Hello, *** Chandrashekhar B <[email protected]> wrote: > * David Corcuera [ 7. May 2009]: > >> I've installed OpenVAS from debian package in etch and ran my first scan > >> against an internal host. > >> Results: 4 security holes. > >> Two of them are on mysql and other two on CUPS. > >> My debian etch has mysql 5.0.32-7etch10 and cupsys 1.2.7-4etch7 (last > >> official etch packages) > >> According to OpenVAS report, i should have installed mysql 5.0.66 and > >> cupsys 1.3.10, but my versions also fix all these vulnerabilities. > >> What is wrong with this? Any idea? > > > I'm not really sure since I'm not a plugin author, but my first guess is > > that the hole was fixed in MySQL 5.0.66, but Debian backported the > > changes to the version they packaged for etch. > > > I assume you are doing a remote scan; the remote scan will probably not > > know that the hole has already been fixed in Debian despite the low > > version number. > > > Plugin authors: Am I right? > > Michael, you are right. The plugin would be detecting based on the package > available in the open source but, individual OS vendors would have > backported. So, local checks are a better approach in this case.
Yes, banner checks are prone to false positives. There are a few thinks we can do. 1. Respekt settings of "report_paranoia". We can do: ,--| | if (report_paranoia < 2) exit(0);" `--| on such plugins. But then these plugins will not report about a real existing vulnerability if the user dosn't change the default settings of "report_paranoia". Thats the point why i don't like this solution. 2. Make a note in the report that this could be a false positive because the vulnerability is only detected by checking the version from banner. Any other ideas? If not, i prefer option 2. :-) > David: Please provide the Plugins that reported security holes, we'll verify > them. secpod_mysql_dos_vuln_900221.nasl mysql_29106.nasl gb_cups_mult_vuln_oct08.nasl cups_cve_2009_0163.nasl I couln't find any problems in that plugins. Micha _______________________________________________ Openvas-discuss mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
