Hello Guillaume, Yes, this shouldn't be reporting a security_hole. For the missing Service Packs, we can write separate NVT that'll report a missing service pack. We'll update. Anyone has concern with the change?
Thanks, Chandra. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Guillaume Castagnino Sent: Friday, January 27, 2012 8:29 PM To: [email protected] Subject: [Openvas-plugins] smb_reg_service_pack.nasl (10401) Hi list, This plugin looks strange to me. If I understand correctly, it's designed to read from registry the windows version and service pack version. Then it saves those informations to the KB. Fine. But this script also register a security_hole with the highest score when both informations have been succesfully fetched : if(!isnull(winVal) && !isnull(csdVer)) { report = string("The ", winName, " ", winVal, " is installed with ", csdVer, "\n"); security_hole(data:report, port:port); } Why does it register a security_hole (with a 10 CVSS score !). This should be only informative. Moreover, getting the windows and the service pack version does not seems to me related in any way to CVE-1999-0662. This CVE is related to missing the *last* service pack. This would be true if and only if there were a check against the last service pack available, which is obviously not the case in this plugin. So as a result, I have windows (7) hosts with the last service pack installed that get this security alert. Nice false positive :) IMHO, this plugin should: - stop referencing CVE-1999-0662 - convert the security_hole message to debug message - Change from security risk Critical to None. Am I right ? Thanks for your feedback ! -- Guillaume Castagnino _______________________________________________ Openvas-plugins mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins _______________________________________________ Openvas-plugins mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
