Hi,
is_cgi_installed() forks internally and runs the same script against
*all* Services/www ports (e.g. 80 and 443). This is actually triggered
by get_plug_value() within is_cgi_installed(). It returns the selected
port number for each incarnation. However there are plugins which
ignore the return value (or just check for != 0) and thus report the
security problem against the wrong port. Examples: iis5_sample_path.nasl
Another source of problems is that get_kb_item("Services/www") from
within the script also results in fork() calls. This is fine as long as
the scripts don't call is_cgi_installed() with this port number.
Examples: php_split_mime.nasl, iis5_sample_path.nasl, owa_anonymous.nasl
Third category are scripts which call is_cgi_installed() multiple times
without a port number, which creates a process tree. Example:
WebSite.nasl, ows_overflow.nasl, perl_cgi.nasl, php_overflow.nasl,
sambar_cgi.nasl
I guess all of these scripts have to be converted to call either
get_kb_item("Services/www") or is_cgi_installed() exactly once and then
use the returned port number in the rest of the script.
Comments?
so long
Norbert
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
