home *** CD-ROM | disk | FTP | other *** search
/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / modules / nessus-2.2.8.mo / usr / lib / nessus / plugins / CSCef46191.nasl < prev    next >
Encoding:
Text File  |  2005-01-14  |  4.2 KB  |  148 lines
  1. #
  2. # (C) Tenable Network Security
  3. #
  4. #
  5. #
  6.  
  7.  
  8. if(description)
  9. {
  10.  script_id(15627);
  11.  script_bugtraq_id(11060);
  12.  script_version("$Revision: 1.1 $");
  13.  
  14.  name["english"] = "CSCef46191";
  15.  
  16.  script_name(english:name["english"]);
  17.  
  18.  desc["english"] = "
  19.  
  20. The remote router contains a version of IOS which has flaw in the telnet service
  21. which might allow an attacker to disable the administation of the remote
  22. router by SSH, HTTP and telnet.
  23.  
  24. CISCO identifies this vulnerability as bug id CSCef46191
  25.  
  26. An attacker may use this flaw to render this router un-manageable
  27.  
  28. Solution : http://www.cisco.com/warp/public/707/cisco-sa-20040827-telnet.shtml
  29. Risk Factor : High
  30.  
  31. *** As Nessus solely relied on the banner of the remote host
  32. *** this might be a false positive
  33. ";
  34.  script_description(english:desc["english"]);
  35.  
  36.  summary["english"] = "Uses SNMP to determine if a flaw is present";
  37.  script_summary(english:summary["english"]);
  38.  
  39.  script_category(ACT_GATHER_INFO);
  40.  
  41.  script_copyright(english:"This script is (C) 2004 Tenable Network Security");
  42.  
  43.  script_family(english:"CISCO");
  44.  
  45.  script_dependencie("snmp_sysDesc.nasl",
  46.              "snmp_cisco_type.nasl");
  47.  script_require_keys("SNMP/community",
  48.               "SNMP/sysDesc",
  49.               "CISCO/model");
  50.  exit(0);
  51. }
  52.  
  53.  
  54. # The code starts here
  55. ok=0;
  56. os = get_kb_item("SNMP/sysDesc"); if(!os)exit(0);
  57. hardware = get_kb_item("CISCO/model"); if(!hardware)exit(0);
  58.  
  59.  
  60.  
  61.  
  62. # Check for the required operating system...
  63. #----------------------------------------------------------------
  64. # Is this IOS ?
  65. if(!egrep(pattern:".*(Internetwork Operating|IOS).*", string:os))exit(0);
  66. # 12.0
  67. if(egrep(string:os, pattern:"((12\.0\(([0-9]|[1-1][0-9]|2[0-7])\)|12\.0)|12\.0\(28\)),"))ok=1;
  68.  
  69. # 12.1
  70. if(egrep(string:os, pattern:"(12\.1\(([0-9]|[1-1][0-9]|2[0-5])\)|12\.1),"))ok=1;
  71.  
  72. # 12.1E
  73. if(egrep(string:os, pattern:"((12\.1\(([0-9]|1[0-9])\)|12\.1)E[0-9]*|12\.1\(20\)E[0-4]),"))ok=1;
  74.  
  75. # 12.1EA
  76. if(egrep(string:os, pattern:"((12\.1\(([0-9]|[1-1][0-9]|2[0-1])\)|12\.1)EA[0-9]*|12\.1\(22\)EA[0-1]),"))ok=1;
  77.  
  78. # 12.2
  79. if(egrep(string:os, pattern:"(12\.2\(([0-9]|[1-1][0-9]|2[0-6])\)|12\.2),"))ok=1;
  80.  
  81. # 12.2BC
  82. if(egrep(string:os, pattern:"((12\.2\(([0-9]|1[0-4])\)|12\.2)BC[0-9]*|12\.2\(15\)BC[0-0]),"))ok=1;
  83.  
  84. # 12.2EW
  85. if(egrep(string:os, pattern:"((12\.2\(([0-9]|1[0-7])\)|12\.2)EW[0-9]*|12\.2\(18\)EW[0-1]),"))ok=1;
  86.  
