IAVA AND NESSUS The Information Assurance Vulnerability Alert, or IAVA, has for several years been the method by which agencies within the United States Department of Defense monitor for and track the resolution of network vulnerabilities. IAVAs are issued by the DOD-CERT (http://www.cert.mil).
There are three basic kinds of IAVs:
* IAVA - alerts of high priority, with an associated date by which
that vulnerability must be eradicated from the network;
* IAVB - bulletins of medium priority, associated with
vulnerabilities that do not pose an immediate threat to the infrastructure;
* IAVT - technical notes on vulnerabilities, without remediation
urgency.
IAVAs are almost always associated with one or more CVE numbers. Typically,
a technical note or bulletin is issued when a noteworthy vulnerability first
appears. If later judged to be a threat to the infrastructure, or if more
CVEs associated with that application or service appear which increase the
vulnerability's threat level, then the IAVT or IAVB may be superceded by an
IAVA.
Many federal agencies are finding it useful to have Nessus scanning for
IAVAs, using the CVE information to correlate with DOD-CERT alerts. IAVAs
are sensitive information, though unclassified, and are not generally made
available to the public in any detail.
Recently, some IAVAs have begun to be reported by some of Nessus plug-in
scripts. A number of IAVAs are misreported by Nessus. They are:
Correct IAV CVE Name Script ID
Incorrect Reference
2001-B-0004 CVE-2001-0550 ftpd 10821 2003-A-0009
(in 11332)
2003-B-0006 CAN-2003-0661 ActiveX 11887 2003-A-0029
* CAN-2003-0822+ FrontPage 11923 2003-A-0033
* CAN-2003-0346 DirectX 11803 2003-A-0024
2003-A-0012 CAN-2003-0352 MS DCOM 11790 2003-A-0011
2003-A-0012 CAN-2003-0352 MS DCOM 11808 2003-A-0011
2003-A-0014 CAN-2003-0809+ MS IE 10861 2003-A-0018
2003-A-0015 CAN-2003-0543+ OpenSSL 11875 2003-A-0027
2003-A-0016 CAN-2003-0714 MS Exchange 11889 2003-A-0031
2003-A-0017 CAN-2003-0352 MS Mssngr 11890 2003-A-0028
2003-A-0018 CAN-2003-0812 Workstation 11921 2003-A-0032
* In recent documentation, no IAVAs have been posted for their associated
CVE numbers.
The "+" character means that there are multiple CVEs associated with this
vulnerability, but all are detected with the same script.
Please find enclosed with this message corrected copies of the scripts noted
above. If someone with access to the Nessus CVS repository would check these
in after verifying the changes, it would be appreciated.
OTHER NESSUS/IAV NOTES
A document detailing IAVAs and IAVBs from 2001 through 2003, and how they
are reported by Nessus is available to Securify customers through My
Securify (https://my.securify.com).
Please direct all corrections or requests for updates to [EMAIL PROTECTED]
-- we look forward to helping keep Nessus accurate and up-to-date.
� 2003 Securify, Inc. All rights reserved. All trademarks belong to their
respective trademark holders.
Nessus IAVAs.zip
Description: Binary data
_______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
