Chip 2007 January, February, March & April

home *** CD-ROM | disk | FTP | other *** search

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / modules / nessus-2.2.8.mo / usr / lib / nessus / plugins / CSCec16481.nasl < prev next >

Wrap

Text File | 2005-01-14 | 5KB | 187 lines

# # (C) Tenable Network Security / Description (C) George Theall # if(description) { script_id(14337); script_bugtraq_id(10971); if (defined_func("script_xref")) script_xref(name:"OSVDB", value:"9009"); script_version("$Revision: 1.3 $"); name["english"] = "CSCec16481"; script_name(english:name["english"]); desc["english"] = " The target is a Cisco device running a version of IOS that is vulnerable to a DoS attack from a malformed OSPF packet. Given knowledge of OSPF area number, netmask, hello, and dead timers that are configured on the targeted interface, a remote attacker can send a malformed OSPF packet and cause the device to be reset, which may take several minutes. Note, though, that the OSPF protocol is not enabled by default. This vulnerability is documented as Cisco Bug ID CSCec16481. Solution : http://www.cisco.com/warp/public/707/cisco-sa-20040818-ospf.shtml Risk factor : High *** As Nessus solely relied on the banner of the remote host *** this might be a false positive "; script_description(english:desc["english"]); summary["english"] = "Uses SNMP to determine if a flaw is present"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is (C) 2004 Tenable Network Security and George Theall"); script_family(english:"CISCO"); script_dependencie("snmp_sysDesc.nasl", "snmp_cisco_type.nasl"); script_require_keys("SNMP/community", "SNMP/sysDesc", "CISCO/model"); exit(0); } # The code starts here ok=0; os = get_kb_item("SNMP/sysDesc"); if(!os)exit(0); hardware = get_kb_item("CISCO/model"); if(!hardware)exit(0); # Check for the required operating system... #---------------------------------------------------------------- # Is this IOS ? if(!egrep(pattern:".*(Internetwork Operating|IOS).*", string:os))exit(0); # 12.0S if(egrep(string:os, pattern:"((12\.0$([0-9]|[1-1][0-9]|2[0-5])$|12\.0)S[0-9]*|12\.0$26$S[0-0]),"))ok=1; # 12.0SX if(egrep(string:os, pattern:"((12\.0$([0-9]|[1-1][0-9]|2[0-4])$|12\.0)SX[0-9]*|12\.0$25$SX[0-1]),"))ok=1; # 12.0SY if(egrep(string:os, pattern:"(12\.0$[0-9]*$|12\.0)SY[0-9]*,"))ok=1; # 12.0SZ if(egrep(string:os, pattern:"(12\.0$[0-9]*$|12\.0)SZ[0-9]*,"))ok=1; # 12.2B if(egrep(string:os, pattern:"(12\.2$[0-9]*$|12\.2)B[0-9]*,"))ok=1; # 12.2BC if(egrep(string:os, pattern:"((12\.2$([0-9]|1[0-4])$|12\.2)BC[0-9]*|12\.2$15$BC[0-1]),"))ok=1; # 12.2BX if(egrep(string:os, pattern:"(12\.2$([0-9]|1[0-5])$|12\.2)BX[0-9]*,"))ok=1; # 12.2BZ if(egrep(string:os, pattern:"(12\.2$[0-9]*$|12\.2)BZ[0-9]*,"))ok=1; # 12.2CX if(egrep(string:os, pattern:"(12\.2$[0-9]*$|12\.2)CX[0-9]*,"))ok=1; # 12.2EW if(egrep(string:os, pattern:"((12\.2$([0-9]|1[0-7])$|12\.2)EW[0-9]*|12\.2$18$EW[0-0]),"))ok=1; # 12.2MC if(egrep(string:os, pattern:"((12\.2$([0-9]|1[0-4])$|12\.2)MC[0-9]*|12\.2$15$MC[0-1]),"))ok=1; # 12.2S if(egrep(string:os, pattern:"(12\.2$([0-9]|1[0-9])$|12\.2)S[0-9]*,"))ok=1; # 12.2SE if(egrep(string:os, pattern:"(12\.2$([0-9]|1[0-9])$|12\.2)SE[0-9]*,"))ok=1; # 12.2SV if(egrep(string:os, pattern:"(12\.2$([0-9]|[1-1][0-9]|2[0-1])$|12\.2)SV[0-9]*,"))ok=1; # 12.2SW if(egrep(string:os, pattern:"(12\.2$([0-9]|1[0-9])$|12\.2)SW[0-9]*,"))ok=1; # 12.2SZ if(egrep(string:os, pattern:"(12\.2$[0-9]*$|12\.2)SZ[0-9]*,"))ok=1; # 12.2T if(egrep(string:os, pattern:"((12\.2$([0-9]|1[0-4])$|12\.2)T[0-9]*|12\.2$15$T[0-7]),"))ok=1; # 12.2YU if(egrep(string:os, pattern:"(12\.2$[0-9]*$|12\.2)YU[0-9]*,"))ok=1; # 12.2YV if(egrep(string:os, pattern:"(12\.2$[0-9]*$|12\.2)YV[0-9]*,"))ok=1; # 12.2ZD if(egrep(string:os, pattern:"(12\.2$[0-9]*$|12\.2)ZD[0-9]*,"))ok=1; # 12.2ZE if(egrep(string:os, pattern:"(12\.2$[0-9]*$|12\.2)ZE[0-9]*,"))ok=1; # 12.2ZF if(egrep(string:os, pattern:"(12\.2$[0-9]*$|12\.2)ZF[0-9]*,"))ok=1; # 12.2ZE if(egrep(string:os, pattern:"(12\.2$[0-9]*$|12\.2)ZE[0-9]*,"))ok=1; # 12.2ZF if(egrep(string:os, pattern:"(12\.2$[0-9]*$|12\.2)ZF[0-9]*,"))ok=1; # 12.2ZG if(egrep(string:os, pattern:"(12\.2$[0-9]*$|12\.2)ZG[0-9]*,"))ok=1; # 12.2ZH if(egrep(string:os, pattern:"(12\.2$[0-9]*$|12\.2)ZH[0-9]*,"))ok=1; # 12.2ZJ if(egrep(string:os, pattern:"(12\.2$[0-9]*$|12\.2)ZJ[0-9]*,"))ok=1; # 12.2ZK if(egrep(string:os, pattern:"((12\.2$([0-9]|1[0-4])$|12\.2)ZK[0-9]*|12\.2$15$ZK[0-1]),"))ok=1; # 12.2ZL if(egrep(string:os, pattern:"(12\.2$[0-9]*$|12\.2)ZL[0-9]*,"))ok=1; # 12.2ZN if(egrep(string:os, pattern:"(12\.2$[0-9]*$|12\.2)ZN[0-9]*,"))ok=1; # 12.2ZO if(egrep(string:os, pattern:"(12\.2$[0-9]*$|12\.2)ZO[0-9]*,"))ok=1; # 12.3 if(egrep(string:os, pattern:"(12\.3$[0-4]$|12\.3),"))ok=1; # 12.3B if(egrep(string:os, pattern:"(12\.3$[0-4]$|12\.3)B[0-9]*,"))ok=1; # 12.3BW if(egrep(string:os, pattern:"(12\.3$[0-9]*$|12\.3)BW[0-9]*,"))ok=1; # 12.3T if(egrep(string:os, pattern:"((12\.3$[0-1]$|12\.3)T[0-9]*|12\.3$2$T[0-3]),"))ok=1; # 12.3XA if(egrep(string:os, pattern:"(12\.3$[0-9]*$|12\.3)XA[0-9]*,"))ok=1; # 12.3XB if(egrep(string:os, pattern:"((12\.3$[0-1]$|12\.3)XB[0-9]*|12\.3$2$XB[0-2]),"))ok=1; # 12.3XC if(egrep(string:os, pattern:"(12\.3$[0-9]*$|12\.3)XC[0-9]*,"))ok=1; # 12.3XE if(egrep(string:os, pattern:"(12\.3$[0-9]*$|12\.3)XE[0-9]*,"))ok=1; #---------------------------------------------- if(ok)security_hole(port:161, proto:"udp");