Am 05.10.2011 18:32, schrieb Thomas Reinke: > > So that's not a local security check. Local security checks are those > that are done by having had the ability to ssh directly into the box > in question, and grab the actual deployed RPMs/packages. > > Are there false positives that are truly generated from local security > checks? > > Thomas []The problem is not in using local security checks. You'll always get these false positives. An example:
Results from an actual scan on Debian 5 with up to date packages show about 11 FPs marked High about PHP. PHP is declared to be 5.2.6, which is derived from PHPs signature "5.2.6.dfsg.1-1+lenny13". Looking at http://packages.debian.org/changelogs/pool/main/p/php5/php5_5.2.6.dfsg.1-1+lenny13/changelog you can verify that this is the most actual package and all the issues found by OpenVAS/GSM are fixed.
This is also true when doing local security checks.
Stefan
--
Prof. Dr.-Ing. Stefan Schwarz, Leiter Rechenzentrum
Universität der Bundeswehr München
Tel (+49) 89 6004-3200, Fax: -3254, http://www.unibw.de/rz
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Openvas-discuss mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
