Hi,
Yes, version details are not required here. once vulnerable version is found
It should give the version details along with report. We are updating
the NVT
accordingly.
Thanks for noticing.
Regards,
Antu Sanadi
On Monday 05 October 2015 02:20 AM, Eero Volotinen wrote:
Anyway, people apply fixes not dll updates, so version information
might not be useful in this case.
Eero
4.10.2015 9.58 ip. "Eero Volotinen" <[email protected]
<mailto:[email protected]>> kirjoitti:
Well, that looks good.
--
Eero
2015-10-04 16:56 GMT+03:00 Sebastien Aucouturier <[email protected]
<mailto:[email protected]>>:
yes, i agree,
first i move the security_message(data:"old_version"+dllVer);
(was my first mail)
but at the end i completly remove it, and replace each
line: security_message(0);
by
security_message(data:"ubpm.dll version"+dllVer);
On Sun, Oct 4, 2015 at 3:16 PM, Eero Volotinen
<[email protected] <mailto:[email protected]>> wrote:
Hi,
I think your fix is not correct. I think correct way to
fix is like this, because real checks are after file
version is fetched:
see line:
if(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) > 0)
..
--
Eero
--- gb_ms15-028.nasl2015-09-08 12:23:30.545993830 +0200
+++ gb_ms15-028.nasl.new2015-10-04 15:13:58.571871181 +0200
@@ -102,7 +102,6 @@
}
dllVer = fetch_file_version(sysPath,
file_name:"system32\Ubpm.dll");
-security_message(data:"old_version"+dllVer);
if(!dllVer){
error_message(data:"Failed to fetch 'Ubpm.dll' File
Version.");
exit(-1);
--
Eero
2015-10-03 19:48 GMT+03:00 Sebastien Aucouturier
<[email protected] <mailto:[email protected]>>:
security_message(data:"old_version"+dllVer); is
misplace
giving an entry in report even when plugin Failed to
fetch 'Ubpm.dll' File Version.
I move it after the the test.
diff -ur feed-150930/2015/gb_ms15-028.nasl
/var/lib/openvas/plugins/2015/gb_ms15-028.nasl
--- feed-150930/2015/gb_ms15-028.nasl2015-03-18
09:39:30.000000000 +0000
+++
/var/lib/openvas/plugins/2015/gb_ms15-028.nasl2015-09-29
07:48:33.000000000 +0000
@@ -102,11 +102,11 @@
}
dllVer = fetch_file_version(sysPath,
file_name:"system32\Ubpm.dll");
-security_message(data:"old_version"+dllVer);
if(!dllVer){
error_message(data:"Failed to fetch 'Ubpm.dll' File
Version.");
exit(-1);
}
+security_message(data:"old_version"+dllVer);
do you agree ?
--
Sebastien Aucouturier , R&D Manager and Senior
Technologist,
<http://secludit.com/>
Amazon WS Solutions Provider :
http://www.aws-partner-directory.com/PartnerDirectory/PartnerDetail?Name=SecludIT
HP Cloud Security Partner :
https://marketplace.hpcloud.com/secludit-elastic-detector
Agence Toulouse
GSM: 06.20.60.77.24
_______________________________________________
Openvas-plugins mailing list
[email protected]
<mailto:[email protected]>
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
--
Sebastien Aucouturier , R&D Manager and Senior Technologist,
<http://secludit.com/>
Amazon WS Solutions Provider :
http://www.aws-partner-directory.com/PartnerDirectory/PartnerDetail?Name=SecludIT
HP Cloud Security Partner :
https://marketplace.hpcloud.com/secludit-elastic-detector
Agence Toulouse
GSM: 06.20.60.77.24
_______________________________________________
Openvas-plugins mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
--
Saner Personal
A free vulnerability mitigation
software. Build strong defense.
http://www.secpod.com/saner-personal.html
_______________________________________________
Openvas-plugins mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
