Regarding:
+ script_id(800907);
+ script_version("$Revision: 1.0 ");
+ script_cve_id("CVE-2009-2354", "CVE-2009-2355", "CVE-2009-2356");
+ script_bugtraq_id(35606);
+ script_name("NullLogic Groupware Multiple Vulnerabilities (Linux)");
<snip>
+ script_description(desc);
+ script_summary("Check for the Version of NullLogic Groupware");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("Denial of Service");
+ script_dependencies("gb_nulllogic_groupware_detect_lin.nasl");
+ script_require_keys("NullLogic-Groupware/Linux/Ver");
+ script_require_ports("Services/www", 4110);
and the equivalent NVT for Windows. Is Denial of Service really the right
family for the checks? The checks can be performed safely, and two of the
three outcomes are not DoS related. Also, why does it depend on local checks
and keys that this sets? It's possible to test for this issue purely using
remote means. No criticism intended it's just that as the author of the
original advisory I know these bugs quite well :).
Tim
--
Tim Brown
<mailto:[email protected]>
<http://www.nth-dimension.org.uk/>
_______________________________________________
Openvas-plugins mailing list
[email protected]
http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
