intfrr/ssl_heartbleed.nasl

## ssl_heartbleed.nasl
include("revisions-lib.inc");
tag_summary = "The remote server's SSL/TLS OpenSSL implementation is vulnerable for the heartbleed attack.";

tag_solution = "Update to OpenSSL 1.0.1g or later.";

if (description) {
  script_id(999999);

  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_tag(name:"risk_factor", value:"Critical");
  script_version("$Revision: 309 $");
  script_tag(name:"last_modification", value:"$Date: 2014-03-05 12:54:06 +0100 (Wed, 05 Mar 2014) $");
  script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
  script_tag(name:"cvss_base", value:"10.0");
  script_name("SSL/TLS heartbleed attack");
  script_summary("Checks for SSL/TLS hearbleed vulnerability");

  desc = "
  Summary:
  " + tag_summary + "
  Solution:
  " + tag_solution;  script_description(desc);
  script_category(ACT_GATHER_INFO);
  script_family("General");
  script_copyright("This script is Copyright (C) 2004 George A. Theall");
  script_dependencies("find_service.nasl");
  if (revcomp(a: OPENVAS_VERSION, b: "6.0+beta5") >= 0) {
    script_tag(name : "solution" , value : tag_solution);
    script_tag(name : "summary" , value : tag_summary);
  }
  exit(0);
}

include("global_settings.inc");
include("misc_func.inc");
include("ssl_funcs.inc");

port = get_kb_item("Transport/SSL");
if (!port || !get_port_state(port)) exit(0);

i = 0;
ip = get_host_ip();
argv[i++] = "/usr/local/bin/ssltest.py";
argv[i++] = ip;
argv[i++] = "--port";
argv[i++] = port;

res = pread(cmd: "/usr/local/bin/ssltest.py", argv: argv);

if ("WARNING: server returned more data than it should - server is vulnerable!" >< res) {
  security_hole(data:string("Result: ", res),
                     port:port);
} else {
  log_message(data:string("Result: ", res),
              port:port);
}
	include("revisions-lib.inc");
	tag_summary = "The remote server's SSL/TLS OpenSSL implementation is vulnerable for the heartbleed attack.";

	tag_solution = "Update to OpenSSL 1.0.1g or later.";

	if (description) {
	script_id(999999);

	script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
	script_tag(name:"risk_factor", value:"Critical");
	script_version("$Revision: 309 $");
	script_tag(name:"last_modification", value:"$Date: 2014-03-05 12:54:06 +0100 (Wed, 05 Mar 2014) $");
	script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
	script_tag(name:"cvss_base", value:"10.0");
	script_name("SSL/TLS heartbleed attack");
	script_summary("Checks for SSL/TLS hearbleed vulnerability");

	desc = "
	Summary:
	" + tag_summary + "
	Solution:
	" + tag_solution; script_description(desc);
	script_category(ACT_GATHER_INFO);
	script_family("General");
	script_copyright("This script is Copyright (C) 2004 George A. Theall");
	script_dependencies("find_service.nasl");
	if (revcomp(a: OPENVAS_VERSION, b: "6.0+beta5") >= 0) {
	script_tag(name : "solution" , value : tag_solution);
	script_tag(name : "summary" , value : tag_summary);
	}
	exit(0);
	}

	include("global_settings.inc");
	include("misc_func.inc");
	include("ssl_funcs.inc");

	port = get_kb_item("Transport/SSL");
	if (!port \|\| !get_port_state(port)) exit(0);

	i = 0;
	ip = get_host_ip();
	argv[i++] = "/usr/local/bin/ssltest.py";
	argv[i++] = ip;
	argv[i++] = "--port";
	argv[i++] = port;

	res = pread(cmd: "/usr/local/bin/ssltest.py", argv: argv);

	if ("WARNING: server returned more data than it should - server is vulnerable!" >< res) {
	security_hole(data:string("Result: ", res),
	port:port);
	} else {
	log_message(data:string("Result: ", res),
	port:port);
	}