe.com/support/security/bulletins/apsb06-07.html
http://www.tom-muck.com/blog/samples/dw8updaterreport.cfm
Solution :
1. Install the updater software that updates the version of Dreamweaver to version 8.0.2
2. Recreate the server components generated by Dreamweaver to eliminate the SQL Injection vulnerabilities.
Risk factor :
CVSS Severity: 7.0 (High)";
if (description)
{
script_id(99999);
script_version("$Revision: 1 $");
script_name(english:"Dreamweaver Version < 8.0.2");
script_summary(english:"Checks version of Dreamweaver.exe");
script_description(english:desc);
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2007 Tenable Network Security");
script_dependencies("smb_hotfixes.nasl", "opera_installed.nasl");
script_require_keys("SMB/Registry/Enumerated");
script_require_ports(139, 445);
exit(0);
}
include("smb_func.inc");
include("smb_hotfixes.inc");
if (!get_kb_item("SMB/Registry/Enumerated")) exit(0);
# Connect to the appropriate share.
name = kb_smb_name();
port = kb_smb_transport();
if (!get_port_state(port)) exit(0);
login = kb_smb_login();
pass = kb_smb_password();
domain = kb_smb_domain();
soc = open_sock_tcp(port);
if (!soc) exit(0);
session_init(socket:soc, hostname:name);
rc = NetUseAdd(login:login, password:pass, domain:domain, share:"IPC$");
if (rc != 1) {
NetUseDel();
exit(0);
}
# Connect to remote registry.
hklm = RegConnectRegistry(hkey:HKEY_LOCAL_MACHINE);
if (isnull(hklm))
{
NetUseDel();
exit(0);
}
# Determine its version from the executable itself.
share = ereg_replace(pattern:"^([A-Za-z]):.*", replace:"\1$", string:path);
exe = ereg_replace(pattern:"^[A-Za-z]:(.*)", replace:"\1\dreamweaver.exe", string:path);
NetUseDel(close:FALSE);
rc = NetUseAdd(login:login, password:pass, domain:domain, share:share);
if (rc != 1)
{
NetUseDel();
exit(1);
}
fh = CreateFile(
file:exe,
desired_access:GENERIC_READ,
file_attributes:FILE_ATTRIBUTE_NORMAL,
share_mode:FILE_SHARE_READ,
create_disposition:OPEN_EXISTING
);
# Check the version
if (
!isnull(ver) &&
(
ver[0] < 8 ||
(ver[0] == 8 && ver[1] == 0 && ver[2] < 9)
)
)
{
if (info) {
report = strcat(
desc,
'\n\n',
'Plugin output :\n',
'\n',
info
);
security_hole(port:port, data:report);
}
Thanks you in advance
Take Care and Have Fun --John
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers
desc = "
Synopsis :
Dreamweaver 8.0 – CVE 2006-2042 - CVSS Severity: 7.0 (High)
The version of Dreamweaver on the remote Windows host is out of date, and can generate code that introduces multiple SQL
vulnerabilities on the web server on which Dreamweaver gerated code is executed.
issues.
Description :
Versions of Dreamweaver prior to 8.0.2 is capable of generating code that introduces multiple SQL
Injection vulnerabilities on the web server on which the Dreamweaver generated code is executed. The
threat is exploitable externally/internally to USDA. NIST rates the severity of this vulnerability as a high.
The vulnerability is remotely exploitable and does not require authentication to exploit.
Impact Type: Provides unauthorized access, Allows partial confidentiality, integrity, and availability
violation and allows disruption of service.
See also :
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2042
http://www.adobe.com/support/security/bulletins/apsb06-07.html
http://www.tom-muck.com/blog/samples/dw8updaterreport.cfm
Solution :
1. Install the updater software that updates the version of Dreamweaver to version 8.0.2
2. Recreate the server components generated by Dreamweaver to eliminate the SQL Injection vulnerabilities.
Risk factor :
CVSS Severity: 7.0 (High)";
if (description)
{
script_id(99999);
script_version("$Revision: 1 $");
script_name(english:"Dreamweaver Version < 8.0.2");
script_summary(english:"Checks version of Dreamweaver.exe");
script_description(english:desc);
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2007 Tenable Network Security");
script_dependencies("smb_hotfixes.nasl", "opera_installed.nasl");
script_require_keys("SMB/Registry/Enumerated");
script_require_ports(139, 445);
exit(0);
}
include("smb_func.inc");
include("smb_hotfixes.inc");
if (!get_kb_item("SMB/Registry/Enumerated")) exit(0);
# Connect to the appropriate share.
name = kb_smb_name();
port = kb_smb_transport();
if (!get_port_state(port)) exit(0);
login = kb_smb_login();
pass = kb_smb_password();
domain = kb_smb_domain();
soc = open_sock_tcp(port);
if (!soc) exit(0);
session_init(socket:soc, hostname:name);
rc = NetUseAdd(login:login, password:pass, domain:domain, share:"IPC$");
if (rc != 1) {
NetUseDel();
exit(0);
}
# Connect to remote registry.
hklm = RegConnectRegistry(hkey:HKEY_LOCAL_MACHINE);
if (isnull(hklm))
{
NetUseDel();
exit(0);
}
# Determine its version from the executable itself.
share = ereg_replace(pattern:"^([A-Za-z]):.*", replace:"\1$", string:path);
exe = ereg_replace(pattern:"^[A-Za-z]:(.*)", replace:"\1\dreamweaver.exe", string:path);
NetUseDel(close:FALSE);
rc = NetUseAdd(login:login, password:pass, domain:domain, share:share);
if (rc != 1)
{
NetUseDel();
exit(1);
}
fh = CreateFile(
file:exe,
desired_access:GENERIC_READ,
file_attributes:FILE_ATTRIBUTE_NORMAL,
share_mode:FILE_SHARE_READ,
create_disposition:OPEN_EXISTING
);
# Check the version
if (
!isnull(ver) &&
(
ver[0] < 8 ||
(ver[0] == 8 && ver[1] == 0 && ver[2] < 9)
)
)
{
if (info) {
report = strcat(
desc,
'\n\n',
'Plugin output :\n',
'\n',
info
);
security_hole(port:port, data:report);
}
Thanks you in advance
Take Care and Have Fun --John
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers