Hi list,
This plugin looks strange to me. If I understand correctly, it's designed to
read from registry the windows version and service pack version.
Then it saves those informations to the KB. Fine.
But this script also register a security_hole with the highest score when both
informations have been succesfully fetched :
if(!isnull(winVal) && !isnull(csdVer))
{
report = string("The ", winName, " ", winVal, " is installed with ",
csdVer, "\n");
security_hole(data:report, port:port);
}
Why does it register a security_hole (with a 10 CVSS score !). This should be
only informative.
Moreover, getting the windows and the service pack version does not seems to
me related in any way to CVE-1999-0662. This CVE is related to missing the
*last* service pack. This would be true if and only if there were a check
against the last service pack available, which is obviously not the case in
this plugin.
So as a result, I have windows (7) hosts with the last service pack installed
that get this security alert. Nice false positive :)
IMHO, this plugin should:
- stop referencing CVE-1999-0662
- convert the security_hole message to debug message
- Change from security risk Critical to None.
Am I right ?
Thanks for your feedback !
--
Guillaume Castagnino
_______________________________________________
Openvas-plugins mailing list
[email protected]
http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