  87. # 12.2JK
  88. if(egrep(string:os, pattern:"((12\.2\(([0-9]|1[0-4])\)|12\.2)JK[0-9]*|12\.2\(15\)JK[0-1]),"))ok=1;
  89.  
  90. # 12.2S
  91. if(egrep(string:os, pattern:"((12\.2\(([0-9]|1[0-7])\)|12\.2)S[0-9]*|12\.2\(18\)S[0-5]),"))ok=1;
  92.  
  93. # 12.2SE
  94. if(egrep(string:os, pattern:"((12\.2\(([0-9]|1[0-9])\)|12\.2)SE[0-9]*|12\.2\(20\)SE[0-2]),"))ok=1;
  95.  
  96. # 12.2SU
  97. if(egrep(string:os, pattern:"((12\.2\(([0-9]|1[0-9])\)|12\.2)SU[0-9]*|12\.2\(20\)SU[0-2]),"))ok=1;
  98.  
  99. # 12.2SV
  100. if(egrep(string:os, pattern:"(12\.2\(([0-9]|[1-1][0-9]|2[0-3])\)|12\.2)SV[0-9]*,"))ok=1;
  101.  
  102. # 12.2SXD
  103. if(egrep(string:os, pattern:"((12\.2\(([0-9]|1[0-7])\)|12\.2)SXD[0-9]*|12\.2\(18\)SXD[0-0]),"))ok=1;
  104.  
  105. # 12.2T
  106. if(egrep(string:os, pattern:"((12\.2\(([0-9]|1[0-2])\)|12\.2)T[0-9]*|12\.2\(13\)T([0-9]|1[0-3])),"))ok=1;
  107.  
  108. # 12.2XR
  109. if(egrep(string:os, pattern:"((12\.2\(([0-9]|1[0-4])\)|12\.2)XR[0-9]*|12\.2\(15\)XR[0-1]),"))ok=1;
  110.  
  111. # 12.3
  112. if(egrep(string:os, pattern:"(12\.3\(([0-9]|1[0-1])\)|12\.3),"))ok=1;
  113.  
  114. # 12.3BC
  115. if(egrep(string:os, pattern:"((12\.3\([0-4]\)|12\.3)BC[0-9]*|12\.3\(5\)BC[0-1]),"))ok=1;
  116.  
  117. # 12.3JA
  118. if(egrep(string:os, pattern:"(12\.3\([0-1]\)|12\.3)JA[0-9]*,"))ok=1;
  119.  
  120. # 12.3T
  121. if(egrep(string:os, pattern:"((12\.3\([0-1]\)|12\.3)T[0-9]*|12\.3\(2\)T[0-7]),"))ok=1;
  122.  
  123. # 12.3XD
  124. if(egrep(string:os, pattern:"((12\.3\([0-3]\)|12\.3)XD[0-9]*|12\.3\(4\)XD[0-3]),"))ok=1;
  125.  
  126. # 12.3XG
  127. if(egrep(string:os, pattern:"((12\.3\([0-3]\)|12\.3)XG[0-9]*|12\.3\(4\)XG[0-1]),"))ok=1;
  128.  
  129. # 12.3XI
  130. if(egrep(string:os, pattern:"((12\.3\([0-6]\)|12\.3)XI[0-9]*|12\.3\(7\)XI[0-1]),"))ok=1;
  131.  
  132. # 12.3XK
  133. if(egrep(string:os, pattern:"((12\.3\([0-3]\)|12\.3)XK[0-9]*|12\.3\(4\)XK[0-0]),"))ok=1;
  134.  
  135. # 12.3XR
  136. if(egrep(string:os, pattern:"((12\.3\([0-6]\)|12\.3)XR[0-9]*|12\.3\(7\)XR[0-2]),"))ok=1;
  137.  
  138. # 12.3XU
  139. if(egrep(string:os, pattern:"((12\.3\([0-7]\)|12\.3)XU[0-9]*|12\.3\(8\)XU[0-1]),"))ok=1;
  140.  
  141. # 12.3YD
  142. if(egrep(string:os, pattern:"(12\.3\([0-7]\)|12\.3)YD[0-9]*,"))ok=1;
  143.  
  144.  
  145. #----------------------------------------------
  146.  
  147. if(ok)security_hole(port:161, proto:"udp");
  148.